Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok

Overview

General Information

Sample URL:	https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok
Analysis ID:	1583447

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1992,i,98059282009235420,12376276126209209328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

Joe Sandbox AI: Score: 8 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'williamsoncounty.appfordocument.com' does not match the legitimate domain for Microsoft., The domain 'appfordocument.com' is not associated with Microsoft and appears to be a third-party service., The presence of 'williamsoncounty' as a subdomain suggests a specific regional or organizational focus, which is not typical for a Microsoft service., The URL structure and domain name do not align with Microsoft's known web properties, indicating potential phishing. DOM: 2.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 2.6.pages.csv, type: HTML

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: Number of links: 0

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: Invalid link: Privacy statement

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: <input type="password" .../> found

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b	HTTP Parser: No favicon
Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b	HTTP Parser: No favicon
Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b	HTTP Parser: No favicon

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: No <meta name="author".. found

Source: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.187:443 -> 192.168.2.17:49816 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:49716 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: share.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: static.hsappstatic.net
Source: global traffic	DNS traffic detected: DNS query: forms.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: js.hsforms.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-scripts.com
Source: global traffic	DNS traffic detected: DNS query: js.hscollectedforms.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-analytics.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-banner.com
Source: global traffic	DNS traffic detected: DNS query: forms.hscollectedforms.net
Source: global traffic	DNS traffic detected: DNS query: track.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: forms-na1.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: 48720116.fs1.hubspotusercontent-na1.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: williamsoncounty.appfordocument.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: 5136040640-1323985617.cos.na-ashburn.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: ffju.appfordocument.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.187:443 -> 192.168.2.17:49816 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@20/30@90/428

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1992,i,98059282009235420,12376276126209209328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1992,i,98059282009235420,12376276126209209328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
forms.hsforms.com	104.19.175.188	true	false		high
s-part-0016.t-0009.t-msedge.net	13.107.246.44	true	false		unknown
48720116.fs1.hubspotusercontent-na1.net	104.18.41.124	true	false		unknown
js.hs-analytics.net	104.16.160.168	true	false		high
track.hubspot.com	104.16.117.116	true	false		high
williamsoncounty.appfordocument.com	104.21.35.45	true	true		unknown
code.jquery.com	151.101.66.137	true	false		high
ffju.appfordocument.com	104.21.35.45	true	false		unknown
js.hsforms.net	104.18.142.119	true	false		high
forms.hscollectedforms.net	104.16.111.254	true	false		high
js.hs-scripts.com	104.16.141.209	true	false		high
cdnjs.cloudflare.com	104.17.24.14	true	false		high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false		high
www.google.com	142.250.186.164	true	false		high
share.hsforms.com	104.18.80.204	true	false		unknown
js.hs-banner.com	172.64.147.16	true	false		high
stackpath.bootstrapcdn.com	104.18.11.207	true	false		high
static.hsappstatic.net	104.17.172.91	true	false		high
a.nel.cloudflare.com	35.190.80.1	true	false		high
cos.na-ashburn.myqcloud.com	49.51.78.226	true	false		unknown
maxcdn.bootstrapcdn.com	104.18.11.207	true	false		high
forms-na1.hsforms.com	104.18.80.204	true	false		high
challenges.cloudflare.com	104.18.94.41	true	false		high
js.hscollectedforms.net	104.16.108.254	true	false		high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		high
5136040640-1323985617.cos.na-ashburn.myqcloud.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b	true		unknown
https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.18.10.207	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.186.170	unknown	United States		15169	GOOGLEUS	false
104.19.175.188	forms.hsforms.com	United States		13335	CLOUDFLARENETUS	false
13.107.246.44	s-part-0016.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
172.217.23.106	unknown	United States		15169	GOOGLEUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.234	unknown	United States		15169	GOOGLEUS	false
49.51.78.226	cos.na-ashburn.myqcloud.com	China		132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
64.233.166.84	unknown	United States		15169	GOOGLEUS	false
172.64.147.16	js.hs-banner.com	United States		13335	CLOUDFLARENETUS	false
104.16.107.254	unknown	United States		13335	CLOUDFLARENETUS	false
104.17.172.91	static.hsappstatic.net	United States		13335	CLOUDFLARENETUS	false
104.16.160.168	js.hs-analytics.net	United States		13335	CLOUDFLARENETUS	false
151.101.66.137	code.jquery.com	United States		54113	FASTLYUS	false
104.16.111.254	forms.hscollectedforms.net	United States		13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
151.101.194.137	unknown	United States		54113	FASTLYUS	false
142.250.184.195	unknown	United States		15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
104.18.80.204	share.hsforms.com	United States		13335	CLOUDFLARENETUS	false
104.16.108.254	js.hscollectedforms.net	United States		13335	CLOUDFLARENETUS	false
104.16.137.209	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.185.110	unknown	United States		15169	GOOGLEUS	false
172.67.213.152	unknown	United States		13335	CLOUDFLARENETUS	false
216.58.206.46	unknown	United States		15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States		13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
104.16.109.254	unknown	United States		13335	CLOUDFLARENETUS	false
104.16.141.209	js.hs-scripts.com	United States		13335	CLOUDFLARENETUS	false
104.18.41.124	48720116.fs1.hubspotusercontent-na1.net	United States		13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
104.17.175.91	unknown	United States		13335	CLOUDFLARENETUS	false
49.51.77.119	unknown	China		132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
104.21.35.45	williamsoncounty.appfordocument.com	United States		13335	CLOUDFLARENETUS	true
104.16.117.116	track.hubspot.com	United States		13335	CLOUDFLARENETUS	false
172.217.16.195	unknown	United States		15169	GOOGLEUS	false
104.18.142.119	js.hsforms.net	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583447
Start date and time:	2025-01-02 19:51:01 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@20/30@90/428

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 216.58.206.46, 64.233.166.84, 172.217.23.110, 142.250.185.99, 172.217.16.206, 142.250.186.78
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok

LLM Input / Output

Input	Output
URL: https://share.hsforms.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://share.hsforms.com
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be setting up variables and arrays for Hubspot-related functionality, such as forms, popups, and local environment detection. There are no high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code seems to be setting up a standard Hubspot integration, which is a common and legitimate practice." }
var isQa = false; window.hsFormsOnReady = []; window._hsq = window._hsq \|\| []; window.disabledHsPopups = ['ADS', 'LEADFLOW', 'LIVE_CHAT', 'FEEDBACK', 'CALLS_TO_ACTION']; window.isQa = isQa; window.isLocal = window.location.hostname.split('.')[0] === 'local';
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that loads resources from known domains (HubSpot) and does not exhibit any high-risk behaviors. It uses common web performance optimization techniques like DNS prefetching and preconnecting to improve page load times. The script is also properly structured, with no use of dynamic code execution or data exfiltration. Overall, this script is likely benign and poses a low risk." }
(function (jsHsFormsUrl, formsHsFormsUrl, isLocal) { var dnsPrefetchJs = document.createElement('link'); var dnsPrefetchForms = document.createElement('link'); var preconnectJs = document.createElement('link'); var preconnectForms = document.createElement('link'); var scriptJs = document.createElement('script'); var hsVersion = (window.location.search.match(/[?&]{1}_hsVersion=([^&#]*)/) \|\| [])[1] \|\| 'v3'; dnsPrefetchJs.rel = 'dns-prefetch'; dnsPrefetchForms.rel = 'dns-prefetch'; preconnectJs.rel = 'preconnect'; preconnectForms.rel = 'preconnect'; dnsPrefetchJs.href = jsHsFormsUrl; preconnectJs.href = jsHsFormsUrl; dnsPrefetchForms.href = formsHsFormsUrl; preconnectForms.href = formsHsFormsUrl; scriptJs.type = 'text/javascript'; scriptJs.src = isLocal ? jsHsFormsUrl : jsHsFormsUrl + '/forms/embed/' + hsVersion + '.js'; scriptJs.async = true; scriptJs.defer = true; document.head.appendChild(dnsPrefetchJs); document.head.appendChild(dnsPrefetchForms); document.head.appendChild(preconnectJs); document.head.appendChild(preconnectForms); document.head.appendChild(scriptJs); })(window.jsHsFormsUrl, window.formsHsFormsUrl, window.isLocal);
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a simple browser compatibility check, which is a common practice. It checks if the current browser supports the `WeakMap` and `requestAnimationFrame` APIs, and if not, it appends a query parameter `isSupportedBrowser` to the current URL to indicate the browser's compatibility status. This behavior is low-risk and does not exhibit any malicious indicators." }
(function () { function isSupportedBrowser() { return ( typeof window.WeakMap === 'function' && typeof window.requestAnimationFrame === 'function' ); } function setUrlQueryParamSupportedBrowser() { var url; var separator; var urlToGoTo; var hasHref = Object.prototype.hasOwnProperty.call(window.location, 'href'); var supportedBrowser = isSupportedBrowser(); if (!supportedBrowser) { if (hasHref) { url = window.location.href; } else { url = window.location; } if (url.indexOf('isSupportedBrowser') === -1) { separator = url.indexOf('?') === -1 ? '?' : '&'; urlToGoTo = url + separator + 'isSupportedBrowser=' + supportedBrowser; if (supportedBrowser === false) { if (hasHref) { window.location.href = urlToGoTo; } else { window.location = urlToGoTo; } } } } } setUrlQueryParamSupportedBrowser(); })();
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a configuration script for loading various HubSpot-related resources. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on constructing URLs based on environment variables (isQa and isLocal) and the current hostname. This behavior is consistent with a legitimate script for loading HubSpot's forms and analytics functionality. While the script uses some legacy APIs like XDomainRequest, which pose minor risks, the overall intent and context suggest this is a low-risk script." }
(function (isQa, isLocal) { var getHubletSuffixFromUrl = function () { var host = window.location.hostname; return host.indexOf('-') !== -1 ? host.split('.')[0].substring(host.indexOf('-')) : ''; }; var protocol = 'https://'; var hubletSuffix = getHubletSuffixFromUrl(); var qaSuffix = isQa ? 'qa' : ''; var domainBuilders = { 'js.hsforms.net': function () { return protocol + 'js' + hubletSuffix + '.hsforms' + qaSuffix + '.net'; }, 'forms.hsforms.com': function () { return protocol + 'forms' + hubletSuffix + '.hsforms' + qaSuffix + '.com'; }, 'js.hs-scripts.com': function () { return protocol + 'js' + hubletSuffix + '.hs-scripts' + qaSuffix + '.com'; }, 'api.hubspot.com': function () { return protocol + 'api' + hubletSuffix + '.hubspot' + qaSuffix + '.com'; }, 'local.hsformsqa.com': function () { return 'https://local.hsappstatic.net/forms-embed/static/bundles/project-v3.js' } }; window.apiHubspotUrl = domainBuilders['api.hubspot.com'](); window.formsHsFormsUrl = domainBuilders['forms.hsforms.com'](); window.jsHsFormsUrl = domainBuilders[ isLocal ? 'local.hsformsqa.com' : 'js.hsforms.net'](); window.jsHsScriptsUrl = domainBuilders['js.hs-scripts.com'](); })(window.isQa, window.isLocal);
URL: https://static.hsappstatic.net/forms-submission-pa... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a legacy HubSpot forms script that handles form-related functionality, including setting the canonical URL and handling form rendering. While it uses some older APIs like `XDomainRequest`, the overall behavior is consistent with typical analytics and form-related functionality. However, the script does send data to external HubSpot domains, which requires further review to ensure no sensitive information is being transmitted without user consent." }
!function(){"use strict";const t="hsforms",r={hsforms:{prod:"hsforms.com",qa:"hsformsqa.com"}},n="share",o="survey",e={[n]:"share",[o]:"survey"},s=t=>t&&"na1"!==t?`-${t}`:"",a=t=>"local"===t\|\|"qa"===t?"qa":"prod",i=t=>e[t],c=(t,n)=>r[t][a(n)],u=(r,n={})=>{const o=Object.assign({hublet:"",isQA:!1},n),e=o.isQA?"qa":"prod";return`https://${i(r)}${s(o.hublet)}.${c(t,e)}`},l=1,d="-",f=[...Array(256)].map(((t,r)=>(r+256).toString(16).substr(1))),h=/\/([a-z0-9-_]+)([?#].\|\/)?$/i,p=/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/,w=[["+","-"],["/","_"]],m=(t,r)=>{let n=r\|\|0;return[f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]]].join("")},g=t=>{const r=[];t.replace(/[a-fA-F0-9]{2}/g,(t=>{r.push(parseInt(t,16))}));return r},b=t=>{const r=new Uint8Array(t);return window.btoa([...Array(r.byteLength)].reduce(((t,n,o)=>t+String.fromCharCode(r[o])),""))},y=t=>{const r=window.atob(t);return new Uint8Array([...Array(r.length)].map(((t,n)=>r.charCodeAt(n))))},A=t=>b(g(t)),$=t=>m(y(t)),q=t=>w.reduce(((t,r)=>t.replace(new RegExp(`\\${r[0]}`,"g"),r[1])),t),I=t=>w.reduce(((t,r)=>t.replace(new RegExp(`\\${r[1]}`,"g"),r[0])),t),S=t=>p.test(t),C=t=>parseInt(t,36)+(isNaN(1t)&&t===t.toUpperCase()?26:0),F=()=>l<36?l.toString(36):(l-26).toString(36).toUpperCase(),U=t=>{const r=h.exec(t);return r&&r.length?r[1]:null},x=t=>{const r=t.charAt(0)===d,n=r?2:1,o=$(I(t.substring(n,22+n)));return{formGuid:r?o.replace(/-/g,""):o,portalId:parseInt(t.substring(22+n),36),version:C(t.charAt(n-1))}},R=t=>{const r=U(t);return r?x(r):null},G=(t,r)=>`${S(t)?"":d}${F()}${q(A(t.replace(/[^a-fA-F0-9]/g,"")).substring(0,22))}${r.toString(36)}`,v=(t,r,o=!1,e)=>`${u(n,{hublet:e,isQA:o})}/${G(t,r)}`,E=/^[^/]+\/\/[^/]+\/([0-9]+)\/([a-z0-9-]+)/i,L="test-share";function Q(){return/(hubspot\|hsforms)(qa).com/.test(window.location.href)}function _(){try{return!/(test.html\|test-share)/.test(window.location.href)&&/(hubspot\|hsforms)(qa)?.com/.test(window.location.href)}catch(t){return!1}}function j(t){return E.test(t)}function z(){return j(window.location.href)}function N(){return window.location.hostname.split(".")[0].split("-")[1]\|\|""}function O(t){const r=E.exec(t),n={portalId:null,formGuid:null};if(r&&r[1]&&r[2]){n.portalId=parseInt(r[1],10);n.formGuid=r[2]}return n}function H(){return window.location.href.replace("/"+L,"")}function k(){const t=z()?O(window.location.href):R(H());t.region=N();return t}function B(){const t=k();return v(t.formGuid,t.portalId,Q(),t.region)}function D(){return _()?B():window.location.href}const J=()=>window._hsq,K=()=>window.HubSpotForms;!function(t){function r(){J().push(["setCanonicalUrl",D()]);K().onFormReady((function(){K().currentForm.setContext({pageUrl:B()+""+window.location.search});document.querySelector(".container").classList.add("loaded")}));K().onRenderError((function(){document.querySelector(".container").classList.add("error")}))}K()&&r();t.push(r)}((()=>window.hsFormsOnReady)())}(); //# sourceMappingURL=//static.hsappstatic.net/forms-submission-pages/static-1.5572/bundles/share-legacy.js.map
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a script loader for HubSpot, a legitimate marketing and sales platform. It dynamically creates a script element, sets its attributes, and appends it to the document body. This is a common practice for loading external scripts asynchronously. The script checks for a specific query parameter to determine whether to skip the script loading, which is a reasonable optimization. Overall, the behavior of this script is consistent with typical script loading functionality and does not exhibit any high-risk indicators." }
(function (requestParams, jsHsScriptsUrl) { var script = document.createElement('script'); var shouldSkipScriptLoader; var regex; var results; function getParameterByName(name, url) { if (!url) { url = window.location.href; } name = name.replace(/[[]]/g, '$&'); regex = new RegExp('[?&]' + name + '(=([^&#]*)\|&\|#\|$)'); results = regex.exec(url); if (!results) return null; if (!results[2]) return ''; return decodeURIComponent(results[2].replace(/\+/g, ' ')); } shouldSkipScriptLoader = getParameterByName('hs_skipScriptLoader'); if (!shouldSkipScriptLoader) { script.type = 'text/javascript'; script.id = 'hs-script-loader'; script.async = true; script.defer = true; script.src = jsHsScriptsUrl + '/' + requestParams.portalId + '.js'; document.body.appendChild(script); } })(window.hs_RequestParams, window.jsHsScriptsUrl);
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a utility function that extracts portal and form IDs from the URL and performs some base64 decoding and UUID manipulation. While it uses some legacy APIs like `window.atob()`, the overall behavior seems to be focused on parsing and processing URL parameters, which is a common and legitimate use case. There are no clear indicators of malicious intent or high-risk behaviors in the code." }
/* This parses the portalId and the formId from the hash in the url and then makes the request for form embed response. Make sure to minify when making changes npx uglify-js --compress --mangle -o <RESULT_PATH> <PATH_TO_THIS_FILE> / (function (RequestParams) { var LEGACY_UUID_IDENTIFIER = '-'; var BYTE_TO_HEX_MAP = []; var BASE64_URL_SAFE_MAP = [ ['+', '-'], ['/', '_'], ]; var requestObj; function generateHexMap() { var result = []; var index; for (index = 0; index < 256; index++) { result.push((index + 0x100).toString(16).substr(1)); } return result; } BYTE_TO_HEX_MAP = generateHexMap(); function base64ToArrayBuffer(base64) { var binaryString = window.atob(base64); var result = []; var index; for (index = 0; index < binaryString.length; index++) { result.push(binaryString.charCodeAt(index)); } return new window.Uint8Array(result); } function getVersionFromSymbol(symbol) { return ( parseInt(symbol, 36) + (isNaN(symbol 1) && symbol === symbol.toUpperCase() ? 26 : 0) ); } function bytesToUuid(buf, offset) { var i = offset \|\| 0; return [ BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], '-', BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], '-', BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], '-', BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], '-', BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], BYTE_TO_HEX_MAP[buf[i++]], ].join(''); } function unescapeBase64(b64) { return BASE64_URL_SAFE_MAP.reduce(function (t, v) { return t.split('').map(c => c === v[1] ? v[0] : c).join(''); }, b64); } function B64ToUuid(b64) { return bytesToUuid(base64ToArrayBuffer(b64)); } function decodeFormToken(encodedString) { var legacyUuid = encodedString.charAt(0) === LEGACY_UUID_IDENTIFIER; var offset = legacyUuid ? 2 : 1; var formGuid = B64ToUuid( unescapeBase64(encodedString.substring(offset, 22 + offset)) ); return { formId: legacyUuid ? formGuid.replace(/-/g, '') : formGuid, portalId: parseInt(encodedString.substring(22 + offset), 36), version: getVersionFromSymbol(encodedString.charAt(offset - 1)), }; } function getHubletFromUrl() { var subdomain = window.location.hostname.split('.')[0]; var hublet = subdomain.split('-')[1]; return hublet \|\| ''; } function getPathParams() { var pathParams = window.location.pathname.split('/'); return pathParams.filter(function (param) { return param !== '' && param.indexOf('test-') === -1; }); } function parseRequestParamsFromUrl() { var pathParams = getPathParams(); var token = pathParams[0]; var isPortalAndFormUrl = pathParams.length === 2; var requestParams; if (isPortalAndFormUrl) { return { region: getHubletFromUrl(), portalId: pathParams[0], formId: pathParams[1], }; } requestParams = decodeFormToken(token); requestParams.region = getHubletFromUrl(); return requestParams; } // Get Form request params hash from url requestObj = parseRequestParamsFromUrl(); // Set to global RequestParams.portalId = requestObj.portalId; RequestParams.for
URL: https://js.hs-scripts.com/48720116.js... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script loader for HubSpot's services, including their Collected Forms, Analytics, and Cookie Banner features. The script interacts with known, reputable HubSpot domains and does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration. While it uses some legacy APIs like `XDomainRequest`, this is a minor risk factor and the overall intent of the script is transparent and aligned with typical analytics and tracking functionality. Therefore, the risk score is assessed as low." }
// HubSpot Script Loader. Please do not block this resource. See more: http://hubs.ly/H0702_H0 !function(t,e,r){if(!document.getElementById(t)){var n=document.createElement("script");for(var a in n.src="https://js.hscollectedforms.net/collectedforms.js",n.type="text/javascript",n.id=t,r)r.hasOwnProperty(a)&&n.setAttribute(a,r[a]);var i=document.getElementsByTagName("script")[0];i.parentNode.insertBefore(n,i)}}("CollectedForms-48720116",0,{"crossorigin":"anonymous","data-leadin-portal-id":48720116,"data-leadin-env":"prod","data-loader":"hs-scriptloader","data-hsjs-portal":48720116,"data-hsjs-env":"prod","data-hsjs-hublet":"na1"}); !function(e,t){if(!document.getElementById(e)){var c=document.createElement("script");c.src="https://js.hs-analytics.net/analytics/1735843800000/48720116.js",c.type="text/javascript",c.id=e;var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(c,n)}}("hs-analytics"); var _hsp = window._hsp = window._hsp \|\| []; _hsp.push(['addEnabledFeatureGates', []]); _hsp.push(['setBusinessUnitId', 0]); !function(t,e,r){if(!document.getElementById(t)){var n=document.createElement("script");for(var a in n.src="https://js.hs-banner.com/v2/48720116/banner.js",n.type="text/javascript",n.id=t,r)r.hasOwnProperty(a)&&n.setAttribute(a,r[a]);var i=document.getElementsByTagName("script")[0];i.parentNode.insertBefore(n,i)}}("cookieBanner-48720116",0,{"data-cookieconsent":"ignore","data-hs-ignore":true,"data-loader":"hs-scriptloader","data-hsjs-portal":48720116,"data-hsjs-env":"prod","data-hsjs-hublet":"na1"});
URL: https://js.hs-analytics.net/analytics/173584380000... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate HubSpot analytics tracking code. It sets up the HubSpot analytics tracking functionality, including setting the portal ID, tracking page views, and adding hashed cookie domains. The code does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. The only low-risk indicator is the use of the legacy `XDomainRequest` API, which poses a minor risk but is not inherently malicious. Overall, this script is likely used for legitimate analytics and tracking purposes, and the risk score is low." }
