Edit tour

Windows Analysis Report
https://eu.jotform.com/app/213381340657353

Overview

General Information

Sample URL:	https://eu.jotform.com/app/213381340657353
Analysis ID:	1592012
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Downloads suspicious files via Chrome

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1964,i,11460588864312096339,2051616620188291758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.jotform.com/app/213381340657353" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://eu.jotform.com/app/213381340657353

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49846 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: eu.jotform.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jotfor.ms
Source: global traffic	DNS traffic detected: DNS query: cdn02.jotfor.ms
Source: global traffic	DNS traffic detected: DNS query: cdn03.jotfor.ms
Source: global traffic	DNS traffic detected: DNS query: cdn01.jotfor.ms
Source: global traffic	DNS traffic detected: DNS query: js.jotform.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: o61806.ingest.sentry.io
Source: global traffic	DNS traffic detected: DNS query: eu-files.jotform.com
Source: global traffic	DNS traffic detected: DNS query: www.jotform.com
Source: global traffic	DNS traffic detected: DNS query: events.jotform.com
Source: global traffic	DNS traffic detected: DNS query: widgets.jotform.io
Source: global traffic	DNS traffic detected: DNS query: portal.activesitecare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49846 version: TLS 1.2

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Desktop\RMS Customer.lnk

Jump to dropped file

Source: classification engine

Classification label: sus20.win@22/64@48/199

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1964,i,11460588864312096339,2051616620188291758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.jotform.com/app/213381340657353"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1964,i,11460588864312096339,2051616620188291758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RMS Customer.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://eu.jotform.com/app/213381340657353	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn01.jotfor.ms	104.22.73.81	true	false	high
portal.activesitecare.com	31.10.40.115	true	false	unknown
cdn.jotfor.ms	104.22.72.81	true	false	high
eu.jotform.com	104.19.129.105	true	false	high
www.jotform.com	104.19.128.105	true	false	high
js.jotform.com	104.19.128.105	true	false	high
cdn03.jotfor.ms	104.22.73.81	true	false	high
www.google.com	216.58.206.36	true	false	high
cdn02.jotfor.ms	172.67.7.107	true	false	high
o61806.ingest.sentry.io	34.120.195.249	true	false	high
eu-files.jotform.com	34.107.251.125	true	false	high
events.jotform.com	104.19.128.105	true	false	high
widgets.jotform.io	104.26.5.225	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://eu.jotform.com/app/213381340657353	false		unknown
https://eu.jotform.com/app/213381340657353/page/3	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
31.10.40.115	portal.activesitecare.com	United Kingdom	42004	ULGRP-ASGB	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.19.129.105	eu.jotform.com	United States	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
216.58.212.142	unknown	United States	15169	GOOGLEUS	false
104.26.5.225	widgets.jotform.io	United States	13335	CLOUDFLARENETUS	false
172.67.7.107	cdn02.jotfor.ms	United States	13335	CLOUDFLARENETUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
34.107.251.125	eu-files.jotform.com	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
104.19.128.105	www.jotform.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
34.120.195.249	o61806.ingest.sentry.io	United States	15169	GOOGLEUS	false
104.22.72.81	cdn.jotfor.ms	United States	13335	CLOUDFLARENETUS	false
104.22.73.81	cdn01.jotfor.ms	United States	13335	CLOUDFLARENETUS	false
104.26.4.225	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.13

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592012
Start date and time:	2025-01-15 16:41:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://eu.jotform.com/app/213381340657353
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@22/64@48/199

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 216.58.212.142, 108.177.15.84, 142.250.185.238, 142.250.186.46, 217.20.57.35, 216.58.206.46
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://eu.jotform.com/app/213381340657353

