Edit tour

Windows Analysis Report
https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55

Overview

General Information

Sample URL:https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55
Analysis ID:1483120

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 7128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,7828890551145074086,6163347124972930599,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55LLM: Score: 7 brands: StateFarm Reasons: The URL 'https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55' appears suspicious due to the use of a subdomain 'pe-encrypt' which is not commonly associated with StateFarm's legitimate services. The presence of a prominent login form asking for sensitive information such as password and security question answers is a common phishing tactic. Additionally, the URL includes a query string with an ID and brand parameter, which is often used in phishing attempts to track victims. The image resembles a legitimate StateFarm page, but the domain structure and the request for sensitive information raise significant red flags. Therefore, it is concluded that this site is likely a phishing site. DOM: 0.0.pages.csv
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: Number of links: 0
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: Title: Encrypted Email Registration does not match URL
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: <input type="password" .../> found
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: No favicon
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: No favicon
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: No <meta name="author".. found
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: No <meta name="author".. found
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: No <meta name="copyright".. found
Source: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.166.126.56:443 -> 192.168.2.16:56494 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:56498 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:56504 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:56509 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:56491 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: pe-encrypt.statefarm.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 56.126.166.20.in-addr.arpa
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 56492 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56514 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 56497 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56525 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56508 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56543 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 56519 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56507 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56532 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56498 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56507
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56508
Source: unknownNetwork traffic detected: HTTP traffic on port 56502 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56509
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56503
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56504
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56505
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56506
Source: unknownNetwork traffic detected: HTTP traffic on port 56544 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56500
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56502
Source: unknownNetwork traffic detected: HTTP traffic on port 56538 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 56513 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 56530 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56509 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56521 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56493 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56495
Source: unknownNetwork traffic detected: HTTP traffic on port 56515 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56496
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56498
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56492
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56493
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56494
Source: unknownNetwork traffic detected: HTTP traffic on port 56536 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56503 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56526 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56494 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56499