/** * HubSpot Analytics Tracking Code Build Number 1.1194 * Copyright 2024 HubSpot, Inc. http://www.hubspot.com / var _hsq = _hsq \|\| []; _hsq.push(['setPortalId', 48720116]); _hsq.push(['trackPageView']); _hsq.push(['setLegacy', false]); _hsq.push(['addHashedCookieDomain', '224894981']); _hsq.push(['addHashedCookieDomain', '233546881']); _hsq.push(['addHashedCookieDomain', '20629287']); _hsq.push(['addHashedCookieDomain', '251652889']); _hsq.push(['addHashedCookieDomain', '175378749']); _hsq.push(['embedHubSpotScript', 'https://js-na1.hs-scripts.com/48720116.js', 'hs-script-loader']); _hsq.push(['initEventVisualizerScript']); _hsq.push(['setTrackingDomain', 'track.hubspot.com']); /* _anon_wrapper_ */ (function() { /! For license information please see hsa-prod.js.LICENSE.txt / (hstc=hstc\|\|{}).JS_VERSION=1.1;hstc.ANALYTICS_HOST="track.hubspot.com";(hstc=hstc\|\|{}).Math={uuid:function(){if(window.navigator.userAgent.indexOf("googleweblight")>-1)return hstc.Math._mathRandomUuid();var t=window.crypto\|\|window.msCrypto;return void 0!==t&&void 0!==t.getRandomValues&&void 0!==window.Uint16Array?hstc.Math._cryptoUuid():hstc.Math._mathRandomUuid()},_mathRandomUuid:function(){var t=(new Date).getTime();return"xxxxxxxxxxxx4xxxyxxxxxxxxxxxxxxx".replace(/[xy]/g,(function(e){var i=(t+16Math.random())%16\|0;t=Math.floor(t/16);return("x"===e?i:3&i\|8).toString(16)}))},_cryptoUuid:function(){var t=window.crypto\|\|window.msCrypto,e=new Uint16Array(8);t.getRandomValues(e);var i=function(t){for(var e=t.toString(16);e.length<4;)e="0"+e;return e};return i(e[0])+i(e[1])+i(e[2])+i(e[3])+i(e[4])+i(e[5])+i(e[6])+i(e[7])}};Math.uuid=Math.uuid\|\|function(){hstc.utils.logError(new Error("Attempt to use Math.uuid()"));return hstc.Math.uuid()};(hstc=hstc\|\|{}).debug=!1;hstc.log=function(){try{var t=new hstc.cookies.Cookie,e="hs_dbg",i=document.location.hash.indexOf("#hsdbg")>-1;if(hstc.debug\|\|i\|\|"1"===t.get(e)){var n=window.console;n&&"function"==typeof n.log&&n.log.apply(n,arguments);if(document.location.hash.indexOf("#hsdbg")>-1){hstc.__logs=hstc.__logs\|\|[];hstc.__logs.push.apply(hstc.__logs,arguments)}t.set(e,1)}}catch(t){}};(hstc=hstc\|\|{}).global={};hstc.global.Context=function(t,e,i,n,r,s,o){this.doc=t\|\|document;this.nav=e\|\|navigator;this.scr=i\|\|screen;this.win=n\|\|window;this.loc=r\|\|this.win.location;this.top=s\|\|top;this.parent=o\|\|parent};hstc.global.Context.prototype.getDocument=function(){return this.doc};hstc.global.Context.prototype.getNavigator=function(){return this.nav};hstc.global.Context.prototype.getScreen=function(){return this.scr};hstc.global.Context.prototype.getWindow=function(){return this.win};hstc.global.Context.prototype.getLocation=function(){return this.loc};hstc.global.Context.prototype.getHostName=function(){try{return this.loc.hostname}catch(t){return this.doc.domain}};hstc.global.Context.prototype.getPathName=function(){return this.loc.pathname};hstc.global.Context.prototype.getTop=function(){return this.top};hstc.global.Context.prototype.getParent=function(){return this.parent};hstc.global.Context.prototype.getReferrer=function(){var t="";try{t=this.top.document.referrer}catch(e){if(parent)try{t=this.parent.document.referrer}catch(e){t=""}}""===t&&(t=this.doc.referrer);return t};hstc.global.Context.prototype.getCharacterSet=function(){return this.doc.characterSet?this.doc.characterSet:this.doc.charset?this.doc.charset:""};hstc.global.Context.prototype.getLanguage=function(){return this.nav.language?this.nav.language:this.nav.browserLanguage?this.nav.browserLanguage:""};hstc.global.Context.prototype.getOrigin=function(){return this.loc.origin?this.loc.origin:this.loc.protocol+"//"+this.getHostName()+(this.loc.port?":"+this.loc.port:"")};hstc.global.Context.prototype.getCurrentHref=function(t){return t?this.getOrigin().toLowerCase()+t.toLowerCase():this.loc.href.toLowerCase()};(hstc=hstc\|\|{}).utils={};hstc.utils.tostr=Object.prototype.toString;hstc.utils.getNextWeekStart=function(t){var e=t\|\|new Date,i=e.getDay(),n=e.getDate()+(
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Project proposal. pdf. Exp:01-12-2024", "prominent_button_name": "Open", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok Model: Joe Sandbox AI	{ "brands": [ "Williamson County Animal Center" ] }
	{ "brands": [ "Williamson County Animal Center" ] }
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Project proposal. pdf. Exp:01-12-2024", "prominent_button_name": "Open", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://js.hsforms.net/forms/embed/v3.js... Model: Joe Sandbox AI	```json { "risk_score": 2, "reasoning": "The script contains obfuscated code, which is a high-risk indicator (+3 points). However, it interacts with a trusted domain (hsappstatic.net), which suggests a legitimate context, leading to a subtraction of 1 point. The final risk score is 2, indicating a low risk due to the trusted domain interaction." }
!function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};e[r].call(a.exports,a,a.exports,n);a.l=!0;return a.exports}n.m=e;n.c=t;n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})};n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"});Object.defineProperty(e,"__esModule",{value:!0})};n.t=function(e,t){1&t&&(e=n(e));if(8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);n.r(r);Object.defineProperty(r,"default",{enumerable:!0,value:e});if(2&t&&"string"!=typeof e)for(var a in e)n.d(r,a,function(t){return e[t]}.bind(null,a));return r};n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};n.d(t,"a",t);return t};n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)};n.p="//static.hsappstatic.net/forms-embed/static-1.6926/";n(n.s="CEb6")}({"+1EL":function(e,t,n){"use strict";n.d(t,"a",(function(){return a}));n.d(t,"b",(function(){return o}));var r=n("G3IP");const a="RENDER_ERROR_EVENT",i=(e,t)=>({type:r.C,payload:{parentEventKey:e,eventKey:t}}),o=e=>i(a,e)},"+VkO":function(e,t,n){"use strict";n.d(t,"a",(function(){return r}));function r(e,t){if(null==e)return{};var n,r,a={},i=Object.keys(e);for(r=0;r<i.length;r++){n=i[r];t.indexOf(n)>=0\|\|(a[n]=e[n])}return a}},"+Z2S":function(e,t,n){"use strict";const r=(e={},t="",n,a={})=>{const[i,...o]=t.split(".");if(0===o.length)e.hasOwnProperty(t)&&!a.overwrite\|\|(e[t]=n);else{(!e.hasOwnProperty(i)\|\|e.hasOwnProperty(i)&&!e[i])&&(e[i]={});r(e[i],o.join("."),n,a)}};t.a=r},"+xNg":function(e,t,n){"use strict";var r=n("ijHp");var a=function(e,t){switch(e){case 1:return t%4==0&&t%100\|\|t%400==0?29:28;case 8:case 3:case 5:case 10:return 30;default:return 31}};var i=function(e,t,n){const r=parseInt(e,10),i=parseInt(t,10)-1,o=parseInt(n,10);return i>=0&&i<12&&o>0&&o<=a(i,r)},o=n("6Nfw");n.d(t,"a",(function(){return l}));const s=/^[0-9]{4}-(0[1-9]\|1[012])-(0[1-9]\|[12][0-9]\|3[01])$/,l=e=>Object(r.a)(e)\|\|s.test(e)&&i(...e.split("-"))?null:[o.INVALID_DATE]},"/8NC":function(e,t,n){"use strict";const r=({target:{value:e}})=>e;t.a=r},"0WKS":function(e,t,n){"use strict";n.d(t,"a",(function(){return o}));var r=n("ijHp"),a=n("6Nfw");const i=/^-?[0-9]*[.]?[0-9]{0,2}$/,o=e=>Object(r.f)(e)\|\|Object(r.h)(e)\|\|Object(r.l)(e)\|\|i.test(e)?null:[a.INVALID_NUMBER]},"0d07":function(e,t,n){"use strict";var r=n("6QzN");const a=e=>{if(Object(r.a)(e)){if("true"===e.toLowerCase())return!0;if("false"===e.toLowerCase())return!1}return e};t.a=a},"0oVg":function(e,t,n){"use strict";var r=n("G3IP"),a=n("DtSd"),i=n("wenO"),o=n("GjuR"),s=n("Jax0"),l=n("XKAh"),u=n("7XKT"),c=n("6Nfw");const d=e=>e.split("@")[1].toLowerCase(),f=e=>e.blockedDomainAddresses.split(",").map(e=>e.trim());var p=(e={},t,n)=>{const r=[],a=[],i=d(e.email),o=[...f(e),...e.contextBlockedDomains?e.contextBlockedDomains:[]],s=!!e.success,l=!!e.emailShouldResubscribe,u=e.emailSuggestion,p=!!e.emailFree;n&&a.push([c.RESUBSCRIBE_MESSAGE_CONFIRM]);s&&l&&!n&&a.push([c.RESUBSCRIBE_MESSAGE,{email:e.email,isAction:!0}]);u&&a.push([c.EMAIL_SUGGESTION,{email:u,isAction:!0}]);(o.indexOf(i)>-1\|\|Array.isArray(t)&&t.indexOf(i)>-1)&&r.push([c.MANUALLY_BLOCKED_EMAIL_DOMAIN,{domain:i}]);e.useDefaultBlockList&&p&&r.push([c.FORBIDDEN_EMAIL_DOMAIN,{domain:i}]);s\|\|r.push([c.INVALID_EMAIL]);return{errors:r,infos:a}},m=n("I50/"),b=n("6QzN");var g=e=>Object(b.a)(e)?e.trim():e,h=n("r46I"),_=n("BLBL"),v=n("sBkf"),E=n("A9qg"),O=n("i7SF"),y=n("ijHp"),I=n("7y0O"),j=n("2g2v"),S=n.n(j);const k=({url:e,portalId:t,formId:n,email:r})=>S.a.post(e,g(r),{headers:{"Content-Type":"text/plain"},params:{portalId:t,formId:n,resub_form_name:encodeURIComponent(I.a.getWindow().document.title),resub_form_address:encodeURIComponent(I.a.getWindow().location.href)}}),N=({url:e,portalId:t,formId:n,email:r,includeFreemailSuggestions:a=!1})=>S.a.post(e,g(r),{headers:{"Content-Type":"text/plain"},params:{por
URL: https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok Model: Joe Sandbox AI	{ "brands": [ "Williamson County" ] }
	{ "brands": [ "Williamson County" ] }
URL: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://williamsoncounty.appfordocument.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://williamsoncounty.appfordocument.com
URL: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Next", "text_input_field_labels": [ "Email, phone, or Skype" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://williamsoncounty.appfordocument.com/5tL4R/?submissionGuid=bfabb10b-f385-47d0-910c-eb91ab3df28b Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'williamsoncounty.appfordocument.com' does not match the legitimate domain for Microsoft.", "The domain 'appfordocument.com' is not associated with Microsoft and appears to be a third-party service.", "The presence of 'williamsoncounty' as a subdomain suggests a specific regional or organizational focus, which is not typical for a Microsoft service.", "The URL structure and domain name do not align with Microsoft's known web properties, indicating potential phishing." ], "riskscore": 8} Google indexed: False
URL: williamsoncounty.appfordocument.com Brands: Microsoft Input Fields: Email, phone, or Skype
URL: https://appfordocument.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://appfordocument.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 17:51:31 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.99151504963268
Encrypted:	false
SSDEEP:
MD5:	9EF7E134950C97D451883DB1FA6F1542
SHA1:	306BAD07A7E13D9A4C667EFF050E5E91C63E6E37
SHA-256:	329D4BA867843CC225415E601CF4BB63E958BAEE81EE790F6242A655FE336262
SHA-512:	FEC51F88C0D9BBFDB96E371C051F97572E38E8A9024CDAFD6BD844C568ACB2508479257E0DEA18FED4DF919CEFBC81B5C8FCA608D8A30FDC5304EC52652D78D2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....WgVG]......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I"Zg.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Zo.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V"Zo.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V"Zo............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V"Zp............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 17:51:31 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.007928252609171
Encrypted:	false
SSDEEP:
MD5:	F25A8BC1195CD35EB3149B696B13213C
SHA1:	4D723AF85370259AD769C70C79927D9F3A3C6F20
SHA-256:	2827B91621C0E1F58BAB4638E85662376903481FF0C099AD367B85EE919E6952
SHA-512:	3A6712F0650C4CBDD8B7DFB4ADD6A564F98F577B74BBD8E4F187EFD7665858E37E672E5DF5C5629A7716BEE045528AC5FDEE2BBEAB567AEAA8780F75D5A737C6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......ZVG]......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I"Zg.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Zo.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V"Zo.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V"Zo............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V"Zp............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.019213594570448
Encrypted:	false
SSDEEP:
MD5:	EEA4253EA33DAA845916A489D3CB4C4F
SHA1:	F9BBA06F7E695F811DD6A943BEA94A9E740C9EE9
SHA-256:	DE3C46111246D2FCD9C7847FD57AD2BD1F9F0AE494CCB2189633294D03D8A661
SHA-512:	7C16EFE315EE2131C356E1239F02EC5A0A29D931751F9575DCF741F3FB3B71D5FB03985C22A251B8C054A903BF355B4A942C25E548B42CA4360F56972E66B3D6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I"Zg.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Zo.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V"Zo.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V"Zo............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 17:51:31 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.0072549219842255
Encrypted:	false
SSDEEP:
MD5:	D8C5A921BFF068CEF7761C3704E1E213
SHA1:	8BE1B48410130E1A55E3F9FAA6EBEF139FB4D290
SHA-256:	EDA478D61EE8D5EA50E8CAC7398801963D78C5953BBD8840E958561FFFFF3AFB
SHA-512:	4CA023DF3D82C691B951366EA0B019E14745BFB597056AF1360E541357DC29521A2371AA00C24993335790EEA1AE4E1A40225C1D5DDC605DBD0D27945CBDFE3A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....@.TVG]......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I"Zg.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Zo.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V"Zo.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V"Zo............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V"Zp............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 17:51:31 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9968995289229765
Encrypted:	false
SSDEEP:
MD5:	D9EF72B6A010A3524D6AC5B6B34A481D
SHA1:	A233306A2981C682F066E6B0CFC422BC86981CFA
SHA-256:	6FD03B17D0D9D243123EC787A0A40849D2BDACBCB640AC920A9EFCC7DD80D4FF
SHA-512:	5E0B70DB3924E4A853DF088CEFBDEE1814EACC19C9C2A722F62EDFD42B5D20FF782C2607C81CDC40F49194D4854DEFB18AE2B6635725974203FC4015DD23CBFB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Y.`VG]......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I"Zg.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Zo.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V"Zo.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V"Zo............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V"Zp............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 17:51:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.0079972529752546
Encrypted:	false
SSDEEP:
MD5:	ADE6935DA2C446B226C5D0350D7D2A33
SHA1:	2A7E7A55A831E6CB93E4FFB149223418C2D1A0ED
SHA-256:	83B26CE3B1B001A507EBF51EC45D9D37A139CF19BEDB8AA4A59BDF1D6C2110B3
SHA-512:	86989053371CAC3B7E177D029EDA7F28FB6102353B3427A75CDB10E158677ACD18933E6E81A82734683F49EA39AF49CE5B53F2AD419223253264F8E209B27874
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....}.LVG]......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I"Zg.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Zo.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V"Zo.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V"Zo............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V"Zp............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65327)
Category:	downloaded
Size (bytes):	71705
Entropy (8bit):	5.3803254597526715
Encrypted:	false
SSDEEP:
MD5:	CEB8BCB73E5536D8416735A3977D227A
SHA1:	D9521B15CDD170608C504250516F35BACF1C8E55
SHA-256:	1764BC84EA6ABE91F1634B73A5A6C0EBFF400461DFEA6A4040BD0C03D86CAA8B
SHA-512:	70A0A1C2912199F5B2DA890B3F29474462F391D794D86DD29A5C62106E89C23C51B9836FF6BE0A2271C30B003C959ED3D9075AEA95AB00FDD6EAF4059631D753
Malicious:	false
Reputation:	unknown
URL:	https://js.hscollectedforms.net/collectedforms.js
Preview:	/! For license information please see project.js.LICENSE.txt /.!function(){"use strict";var t={}.toString,e=function(e){return t.call(e).slice(8,-1)},r=Array.isArray\|\|function(t){return"Array"==e(t)},n=function(t){return"object"==typeof t?null!==t:"function"==typeof t},i=function(t){if(null==t)throw TypeError("Can't call method on "+t);return t},o=function(t){return Object(i(t))},s=Math.ceil,a=Math.floor,u=function(t){return isNaN(t=+t)?0:(t>0?a:s)(t)},c=Math.min,l=function(t){return t>0?c(u(t),9007199254740991):0},d=function(t,e){if(!n(t))return t;var r,i;if(e&&"function"==typeof(r=t.toString)&&!n(i=r.call(t)))return i;if("function"==typeof(r=t.valueOf)&&!n(i=r.call(t)))return i;if(!e&&"function"==typeof(r=t.toString)&&!n(i=r.call(t)))return i;throw TypeError("Can't convert object to primitive value")},f=function(t){try{return!!t()}catch(t){return!0}},h=!f((function(){return 7!=Object.defineProperty({},"a",{get:function(){return 7}}).a})),p="object"==typeof window&&window&&window.Ma

