Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://i646972656374o6c6373o636f6dz.oszar.com/

Overview

General Information

Sample URL:http://i646972656374o6c6373o636f6dz.oszar.com/
Analysis ID:1582299

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected suspicious Javascript
AI detected suspicious URL
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 2200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,4697898965467504338,10828828858863040760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://i646972656374o6c6373o636f6dz.oszar.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fJoe Sandbox AI: Score: 7 Reasons: The URL 'i646972656374o6c6373o636f6dz.oszar.com' does not match the legitimate domain 'lcsdirect.com'., The URL contains a suspicious pattern with a long string of characters before '.oszar.com', which is not a common domain extension for legitimate businesses., The brand 'LCS Direct' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'., The presence of input fields for 'Email' and 'Password' on a suspicious URL increases the risk of phishing. DOM: 1.1.pages.csv
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPasswordJoe Sandbox AI: Score: 7 Reasons: The URL 'i646972656374o6c6373o636f6dz.oszar.com' does not match the expected domain for 'LCS Direct'., The URL contains a suspicious pattern with a mix of numbers and letters, which is often used in phishing attempts., The domain 'oszar.com' is not associated with 'LCS Direct' and appears to be a generic or unrelated domain., The brand 'LCS Direct' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'., The presence of an email input field is common in phishing sites attempting to harvest credentials. DOM: 4.4.pages.csv
Source: 0.5.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://i646972656374o6c6373o636f6dz.oszar.com/Ide... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and indicative of malicious intent.
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: http://i646972656374o6c6373o636f6dz.oszar.com
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2FHTTP Parser: Number of links: 1
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: Base64 decoded: 1735547624.000000
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: Title: - LCSDirect does not match URL
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2FHTTP Parser: Title: Error - LCSDirect does not match URL
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: Title: - LCSDirect does not match URL
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: <input type="password" .../> found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: <input type="password" .../> found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2FHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPasswordHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPasswordHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPasswordHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: No favicon
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: No <meta name="author".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2FHTTP Parser: No <meta name="author".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: No <meta name="author".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: No <meta name="author".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2fHTTP Parser: No <meta name="copyright".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2FHTTP Parser: No <meta name="copyright".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: No <meta name="copyright".. found
Source: https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/LoginHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 26MB later: 37MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficDNS traffic detected: DNS query: i646972656374o6c6373o636f6dz.oszar.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: classification engineClassification label: mal56.phis.win@19/29@18/158
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,4697898965467504338,10828828858863040760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://i646972656374o6c6373o636f6dz.oszar.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,4697898965467504338,10828828858863040760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions
1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://i646972656374o6c6373o636f6dz.oszar.com/0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
i646972656374o6c6373o636f6dz.oszar.com
104.21.53.240
truetrue
    unknown
    a.nel.cloudflare.com
    35.190.80.1
    truefalse
      high
      static.cloudflareinsights.com
      104.16.80.73
      truefalse
        high
        www.google.com
        142.250.185.68
        truefalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPasswordtrue
            unknown
            https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2ftrue
              unknown
              https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2Ftrue
                unknown
                https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Loginfalse
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.184.195
                  unknownUnited States
                  15169GOOGLEUSfalse
                  104.21.53.240
                  i646972656374o6c6373o636f6dz.oszar.comUnited States
                  13335CLOUDFLARENETUStrue
                  142.250.186.78
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.185.68
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.185.206
                  unknownUnited States
                  15169GOOGLEUSfalse
                  1.1.1.1
                  unknownAustralia
                  13335CLOUDFLARENETUSfalse
                  172.217.18.8
                  unknownUnited States
                  15169GOOGLEUSfalse
                  216.58.206.72
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.186.174
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.185.232
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.185.202
                  unknownUnited States
                  15169GOOGLEUSfalse