Source: unknownNetwork traffic detected: HTTP traffic on port 56542 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56531 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 56499 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56520 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 56528 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56505 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56540 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56546 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56511 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56522 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56516 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56535 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56527 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56495 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56510 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56541 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56518
Source: unknownNetwork traffic detected: HTTP traffic on port 56501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56519
Source: unknownNetwork traffic detected: HTTP traffic on port 56524 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56514
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56515
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56517
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56510
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56511
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56512
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56513
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56520
Source: unknownNetwork traffic detected: HTTP traffic on port 56518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56533 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56529 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56529
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56525
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56526
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56527
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56528
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56521
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56522
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56523
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56524
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56530
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56531
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56536
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56537
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56538
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56539
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56532
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56533
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56534
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56535
Source: unknownNetwork traffic detected: HTTP traffic on port 56539 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56540
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56541
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56542
Source: unknownNetwork traffic detected: HTTP traffic on port 56512 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56523 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56543
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56544
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56546
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56517 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56534 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.166.126.56:443 -> 192.168.2.16:56494 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:56498 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:56504 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:56509 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.win@14/19@9/101
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,7828890551145074086,6163347124972930599,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,7828890551145074086,6163347124972930599,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f550%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
pe-00104b02.gslb.pphosted.com
205.220.177.182
truefalse
    unknown
    www.google.com
    216.58.206.68
    truefalse
      unknown
      pe-encrypt.statefarm.com
      unknown
      unknowntrue
        unknown
        56.126.166.20.in-addr.arpa
        unknown
        unknownfalse
          unknown
          NameMaliciousAntivirus DetectionReputation
          https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55true
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            142.250.186.35
            unknownUnited States
            15169GOOGLEUSfalse
            74.125.206.84
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.186.78
            unknownUnited States
            15169GOOGLEUSfalse
            1.1.1.1
            unknownAustralia
            13335CLOUDFLARENETUSfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            142.250.185.195
            unknownUnited States