LLM Input / Output

Input	Output
URL: https://eu.jotform.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This is a legitimate URL for JotForm's European domain. The 'eu' subdomain is a common geographic identifier, and jotform.com is a well-known form building service." }
URL: https://eu.jotform.com
URL: https://eu.jotform.com/app/213381340657353... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a configuration for various sign-on services (Google, Facebook, Microsoft) and an application information object. While it includes some potentially sensitive information like client IDs, the overall behavior seems to be related to legitimate application setup and does not demonstrate any high-risk indicators. The snippet is likely part of a larger application and does not exhibit any malicious or suspicious activities on its own." }
window.GOOGLE_SIGNON = "172124630376-qk1qmdfmur2ojaf39e070iqhpt2foaip.apps.googleusercontent.com"; window.FACEBOOK_SIGNON_APP_ID = "1140740696088074"; window.MICROSOFT_SIGNON_CLIENT_ID = "482577e8-f8d0-4a09-bbbb-15de3d05eebe"; window.__appInfo = {"id":"213381340657353","username":"Claire_Elgie","title":"RMS Customer","status":"ENABLED","created_at":"2021-12-05 03:38:21","updated_at":"2024-11-08 05:00:09","slug":"213381340657353","type":"APP","scope":"\/app\/213381340657353","showJotFormPowered":false,"appBgColor":"#ffffff","appBgColorEnd":"#ffffff","appBgURL":"","appCoverBgColor":"#DFDFFF","appCoverBgCropInfo":"","appCoverBgURL":"","appFontColor":"#000000","appFontFamily":"Verdana","appHeaderBgColor":"#ffffff","appHeaderBgCropInfo":"","appHeaderBgURL":"","appHeaderTextAlignment":"center","appIconBackground":"#ffffff","appIconColor":"#ffffff","appIconSvgRef":"","appIconType":"LOGO\/IMAGE","appIconURL":"https:\/\/www.jotform.com\/uploads\/d_tolliver\/form_files\/Full Colour.61601aed5896e6.23499866.png","appLayout":"DEFAULT","appVersion":"1","description":"Remote Monitoring Services Customer App","disabledAppText":"This app is currently unavailable.","disableDate":"","disableDateTimezone":"","disableOnDate":"No","homepageName":"","iconColor":"#0A1551","installableIconURL":"https:\/\/eu.jotform.com\/uploads\/Claire_Elgie\/form_files\/_mainPWAIcon61ac7a7c41fb5.png","listBgColor":"#ffffff","loginable":"No","logoBackground":"#DFDFFF","logoType":"LOGO\/IMAGE","logoURL":"","mobileMenuTitle":"Menu","name":"RMS Customer","overrideSACL":"No","overridingItemProps":"{}","progressRestartable":"No","redirectToApp":"No","requireLogin":"No","showA2HS":"Yes","showAppCover":"Yes","showAppHeader":"Yes","showListBg":"Yes","showMobileMenuIcon":"Yes","showNavigationBar":"Yes","showProgressBar":"No","splashBgColor":"#ffffff","splashFontColor":"#000000","items":[{"altText":"","id":"15","type":"IMAGE","imageURL":"https:\/\/www.jotform.com\/uploads\/Claire_Elgie\/form_files\/9aeee82c0f949e32fdbe70f6fd6f19ce.6374c6a71e4ce2.55193030.png","itemTextAlignment":"center","page":"0","portalOrder":"1","shrink":"No"},{"description":"Order, connect or update","id":"29","type":"HEADING","headingSize":"large","itemFontColor":"#000000","itemTextAlignment":"center","page":"2","portalOrder":"2","shrink":"No","title":"Forms"},{"completed_clearBadgeOn":"","id":"203472975063358","type":"FORM","completed_clearBadgePeriod":"never","completed_showBadge":"No","description":"Update Your KeyHolder Details Through Our Smart Form","elementSize":"large","embeddedForm":"No","embeddedFormHeight":"535","itemBgColor":"#ffffff","itemBgURL":"","itemBorderColor":"#d0021b","itemFontColor":"#000000","itemIcon":"\/cardforms\/assets\/icons\/icon-sets-v2\/solid\/Communication\/jfc_icon_solid-phone-talking.svg","itemIconBgColor":"#FFF0","itemIconColor":"#d0021b","itemTextAlignment":"left","page":"2","portalOrder":"3","required_showBadge":"No","showEmbeddedFormFullHeight":"Yes","showItemIcon":"Yes","shrink":"No","username":"Claire_Elgie","title":"MC44 RMS Keyholder Update Form","height":null,"status":"ENABLED","created_at":"2020-12-13 05:49:04","updated_at":"2024-08-05 04:09:47","last_submission":null,"new":null,"count":null,"favorite":null,"archived":null,"url":"https:\/\/form.jotform.com\/203472975063358","ssoProtected":"No","assigneeProtected":"No","limitSubmission":"No Limit","expireDate":"No Limit","organizationAccess":"","pagetitle":"MC44 RMS Keyholder Update Form","formTitle":"MC44 RMS Keyholder Update Form","formType":"LEGACY"},{"content":"<p style=\"text-align: center;\"><span style=\"font-family: verdana, geneva;\">Should you wish to use EasiTest Customer you will first need to complete a sign up process. This process can be started by completing the form below, once received we will be in touch with you.<\/span><\/p>","id":"44","type":"PARAGRAPH","page":"2","portalOrder":"4","shrink":"No"},{"completed_clearBadgeOn":"","id":"211596055949063","type":"FORM","complete
URL: https://cdn02.jotfor.ms/s/vendor/static/pwacompat/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a web application compatibility script that handles the configuration and setup of a Progressive Web App (PWA). It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or heavily obfuscated code. The script primarily interacts with the DOM, fetches the web app's manifest, and sets up various meta tags and icons for the PWA. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with the script's intended purpose of enhancing the web app's compatibility and user experience. Therefore, the risk score is assessed as low (3)." }