                  216.58.206.46
                  unknownUnited States
                  15169GOOGLEUSfalse
                  104.16.80.73
                  static.cloudflareinsights.comUnited States
                  13335CLOUDFLARENETUSfalse
                  74.125.206.84
                  unknownUnited States
                  15169GOOGLEUSfalse
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  142.250.184.227
                  unknownUnited States
                  15169GOOGLEUSfalse
                  35.190.80.1
                  a.nel.cloudflare.comUnited States
                  15169GOOGLEUSfalse
                  104.16.79.73
                  unknownUnited States
                  13335CLOUDFLARENETUSfalse
                  142.250.184.232
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.186.138
                  unknownUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.16
                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1582299
                  Start date and time:2024-12-30 09:33:09 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:http://i646972656374o6c6373o636f6dz.oszar.com/
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal56.phis.win@19/29@18/158
                  • Exclude process from analysis (whitelisted): svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.184.227, 216.58.206.46, 74.125.206.84, 142.250.185.206
                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                  • Not all processes where analyzed, report is missing behavior information
                  • VT rate limit hit for: http://i646972656374o6c6373o636f6dz.oszar.com/
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 30 07:33:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2673
                  Entropy (8bit):3.9861388134871936
                  Encrypted:false
                  SSDEEP:
                  MD5:CFDAF8605F21AAC755ABB773E9A3FF7C
                  SHA1:2E3631139AC4388DDBA7A047ED2C339D797CE735
                  SHA-256:2F4AAF4677E3E9C375629631754B7A184746337C78DBD4BADE47350BBC76EC1E
                  SHA-512:E2D992C9F78A0A6E95E1969C37F7E145344FFB76B26AE01459B2533A3973CCC9267C23CEBD9221336D081124433D43228B86DCC24C4CF3D0FD7B8AE9BEDEB1FF
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....qg...Z..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y+D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y3D....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y3D....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y3D..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y5D...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 30 07:33:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2675
                  Entropy (8bit):4.003737883956425
                  Encrypted:false
                  SSDEEP:
                  MD5:FAA2C8CBEC5E348C848EFD8B3EFBA44D
                  SHA1:193F18B7547E3E32730C70FFC60F7F184640CB35
                  SHA-256:94F95E6A41F5EF12AC1C8F4C0F11FDC8EC5A3882F533A56922E06228DFB71A44
                  SHA-512:532BB90F813F19716DFCDB8E9A7093BAD133D5BD9C531426A8EA63D52847C7847F6BC4EA91A5283C2079147672C5F0F358FB078212A2118FA76EDE0E76D4D35F
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.........Z..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y+D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y3D....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y3D....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y3D..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y5D...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2689
                  Entropy (8bit):4.009719629718929
                  Encrypted:false
                  SSDEEP:
                  MD5:53E0D3DEBB2E508875E4833BD7360626
                  SHA1:F89B08FA0469AB3139A36AB53D7604C0EBEC1257
                  SHA-256:606EB45108B24D4E7B8A5F75755B59252BF6B9F1DD46CF158CC1FBC9D8EDB0BF
                  SHA-512:174ECD4873E915749C53331A0169661F1C441C73451797CDF0C555FD0015D77C53470236AF2A97636766BA8D52D1F765229AFF9E9F94F764AFA91AAA573B4B35
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y+D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y3D....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y3D....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y3D..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 30 07:33:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):4.002381721650193
                  Encrypted:false
                  SSDEEP:
                  MD5:8C753F048B783EBCD496A77857E21D40
                  SHA1:A66A24310D6D8D78A526D69ADACF99D5F55CF2B6
                  SHA-256:771AF6771CC926498A9F60231DB428E293A6920BBAB7FB1D42F868116661D884
                  SHA-512:3E23C4C43A4E3F3A1F1C761B2129B4AE2A3BBE41522AB22FAD32DD34D39644D0DB79C164757068A8FC6B3EEC33984CC57B6558EEDEAB93490C5D64A4C5F3642F
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....|P...Z..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y+D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y3D....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y3D....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y3D..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y5D...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 30 07:33:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.9895343681945534
                  Encrypted:false
                  SSDEEP:
                  MD5:0D1F5792D38BA02E55A09CDA39D52F3D
                  SHA1:62F26478017B7AAC36597275B998C6E2DA510914
                  SHA-256:F447451E13E3FCF73F67C052C72E31DAB588D5C2A9882931787293715C6B5B6A
                  SHA-512:4A4143B4D59D48409230A1F2BA214D630F2BE43FAE39851A7A7DF2FDA82242B49B910DC2C9AB499710B8200E7E13FA0BDB6A964BF8C531A0F93C5D5CEA255749
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....T7...Z..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y+D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y3D....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y3D....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y3D..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y5D...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 30 07:33:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.998701443865897