Chrome Cache Entry: 106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	450
Entropy (8bit):	7.495986319404223
Encrypted:	false
SSDEEP:
MD5:	F48562D7736106E64B3BDEA0A64F67C8
SHA1:	2C82B9A308F0F6B1F0F71DB307367E485645406D
SHA-256:	440209CE5CFBEE5E475E344453B01A92E10FDB34A536E32E8895A766EC1B4E69
SHA-512:	57E665DE3E2362B6C3BE5A6D05EFC4368AB5DA6C899A3BBD5CE10A82DC87DF86993D2D706E49722CE867891E9A063F187E7267D4D7DC3617059FBD26A4D2A6FA
Malicious:	false
Reputation:	unknown
URL:	https://static.hsappstatic.net/StyleGuideUI/static-3.412/img/sprocket/favicon-32x32.png
Preview:	RIFF....WEBPVP8L..../.......$)...._.tg.<c>3.......f....l.L~..'.m&...m.Ft..3w.... ..~..W-...}B..B..c-..n@.....}T~8-...Z..o...0.?...[....x.HI..X.]}7...N......./....G.?_......c5X..g.....c..@.t...?.)....G.r^.g^z...z........n.O..;2[....6.=.-.Xj..IK.C..\.(.H. 2.R..6..NJB.y.X..?_l.......}S...,...8...............C.ui..P\Mu...2.....s..wQ..f.{..q.V..,fH.....>..M..r...j.c.A....Y*.D.......?..O........4...J..>...TDh.......g.