            15169GOOGLEUSfalse
            205.220.177.182
            pe-00104b02.gslb.pphosted.comUnited States
            22843PROOFPOINT-ASN-US-EASTUSfalse
            142.250.185.132
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.185.74
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.185.238
            unknownUnited States
            15169GOOGLEUSfalse
            216.58.206.68
            www.google.comUnited States
            15169GOOGLEUSfalse
            IP
            192.168.2.16
            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1483120
            Start date and time:2024-07-26 17:36:05 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:14
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal48.phis.win@14/19@9/101
            • Exclude process from analysis (whitelisted): svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.185.238, 74.125.206.84, 34.104.35.123, 142.250.185.74, 172.217.23.106, 142.250.185.138, 142.250.186.42, 142.250.186.106, 142.250.184.202, 172.217.16.202, 142.250.186.170, 216.58.206.42, 142.250.186.74, 142.250.186.138, 216.58.206.74, 172.217.16.138, 142.250.74.202, 142.250.185.106, 172.217.18.10, 199.232.210.172
            • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&amp;brand=3993e80ababa08f55
            InputOutput
            URL: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55 Model: Perplexity: mixtral-8x7b-instruct
            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses, usernames, and passwords.","The text does not create a sense of urgency or interest.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
            Title: Encrypted Email Registration OCR: 'State Farm Registration Create your account to read secure email. Email Address: briannat@davislaw.com First Name: Last Name: Password: Confirm Password: Question : Your childhood best friend Answer: We have sent a validation code to your email address. Please check your inbox for the code and enter it below. If you did not receive it and need another code:Click here Validation Code: Continue Powered by Proofpoint Encryption'" 
            URL: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55 Model: gpt-4o
            ```json
            {
              "phishing_score": 7,
              "brands": "StateFarm",
              "phishing": true,
              "suspicious_domain": true,
              "has_prominent_loginform": true,
              "has_captcha": false,
              "setechniques": true,
              "has_suspicious_link": true,
              "legitmate_domain": "statefarm.com",
              "reasons": "The URL 'https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55' appears suspicious due to the use of a subdomain 'pe-encrypt' which is not commonly associated with StateFarm's legitimate services. The presence of a prominent login form asking for sensitive information such as password and security question answers is a common phishing tactic. Additionally, the URL includes a query string with an ID and brand parameter, which is often used in phishing attempts to track victims. The image resembles a legitimate StateFarm page, but the domain structure and the request for sensitive information raise significant red flags. Therefore, it is concluded that this site is likely a phishing site."
            }
            URL: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55 Model: custom
            {"phishing_score": 6, "brand_name": "StateFarm", "reasons": "The URL appears to be a subdomain of StateFarm, but the unusual subdomain 'pe-encrypt' raises suspicions. Additionally, the request for personal information without a clear indication of what it is for or what the purpose of the registration is, makes it difficult to determine the legitimacy of the webpage."}
            URL: https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55 Model: Perplexity: mixtral-8x7b-instruct
            {"loginform": true,"urgency": true,
            Title: Encrypted Email Registration OCR: *State Farm Registration Password Policy Passwords must be 7-20 characters long. , At least one digit (0-9) is required. e At least one symbol character is required. e Your username may not appear in the password. Create your account to read secure email. Email Address: briannat@davislaw.com First Name: test Last Name: test2 Password: Confirm Password: Question : Your childhood best friend Answer: We have sent a validation code to your email address. Please check your inbox for the code and enter it below. If you did not receive it and need another code:Click here Validation Code: Continue Powered by Proofpoint Encryption'" 
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:36:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.9935839343061454
            Encrypted:false
            SSDEEP:
            MD5:356E29DFD1F63A26E1DE824883F41739
            SHA1:40CBA27A8E51B0DBEB561F08E01AAAEA8F5EC0AD