                  Encrypted:false
                  SSDEEP:
                  MD5:D065075055B76AA349E74A2C5C477787
                  SHA1:D84A2DF833DD9DF66CB02CFA7CEEAB0C1A90A060
                  SHA-256:D809683FC9FDFCFBE062CBD8BA72081AFC3990812F8359593DB822ABA090FFF3
                  SHA-512:98816884A825E6AE40A4CF73D20C08B00537333A7093A23D2231279F18347F998FA381DC9643CC6EA6A423BE3F7902DF8FF8B3AAF041511B54C3D10CDD40BF86
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.........Z..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y+D....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y3D....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y3D....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y3D..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y5D...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                  Category:downloaded
                  Size (bytes):121382
                  Entropy (8bit):5.087101047874208
                  Encrypted:false
                  SSDEEP:
                  MD5:9E1C5890259BDD978CDE1AFA5CD2418D
                  SHA1:3012ADB87E7E8AECA84BAAA5E63B089711B8E780
                  SHA-256:57239A7647F59FFE12F2E4A68ADBDAE32ED9FE7804F69CBE2DCFE98A6925C88D
                  SHA-512:5CF50B3BCA84E055A89786F6486667CB8198E153CFBE412D3374DC1445F9F84E0061070B22E265CA4F8E5F13B4CC6309993CEDB9955C2D45E7D194F9A76D9A94
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/bundles/FoundationCss?v=6gK5uCVeeud6ZD07o08dNs1gfu6YgCFytxNrweJ4hU41
                  Preview:@charset "UTF-8";@media print,screen and (min-width:40em){.reveal,.reveal.large,.reveal.small,.reveal.tiny{right:auto;left:auto;margin:0 auto}}html{font-family:sans-serif;line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}main{display:block}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.2
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (1494), with CRLF, CR, LF line terminators
                  Category:downloaded
                  Size (bytes):6263
                  Entropy (8bit):5.59723237468784
                  Encrypted:false
                  SSDEEP:
                  MD5:FAD6576BD0F9B81C8BEFB847499E2E2C
                  SHA1:D211034EC2A3BB4DB9270B2DFB595A986AC6E443
                  SHA-256:AB61BA251337B7728906D98A9C19B3EB3C3BD3F8E5AB3FDDA8DFE314684B1F50
                  SHA-512:5CFFF99FF9A1D16718F9BD1EA5C7B18F248A76A38E6EA8B7DFFB34A1C9496A6702747C47DE5FCBCE331E505F39FAD219AF3CBD3CF6623EC85E5499285106A322
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2f
                  Preview:<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8" />.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<title> - LCSDirect</title>.<link href="/bundles/FoundationCss?v=6gK5uCVeeud6ZD07o08dNs1gfu6YgCFytxNrweJ4hU41" rel="stylesheet"/>.<link href="/Content/Icons/foundation-icons.css" rel="stylesheet"/>.<noscript>.<meta http-equiv="refresh" content="0;URL=/Shared/Error/NoJavascript" />.</noscript>.</head>.<body>.<script>.</script>.<input type="hidden" id="forgeryToken" value="CDKgCoMlrf24Ig_UVo04JfLKx3tDsGNHPbfvDTEVE-imXpLV8pzd_L-61k7qK95c-MEqgze-ZYdPKdD92UbWWYv2oIg1,-hMX9WreKtHXMY8GLR1U74l_6waReQjXyYN_4Pr8XTu_sOXLUIFCPiFk2JebRN_P6QLdx_VyX3NmmRtxXyuRyQYRlmc1" />.<div id="center" style="position: fixed; z-index: 2000000000000 !important; top: 50%; left: 50%"></div> <div id="pageBody" class="row small-12 medium-10 large-8 columns float-center">.<div class="vertical-spacer-1"></div>.<div id="pageMessages">.<div id="successMessages">.</div>.<div id="errorMessages">.</div
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
                  Category:dropped
                  Size (bytes):291686
                  Entropy (8bit):5.241706996810216
                  Encrypted:false
                  SSDEEP:
                  MD5:99EF8171084370F3AB653B6E147F9968
                  SHA1:6310646EC84C167CD83D187AA9444960364396ED
                  SHA-256:4E2867B68EF47B8DDDB4826FDCFB5E4458A68BAE259A2530FF0DA900C102EB34
                  SHA-512:F75742B1DBCB559F7C0707DAE5DEF40BC5256BB16422D43F5BA28BC32EF540976DE6512F3AB3A3F4FE5C645D69A0ECFC99A016FBFCD4D74F19130A3060FB2C4A
                  Malicious:false
                  Reputation:unknown
                  Preview:function getCardName(n){switch(n){case"Visa":return"visa";case"Master Card":return"mastercard";case"American Express":return"amex";case"Discover":return"discover"}}function lcsdInitialize(){new Foundation.Equalizer($(".button-row")).applyHeight()}function lcsdWorkingStart(){spinner.spin(document.getElementById("center"))}function lcsdWorkingStop(){spinner.stop()}function confirmModal(n,t,i,r,u,f,e,o){var h,s;u=u||"Yes";f=f||"No";e=e||"";o=o||"";h='<div class="reveal" id="confirmModal" data-reveal data-options="closeOnClick:false;closeOnEsc:false"><h4 class="expanded confirm-title '+e+'">'+n+'<\/h2><div class="confirm-message '+o+'">'+t+'<\/div><div><button class="button no hollow" data-close>'+f+'<\/button><button class="button yes float-right">'+u+"<\/button><\/div><\/div>";$("body").append(h);s=new Foundation.Reveal($("#confirmModal"));s.open();$("#confirmModal").find(".yes").one("click",function(){s.close();$("#confirmModal").remove();i&&i.call()});$("#confirmModal").find(".no").one
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (19948), with no line terminators
                  Category:dropped
                  Size (bytes):19948
                  Entropy (8bit):5.261902742187293
                  Encrypted:false
                  SSDEEP:
                  MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                  SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                  SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                  SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                  Malicious:false
                  Reputation:unknown
                  Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 1526 x 205, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):42523