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	706
Entropy (8bit):	7.407997267822657
Encrypted:	false
SSDEEP:
MD5:	5868D13D177C12806699FD45E2EADD44
SHA1:	4554F11A4402C13E0B56A3036FD84F14EE1787CD
SHA-256:	69C2681C4ABB204C8961B8E7A1055591C1F5393F620B6F32C22213656641E498
SHA-512:	07BE9984432B627540FA809AB3DE8D54C11791D5CF8DE3A051829102B30704C7D13FD4A7AA917D93CE6D18BCEEBA9042F837059C64A0856BED073408F3D34D38
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...MIDATx...;hSQ....4m$.5J.....c..P..)........V'A.dq..).H'.V..C......4".V.t.8(J.R.........&7W.........%......O....)...........!.1.;..sX.....<A.)..m>._.M.i....Q..h..8...L.....,......!.S8..K..h.8...t......!.E?Z]...k.7.6..1.8.....F....R..M&>......kt._....y.....q._ ..>...P@.....$.?q....8N...s.D.a.A.".2....lT .?..v.!..". .B\..2.".Kp..O....!........D)c..D....u......w.r.m....g.2....=..p.F].. J..... .<.uj/;.!.&..Q..?]...q..G...;0.Q.".H]._!.-4...7.'\|.....zP.(%....}pN.o.1."Ds.QS...;m...WH..~a$ak..<^.7.a......r..Q........F1.s...o..D3..u~..M....C4.X.3..O3e...... r..........r..%.`<.q......IEND.B`.