function S(n){var r=0;return function(){return r<n.length?{done:!1,value:n[r++]}:{done:!0}}}function T(n){var r="undefined"!=typeof Symbol&&Symbol.iterator&&n[Symbol.iterator];return r?r.call(n):{next:S(n)}}function U(n){for(var r,y=[];!(r=n.next()).done;)y.push(r.value);return y} (function(){function n(a,b){a="__pwacompat_"+a;void 0!==b&&(z[a]=b);return z[a]}function r(){var a=(A=document.head.querySelector('link[rel="manifest"]'))?A.href:"";if(!a)throw'can\'t find <link rel="manifest" href=".." />\'';var b=y([a,window.location]),e=n("manifest");if(e)try{var g=JSON.parse(e);H(g,b)}catch(u){console.warn("PWACompat error",u)}else{var p=new XMLHttpRequest;p.open("GET",a);p.withCredentials="use-credentials"===A.getAttribute("crossorigin");p.onload=function(){try{var u=JSON.parse(p.responseText); n("manifest",p.responseText);H(u,b)}catch(v){console.warn("PWACompat error",v)}};p.send(null)}}function y(a){for(var b={},e=0;e<a.length;b={c:b.c},++e){b.c=a[e];try{return new URL("",b.c),function(g){return function(p){return(new URL(p\|\|"",g.c)).toString()}}(b)}catch(g){}}return function(g){return g\|\|""}}function E(a,b){a=document.createElement(a);for(var e in b)a.setAttribute(e,b[e]);document.head.appendChild(a);return a}function h(a,b){b&&(!0===b&&(b="yes"),E("meta",{name:a,content:b}))}function w(a){a= a.sizes.split(/\s+/g).map(function(b){return"any"===b?Infinity:parseInt(b,10)\|\|0});return Math.max.apply(Math,a instanceof Array?a:U(T(a)))}function H(a,b){function e(f,c,k,m){var d=window.devicePixelRatio,l=F({width:fd,height:cd});l.scale(d,d);l.fillStyle=B;l.fillRect(0,0,f,c);l.translate(f/2,(c-20)/2);m&&(c=m.width/d,d=m.height/d,128<d&&(c/=d/128,d=128),48<=c&&48<=d&&(l.drawImage(m,c/-2,d/-2,c,d),l.translate(0,d/2+20)));l.fillStyle=V?"white":"black";l.font="24px HelveticaNeue-CondensedBold";m= window.getComputedStyle(A);l.font=m.getPropertyValue("--pwacompat-splash-font");d=a.name\|\|a.short_name\|\|document.title;c=l.measureText(d);m=c.f\|\|24;l.translate(0,m);if(c.width<.8f)l.fillText(d,c.width/-2,0);else for(d=d.split(/\s+/g),c=1;c<=d.length;++c){var I=d.slice(0,c).join(" "),J=l.measureText(I).width;if(c===d.length\|\|J>.6f)l.fillText(I,J/-2,0),l.translate(0,1.2m),d.splice(0,c),c=0}return function(){var K=l.canvas.toDataURL();g(k,K);return K}}function g(f,c){var k=document.createElement("link"); k.setAttribute("rel","apple-touch-startup-image");k.setAttribute("media","(orientation: "+f+")");k.setAttribute("href",c);document.head.appendChild(k)}function p(f,c){var k=window.screen,m=e(k.availWidth,k.availHeight,"portrait",f),d=e(k.availHeight,k.availWidth,"landscape",f);window.setTimeout(function(){x.p=m();window.setTimeout(function(){x.l=d();c()},10)},10)}function u(f){function c(){--k\|\|f()}var k=C.length+1;c();C.forEach(function(m){var d=new Image;d.crossOrigin="anonymous";d.onerror=c;d.onload= function(){d.onload=null;m.href=L(d,B,!0);x.i[d.src]=m.href;c()};d.src=m.href})}function v(){n("iOS",JSON.stringify(x))}function M(){var f=C.shift();if(f){var c=new Image;c.crossOrigin="anonymous";c.onerror=function(){return void M()};c.onload=function(){c.onload=null;p(c,function(){var k=a.background_color&&L(c,B);k?(f.href=k,x.i[c.src]=k,u(v)):v()})};c.src=f.href}else p(null,v)}var t=a.icons\|\|[],q=t.filter(function(f){return(f.h\|\|"").includes("maskable")});t.sort(function(f,c){return w(c)-w(f)}); q.sort(function(f,c){return w(c)-w(f)});var C=(0<q.length?q:t).map(function(f){var c={rel:"icon",href:b(f.src),sizes:f.sizes};E("link",c);if(D&&!(120>w(f)))return c.rel="apple-touch-icon",E("link",c)}).filter(Boolean);q=document.head.querySelector('meta[name="viewport"]');var W=!!(q&&q.content\|\|"").match(/\bviewport-fit\s=\s*cover\b/),N=a.display;q=-1!==X.indexOf(N);h("mobile-web-app-capable",q);Y(a.theme_color\|\|"black",W);Z&&(h("application-name",a.short_name),h("msapplication-tooltip",a.description), h("msapplication-starturl",b(a.start_url\|\|".")),h("msapplication-navbutton-color",a.theme_color),(t=t[0])&&h("msapplication-TileImage",b(t.src)),h("msappl
URL: https://js.jotform.com/actions.js... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The script primarily consists of utility functions and type-checking methods, with no high-risk behaviors such as dynamic code execution or data exfiltration. It does not interact with external domains or perform aggressive DOM manipulations. The use of XMLHttpRequest is not inherently risky without further context of its usage." }
var JotFormActions=function(){"use strict";function o(n,r){return function(){for(var e=new Array(arguments.length),t=0;t<e.length;t++)e[t]=arguments[t];return n.apply(r,e)}}var t=Object.prototype.toString;function a(e){return"[object Array]"===t.call(e)}function n(e){return null!==e&&"object"==typeof e}function r(e){return"[object Function]"===t.call(e)}function i(e,t){if(null!=e)if("object"!=typeof e&&(e=[e]),a(e))for(var n=0,r=e.length;n<r;n++)t.call(null,e[n],n,e);else for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.call(null,e[o],o,e)}var d={isArray:a,isArrayBuffer:function(e){return"[object ArrayBuffer]"===t.call(e)},isBuffer:function(e){return null!=e&&null!=e.constructor&&"function"==typeof e.constructor.isBuffer&&e.constructor.isBuffer(e)},isFormData:function(e){return"undefined"!=typeof FormData&&e instanceof FormData},isArrayBufferView:function(e){return e="undefined"!=typeof ArrayBuffer&&ArrayBuffer.isView?ArrayBuffer.isView(e):e&&e.buffer&&e.buffer instanceof ArrayBuffer},isString:function(e){return"string"==typeof e},isNumber:function(e){return"number"==typeof e},isObject:n,isUndefined:function(e){return void 0===e},isDate:function(e){return"[object Date]"===t.call(e)},isFile:function(e){return"[object File]"===t.call(e)},isBlob:function(e){return"[object Blob]"===t.call(e)},isFunction:r,isStream:function(e){return n(e)&&r(e.pipe)},isURLSearchParams:function(e){return"undefined"!=typeof URLSearchParams&&e instanceof URLSearchParams},isStandardBrowserEnv:function(){return("undefined"==typeof navigator\|\|"ReactNative"!==navigator.product)&&("undefined"!=typeof window&&"undefined"!=typeof document)},forEach:i,merge:function n(){var r={};function e(e,t){"object"==typeof r[t]&&"object"==typeof e?r[t]=n(r[t],e):r[t]=e}for(var t=0,o=arguments.length;t<o;t++)i(arguments[t],e);return r},deepMerge:function n(){var r={};function e(e,t){"object"==typeof r[t]&&"object"==typeof e?r[t]=n(r[t],e):r[t]="object"==typeof e?n({},e):e}for(var t=0,o=arguments.length;t<o;t++)i(arguments[t],e);return r},extend:function(n,e,r){return i(e,function(e,t){n[t]=r&&"function"==typeof e?o(e,r):e}),n},trim:function(e){return e.replace(/^\s/,"").replace(/\s$/,"")}};function e(){this.handlers=[]}e.prototype.use=function(e,t){return this.handlers.push({fulfilled:e,rejected:t}),this.handlers.length-1},e.prototype.eject=function(e){this.handlers[e]&&(this.handlers[e]=null)},e.prototype.forEach=function(t){d.forEach(this.handlers,function(e){null!