                  Entropy (8bit):7.973962992768459
                  Encrypted:false
                  SSDEEP:
                  MD5:9E63A6A3B83619BEBCF91DF0EE3CF68D
                  SHA1:DFCD2E25C09B298B0C494B510F2418589DA1B7E5
                  SHA-256:FEE9774C4AF11FFD390045248EDD905FDA4D9E3A1918B3DF5799F71C2F9105AC
                  SHA-512:311C77D8C418DF183342F862BD67ACCB324F45C6FC00DD760E1C60E111F36BCDC82EB63591AD5EF5A445BE93DF559AC6F9C50A0E38696E2C3780670E1E305384
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...............!.....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (34856), with no line terminators
                  Category:dropped
                  Size (bytes):34856
                  Entropy (8bit):5.188582538938972
                  Encrypted:false
                  SSDEEP:
                  MD5:EA5156488C923FFE8E63C44612BD8924
                  SHA1:1AA202791B5B3D2643D2FBDBE54F763C8EF54F95
                  SHA-256:C9CCDB6A84A64AAE9004B426C0AD3DF29D5118E4538405BB2C83AA74F40CD947
                  SHA-512:61A11B0DECCE6DACA6CA8F741A21E7B83E0062A00FF66CBBA2B0E60F038F69D43FBD56DF37823577BF690765517C7819ADF979033D4DAE2F1AB6819AF043F52A
                  Malicious:false
                  Reputation:unknown
                  Preview:function getCardName(n){switch(n){case"Visa":return"visa";case"Master Card":return"mastercard";case"American Express":return"amex";case"Discover":return"discover"}}!function(n){"function"==typeof define&&define.amd?define(["jquery"],n):"object"==typeof module&&module.exports?module.exports=n(require("jquery")):n(jQuery)}(function(n){n.extend(n.fn,{validate:function(t){if(!this.length)return void(t&&t.debug&&window.console&&console.warn("Nothing selected, can't validate, returning nothing."));var i=n.data(this[0],"validator");return i?i:(this.attr("novalidate","novalidate"),i=new n.validator(t,this[0]),n.data(this[0],"validator",i),i.settings.onsubmit&&(this.on("click.validate",":submit",function(t){i.settings.submitHandler&&(i.submitButton=t.target);n(this).hasClass("cancel")&&(i.cancelSubmit=!0);void 0!==n(this).attr("formnovalidate")&&(i.cancelSubmit=!0)}),this.on("submit.validate",function(t){function r(){var u,r;return!i.settings.submitHandler||(i.submitButton&&(u=n("<input type='h
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (7535), with no line terminators
                  Category:dropped
                  Size (bytes):7535
                  Entropy (8bit):5.283885248637187
                  Encrypted:false
                  SSDEEP:
                  MD5:C5C10BF693823D5A315CBF8D23D20F40
                  SHA1:1673D41113B52988298A73052C54FBBA24958F6C
                  SHA-256:54C073E71D9A6913EB8AFC413E4B53ECEB5D33CF898D4BDE832832789F522275
                  SHA-512:564494E452B994A8431BF8ACAC90239060BA1D4E38FC5622580A66B7744F31CDC76A8B356DFED08739074E54B125A1E491592A44D278982FFB6FF7FB377E2D16
                  Malicious:false
                  Reputation:unknown
                  Preview:function lcsdInitialize(){new Foundation.Equalizer($(".button-row")).applyHeight()}function lcsdWorkingStart(){spinner.spin(document.getElementById("center"))}function lcsdWorkingStop(){spinner.stop()}function confirmModal(n,t,i,r,u,f,e,o){var h,s;u=u||"Yes";f=f||"No";e=e||"";o=o||"";h='<div class="reveal" id="confirmModal" data-reveal data-options="closeOnClick:false;closeOnEsc:false"><h4 class="expanded confirm-title '+e+'">'+n+'<\/h2><div class="confirm-message '+o+'">'+t+'<\/div><div><button class="button no hollow" data-close>'+f+'<\/button><button class="button yes float-right">'+u+"<\/button><\/div><\/div>";$("body").append(h);s=new Foundation.Reveal($("#confirmModal"));s.open();$("#confirmModal").find(".yes").one("click",function(){s.close();$("#confirmModal").remove();i&&i.call()});$("#confirmModal").find(".no").one("click",function(){s.close();r&&r.call()});$(document).one("closed.zf.reveal","#confirmModal",function(){var n=$("#confirmModal").parent(".reveal-overlay");$("#con
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (5945)
                  Category:dropped
                  Size (bytes):332954
                  Entropy (8bit):5.577806264041406
                  Encrypted:false
                  SSDEEP:
                  MD5:FA628573A051F358D0A30A64AA6C8BE1
                  SHA1:B086275ADC9F55AA74C1CD9DD57EE1103D8DCDC4
                  SHA-256:F67E48B6470BE9C9FC1CAA370E97164E389C4CC60161668481E375ABF8CACB75
                  SHA-512:BEC8A362E7B9E3B092A681949AA1729747BCFA26B26B74218A290B3A2C37D8818E315F2EA4A7D94C452992A23EB466E86B976C68A08CD56214C05BA2660D11DA
                  Malicious:false
                  Reputation:unknown
                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":13,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":8},{"function":"__ogt_1p_data_v2","priority":13,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_l
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (2900), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):3823
                  Entropy (8bit):5.251143459017027
                  Encrypted:false
                  SSDEEP:
                  MD5:89C115418F813B7AAFC500A09FDBF1ED
                  SHA1:355637F6A96D58CB9FBB23002D2B19B17CA6F397
                  SHA-256:B6AD5A27603F75A791CAC31650E628994529F4692654F074E6A365B006911BEE
                  SHA-512:983DDC723B50EA3EAE9A707D9040D8AC1F01CDD2059BCCC37F3DD79FC4FADD2822030625990E38E1E09B8449F258AB102A098601A98B9A4CDE10595EAA4EC3A1
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Scripts/jquery.unobtrusive-ajax.min.js
                  Preview:/* NUGET: BEGIN LICENSE TEXT.. *.. * Microsoft grants you the right to use these script files for the sole.. * purpose of either: (i) interacting through your browser with the Microsoft.. * website or online service, subject to the applicable licensing or use.. * terms; or (ii) using the files as included with a Microsoft product subject.. * to that product's license terms. Microsoft reserves all other rights to the.. * files not expressly granted by Microsoft, whether by implication, estoppel.. * or otherwise. Insofar as a script file is dual licensed under GPL,.. * Microsoft neither took the code under GPL nor distributes it thereunder but.. * under the terms set out in this paragraph. All notices and licenses.. * below are for informational purposes only... *.. * NUGET: END LICENSE TEXT */../*..** Unobtrusive Ajax support library for jQuery..** Copyright (C) Microsoft Corporation. All rights reserved...*/..(function(a){var b="unobtrusiveAjaxClick",d="unobtrusiveAjaxClickTarget",h="u