            SHA-256:891C69A914AC7057A8F7F8422B22EE4351F0E815AD14EF8F5F5ECEC7EAC91DDF
            SHA-512:46779FAF13B69D2B74EF579DEF9DBADA4C13F590070C997A51E5C0A9A9E21B42A2E8512D69C54880C8763A25EC11D8C833A2D876C784B13438136BF6764B46B8
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,........q...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:36:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):4.006808015747331
            Encrypted:false
            SSDEEP:
            MD5:1FA99B519A59FF552689A5C7D5C4B139
            SHA1:B2E7B25FBF40EE3FBF23E9DE9AEA798E61CFFB97
            SHA-256:F93D649FD8D52D3C74DB8C7C112F2AA7558FF2A83C9E99C0696B69C6D67EE9A5
            SHA-512:522E03960507F15120D2F2B2AF59D62A4AD5EDE530A2E0BFFEE59937B1ACA448A7EE1F9CE9EF4A51F8E07F05130C3F652B5D2155C6BFD6EB14BEDCA5950DF0D2
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,........q...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.013662799913394
            Encrypted:false
            SSDEEP:
            MD5:56FB5C8EEE87FA0601A25888B3AF4B7A
            SHA1:BFB47B2136C0358AD016147858787491FD3BFCCB
            SHA-256:B381F4C87A81B51573BFFE58D290EC534F452217EADED37B8E10F1A944A7FB18
            SHA-512:1DF03198E2B0506F06130AC3B2B586C07EC2D9873AC146B8079BAE19F74122B1A198E50A9AA71AD700DAFB9F1CC9F4C9A2FA03050CC8202153DDA7C09C00B04A
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:36:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):4.007635691446868
            Encrypted:false
            SSDEEP:
            MD5:16030527B6FA1F850FCE023836945D51
            SHA1:048574D6A380590DBC36223A18FB532FD368A176
            SHA-256:09F9D1B5B381782DADEAEE3BAF657240F5475780410B15A120D6FC6B19F5D1EE
            SHA-512:CB9D35B732B6030107638B7CDEE8792F038B4EB09D334B658FB65FDC52C54A689DADF4C30F80F1DAACA746C731E4274B3A522F250DF78C5734CAFD69153D91C3
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....v..q...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:36:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9970378816505114
            Encrypted:false
            SSDEEP:
            MD5:514943781A6C099296EA944D03273B60
            SHA1:9F8F1582E47D8991C67437B359A2F8CE39EACBA3
            SHA-256:7DD336D3D1BCF626D466421C012BB690733BB882F061DF50A8033E78D706894D
            SHA-512:5F05AEB2CBC3256591D5C1E453246401306CD942734068F16414EF6CA42768DC47BAEC9190341FF2D6B7A2E2CBB385203F95944C099DC868E13741261AB43296
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.......q...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:36:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):4.004873629956716
            Encrypted:false
            SSDEEP:
            MD5:01F8C86D7C78A683C4E8152CA1381651
            SHA1:440473639D7D7C142E51BECD3717DE8463D890AF
            SHA-256:084E76C96A683DF5AACA5DF6D83ED573CB437BF9930051B6594A95C8AD39D0D8
            SHA-512:F2F7A1BEB631F15DEE6DEA8CDE4FE1617152B293C8C8102625C88781A3C657B8496F26B846F7BBFB339A4FFDD1825F3995EA0635912B63C126B08078ADD6071E
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.......q...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (25115), with no line terminators
            Category:downloaded
            Size (bytes):25115
            Entropy (8bit):5.077240836874768
            Encrypted:false
            SSDEEP:
            MD5:6C9193EACA3F3316140C7A96D8E2EDEA
            SHA1:853589DF20768E14568C2A37177F440DDADB95D4
            SHA-256:4E4A1EDD64E32C55BB71E49FDDAF41EE58AAD04BDC1570A93A89645CB3C09895
            SHA-512:7BB0E6178DCF0BDB7871924A92AF01CA05BD37BAD50C9B7FA256115CB6CE5906D6BD1018D812EA5462AE434BDEB2C7C470238F795495E28BF9516C663951BAD1
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/securereader/javax.faces.resource/theme.css.jsf?ln=primefaces-aristo
            Preview:a{outline:0}.ui-widget{font-family:Arial,sans-serif;font-size:1.1em}.ui-widget .ui-widget{font-size:1em}.ui-widget input,.ui-widget select,.ui-widget textarea,.ui-widget button{font-family:Arial,sans-serif;font-size:1em}.ui-widget-content{border:1px solid #a8a8a8;background:#fff;color:#4f4f4f}.ui-widget-content a{color:#4f4f4f}.ui-widget-header{border:1px solid #a8a8a8;background:#c4c4c4 url("/securereader/javax.faces.resource/images/ui-bg_highlight-soft_100_c4c4c4_1x100.png.jsf?ln=primefaces-aristo") 50% 50% repeat-x;background:#c4c4c4 linear-gradient(top,rgba(255,255,255,0.8),rgba(255,255,255,0));background:#c4c4c4 -webkit-gradient(linear,left top,left bottom,from(rgba(255,255,255,0.8)),to(rgba(255,255,255,0)));background:#c4c4c4 -moz-linear-gradient(top,rgba(255,255,255,0.8),rgba(255,255,255,0));color:#333;font-weight:bold;text-shadow:0 1px 0 rgba(255,255,255,0.7)}.ui-widget-header a{color:#4f4f4f}.ui-state-default,.ui-widget-content .ui-state-default,.ui-widget-header .ui-state-def
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (65451)
            Category:downloaded
            Size (bytes):89493
            Entropy (8bit):5.289599913770796