==e&&t(e)})};function s(t,n,e){return d.forEach(e,function(e){t=e(t,n)}),t}function u(e){return!(!e\|\|!e.__CANCEL__)}function l(e,t,n,r,o){return e=new Error(e),t=t,n=n,r=r,o=o,(e=e).config=t,n&&(e.code=n),e.request=r,e.response=o,e}var c=e;function h(e){return encodeURIComponent(e).replace(/%40/gi,"@").replace(/%3A/gi,":").replace(/%24/g,"$").replace(/%2C/gi,",").replace(/%20/g,"+").replace(/%5B/gi,"[").replace(/%5D/gi,"]")}var f,p,m,y=["age","authorization","content-length","content-type","etag","expires","from","host","if-modified-since","if-unmodified-since","last-modified","location","max-forwards","proxy-authorization","referer","retry-after","user-agent"],w=d.isStandardBrowserEnv()?(p=/(msie\|trident)/i.test(navigator.userAgent),m=document.createElement("a"),f=g(window.location.href),function(e){e=d.isString(e)?g(e):e;return e.protocol===f.protocol&&e.host===f.host}):function(){return!0};function g(e){return p&&(m.setAttribute("href",e),e=m.href),m.setAttribute("href",e),{href:m.href,protocol:m.protocol?m.protocol.replace(/:$/,""):"",host:m.host,search:m.search?m.search.replace(/^\?/,""):"",hash:m.hash?m.hash.replace(/^#/,""):"",hostname:m.hostname,port:m.port,pathname:"/"===m.pathname.charAt(0)?m.pathname:"/"+m.pathname}}function v(){this.message="String contains an invalid character"}(v.prototype=new Error).code=5,v.prototype.name="InvalidCharacterError";function E(p){return new Promise(function(s,u){var n=p.data,r=p.headers;d.isFormData(n)&&delete r["Content-Type"];var e,t,c=new XMLHttpRequest
URL: https://cdn01.jotfor.ms/s/portal/88179083df8/stati... Model: Joe Sandbox AI	```json { "risk_score": 3, "reasoning": "The script primarily interacts with FullStory, a known analytics service, and includes some legacy practices and error handling. It does not exhibit high-risk behaviors like dynamic code execution or data exfiltration. The use of FullStory suggests a legitimate analytics purpose, which aligns with typical telemetry functionality, warranting a low-risk score." }
/! For license information please see 9678.1a80a518.js.LICENSE.txt / !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="2f8b19d1-ae86-5c42-b474-fab4aa6af55f")}catch(e){}}(); (("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["9678"],{16008:function(e,t,n){"use strict";n.d(t,{B:function(){return l},Hr:function(){return u},IG:function(){return f},S1:function(){return h},dk:function(){return m},ur:function(){return p},yV:function(){return c},y_:function(){return d}});var r,o,i=function(){return window[window._fs_namespace]},a=function(){!function(){if(!i())throw Error("FullStory is not loaded, please ensure the init function is invoked before calling FullStory API functions")}();for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return t.every((function(e){return i()[e]}))},s=function(e){return function(){if(window._fs_dev_mode){var t="FullStory is in dev mode and is not recording: ".concat(e," method not executed");return console.warn(t),t}var n;return a(e)?(n=i())[e].apply(n,arguments):(console.warn("FS.".concat(e," not ready")),null)}},l=s("event"),u=(s("log"),s("getCurrentSessionURL")),c=s("identify"),d=s("setUserVars"),f=(s("consent"),s("shutdown")),p=s("restart"),h=(s("anonymize"),s("setVars"),r=function(e,t){if(i())console.warn("The FullStory snippet has already been defined elsewhere (likely in the <head> element)");else if(e.recordCrossDomainIFrames&&(window._fs_run_in_iframe=!0),e.recordOnlyThisIFrame&&(window._fs_is_outer_script=!0),function(e){var t=e.orgId,n=e.namespace,r=void 0===n?"FS":n,o=e.debug,i=void 0!==o&&o,a=e.host,s=void 0===a?"fullstory.com":a,l=e.script,u=void 0===l?"edge.fullstory.com/s/fs.js":l;if(!t)throw new Error("FullStory orgId is a required parameter");window._fs_debug=i,window._fs_host=s,window._fs_script=u,window._fs_org=t,window._fs_namespace=r,function(e,t,n,r,o,i,a,s){n in e?e.console&&e.console.log&&e.console.log('FullStory namespace conflict. Please set window["_fs_namespace"].'):((a=e[n]=function(e,t,n){a.q?a.q.push([e,t,n]):a._api(e,t,n)}).q=[],(i=t.createElement(r)).async=1,i.crossOrigin="anonymous",i.src="https://"+_fs_script,(s=t.getElementsByTagName(r)[0]).parentNode.insertBefore(i,s),a.identify=function(e,t,n){a(o,{uid:e},n),t&&a(o,t,n)},a.setUserVars=function(e,t){a(o,e,t)},a.event=function(e,t,n){a("event",{n:e,p:t},n)},a.anonymize=function(){a.identify(!1)},a.shutdown=function(){a("rec",!1)},a.restart=function(){a("rec",!0)},a.log=function(e,t){a("log",[e,t])},a.consent=function(e){a("consent",!arguments.length\|\|e)},a.identifyAccount=function(e,t){i="account",(t=t\|\|{}).acctId=e,a(i,t)},a.clearUserCookie=function(){},a.setVars=function(e,t){a("setVars",[e,t])},a._w={},s="XMLHttpRequest",a._w[s]=e[s],s="fetch",a._w[s]=e[s],e[s]&&(e[s]=function(){return a._w[s].apply(this,arguments)}),a._v="1.3.0")}(window,document,window._fs_namespace,"script","user")}(e),t&&i()("observe",{type:"start",callback:t}),!0===e.devMode){var n="FullStory was initialized in devMode and will stop recording";l("FullStory Dev Mode",{message_str:n}),f(),window._fs_dev_mode=!0,console.warn(n)}},o="FullStory init has already been called once, additional invocations are ignored",function(){window._fs_initialized?o&&console.warn(o):(r.apply(void 0,arguments),window._fs_initialized=!0)}),m=function(){return!!window._fs_initialized}},1922:function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var r,o=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},i=n(37897),a=(r=i)&&r.__esModule?r:{default:r};t.default=function(e){var t=e.fill,n=void 0===t?"currentColor":t,r=e.width,i=void 0===r?24:r,s=e.height,l=void 0===s?24:s,u=e.style,c=void 0===u?{}:u,d=function