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (8801), with no line terminators
                  Category:dropped
                  Size (bytes):8801
                  Entropy (8bit):5.75443969795799
                  Encrypted:false
                  SSDEEP:
                  MD5:FE0C3084A371C6CC542E4715A8BFA387
                  SHA1:27329EE333F790F4D8A6C171CB74C74E0F3D964D
                  SHA-256:51820306DE21949B86DFFFB01BDA6BEA7AFD9042F7AA985E246787E822C2AA52
                  SHA-512:B03B2E8A9546FF74C0656082FCB362C06F19FE054333C371A2999CF6EEA982FEA623886DE7268D3B42E2BE66B73542DA6D0585DD6DD22D0B2977042111801AB1
                  Malicious:false
                  Reputation:unknown
                  Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,o,s,z,A){W=b,function(c,d,V,e,f){for(V=b,e=c();!![];)try{if(f=-parseInt(V(552))/1*(parseInt(V(560))/2)+-parseInt(V(572))/3*(-parseInt(V(584))/4)+parseInt(V(591))/5*(-parseInt(V(534))/6)+parseInt(V(581))/7*(-parseInt(V(594))/8)+-parseInt(V(597))/9*(parseInt(V(499))/10)+-parseInt(V(506))/11+parseInt(V(541))/12,f===d)break;else e.push(e.shift())}catch(E){e.push(e.shift())}}(a,578062),h=this||self,i=h[W(497)],j=function(X,d,e,f){return X=W,d=String[X(521)],e={'h':function(E){return null==E?'':e.g(E,6,function(F,Y){return Y=b,Y(551)[Y(494)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(543)];R+=1)if(S=E[Z(494)](R),Object[Z(520)][Z(522)][Z(507)](I,S)||(I[S]=M++,J[S]=!0),T=K+S,Object[Z(520)][Z(522)][Z(507)](I,T))K=T;else{if(Object[Z(520)][Z(522)][Z(507)](J,K)){if(256>K[Z(570)](0)){for(H=0;H<N;P<<=1,F-1==Q?(Q=0,O[Z(587)](G(P)),P=0):Q++,H++);for(U=K[Z(570)](0)
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (550), with CRLF, LF line terminators
                  Category:downloaded
                  Size (bytes):5441
                  Entropy (8bit):5.339560838458592
                  Encrypted:false
                  SSDEEP:
                  MD5:03FAFCCDF88A0CF064FE10810D612487
                  SHA1:208AACBFCE40494F7EA5E735FAB6CB2A00EFA244
                  SHA-256:FB81073C7ACA3C937A743BEE65B88D3C7F0D300654EC99190B8245769C97283D
                  SHA-512:21B4CC7591E041115CBBC4204FFBA7F6AF76D989446D242F00A5B8AEA5D477D66AE7854E9AD0A7054C96B53D8D854F9CB2C6FE00B18A3D53E6C64997E39E4B8B
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPassword
                  Preview:<!DOCTYPE html>..<html>..<head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0">...... <title>Error - LCSDirect</title>...... <link href="/bundles/FoundationCss?v=6gK5uCVeeud6ZD07o08dNs1gfu6YgCFytxNrweJ4hU41" rel="stylesheet"/>.... <link href="/Content/Icons/foundation-icons.css" rel="stylesheet"/>........ <noscript>.. <meta http-equiv="refresh" content="0;URL=/Shared/Error/NoJavascript" />.. </noscript>..</head>..<body>.. <script>.... </script>.. <input type="hidden" id="forgeryToken" value="j1ah7U80qZJPoO0Vd07VXV65cHD3bxewSikVls9Y5OQ-zwwfb8NAJ3d_wbMFG1_JeIbn_WOR1tKaGuFq0eLAkL6dXk81,ji_0FVSxhy54rCAlHXu7_UGr7e3V-A6hhOkx1y6d6IllHaMiRpFIrEUg3MXuOQNHyl16VoMzlQxaLmDNHrTPSY_eog81" />.. <div id="center" style="position: fixed; z-index: 2000000000000 !important; top: 50%; left: 50%"></div> .... <div class="currentPageHeading">.. Error.. </div>.. <div id="pageBody" class="row small-12 me
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):28
                  Entropy (8bit):4.137537511266052
                  Encrypted:false
                  SSDEEP:
                  MD5:06B600CC7E72FD9130AB6E659DE80F50
                  SHA1:4A40600F17702C006C1C769394E5B6EAC5E10F30
                  SHA-256:13BED1C3FF8EF12C17ECB33CCA08EC590FF9A1ABC9F47F2058756321AE22EE1A
                  SHA-512:B8553E95034B421541E155545382F9CFDEF93B860948CE15290A57A03B2B24C88E5CC15D0DC463F2C4AA9634C3EB6900BFB37D482FE530BF38433C2E187293FA
                  Malicious:false
                  Reputation:unknown
                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkTzFEqabNRUBIFDaqYN6ASBQ1lIZnq?alt=proto
                  Preview:ChIKBw2qmDegGgAKBw1lIZnqGgA=
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):3191
                  Entropy (8bit):4.401995199261013
                  Encrypted:false
                  SSDEEP:
                  MD5:FB31DAF30F51987BF49B8411679C50C8
                  SHA1:08C788F6A01CB63A0CB30AE9086A776FD69FA1CE
                  SHA-256:1FE925A1BE9CBAC8C73361A9F214FC76E05D8F31F5C3603B74BCD22D67F132EF
                  SHA-512:5EB9EED9C792F6D157A3C4B995C9206BF9F6B8B3040DBDC6B9D66E4B1D46A49F7BEAE9F3DFE40A28F19D86EA301C98D4E7E7D35008A3313FFAF904D6E4966D90
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Scripts/SessionTimeout.js
                  Preview:.//..// sessionTimeout.js..//..// After a set amount of time, a sliding divis shown to the user with the option..// to either log out now, or stay connected. If log out now is selected,..// the page is redirected to a logout URL. If stay connected is selected,..// a keep-alive URL is requested through AJAX. If no options is selected..// after another set amount of time, the page is automatically redirected..// to a timeout URL...//..//..// USAGE..//..// 1. Include jQuery..// 2. Call $.sessionTimeout(); after document ready..//..//..// OPTIONS..//..// message..// Text shown to user in dialog after warning period...// Default: 'Your session is about to expire.'..//..// keepAliveUrl..// URL to call through AJAX to keep session alive..// Default: '/Shared/Login'..//..// redirUrl..// URL to take browser to if no action is take after warning period..// Default: 'timedOut.asp'..//..// logoutUrl..// URL to take browser to if user clicks "Log Out Now"..