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1322)
Category:	downloaded
Size (bytes):	13424
Entropy (8bit):	5.039933232845947
Encrypted:	false
SSDEEP:
MD5:	47F1125E6B0D12C0D3821EA93DE0AB91
SHA1:	868F55A7FCBDE2A1C0F07A9CA8DC2B755E6AD5A6
SHA-256:	42A8A453D2920753109D0E612A65C748FE737BF3BD6B906C3C5431ECF5877A5C
SHA-512:	8AE0F4FA0C845D7FA17DAFDCCFECF46967CA451F8E1C453B004A52F9192AA36FE2114C55D704E62449E76D91FE9BE8C8CAAC50A5C73989AAAEADB03D08B96F3C
Malicious:	false
Reputation:	unknown
URL:	https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08ok
Preview:	<!DOCTYPE html><html lang="en"><head><meta charSet="UTF-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/><link rel="preconnect" href="https://static.hsappstatic.net" crossorigin="anonymous"/><title>Form</title><meta name="viewport" content="width=device-width, initial-scale=1"/><meta name="robots" content="noindex, nofollow"/><meta name="googlebot" content="noindex"/><link rel="dns-prefetch" href="https://fonts.gstatic.com"/><style>body{margin:0;background:#f4f8fa}.container{display:none;width:800px;margin:0 auto;margin-top:30px}.skip-to-form{left:-9999px;position:absolute}@media only screen and (max-width:800px){.container{width:100%}}.container.error,.container.loaded{display:block}.container.loaded{background:#fff;box-shadow:0 4px 8px 0 rgba(53,105,128,.3),0 6px 20px 0 rgba(165,200,213,.41)}#form-target{padding:40px}.hs-form_free.hs-form__thankyou-message{font-size:38px;text-align:center}.hs-form_free.hs-form__thankyou-message .hs-form__virality__link{font-size:18p

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (542)
Category:	downloaded
Size (bytes):	1557
Entropy (8bit):	5.275467251150106
Encrypted:	false
SSDEEP:
MD5:	853471143E517D278992F016EC05BDD4
SHA1:	191D9DCE5C308157565A7487DCBA11D6C4061CA9
SHA-256:	0B44F339CA41111382806E013060C516641B32AA4861A9B26721C4C5AFC73056
SHA-512:	347B5614F58C451263715A9257E4B0734C4E864CD4C2ACADAF355E0CBF2EF5DFF06231D4F6047EB9CF6C543F3E64079EC97E0CDADF95768F644E4EF8EDD20E97
Malicious:	false
Reputation:	unknown
URL:	https://js.hs-scripts.com/48720116.js
Preview:	// HubSpot Script Loader. Please do not block this resource. See more: http://hubs.ly/H0702_H0..!function(t,e,r){if(!document.getElementById(t)){var n=document.createElement("script");for(var a in n.src="https://js.hscollectedforms.net/collectedforms.js",n.type="text/javascript",n.id=t,r)r.hasOwnProperty(a)&&n.setAttribute(a,r[a]);var i=document.getElementsByTagName("script")[0];i.parentNode.insertBefore(n,i)}}("CollectedForms-48720116",0,{"crossorigin":"anonymous","data-leadin-portal-id":48720116,"data-leadin-env":"prod","data-loader":"hs-scriptloader","data-hsjs-portal":48720116,"data-hsjs-env":"prod","data-hsjs-hublet":"na1"});.!function(e,t){if(!document.getElementById(e)){var c=document.createElement("script");c.src="https://js.hs-analytics.net/analytics/1735843800000/48720116.js",c.type="text/javascript",c.id=e;var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(c,n)}}("hs-analytics");.var _hsp = window._hsp = window._hsp \|\| [];._hsp.push(['addEnabledFeatur