URL: https://eu.jotform.com/app/213381340657353... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that renders a social media follow widget on a web page. It uses standard DOM manipulation techniques and makes a request to a known, reputable domain (widgets.jotform.io). While it uses a legacy `XDomainRequest` API, which poses a minor risk, the overall behavior is consistent with typical analytics or widget functionality and does not exhibit any high-risk indicators." }
setTimeout(function(){ function renderWidget() { var _cFieldFrame = document.getElementById("customFieldFrame_6"); if (_cFieldFrame) { _cFieldFrame.onload = function(){ if (typeof widgetFrameLoaded !== 'undefined') { widgetFrameLoaded(6, {"formID":"213381340657353"}, undefined) } }; _cFieldFrame.src = "//widgets.jotform.io/socialFollow/?qid=6&isOpenedInPortal=true&isOpenedInAgent=undefined&align=Left&ref=" + encodeURIComponent(window.location.protocol + "//" + window.location.host) + '' + '' + '' +'&injectCSS=' + encodeURIComponent(window.location.search.indexOf("ndt=1") > -1); _cFieldFrame.addClassName("custom-field-frame-rendered"); } } if(undefined) { var _interval = setInterval(function() { var dataMode = document.querySelector('html').getAttribute('data-mode'); if (dataMode === 'fillMode') { renderWidget() clearInterval(_interval); } }, 1000); } else { renderWidget(); } }, 0);
URL: https://cdn03.jotfor.ms/s/portal/88179083df8/stati... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a part of a larger application and does not contain any high-risk indicators. It seems to be related to analytics and telemetry functionality, which is a common practice for web applications. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is benign and does not demonstrate any clear malicious intent. The risk score is low, and the script can be considered relatively safe." }
"use strict"; !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="21dd2480-7c7b-520f-b079-5a61751cc9db")}catch(e){}}(); (("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["4518"],{42833:function(e,t,n){n.d(t,{Z:function(){return pn}});var s=n("20366"),i=n("94653"),o=n("37897"),a=n("11268"),r=n.n(a),l=n("32358"),c=n("58935"),d=n("50728"),u=n("57665"),p=n("65301");const m={LOGIN_FLOW:"loginFlow",ACCOUNT_SETTINGS:"accountSettings"},g={TOTAL_SUBMISSONS:"totalSubmissions",PAYMENTS:"payments",FORMS:"formCount",AI_AGENTS:"aiAgents",AI_CONVERSATIONS:"aiConversations",AI_SESSIONS:"aiSessions",AI_PHONE_CALLS:"aiPhoneCalls",AI_KNOWLEDGE_BASE:"aiKnowledgeBase",SIGNED_DOCUMENTS:"signedDocuments",WORKFLOW_RUNS:"workflowRuns",SUBMISSONS:"submissions",UPLOAD_SPACE:"uploads",FORM_VIEWS:"views"},h="total_submissions",_="payments",A="form_count",E="ai_agents",C="ai_conversations",v="ai_sessions",T="ai_phone_calls",N="ai_knowledge_base",f="signed_documents",O="workflow_runs",x="submissions",S="uploads",L="views",b={[g.TOTAL_SUBMISSONS]:h,[g.PAYMENTS]:_,[g.FORMS]:A,[g.SIGNED_DOCUMENTS]:f,[g.AI_AGENTS]:E,[g.AI_CONVERSATIONS]:C,[g.AI_SESSIONS]:v,[g.AI_PHONE_CALLS]:T,[g.AI_KNOWLEDGE_BASE]:N,[g.WORKFLOW_RUNS]:O,[g.SUBMISSONS]:x,[g.UPLOAD_SPACE]:S,[g.FORM_VIEWS]:L},j={[g.TOTAL_SUBMISSONS]:"total submissions",[g.PAYMENTS]:"payment submissions",[g.FORMS]:"forms",[g.AI_AGENTS]:"AI agents",[g.AI_CONVERSATIONS]:"AI conversations",[g.AI_SESSIONS]:"AI sessions",[g.AI_PHONE_CALLS]:"AI phone calls",[g.AI_KNOWLEDGE_BASE]:"AI knowledge base",[g.SIGNED_DOCUMENTS]:"signed documents",[g.WORKFLOW_RUNS]:"workflow runs",[g.SUBMISSONS]:"submissions",[g.UPLOAD_SPACE]:"upload space",[g.FORM_VIEWS]:"form views"},U="#12AF47",w="#F9A400",y="#FF6100",R="#DC2626",I="en-US",k=1e7,P="ENTERPRISE",B="WARNING",M="DANGER",D={WARNING:70,DANGER:100};var F=n("3695"),V=n("22749"),H=n("67689"),G=n("53432"),W=n("58920"),q=n.n(W);const $=({children:e,onClick:t,theme:n,className:s})=>{const o=q()("flex justify-center items-center radius text-sm z-1 font-medium h-10 text-sm duration-300 transform hover:opacity-80 shrink-0",{"px-3 py-2 border border-navy-100 color-teams-default bg-white":""===n,"px-3 py-2 border-0 bg-white":"ghost"===n,"px-3 py-2 border-red-600 bg-red-500 color-white":"danger"===n,"px-3 py-2 border-orange-600 bg-orange-600 color-white":"warning"===n,"px-3 py-2 border-green-600 bg-green-500 color-white":"success"===n,"px-3 py-2 border-blue-600 bg-blue-500 color-white":"primary"===n,"px-3 py-2 border-b border-navy-25 justify-start w-full hover:bg-navy-25":"dropdown"===n},s);return(0,i.jsx)("button",{onClick:t,type:"button",className:o,children:e})};$.propTypes={children:r().node,onClick:r().node,theme:r().string,className:r().string},$.defaultProps={children:"",onClick:null,theme:"",className:""};var Y=$;const K="Upgrade Now";var z=n("88412"),Z=n("24840"),J=n("60097");const X=new Z.m("/API",{interceptorConfig:{teamID:n.g.teamID,customResponseInterceptors:[J.D.requestManagerResponseNormalizer]}}),Q=(new Z.m("/server.php/",{interceptorConfig:{teamID:n.g.teamID,disableResponseNormalizer:!0,shouldCache:!0,logCachePayload:{projectName:"myaccount"}}}),{submissions:"Monthly Submission",payments:"Payment Submission",uploads:"Upload Space",views:"Form View",signed_documents:"Monthly Signed Documents",signedDocuments:"Monthly Signed Documents",total_submissions:"Submission Storage"}),ee=({username:e,action:t,target:n,project:s})=>{if(!e)return console.log("[Limit Assets Actions] :: Unable to track, user not found.");const i={project:null!=s?s:"limit-assets",oldActions:{action:t,target:n},actor:e,location:window.location&&window.location.href};if(!(0,z.yv)())return console.log("[Limit Assets Actions] :: ",i);var o;o=i,X.post("t/jfrev",o,{headers:{"Content-Type":"application/json"}}
URL: https://cdn03.jotfor.ms/s/portal/88179083df8/stati... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a utility function that sets a unique identifier for debugging purposes. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or obfuscated code. The script is likely part of a larger application and is used for logging and debugging purposes, which is a common and legitimate practice. While it uses some outdated APIs like `XDomainRequest`, the overall risk is low." }