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows icon resource - 1 icon, 60x60, 32 bits/pixel
                  Category:downloaded
                  Size (bytes):14942
                  Entropy (8bit):4.580930880177283
                  Encrypted:false
                  SSDEEP:
                  MD5:84284EBE7129F293978725ABE9952687
                  SHA1:905BDF0A818EB010B726D24DA611458D7104336D
                  SHA-256:F325400640FE23F1D99A31B40DFD43CB4C37C5FEC9FE428F2042576B4BBB7654
                  SHA-512:633426B6C11D68C7AD17D4204714AB2D89E0F5AD27A799C8A36628704C87F6662E87D032FFFAC04C64CF9C344647E26833507F6C6B5772DE9466A2738AD6A794
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/favicon.ico
                  Preview:......<<.... .H:......(...<...x..... .....@8..'...'................................................................................................................................$., #...................................................................................................................................................................................................................................... ".]!$..!$..!#...#.&........................................................................................................................................................................................................................#%..#&..#&..#&..#&..#&..#&.E.............................................................................................................................................................................................................$..$&..$'..$'..$'..$'..$'..$'..$'..$'.f..............................................................................
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (550), with CRLF, CR, LF line terminators
                  Category:downloaded
                  Size (bytes):4876
                  Entropy (8bit):5.609480525884364
                  Encrypted:false
                  SSDEEP:
                  MD5:F104EFA3C06D65590C81F65A1A60E701
                  SHA1:D6C6FEF285A45FCFCC5C09004A377F4DF5BEFAC4
                  SHA-256:3F053C305EDBCD7FC37D5AE8A6C6AD24B2A3D8C481887BFEA16F4966CB0DBD14
                  SHA-512:D2F442C42D55BB5D320948CD2754C34E9077B1BD4FFE40E344BA71DEE113A7BF2F727407429CF3BC36369D410398B7A0733C01FB84BF2F8894E04EF0E909D4B3
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/ForgotPassword
                  Preview:<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8" />.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<title>Forgot your password? - LCSDirect</title>.<link href="/bundles/FoundationCss?v=6gK5uCVeeud6ZD07o08dNs1gfu6YgCFytxNrweJ4hU41" rel="stylesheet"/>.<link href="/Content/Icons/foundation-icons.css" rel="stylesheet"/>.<noscript>.<meta http-equiv="refresh" content="0;URL=/Shared/Error/NoJavascript" />.</noscript>.</head>.<body>.<script>.</script>.<input type="hidden" id="forgeryToken" value="bqDObf9R58nJ1zlm-Wvzh2GE7H4GA3Y1r3bcOmjJ-el-LQVMV7YCR1SU3lf3KSrpUJOW_yZ6EzzDqTSW_EJpL_QLnzY1,KAno_DuMso3ny9DRks1UBkww59n589kXH5n0p57ulgynM1TLk5QrqtzYZ5V94htV6H8LnNaUXpuxiwFXegnN3D8iODE1" />.<div id="center" style="position: fixed; z-index: 2000000000000 !important; top: 50%; left: 50%"></div> <div class="currentPageHeading">.Forgot your password?.</div>.<div id="pageBody" class="row small-12 medium-10 large-8 columns float-center">.<div class="vertical-spacer-1"></div>.<div
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
                  Category:downloaded
                  Size (bytes):238197
                  Entropy (8bit):5.238285536798212
                  Encrypted:false
                  SSDEEP:
                  MD5:5131FFBCCD4CF48C696F36FD227B86B5
                  SHA1:566B69EB214D277F78581B22FA4B7A00A40DC8FB
                  SHA-256:2A2D2BF581D2719C0CC9850876EB05387557FA9EEB864BD05473AE89B0D9443A
                  SHA-512:0F989A0068D1D9834A350C05C30709002C379007671CF9BE6D29DA346370E380E92953C99BC9EC1A5016C52A1EA219EB9C629418F44199FAF4C164C54838DEA0
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/bundles/FoundationJs?v=2PK3qdjmN-cvuvM3KmP_GHgy2MQD0zBg2zhVfdbdzJ41
                  Preview:(function(n,t){"use strict";typeof module=="object"&&typeof module.exports=="object"?module.exports=n.document?t(n,!0):function(n){if(!n.document)throw new Error("jQuery requires a window with a document");return t(n)}:t(n)})(typeof window!="undefined"?window:this,function(n,t){"use strict";function ir(n,t){t=t||u;var i=t.createElement("script");i.text=n;t.head.appendChild(i).parentNode.removeChild(i)}function fi(n){var t=!!n&&"length"in n&&n.length,r=i.type(n);return r==="function"||i.isWindow(n)?!1:r==="array"||t===0||typeof t=="number"&&t>0&&t-1 in n}function l(n,t){return n.nodeName&&n.nodeName.toLowerCase()===t.toLowerCase()}function oi(n,t,r){return i.isFunction(t)?i.grep(n,function(n,i){return!!t.call(n,i,n)!==r}):t.nodeType?i.grep(n,function(n){return n===t!==r}):typeof t!="string"?i.grep(n,function(n){return ot.call(t,n)>-1!==r}):er.test(t)?i.filter(t,n,r):(t=i.filter(t,n),i.grep(n,function(n){return ot.call(t,n)>-1!==r&&n.nodeType===1}))}function ar(n,t){while((n=n[t])&&n.nod