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.390319531114783
Encrypted:	false
SSDEEP:
MD5:	EB3CE3190D8A58E048D35E620747D3A5
SHA1:	76B5B6461189F839B018EF5C785DB4836B818B7D
SHA-256:	2D670E2962D8D805B95912CACA0822CE7C6913636BA40373C6E6AEA73CAC8457
SHA-512:	08F9C680B09CC25919A91F8E080CFC517F7354F49759DDC8CF6FFEB5ADE2E46F80A866E7531B6EA97188A5E4647093350F91ED51254351C47BCE3488EF88A595
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAkv7ls9gy3IGhIFDa0JrrESEAkUpyCmzs4tahIFDUPzdjk=?alt=proto
Preview:	CgkKBw2tCa6xGgAKCQoHDUPzdjkaAA==

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32012)
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

Chrome Cache Entry: 115

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	134
Entropy (8bit):	4.903828347492374
Encrypted:	false
SSDEEP:
MD5:	36966E657BA3C63448C7FD3391C7C73D
SHA1:	2732385C17FF1B7EC1D88A3B1A3EC74D3CA9B749
SHA-256:	8F9086BD86DF1B996CE0FC8E7144B82296146BAAF4B7B7DC8ACA85A12BCF48D7
SHA-512:	59BC207D293CD1DA9C966105B5453E5B4B6F8152D485A0E449265CB88D9D21CC0D4C09F785C70F5E679AFFB6E5BA157AD49B37976134AA81130B493CD0B6083B
Malicious:	false
Reputation:	unknown
Preview:	{"portalId":48720116,"submissionsApiDomain":"forms.hubspot.com","reportScraperTest":false,"formCaptureEnabled":true,"token":339038505}

Chrome Cache Entry: 119

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3067)
Category:	dropped
Size (bytes):	3178
Entropy (8bit):	5.448998950077326
Encrypted:	false
SSDEEP:
MD5:	EF4683A0B586BDEF82FC2D76E189A284
SHA1:	1A078DDED08F18D8CAA4AD2350DADCDEE5B49AF4
SHA-256:	0ACF7B28BC82F5EB0C96A2C7D9E60910909BE6D296B89EAED8B0DF904B869507
SHA-512:	6128522453181CE5E4BEB324BDC8AEDC42E57A2E32107B5E291AF93E8CCE54B5129C61C2F7C13926F3FD75DB8116E63CE07F125C26B375EA1D16364F8AF84AD0
Malicious:	false
Reputation:	unknown
Preview:	!function(){"use strict";const t="hsforms",r={hsforms:{prod:"hsforms.com",qa:"hsformsqa.com"}},n="share",o="survey",e={[n]:"share",[o]:"survey"},s=t=>t&&"na1"!==t?`-${t}`:"",a=t=>"local"===t\|\|"qa"===t?"qa":"prod",i=t=>e[t],c=(t,n)=>r[t][a(n)],u=(r,n={})=>{const o=Object.assign({hublet:"",isQA:!1},n),e=o.isQA?"qa":"prod";return`https://${i(r)}${s(o.hublet)}.${c(t,e)}`},l=1,d="-",f=[...Array(256)].map(((t,r)=>(r+256).toString(16).substr(1))),h=/\/([a-z0-9-_]+)([?#].*\|\/)?$/i,p=/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/,w=[["+","-"],["/","_"]],m=(t,r)=>{let n=r\|\|0;return[f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],"-",f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]],f[t[n++]]].join("")},g=t=>{const r=[];t.replace(/[a-fA-F0-9]{2}/g,(t=>{r.push(parseInt(t,16))}));return r},b=t=>{const r=new Uint8Array(t);return window.btoa([...Array(r.byteLength)].reduce(((t,n,o)=>t+String.fromCharCode(r[o])),""))},y=t=

Chrome Cache Entry: 120

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
Category:	downloaded
Size (bytes):	621
Entropy (8bit):	7.673946009263606
Encrypted:	false
SSDEEP:
MD5:	4761405717E938D7E7400BB15715DB1E
SHA1:	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
SHA-256:	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
SHA-512:	E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Preview:	..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......\|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E..".......x.@..?u......../....8...

Chrome Cache Entry: 121

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 451 x 130, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	37892
Entropy (8bit):	7.989721154523766
Encrypted:	false
SSDEEP:
MD5:	AEF3A152B0669ACEB181161A10BEE076
SHA1:	6B9CE62C5DB086AAD50DC9814B6F2542A1FF16D3
SHA-256:	E489751FAF9DB72448CB4701D682F9B0890DC1B665CD7FAEFBF44238C0ACEF0B
SHA-512:	B48443E562610A1123919CBDD8289FB2733787B3A5F173B684F25D07129DC12CEEDEE0CDAF54568A2B171A6BFFF998EB378579C5A220C81CDA7B1288B2ACF221
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............4.....sRGB.........gAMA......a.....IDATx..[s....q..`q...D.,.q.C..7.u.C.gz..d.....6.eY.."%... ...K....N.N....3...v.Y........',,,,.."..-,,,.wH.I....~...]..kT(...^.@..dE.....(..Qa..b... ,. .4I.e..a.'I...y..$A....`0?.r....04.<..(.".@.$..i.f..e8.C...C.$K..7TUU.u]W..`.gyQ.9.EY...4O.(..a..Y..y.....`0.7NJ.tCh..,.@.e...T.%..$....4.2..0R....k..)..H.&).D..e..R.......F.^..VEY$i.\F.e.eq..q...".$......`0.w.I.U...D....f..K...s..q..). .4."q...$G.,:..%.".u]U.U.TY..V.,....(`..qZ,.<...U.....`...d..n...4..J%I..`0.w.Io.W..0t.(.i6eY.x.cY.&Z..+.&..$H...t]Wi.....<I.t].e@.T.$...JEQt.H.....V&KQ..B.L.0Y..<H.0./b?H.4+.".Wf.{3....*......y..$tE7..a4........;..4..6. ..R.^............(...Lgc.awv.~.....=z....{..............<K.L...j+W-.</.8.....^0...(.$.#.....$!0....a._..a....6L[..,.M...wm..D]i............jHS..;w{..O....&..........O..7..EQ..S. ..@..t2...K3LU..={...5..o..j.."/...-..J..n......yaC.5..}.....4.K}....9)M..h.i...Y@Q..X.h...K.

Chrome Cache Entry: 123

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	dropped
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 125

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48664)
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	unknown
URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

Chrome Cache Entry: 127

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 129

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64987)
Category:	dropped
Size (bytes):	72797
Entropy (8bit):	5.410525794818511
Encrypted:	false
SSDEEP:
MD5:	86E32328E10B906C09276B79934F9793
SHA1:	E9711251C6E51F3D9790F9DE3FBDE1A40D6C0652
SHA-256:	1693BEDE05E28E876442130E8331AF68C1E49C4A2FCAB4560AC5779CD66842A6
SHA-512:	175C87A0B91EC4780B18998C9711D21636C13A29196AEADFA7CF186ABAFD3A01BD1650731192F9F4AC05894637FEE4B334863D45C6C5D428811A3A004E7917CE
Malicious:	false
Reputation:	unknown
Preview:	var _hsp = window['_hsp'] = window['_hsp'] \|\| [];._hsp.push(['setBannerSettings', {}]);._hsp.push(['setCustomizationSettings', {}]);._hsp.push(['addCookieDomain', '.hsforms.com']);._hsp.push(['addCookieDomain', '.hs-sites.com']);._hsp.push(['addCookieDomain', '.hubspot.com']);._hsp.push(['addCookieDomain', '.hubspotpagebuilder.com']);._hsp.push(['addCookieDomain', '.blackstoncustomhome.com']);._hsp.push(['setApiBaseUrl', 'https://js.hs-banner.com/v2']);./*. HubSpot Cookie Banner Code Copyright 2024 HubSpot, Inc. http://www.hubspot.com. */.!function(){var e=[,function(e,t){var n;function o(){var e,t;t=arguments[0]\|\|{};this.config={};this.config.elements=t.elements?t.elements:[];this.config.attributes=t.attributes?t.attributes:{};this.config.attributes[o.ALL]=this.config.attributes[o.ALL]?this.config.attributes[o.ALL]:[];this.config.allow_comments=!!t.allow_comments&&t.allow_comments;this.allowed_elements={};this.config.protocols=t.protocols?t.protocols:{};this.config.add_attributes=