"use strict"; !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="4f51bb27-7165-5421-88f5-8ca04331ec11")}catch(e){}}(); (("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["3619"],{4523:function(e,t,o){o.r(t),o.d(t,{default:function(){return Lr}});var n=o("94653"),i=o("37897"),r=o("11268"),a=o.n(r),s=o("27219"),l=o("31028"),c=o("66187"),p=o("22722"),d=o("45050"),m=o("27505"),u=o("95474"),g=o("65957"),h=o("38111"),x=o("55767"),f=o("47085"),v=o("38675"),b=o("32358"),w=o("30886"),y=o("11759"),C=o("54513"),I=o("81885"),k=o("19195");const j=y.ZP.div` display: flex; flex-direction: column; align-items: center; width: 100%; ${(0,I.c)(C.DT.AppFooter)?y.iv` height: 100%; margin: 0 auto; `:y.iv` height: fit-content; margin: 0 auto; margin-bottom: calc(${({isOrderNowButtonVisible:e})=>e?"95px":"0px"}); `}; font-size: 1em; text-align: center; .mobileCtxMenu { position: fixed; z-index: 1001; left: 0; top: 0; width: 100%; height: 100%; background-color: #29355C80; overflow: hidden; } .mobileCtxMenu-enter { opacity: 0; transition: all 400ms; } .mobileCtxMenu-enter-active { opacity: 1; } .mobileCtxMenu-exit { opacity: 1; transition: all 400ms; } .mobileCtxMenu-exit-active { opacity: 0; } .contentWithLinkElement { text-decoration: none; } `,B=y.ZP.div` position: relative; margin: auto; width: 100%; height: 100%; &:not(.isMobilePreview) { overflow-y: auto; } @media screen and (max-width:768px) { scrollbar-width: none; &::-webkit-scrollbar{ display: none; } } .forPreview { .formAccountBox-line { pointer-events: none; } } .formAccountBox-wrapper { z-index: 3; } .orderNow { position: fixed; z-index: 1001; left: 0; top: 0; width: 100%; height: 100%; background-color: #29355C80; overflow: hidden; } .orderNow-enter { opacity: 0; transition: all 400ms; } .orderNow-enter-active { opacity: 1; } .orderNow-exit { opacity: 1; transition: all 400ms; } .orderNow-exit-active { opacity: 0; } .orderBtn-enter { opacity: 0; transition: all 400ms; } .orderBtn-enter-active { opacity: 1; } .orderBtn-exit { opacity: 1; transition: all 400ms; } .orderBtn-exit-active { opacity: 0; } `,P=y.ZP.div` ${({hasBrandingFooter:e})=>e?"height: calc(100% - 49px);":"height: 100%;"} width: 100%; position: absolute; top: 0; display: flex; flex-direction: column; .backToApp { background: none; padding: .5em 0; color: #0A155180; font-weight: 400; color: ${k.Km}; fill: ${k.Km}; span { display: none; margin-left: 2px; } .sm { display: block } } nav { ${({appFontFamily:e})=>e?`\n font-family: ${e};\n `:""} text-overflow: ellipsis; white-space: nowrap; overflow: hidden; color: ${k.Km}; } .formAccountBox-wrapper { position: relative; top: 0; right: 0; } .detailsPageNav { position: fixed; top: 0; z-index: 10; .product-list-item-favLabel { right: 60px; top: 50%; transform: translateY(-50%); width: 40px; height: 40px; display: flex; align-items: center; justify-content: center; } } .dummyDiv { width: 150px; @media screen and (max-width: 480px) { width: 80px; } } `,D=y.ZP.div` -webkit-overflow-scrolling: touch; overflow-y: auto; position: relative; height: 100%; .accBox-backdrop { position: absolute; width: 100%; height: 100%; opacity: 0; overflow-y: auto; } iframe { width: 100%; height: 100%; // height: calc(100% - 49px); b
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Refresh", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://cdn03.jotfor.ms/s/portal/88179083df8/stati... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The script primarily involves error handling and object manipulation without any high-risk behaviors such as dynamic code execution or data exfiltration. It does not interact with external domains or exhibit obfuscation, indicating low risk." }
/! For license information please see 7988.f937c1ff.js.LICENSE.txt / !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="ec33327f-e33f-5d63-9d27-7c27340c3a43")}catch(e){}}(); (("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["7988"],{1625:function(e){"use strict";var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,r=Object.prototype.propertyIsEnumerable;e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map((function(e){return t[e]})).join(""))return!1;var r={};return"abcdefghijklmnopqrst".split("").forEach((function(e){r[e]=e})),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},r)).join("")}catch(e){return!1}}()?Object.assign:function(e,o){for(var i,a,u=function(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}(e),c=1;c<arguments.length;c++){for(var s in i=Object(arguments[c]))n.call(i,s)&&(u[s]=i[s]);if(t){a=t(i);for(var f=0;f<a.length;f++)r.call(i,a[f])&&(u[a[f]]=i[a[f]])}}return u}},38675:function(e,t,n){"use strict";var r,o,i,a,u=n(11268),c=n.n(u),s=n(99261),f=n.n(s),l=n(77398),p=n.n(l),d=n(37897),h=n(1625),y=n.n(h),b="bodyAttributes",m="htmlAttributes",T="titleAttributes",v={BASE:"base",BODY:"body",HEAD:"head",HTML:"html",LINK:"link",META:"meta",NOSCRIPT:"noscript",SCRIPT:"script",STYLE:"style",TITLE:"title"},g=(Object.keys(v).map((function(e){return v[e]})),"charset"),w="cssText",O="href",C="http-equiv",A="innerHTML",E="itemprop",S="name",j="property",P="rel",I="src",k="target",L={accesskey:"accessKey",charset:"charSet",class:"className",contenteditable:"contentEditable",contextmenu:"contextMenu","http-equiv":"httpEquiv",itemprop:"itemProp",tabindex:"tabIndex"},x="defaultTitle",N="defer",M="encodeSpecialCharacters",R="onChangeClientState",q="titleTemplate",D=Object.keys(L).reduce((function(e,t){return e[L[t]]=t,e}),{}),H=[v.NOSCRIPT,v.SCRIPT,v.STYLE],U="data-react-helmet",_="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},F=function(){function e(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}return function(t,n,r){return n&&e(t.prototype,n),r&&e(t,r),t}}(),Y=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},B=function(e,t){var n={};for(var r in e)t.indexOf(r)>=0\|\|Object.prototype.hasOwnProperty.call(e,r)&&(n[r]=e[r]);return n},K=function(e){return!1===(!(arguments.length>1&&void 0!==arguments[1])\|\|arguments[1])?String(e):String(e).replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/'/g,"'")},W=function(e){var t=Q(e,v.TITLE),n=Q(e,q);if(n&&t)return n.replace(/%s/g,(function(){return Array.isArray(t)?t.join(""):t}));var r=Q(e,x);return t\|\|r\|\|void 0},z=function(e){return Q(e,R)\|\|function(){}},Z=function(e,t){return t.filter((function(t){return void 0!==t[e]})).map((function(t){return t[e]})).reduce((function(e,t){return Y({},e,t)}),{})},G=function(e,t){return t.filter((function(e){return void 0!==e[v.BASE]})).map((function(e){return e[v.BASE]})).reverse().reduce((function(t,n){if(!t.length)for(var r=Object.keys(n),o=0;o<r.length;o++){var i=r[o].toLowerCase();if(-1!==e.indexOf(i)&&n[i])return t.concat(n)}return t}),[])},J=function(e,t,n){var r={};return n.filter((function(t){return!!Array.isArray(t[e])\|\|(void 0!==t[e]&&te("Helmet: "