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):20119
                  Entropy (8bit):4.825512618760849
                  Encrypted:false
                  SSDEEP:
                  MD5:7C1FC543247FE5A37BF31DC5C23598D2
                  SHA1:1658A41411A88649AC11BDA7FFDCEA97FA93B023
                  SHA-256:991B21C4AB6719E59C32E80EB1950152467B350FF8027B3BE6664644996281BB
                  SHA-512:1131170BE420A89346BC1DF8B865AD1B5CF66E56CF7BDD1B04269E6487F45F7C2E4F52ED9A69D5A2728D46AA1F25EB800D442556106B1D75C8AFEAABEE6AD80C
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Content/Icons/foundation-icons.css
                  Preview:/* .. * Foundation Icons v 3.0.. * Made by ZURB 2013 http://i7a757262o636f6dz.oszar.com/playground/foundation-icon-fonts-3.. * MIT License.. */....@font-face {.. font-family: "foundation-icons";.. src: url("foundation-icons.eot");.. src: url("foundation-icons.eot?#iefix") format("embedded-opentype"),.. url("foundation-icons.woff") format("woff"),.. url("foundation-icons.ttf") format("truetype"),.. url("foundation-icons.svg#fontcustom") format("svg");.. font-weight: normal;.. font-style: normal;..}.....fi-address-book:before,...fi-alert:before,...fi-align-center:before,...fi-align-justify:before,...fi-align-left:before,...fi-align-right:before,...fi-anchor:before,...fi-annotate:before,...fi-archive:before,...fi-arrow-down:before,...fi-arrow-left:before,...fi-arrow-right:before,...fi-arrow-up:before,...fi-arrows-compress:before,...fi-arrows-expand:before,...fi-arrows-in:before,...fi-arrows-out:before,...fi-asl:before,...fi-asterisk:before,...fi-at-sign:before,...fi
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (5945)
                  Category:downloaded
                  Size (bytes):332954
                  Entropy (8bit):5.577732827643103
                  Encrypted:false
                  SSDEEP:
                  MD5:76CA1E8C97D1D0F363836D6F96A356DF
                  SHA1:597D8CD66E7D836B3414FCE46200EBB55AEEEBCC
                  SHA-256:C81941B602FFBCE8E507547CD9C223139DC6ACC7772F066A5810323476BE66C6
                  SHA-512:EE675752598AC95EFFCD4FA404378713D403CF7984363322BBBE0F5947ED8DE33339F45BB5F1FE45ED2E100A8F61FFC9F2180C0F59D496529F9AC5EE17B21343
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.googletagmanager.com/gtag/js?id=G-PNFHQ1FTKQ
                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":13,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":8},{"function":"__ogt_1p_data_v2","priority":13,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_l
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (11095), with no line terminators
                  Category:downloaded
                  Size (bytes):11095
                  Entropy (8bit):5.237754788592151
                  Encrypted:false
                  SSDEEP:
                  MD5:EFEAC4BCC64C045F413F90CEBA3F836E
                  SHA1:F6E4AF16612D2C740E0D62440FCE784290EAB928
                  SHA-256:9E83216908224FFBC39992A5E60F93CA21B8E2240BA28025BA679C4B70F7112D
                  SHA-512:8D0B20E90EB1DE8E68918C9306DEE3CE0453CB176D463D1061FBE50FAC804FFA0C3682DA42A6C53B99CBDC2F3C1809744A64538BD47CCF68865C1774BADED878
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/bundles/modernizr?v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1
                  Preview:window.Modernizr=function(n,t,i){function a(n){c.cssText=n}function vt(n,t){return a(y.join(n+";")+(t||""))}function h(n,t){return typeof n===t}function v(n,t){return!!~(""+n).indexOf(t)}function lt(n,t){var u,r;for(u in n)if(r=n[u],!v(r,"-")&&c[r]!==i)return t=="pfx"?r:!0;return!1}function yt(n,t,r){var f,u;for(f in n)if(u=t[n[f]],u!==i)return r===!1?n[f]:h(u,"function")?u.bind(r||t):u;return!1}function f(n,t,i){var r=n.charAt(0).toUpperCase()+n.slice(1),u=(n+" "+ot.join(r+" ")+r).split(" ");return h(t,"string")||h(t,"undefined")?lt(u,t):(u=(n+" "+st.join(r+" ")+r).split(" "),yt(u,t,i))}function pt(){u.input=function(i){for(var r=0,u=i.length;r<u;r++)w[i[r]]=!!(i[r]in o);return w.list&&(w.list=!!(t.createElement("datalist")&&n.HTMLDataListElement)),w}("autocomplete autofocus list placeholder max min multiple pattern required step".split(" "));u.inputtypes=function(n){for(var u=0,r,f,e,h=n.length;u<h;u++)o.setAttribute("type",f=n[u]),r=o.type!=="text",r&&(o.value=g,o.style.cssText="pos
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (8714), with no line terminators
                  Category:downloaded
                  Size (bytes):8714
                  Entropy (8bit):5.734402721045148
                  Encrypted:false
                  SSDEEP:
                  MD5:F2681387DFAF2612843299B65A67BA08
                  SHA1:891F112783C76E6D98055601B9DC549A7C9D30E0
                  SHA-256:74086938752AE4A85652FB4385F12F46D9FA591BB7B317586CFE3A9ECB7FA9E1
                  SHA-512:0B7DF1EB571B56DE02C164A950527B1979C2C7BEC2A415672C653744507992C56E23F28BDF165388BAD7C635AE4585F37B815481AD8760722DC256640F2FCA30
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