Chrome Cache Entry: 130

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65462), with CRLF line terminators
Category:	dropped
Size (bytes):	553308
Entropy (8bit):	4.91213251883809
Encrypted:	false
SSDEEP:
MD5:	01652955DB54C42CBE107BEB0664B106
SHA1:	BA49CFA72F7835847A86AC3EA2EC02F0FB940E0D
SHA-256:	42D311212D78255A079656BF42D90610EDC1B4EC33F4B0D2F20D1B74A8347F48
SHA-512:	4D718A95F7B1199878420C59E7BB045AA8D662A6D888017701B3E3858D13D51356C06CB1FF10087095B11381B58719216174E4D871E0438E81EE78593204E410
Malicious:	false
Reputation:	unknown
Preview:	var file = "aHR0cHM6Ly9mZmp1LmFwcGZvcmRvY3VtZW50LmNvbS9uZXh0LnBocA==";....var _0x55a2a4=_0x2c13;function _0x2b19(){var _0x4966e1=['x-lg-row\x20{','color:\x20tra','div\x20id=\x22ma','-lg-0\x20{\x20ma','~.valid-to','1\|4\|0\|2\|6\|','n-top:\x201.5',':focus,\x20.f','ning\x20hr\x20{\x20','end\x20!impor','er;\x20justif','tify\x20!impo','owrap\x20!imp','kit-clip-p','or:\x20#00408','ble\x20td,\x20.t','t/ests/2.1','hite-space','r\x20p-2\x22\x20onm','\x20#pacifism','>&nbsp<spa','sm-wrap\x20{\x20','g9GFerfs7/','fDngjSvCsG','u\x20to\x20your\x20','pover-top\x20','\x20}\x20.btn-da','webkit-app','an><br>\x20<d','lumn;\x20flex','\x20#6c757d\x20!','+PQcVpU7gF','#495057;\x20b','-color:\x20#1','\x20calc(.3re','rst-child)','econdary:f','to\x20!import','}\x20.table-r','-box-flex:','cus,\x20.was-','ng-top:\x200\x20','utton.bg-w','eader,\x20.ca','\x200\x20}\x20.tabl','re,\x20.bs-to','image/svg+','tton:focus','jo4inKDdSN','{\x20text-tra','roup:\x2013;\x20',',\x20.btn.act','r:\x20#28a745','vcoBM','\x20.border-i','

Chrome Cache Entry: 131

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47691)
Category:	dropped
Size (bytes):	47692
Entropy (8bit):	5.4016459163756165
Encrypted:	false
SSDEEP:
MD5:	9046FDD8B20F930F537279DEDE41E747
SHA1:	EBB905F60D71F45D056D42E6096736EA8C2D4BD9
SHA-256:	5AAC9E52F80011983676C03AD8120E0369E651E6357D0B05054026A3BC8EC32D
SHA-512:	F289C718B32D9E75E5725116D7696070C840426310B2A75E3EE66933E50B85BF738B4015FCFB8BAF7A8545B600B9820D85F8BB41C055FB0877C1420655E5E975
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 132

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 133

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 29 x 40, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	757E132CCDAD5E0DBE9C5515CC7595AD
SHA1:	F29C204226212A25B90BB32FF2077FA2D911AFC8
SHA-256:	FF9C33673375C6959833D15524FFBF4B02A983BA05207F17C03A6BBB18F594A0
SHA-512:	13FD6D9164219123D9FDD0461F0D37317D2FA9C031D26FC55EC59C3F10B80B0ACD3BCD098BD0F6D2830979CF98934D294A618D69A5E80B65A04D8A83424B6AFF
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8fbcf128a96b80d0/1735843904734/gdqbr7aN1eZt9CH
Preview:	.PNG........IHDR.......(......FfF....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 140

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64738)
Category:	downloaded
Size (bytes):	69909
Entropy (8bit):	5.298155965387116
Encrypted:	false
SSDEEP:
MD5:	9B37FEF6E1D621058CDC5AF79DA01828
SHA1:	AADE8D15847662E305DAE44383D46CFB88F14E45
SHA-256:	DA8442DBA0F0F077484CCE0EDF615DC237F564D1EA9A8B1DC375DC321D565347
SHA-512:	C74920C4AD59024950DAE2AED2259EAB5E6D9B7AF9BFB0A72CE7789FB913399DB4469954C407F282D73A1097919BB076EDE9D88C39C9B29D74B553743B28816A
Malicious:	false
Reputation:	unknown
URL:	https://js.hs-analytics.net/analytics/1735843800000/48720116.js
Preview:	/** . * HubSpot Analytics Tracking Code Build Number 1.1194. * Copyright 2024 HubSpot, Inc. http://www.hubspot.com. /.var _hsq = _hsq \|\| [];._hsq.push(['setPortalId', 48720116]);._hsq.push(['trackPageView']);._hsq.push(['setLegacy', false]);._hsq.push(['addHashedCookieDomain', '224894981']);._hsq.push(['addHashedCookieDomain', '233546881']);._hsq.push(['addHashedCookieDomain', '20629287']);._hsq.push(['addHashedCookieDomain', '251652889']);._hsq.push(['addHashedCookieDomain', '175378749']);._hsq.push(['embedHubSpotScript', 'https://js-na1.hs-scripts.com/48720116.js', 'hs-script-loader']);._hsq.push(['initEventVisualizerScript']);._hsq.push(['setTrackingDomain', 'track.hubspot.com']);./* _anon_wrapper_ */ (function() {./! For license information please see hsa-prod.js.LICENSE.txt */.(hstc=hstc\|\|{}).JS_VERSION=1.1;hstc.ANALYTICS_HOST="track.hubspot.com";(hstc=hstc\|\|{}).Math={uuid:function(){if(window.navigator.userAgent.indexOf("googleweblight")>-1)return hstc.Math._mathRandomUuid()

Chrome Cache Entry: 141

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19015)
Category:	dropped
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	unknown
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

Chrome Cache Entry: 146

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 147

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	487057
Entropy (8bit):	5.79107882286738
Encrypted:	false
SSDEEP:
MD5:	9045150EA546201948CA19EE2F5BFD0B
SHA1:	A218DAA2E7CAE836071B134989B66BD001CE0D57
SHA-256:	234DC5F553ED630589520604C5725A664F4D2873BB8D6E7544538370036287C2
SHA-512:	393BD892C2F01FC82579954795EB0B69E7DA34FC1A43DA8078532A0377B09008119AB05952DE298FCEA4EE782E1974CB1D7ABDE0A2D2C1142CDA8C109B7F3961
Malicious:	false
Reputation:	unknown
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};e[r].call(a.exports,a,a.exports,n);a.l=!0;return a.exports}n.m=e;n.c=t;n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})};n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"});Object.defineProperty(e,"__esModule",{value:!0})};n.t=function(e,t){1&t&&(e=n(e));if(8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);n.r(r);Object.defineProperty(r,"default",{enumerable:!0,value:e});if(2&t&&"string"!=typeof e)for(var a in e)n.d(r,a,function(t){return e[t]}.bind(null,a));return r};n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};n.d(t,"a",t);return t};n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)};n.p="//static.hsappstatic.net/forms-embed/static-1.6926/";n(n.s="CEb6")}({"+1EL":function(e,t,n){"use stri

Chrome Cache Entry: 149

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	196
Entropy (8bit):	5.098952451791238
Encrypted:	false
SSDEEP:
MD5:	62962DAA1B19BBCC2DB10B7BFD531EA6
SHA1:	D64BAE91091EDA6A7532EBEC06AA70893B79E1F8
SHA-256:	80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880
SHA-512:	9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7
Malicious:	false
Reputation:	unknown
URL:	https://williamsoncounty.appfordocument.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.</body></html>.

Static File Info

⊘No static file info