            Encrypted:false
            SSDEEP:
            MD5:12108007906290015100837A6A61E9F4
            SHA1:1D6AE46F2FFA213DEDE37A521B011EC1CD8D1AD3
            SHA-256:C4DCCDD9AE25B64078E0C73F273DE94F8894D5C99E4741645ECE29AEEFC9C5A4
            SHA-512:93658F3EB4A044523A7136871E125D73C9005DA44CE09045103A35A4F18695888ECAFE2F9C0D0FA741B95CC618C6000F9AD9AFFC821A400EA7E5F2C0C8968530
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17
            Preview:/*! jQuery v3.5.0 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (13183)
            Category:dropped
            Size (bytes):37785
            Entropy (8bit):5.338234647560044
            Encrypted:false
            SSDEEP:
            MD5:5B3C7AC6A53B9D9BDB7A1C7B27EE036F
            SHA1:E4116A2AF7920957C0B26FE3B8B6212BFCA3B876
            SHA-256:60A0E7BCF2F261816807201BB2A09522F62C399293CDF4B0B6443A42F6228C8B
            SHA-512:D769330B8D78CA256CCDBC9473A7E74086B6D49CB7BE743C5C70D46C44F72F4B1543EFF477AB3554CE49A9955DB0EA638895EE87265B54C901F1C6041D990C80
            Malicious:false
            Reputation:unknown
            Preview:(function(a){if(a.PrimeFaces){a.PrimeFaces.debug("PrimeFaces already loaded, ignoring duplicate execution.");return}var b={escapeClientId:function(c){return"#"+c.replace(/:/g,"\\:")},onElementLoad:function(c,d){if(c.prop("complete")){d()}else{c.on("load",d)}},cleanWatermarks:function(){$.watermark.hideAll()},showWatermarks:function(){$.watermark.showAll()},getWidgetById:function(e){for(var d in b.widgets){var c=b.widgets[d];if(c&&c.id===e){return c}}return null},addSubmitParam:function(d,f){var e=$(this.escapeClientId(d));for(var c in f){e.append('<input type="hidden" name="'+b.escapeHTML(c)+'" value="'+b.escapeHTML(f[c])+'" class="ui-submit-param"></input>')}return this},submit:function(f,e){var c=$(this.escapeClientId(f));var d;if(e){d=c.attr("target");c.attr("target",e)}c.submit();c.children("input.ui-submit-param").remove();if(e){if(d!==undefined){c.attr("target",d)}else{c.removeAttr("target")}}},onPost:function(){this.nonAjaxPosted=true;this.abortXHRs()},abortXHRs:function(){b.aja
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 8 x 8
            Category:downloaded
            Size (bytes):79
            Entropy (8bit):4.003649478784567
            Encrypted:false
            SSDEEP:
            MD5:4C69EEE876E3130B6951BA08FD6EB67C
            SHA1:884FD33D52C7EA30F04E8732A364A22DDB760F7D
            SHA-256:CB61290F2FAD07BA1668C99FFF76B88C2910924860B2FD71547BAA3A4451B62F
            SHA-512:8C4FEED2A343E384775B5D4F90442287252374A0D029B14C2E89B6C5FA388BC0F8E5C54FDEDFD154E99A046516CCAF9E982A2B4E628247C3FD07BD42C4FCCA31
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/formpostdir/images/BangBullet.gif
            Preview:GIF89a..........ff...................!.......,...........H...@...l,.... .Q..$.;
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 8 x 8
            Category:downloaded
            Size (bytes):64
            Entropy (8bit):4.440413476123046
            Encrypted:false
            SSDEEP:
            MD5:08563EA7B7B4F4488302CC85B21E4992
            SHA1:38C7C24638EE35C10A544F0401FB1270C0CD6D3A
            SHA-256:749F13D9A507A80A7ACC85A5AD8C4CEE027BB31EBEA982D259A9256802009922
            SHA-512:DC05FF3243A053DF87292C9416AF5C1DC95587910DD8732607E4D6C952DF9B056F55FA19C396F8C0CA13AD7DA4613AF10C975EFE7AFEAF7A4610F2FD0154D7E3
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/formpostdir/images/TipClose.gif
            Preview:GIF89a.........lg_I......!.......,..............f..^Zm......P..;
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):152
            Entropy (8bit):5.199033104239039
            Encrypted:false
            SSDEEP:
            MD5:2C7BF065ABCF5C95948C42F590A58BFE
            SHA1:2BF6B4ACA8A718DDF11B9D836A81CFB5111708F7
            SHA-256:052F9E78FAF9B83130FDDBB2D2C728D7387E32DC98020BF6B9D91421B5812F0F
            SHA-512:CA3AB9D78E1860907F139D1198E5F4158659D55F5E60E8FEE46F1514D6D191DF674E1CA49584080B09B2D3B8F4C981C444E0847D81CCD77FACF52A1CBC6EB296
            Malicious:false
            Reputation:unknown
            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISOgm6phj3bjwJwxIFDZA08QsSBQ0qAeMMEgUNfhkhWBIFDQ_712cSBQ2Y_dLeEgUN6SjGsRIFDdkU30U=?alt=proto
            Preview:Cm8KCw2QNPELGgQIAxgBChENKgHjDBoECAUYARoECFYYAgolDX4ZIVgaBAhMGAIqGAgKUhQKCiFAJCMqPyVfJi0QARj/////DwoLDQ/712caBAhfGAIKBw2Y/dLeGgAKBw3pKMaxGgAKBw3ZFN9FGgA=
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
            Category:downloaded
            Size (bytes):1150
            Entropy (8bit):5.223148900731864
            Encrypted:false
            SSDEEP:
            MD5:A05A05DCD6158CC4F8701173734F484A
            SHA1:FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245
            SHA-256:CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
            SHA-512:635E76CBF85BC1E9AF0168A9B87D2085CBC68BEDEB07116DF062C2AAEA0F105D37378E37D881A8AED91EA3C0DFAF700BD6CD628620C5DCEEA6626EB3547E902C