                  Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,o,s,x){W=b,function(d,e,V,f,g){for(V=b,f=d();!![];)try{if(g=parseInt(V(336))/1+-parseInt(V(327))/2*(-parseInt(V(236))/3)+-parseInt(V(299))/4+-parseInt(V(279))/5+parseInt(V(314))/6*(-parseInt(V(340))/7)+-parseInt(V(253))/8+parseInt(V(332))/9,e===g)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,348890),h=this||self,i=h[W(271)],j={},j[W(349)]='o',j[W(328)]='s',j[W(309)]='u',j[W(305)]='z',j[W(304)]='n',j[W(320)]='I',j[W(293)]='b',k=j,h[W(342)]=function(g,E,F,G,a1,I,J,K,L,M,N){if(a1=W,E===null||E===void 0)return G;for(I=n(E),g[a1(303)][a1(344)]&&(I=I[a1(255)](g[a1(303)][a1(344)](E))),I=g[a1(280)][a1(326)]&&g[a1(315)]?g[a1(280)][a1(326)](new g[(a1(315))](I)):function(O,a2,P){for(a2=a1,O[a2(352)](),P=0;P<O[a2(347)];O[P+1]===O[P]?O[a2(296)](P+1,1):P+=1);return O}(I),J='nAsAaAb'.split('A'),J=J[a1(257)][a1(243)](J),K=0;K<I[a1(347)];L=I[K],M=m(g,E,L),J(M)?(N='s'===M&&!g[a1(260)](E[L]),a1(248)===F+L?H(F+L,M):N||H(F+L,E[L])):H(F+L,M),K
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):16
                  Entropy (8bit):3.702819531114783
                  Encrypted:false
                  SSDEEP:
                  MD5:C20208D6C598C5E30D91C7BD0F092B15
                  SHA1:320AAD30BC187166CC2144EE553BAD0B882469EE
                  SHA-256:2CF24173161669C3A07C7E671C778601D4E04D02784BF5BEB230EE1C70536481
                  SHA-512:ED4EAA63D79DC6FB1B8E670FD63C303E6FCB1A2A7AD832EE115769D84D6A22FE41A978B7B109A77DD5DE0DA734F54218E987FE62C1574E4E5B376EF6BAD5DBCC
                  Malicious:false
                  Reputation:unknown
                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmxJQlc1qGc4BIFDaqYN6A=?alt=proto
                  Preview:CgkKBw2qmDegGgA=
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (556), with CRLF, CR, LF line terminators
                  Category:downloaded
                  Size (bytes):5325
                  Entropy (8bit):5.575344037688944
                  Encrypted:false
                  SSDEEP:
                  MD5:A98543FDD313E023881834DAA90B640A
                  SHA1:54C0665B5594B23343562B8E52D83F86F37FECCE
                  SHA-256:A931FFE28C603FCD9A40453F58285EDDB57570BC2BDDC1AB9C34A0DEA57FCAA2
                  SHA-512:F73937F3F3B854A63000317614FF5BA129EFB99AD83C724096800C51B42966E9AF34DB569DE1640D3BCEEBEF71D4C9031D34521A0AC4425A45133FDD203E2026
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login
                  Preview:<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8" />.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<title> - LCSDirect</title>.<link href="/bundles/FoundationCss?v=6gK5uCVeeud6ZD07o08dNs1gfu6YgCFytxNrweJ4hU41" rel="stylesheet"/>.<link href="/Content/Icons/foundation-icons.css" rel="stylesheet"/>.<noscript>.<meta http-equiv="refresh" content="0;URL=/Shared/Error/NoJavascript" />.</noscript>.</head>.<body>.<script>.</script>.<input type="hidden" id="forgeryToken" value="6wXRhjtOYWItf4ojFLraV4TC2V32KvXTLpZ2LGWBKZOKuV7nHOb-y0-cS_mQsfQi570adO-b3SmCZZldKEQun7CMeE41,98Kv4KwTabtIejrpHQgswC7F_Q2CJoPanYPrFtdQELXD2Rc_0yLQQDvx0asHmOj8gCzRjiKChRzhavKnDZV6SyJ8PBs1" />.<div id="center" style="position: fixed; z-index: 2000000000000 !important; top: 50%; left: 50%"></div> <div id="pageBody" class="row small-12 medium-10 large-8 columns float-center">.<div class="vertical-spacer-1"></div>.<div id="pageMessages">.<div id="successMessages">.</div>.<div id="errorMessages">.</div
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (550), with CRLF, LF line terminators
                  Category:downloaded
                  Size (bytes):5446
                  Entropy (8bit):5.341133556227133
                  Encrypted:false
                  SSDEEP:
                  MD5:CE4122CC7493F891B3D45177D12EA653
                  SHA1:D58211844F963A4FE25038EE10E30B043887927F
                  SHA-256:3D90537055C02B12DC52F59962A02F3E72FDBDBE7A542749795549964D3F41EB
                  SHA-512:4688950A179ABAA62865B9974206DA5287B66928A926ADA23AC402FE424CF0CA2C1C52DEEFDD55CB61F703433BE4189C839AE9C0FBDF16D65607903385711570
                  Malicious:false
                  Reputation:unknown
                  URL:https://i646972656374o6c6373o636f6dz.oszar.com/Identity/Account/Login?ReturnUrl=%2F
                  Preview:<!DOCTYPE html>..<html>..<head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0">...... <title>Error - LCSDirect</title>...... <link href="/bundles/FoundationCss?v=6gK5uCVeeud6ZD07o08dNs1gfu6YgCFytxNrweJ4hU41" rel="stylesheet"/>.... <link href="/Content/Icons/foundation-icons.css" rel="stylesheet"/>........ <noscript>.. <meta http-equiv="refresh" content="0;URL=/Shared/Error/NoJavascript" />.. </noscript>..</head>..<body>.. <script>.... </script>.. <input type="hidden" id="forgeryToken" value="r53m2zrIB7_hTLubRcveuKrE5auBFfdWb1dW7BvlisxxrOIppzrG7DDCvFPhB8u9GgJEBCFMdEAwtZyvk5C9za0d9Xw1,YeOpEaOIrTVZXb7X-4wTskjIrdWSqTm03U6j02652cDSBMDA-CwAGGlhLkHZqOqu1v7gsXAelklHn89V5H9jDM8vtJM1" />.. <div id="center" style="position: fixed; z-index: 2000000000000 !important; top: 50%; left: 50%"></div> .... <div class="currentPageHeading">.. Error.. </div>.. <div id="pageBody" class="row small-12 me
                  No static file info