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://cdn03.jotfor.ms/s/portal/88179083df8/stati... Model: Joe Sandbox AI	```json { "risk_score": 3, "reasoning": "The script includes moderate-risk indicators such as sending data to an external API endpoint using `i.post` method, which could potentially involve user data. However, there is no evidence of high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a legitimate application, possibly for analytics or user interaction tracking, but lacks transparency about the data being sent." }
"use strict"; !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="f9dd4401-9099-58ae-98a0-7ca1510b4145")}catch(e){}}(); (("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["8508"],{91918:function(e,o,t){t.d(o,{F4:function(){return O},fh:function(){return s}});var E=t(24840),r=t(60097),_=t(40991),a=t(31157),n=t(45615);const i=new E.m("/API",{interceptorConfig:{teamID:t.g.teamID,customResponseInterceptors:[r.D.requestManagerResponseNormalizer]}}),s=e=>{if((0,_.ko)())return;const o=new URLSearchParams,{lastProductAssetInteraction:t}=e;return t&&o.append("last_product_asset_interaction",t),i.post("ep/user/hubspot-contact-form",o)},O=({asset:e,target:o,action:t,intent:E})=>{if((0,n.BB)()){const r={project:a.ib.ENTERPRISE_PROMOTIONS,asset:e,target:o,action:t};E&&(r.intent=E);const _=new URLSearchParams(r);return i.post("ep/user/actions",_)}}},22062:function(e,o,t){t.d(o,{s:function(){return E}});const E={AB_TEST:{ADD_COLLABORATOR_MODAL:"addCollaboratorModal",ADD_COLLABORATOR_BANNER:"addColabBanner",ADMIN_CONSOLE_SINGLE_MODAL:"adminConsoleSingleModal",ADMIN_CONSOLE_SLIDER_MODAL:"adminConsoleSliderModal",ADMIN_CONSOLE_TWO_STEP_MODAL:"adminConsoleTwoStepModal",ADVERTISEMENT_LEAD_FLOW_MODAL:"adLeadFlowModal",AD_BANNER_MODAL:"adBannerModal",AD_FIRST_EXIT_INTENT_MODAL:"adFirstExitIntentModal",AD_SECOND_EXIT_INTENT_MODAL:"adSecondExitIntentModal",APPLY_REAL_TIME_SUPPORT_MODAL:"applyRealTimeSupportModal",ASSIGN_FORM_MODAL:"assignFormModal",BLOG_CONTENT_BANNER_MODAL:"blogContentBannerModal",BSG_EDUCATION_DISCOUNT_MODAL:"bsgEducationDiscountModal",BSG_NONPROFIT_DISCOUNT_MODAL:"bsgNonprofitDiscountModal",CONTACT_SUPPORT_MODAL:"contactSupportModal",DEDICATED_SUPPORT_MODAL:"dedicatedSupportModal",SINGLE_COLUMN_DEDICATED_SUPPORT_MODAL:"singleColumnDedicatedSupportModal",EDUCATION_BDM_FLOW_MODAL:"educationBdmFlowModal",EDUCATION_DISCOUNT_MODAL:"educationDiscountModal",EDUCATION_DISCOUNT_MODAL_FERPA_VIOLATION_EXAMPLES:"educationDiscountModalFerpaViolationExamples",ENHANCE_COLLAB_MODAL:"enhanceCollaborationModal",FASTER_SUPPORT_RESPONSE_MODAL:"fasterSupportResponseModal",FEATURE_SLIDER_MODAL:"featureSliderModal",LOCAL_DATA_RESIDENCY_MODAL:"localDataResidencyModal",PRICING_TABLE_MODAL:"pricingTableModal",PRICING_TABLE_ISOLATED_MODAL:"pricingTableIsolatedModal",SHARE_FOLDER_MODAL:"shareFolderModal",SSO_PREFILL_MODAL:"ssoPrefillModal",SSO_PREFILL_DETAILED_MODAL:"ssoPrefillDetailedModal",PROFESSIONAL_SERVICES_MODAL:"professionalServicesModal",MULTI_USER_MODAL:"multiUserModal",REQUIRE_SSO_MODAL:"requireSsoModal",SECURITY_PROPERTIES_MODAL:"securityPropertiesModal",SYSTEM_LOGS_MODAL:"systemLogsModal",ZOOM_SUPPORT_MODAL:"zoomSupportModal",APPEXCHANGE_MODAL:"appExchangeModal",TEAMS_WHITE_LABELING_MODAL:"teamsWhiteLabelingModal",SCHEDULE_ZOOM_MODAL:"scheduleZoomModal",BRONZE_PLAN_DISCOUNT_MODAL:"bronzePlanDiscountModal",SILVER_PLAN_DISCOUNT_MODAL:"silverPlanDiscountModal",GOLD_PLAN_DISCOUNT_MODAL:"goldPlanDiscountModal",ENTERPRISE_PLAN_DISCOUNT_MODAL:"enterprisePlanDiscountModal",ACTIVE_SUBMISSON_BANNER:"activeSubmissionBanner",ADMIN_CONSOLE_BANNER:"adminConsoleBanner",ADD_AND_MANAGE_USERS_BANNER_ALT:"addAndManageUsersBannerAlt",ADVERTISEMENT_LEAD_FLOW_BANNER:"advertisementLeadFlowBanner",APPLY_REAL_TIME_SUPPORT_BANNER:"applyRealTimeSupportBanner",ASSIGN_FORM_BANNER:"assignFormBanner",BLOG_CONTENT_BOOST_BANNER:"blogContentBoostBanner",BLOG_CONTENT_SPEED_UP_BANNER:"blogContentSpeedUpBanner",BLOG_EDUCATION_CONTENT_BANNER:"blogEducationContentBanner",BLOG_CONTENT_SIDE_BANNER:"blogContentSideBanner",CUSTOM_DOMAIN_TOOLTIP_BANNER:"customDomainTooltip",EDUCATION_BDM_FLOW_BANNER:"educationBdmFlowBanner",ENTERPRISE_BILLING_BANNER:"enterpriseBillingBanner",ENTERPRISE_SECURITY_ITEMS_SECTION:"enterpriseSecurityItemsSection",ENTERPRISE_WHITE_LABELING_BANNER:"enterpr
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "brands": [ "RMS Customer" ] }
	{ "brands": [ "RMS Customer" ] }
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Add RMS Customer to Your Home Screen?", "prominent_button_name": "ADD TO HOME SCREEN", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://cdn03.jotfor.ms/s/portal/88179083df8/stati... Model: Joe Sandbox AI	```json { "risk_score": 4, "reasoning": "The script dynamically loads an external script from 'js.hs-scripts.com', which is a moderate-risk indicator due to external data transmission without transparency (+2 points). It also uses aggressive DOM manipulation by appending and removing script elements (+2 points). However, there are no high-risk indicators like dynamic code execution or data exfiltration. The domain 'js.hs-scripts.com' is associated with HubSpot, a known service, which could justify a reduction, but the script's behavior is not fully transparent, warranting further review." }