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/favicon.ico
            Preview:............ .h.......(....... ..... .............................................................................................D..................................................d.................................................P...................................................@.....S..K..0.......................................................f..........................................................P....................................6.....j...........................................n......................f............................I.............{........................................^.......................i................................!.....:............./...................................{..............j...........................................................................-..`..M..v...@.........
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Web Open Font Format, TrueType, length 128612, version 2.10
            Category:downloaded
            Size (bytes):128612
            Entropy (8bit):7.992355830336478
            Encrypted:true
            SSDEEP:
            MD5:03ADBB294261977089607CDEA10B520C
            SHA1:4DD8B4AD179F3F9B64EC980418F2C9D354A9983D
            SHA-256:D79149C9559597EFFB066E4ED38C2C4B429C88D0420725C296D52C40363EAF68
            SHA-512:5C40F0B1B41B832854E786AE3B6E9FAC4DAC0ED82F7FE3F6B3B8CB5034224DFDA5C2E6FB1B45D04F7CCEF7BA0FB48FD005B9FA527E72700088F9093A952025C4
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/formpostdir/fonts/sourcesanspro-regular.ttf.woff
            Preview:wOFF.......d......|H........................BASE.......:...:....DSIG...T............GDEF..v....x....$..GPOS..y...QM......;.GSUB...T......<Z....OS/2...$...Y...`]..cmap...8...X..6....[cvt ..,....*...*."..fpgm..+........s.Y.7gasp..v.............glyf..?....w..R,e...head.......6...6.l.Yhhea.......!...$...Zhmtx...........`...\loca..-........d.f.Xmaxp....... ... ...zname..Nd...j...<*...post..S..."...K.C3.oprep..,....S...V.c...........E.8_.<...........g.........:...o..............x.c`d``...=....V..8...".}...~................v...............s....x.c`f|.8.......).....B3.1.1*.E.Y..Y...X....3.%.............w.....o0.*00...1>`.......|..Y...x..ypV..../$.KX..[.B..Y..a....AY..Hpt...n(b.F..q:.:v:.eZE.*..:...uZ5*.6#.K.q0,Q#1(U^...>?#....43.9w{w=..s..[d.._C.....uv........|....Z.i.C..)..o.5p;.c..../#m......."A_.`..2..,..s..H.i.";J..'Rd.K...FZe....e>&.JM0Ijl.d..5..|...15..7..7.Gv.d.'%C.f.......c.{.] Y.=k..a.....E...\..hp^.6K.I....f"?..a.|E..L*a.."...s..=G.......I:...'..`......b{....:Y
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 8 x 8
            Category:dropped
            Size (bytes):64
            Entropy (8bit):4.431150438178646
            Encrypted:false
            SSDEEP:
            MD5:0099E0458F743BD64142F6BC36E00E0D
            SHA1:90C3E270B87CE28789925391972647697AE458D9
            SHA-256:3A085E20C4C690FCAB707C3492923DA12EF0D9911EACA70C7978C5595B1E546B
            SHA-512:93D376DF2E289169ECFBB76375ADE021A75A819195B7C44337EB76E67D9E3839E492270479EC955FD184290B9CF57E59B0A2086A0453C04CEA1CDE141D07432D
            Malicious:false
            Reputation:unknown
            Preview:GIF89a...................!.......,............`.....bV..C.f..;
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (15488)
            Category:downloaded
            Size (bytes):93818
            Entropy (8bit):4.870223615541555
            Encrypted:false
            SSDEEP:
            MD5:CA00B2BD616FFC3C6041350A592C7426
            SHA1:EA082A42F3BB7A907B5A05E1E5EA5F6B967E3EFE
            SHA-256:19846DEA837AA2A28869F608DB27827473E96713C9DE87ED94906AF0A928DDC2
            SHA-512:E18DE16BD4F1C2CEFCB9E205A5DAF48CB60925961F3F6DE0C4A93529B1B9AAB2C49F0E6CB08F45DA673152C8A333F622002DC229172C2FB804C8139CAA5C21DF
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/securereader/javax.faces.resource/components.css.jsf?ln=primefaces&v=7.0.17
            Preview:.ui-helper-hidden-accessible input,.ui-helper-hidden-accessible select{-webkit-transform:scale(0);-moz-transform:scale(0);-ms-transform:scale(0);transform:scale(0)}.ui-shadow{-moz-box-shadow:0 5px 10px rgba(0,0,0,0.8);-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.8);box-shadow:0 5px 10px rgba(0,0,0,0.8)}.ui-overlay-visible{visibility:visible}ui-overlay-visible *{visibility:visible!important}.ui-overlay-hidden{visibility:hidden}.ui-overlay-hidden *{visibility:hidden!important}.ui-overflow-hidden{overflow:hidden}.ui-datepicker .ui-datepicker-current.ui-priority-secondary{opacity:1}.ui-icon-blank{background-position:16px 16px}@media only all{th.ui-column-p-6,td.ui-column-p-6,th.ui-column-p-5,td.ui-column-p-5,th.ui-column-p-4,td.ui-column-p-4,th.ui-column-p-3,td.ui-column-p-3,th.ui-column-p-2,td.ui-column-p-2,th.ui-column-p-1,td.ui-column-p-1{display:none}}@media screen and (min-width:20em){th.ui-column-p-1,td.ui-column-p-1{display:table-cell}}@media screen and (min-width:30em){th.ui-column-p
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with very long lines (47254), with no line terminators
            Category:downloaded
            Size (bytes):47254
            Entropy (8bit):5.200712489482322
            Encrypted:false
            SSDEEP:
            MD5:1EE5300441F6D2204173FDE1C4ACA985
            SHA1:2DE2565C49F7548EFD6BF3F48751994A870B1200
            SHA-256:A1D563139C7AFA362C35519099D7018C09A72C05952CAE3CA5ED3C277C5554F2
            SHA-512:9155637FC8BAC573EC106B8DA46A98316822B80267D56EA5A3F6CA61EF5E3A0919729A43D404B0BEB8832DF329B2CBBC1B5DC587B21A0471E4CD540F82229517
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces
            Preview:if(!((jsf&&jsf.specversion&&jsf.specversion>=23000)&&(jsf.implversion&&jsf.implversion>=3))){var jsf={};jsf.ajax=function(){var eventListeners=[];var errorListeners=[];var delayHandler=null;var isIE=function isIE(){if(typeof isIECache!=="undefined"){return isIECache}isIECache=document.all&&window.ActiveXObject&&navigator.userAgent.toLowerCase().indexOf("msie")>-1&&navigator.userAgent.toLowerCase().indexOf("opera")==-1;return isIECache};var isIECache;var getIEVersion=function getIEVersion(){if(typeof IEVersionCache!=="undefined"){return IEVersionCache}if(/MSIE ([0-9]+)/.test(navigator.userAgent)){IEVersionCache=parseInt(RegExp.$1)}else{IEVersionCache=-1}return IEVersionCache};var IEVersionCache;var isAutoExec=function isAutoExec(){try{if(typeof isAutoExecCache!=="undefined"){return isAutoExecCache}var autoExecTestString="<script>var mojarra = mojarra || {};mojarra.autoExecTest = true;<\/script>";var tempElement=document.createElement("span");tempElement.innerHTML=autoExecTestString;var
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (2266), with no line terminators
            Category:dropped
            Size (bytes):2266
            Entropy (8bit):5.298091481985771
            Encrypted:false
            SSDEEP:
            MD5:3EC16AA44D720657743FB21B8843A42A
            SHA1:63585295ACACCEFA397927146CDF66DD4E61B2D1
            SHA-256:AA45349925767E946B92475663269F3388B684612CAF430E23E5080C60D617DF
            SHA-512:C2736C0F0C03033F1391AA2F8E6200FD116EDB9D074F38246E8DDF7D02CA9407AD656CF6B42733DCDE2E32E23FA880E4B749BCFDCBED70C063A6DF8DC1F4809D
            Malicious:false
            Reputation:unknown
            Preview:(function(b){b.hotkeys={version:"0.2.0",specialKeys:{8:"backspace",9:"tab",10:"return",13:"return",16:"shift",17:"ctrl",18:"alt",19:"pause",20:"capslock",27:"esc",32:"space",33:"pageup",34:"pagedown",35:"end",36:"home",37:"left",38:"up",39:"right",40:"down",45:"insert",46:"del",59:";",61:"=",96:"0",97:"1",98:"2",99:"3",100:"4",101:"5",102:"6",103:"7",104:"8",105:"9",106:"*",107:"+",109:"-",110:".",111:"/",112:"f1",113:"f2",114:"f3",115:"f4",116:"f5",117:"f6",118:"f7",119:"f8",120:"f9",121:"f10",122:"f11",123:"f12",144:"numlock",145:"scroll",173:"-",186:";",187:"=",188:",",189:"-",190:".",191:"/",192:"`",219:"[",220:"\\",221:"]",222:"'"},shiftNums:{"`":"~","1":"!","2":"@","3":"#","4":"$","5":"%","6":"^","7":"&","8":"*","9":"(","0":")","-":"_","=":"+",";":": ","'":'"',",":"<",".":">","/":"?","\\":"|"},textAcceptingInputTypes:["text","password","number","email","url","range","date","month","week","time","datetime","datetime-local","search","color","tel"],textInputTypes:/textarea|input|sel
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 160 x 22, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):4685
            Entropy (8bit):7.140914361467622
            Encrypted:false
            SSDEEP:
            MD5:FF926A4BB15495C91E4F77C5D13EA7A2
            SHA1:FDE50BE3ABDC8F61704F36BBF0250A0D6A5AEA7B
            SHA-256:6FD992EC7D16C97B1FF8E5DB275257939D9E45B2AAB707EBC61ED9D0CF0E84A1
            SHA-512:5893F492360ADA64BFC1898299025600D284C248250032AEF29BF9718856A1A5845687A4639B23048CECBE90802DEA83D2BEA3FF7517A7F2CB90A61B099A2E36
            Malicious:false
            Reputation:unknown
            URL:https://pe-encrypt.statefarm.com/formpostdir/Image?i=7
            Preview:.PNG........IHDR.............G\.E....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164050, 2019/10/01-18:03:16 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:ns1_1_="https://www.statefarm.com/". xmlns:dam="http://www.day.com/dam/1.0". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:ns5="http://prismstandard.org/namespaces/basic/2.1/". ns1_1_:channel="all-brand". ns1_1_:licenseModel="unlimited-usage". ns1_1_:talent="no". ns1_1_:dataClassification="unclassified". ns1_1_:contentType="logo ". ns1_1_:assetType="image". dam:Physicalheightininches="0.30562517". dam:Physicalwidthininches="2.222728491". dam:Fileformat="PNG". dam:Progressive="no". dam:scene7CompanyID="c|232062". dam:Bitsperpixel="32". dam:scene7ID="a|883945000". dam:sc
            No static file info