"use strict"; !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="2a58066d-90de-5f8c-b0f7-858525cb6cc6")}catch(e){}}(); (("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["6317"],{91661:function(e,t,_){_.d(t,{Z:function(){return I}});var r=_("41663"),n=_("80557"),a=_("93565"),o=_("94653"),i=_("37897"),c=_("11268"),s=_("32358"),l=_("50728"),m=_("65301"),p=_("31157"),E=_("53235"),u=_("10504"),d=_("89544"),A=_("45615"),O=_("53075");var R=({isEnabled:e=!1,user:t=null}={})=>{const[_,r]=(0,i.useState)(!1);return(0,i.useEffect)((()=>{if(!e\|\|!(0,A.BB)()\|\|!t\|\|_)return;const n=e=>{"load"===e.type&&r(!0)},a=document.createElement("script");return a.id="hs-script-loader",a.type="application/javascript",a.src="//js.hs-scripts.com/4773329.js",a.async=!0,a.defer=!0,document.body.appendChild(a),a.addEventListener("load",n),a.addEventListener("error",n),()=>{a.removeEventListener("load",n),a.removeEventListener("error",n),a.remove()}}),[t]),[_]},N=_("22236"),T=_("37953"),L=_("23097"),j=_("58920"),S=_.n(j);const g=({user:e,formUiModifier:t})=>{if(!(0,L.AU)("ADMIN",e))return null;const[_,r]=(0,i.useState)(!1),[n,a]=(0,i.useState)(""),[c,s]=(0,i.useState)(!1),l=S()("feedback-form-wrapper",{show:_}),p=(0,i.useMemo)((()=>{const{email:_,nameFirst:r,nameLast:n}=(0,A.q0)(e);return`https://form.jotform.com/242121390294955?feedbackEmbedButton&pathName=${window.location.pathname}&formUiModifier=${t}&yourName[0]=${r}&yourName[1]=${n}&email=${_}`}),[e]);return(0,i.useEffect)((()=>{_?(s(!1),a(p)):a("")}),[_,p]),(0,o.jsxs)("div",{className:"prefill-asset-wrapper",children:[(0,o.jsxs)("div",{className:"feedback-cta-wrapper",children:[(0,o.jsx)("span",{className:"explanation",children:"Admin Actions"}),(0,o.jsx)("button",{id:"feedback-form-open",className:"feedback-cta",type:"button",onClick:()=>r((e=>!e)),"hover-tooltip":"Give feedback to the enterprise asset",children:(0,o.jsx)(N.Z,{})})]}),(0,o.jsxs)("div",{id:"feedback-form-container",className:l,children:[(0,o.jsx)(m.g,{strokeColor:"#6C73A8",style:{pointerEvents:"none",zIndex:"1",width:"48px",height:"48px",transition:".2s all",opacity:c?"0":"1"}}),(0,o.jsx)("button",{id:"feedback-form-close",type:"button",className:"feedback-form-close",onClick:()=>r(!1),children:(0,o.jsx)(T.Z,{})}),(0,o.jsx)("iframe",{id:"feedback-form",title:"Feedback Form",className:"feedback-form",src:n,onLoad:()=>s(!0)})]})]})};g.propTypes={user:u.Z5.isRequired,formUiModifier:c.string.isRequired};var M=g;const D=e=>{var{user:t,title:_,formID:c,devFormID:s,classNames:u,formUiModifier:d,isIframeEmbed:N,gaAttributes:T,gaFormTrackingItems:L,customFormParamsPreparer:j,onFormSubmit:S,pageUrl:g,automatedNurturingSource:D,fullFormPath:I,isPrefillEnabled:f,isAdForm:C,isDynamicHeightEnabled:v}=e,y=(0,a._)(e,["user","title","formID","devFormID","classNames","formUiModifier","isIframeEmbed","gaAttributes","gaFormTrackingItems","customFormParamsPreparer","onFormSubmit","pageUrl","automatedNurturingSource","fullFormPath","isPrefillEnabled","isAdForm","isDynamicHeightEnabled"]);const[k,U]=(0,i.useState)(!1),P=(0,i.useRef)(!1),b=(0,i.useRef)(!1),h=(0,i.useRef)(!1),w=(0,i.useRef)(null),B=(0,i.useMemo)((()=>(0,A.kG)(t)),[t]),G=(0,i.useMemo)((()=>(0,A.q0)(t)),[t]),F=j\|\|O._h;let H="";H=F(f?(0,r._)((0,n._)((0,r._)({},G),{formUiModifier:d,isIframeEmbed:N,pageUrl:g,automatedNurturingSource:D}),y):(0,r._)((0,n._)((0,r._)({},B),{formUiModifier:d,isIframeEmbed:N,pageUrl:g,automatedNurturingSource:D}),y));const x=(0,A.yG)()?p.t9&&C?E.N.COMMON.AD_FORM_DEV:s:p.t9&&C?E.N.COMMON.AD_FORM_LIVE:c,Y=I?`${I}${H}`:`${(0,l.Ml)()}/${x}${H}`,W=window._hsq\|\|[],[V]=R({isEnabled:!0,user:t}),[q,Z]=(0,i.useState)("");(0,i.useEffect)((()=>{V&&!h.current&&(W.push(["identify",{email:null==t?void 0:t.email}]),W.push(["setPath",window.location.href]),W.push(["trackPageView"])
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "brands": [ "RMS" ] }
	{ "brands": [ "RMS" ] }
URL: https://eu.jotform.com/app/213381340657353 Model: Joe Sandbox AI	{ "brands": [ "DMS" ] }
	{ "brands": [ "DMS" ] }
URL: https://jotform.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This is the legitimate domain for JotForm, a well-known online form builder service. The URL uses HTTPS, has a standard .com TLD, and shows no suspicious characteristics." }
URL: https://jotform.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\RMS Customer.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:51 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2775
Entropy (8bit):	4.023195867667676
Encrypted:	false
SSDEEP:
MD5:	732BC566ECFF3A203E6533D14C9F23EB
SHA1:	B4A1622DB0A820EAEEFAB3FCE4639FE0ABFDB612
SHA-256:	019DAECD508B3E151B70D75F7AEEB87DC03905AB6FC24E361AD395E8FB9DF323
SHA-512:	97F08C3D9E13CAD11B302D270896AEE6AFE903E14BA5E14A737D7C6E29E05FB29288D070624B4F5D9E72D9BD9DEB846DCC8DF45325BC4C339311F62AFE9A15E4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....R..#dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..'.R.e.m.o.t.e. .M.o.n.i.t.o.r.i.n.g. .S.e.r.v.i.c.e.s. .C.u.s.t.o.m.e.r. .A.p.p.V.....\.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\42cce12df1d7c5f3.customDestinations-ms (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	DF7ED9186186AA1EB581B9E90CC78D2E
SHA1:	A5B2DE40C29110E63975CB5AE69E5933B10CA25F
SHA-256:	EC1814F30B7BA3B88DAE75129D3B02A790C3DFB4308974211C0552ED26A90906
SHA-512:	B16D6D8AC179D48AB2F6F0E1991B27C00B83B674F1D936F949F5CEA482E27529657070BA98892BBA81AFA52663621700B0AE6FD07B1CEE4868A22317815D5A0E
Malicious:	false
Reputation:	unknown
Preview:	...................................FL..................F.@.. ......,.....a..dg.....q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.V/ZD}..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c...................C:\Program Files\Google\Chrome\Application\chrome.exe....-.-.a.p.p.-.i.d.=.o.o.g.b.b.p.f.b.k.d.f.o.k.e.c.o.h.b.c.p.h.a.o.a.h.j.n.k.h.j.e.k. .-.-.a.p.p.-.l.a.u.n.c.h.-.u.r.l.-.f.o.r.-.s.h.o.r.t.c.u.t.s.-.m.e.n.u.-.i.t.e.m.=.h.t.t.p.s.:././.e.u...j.o.t.f.o.r.m...c.o.m./.a.p.p./.2.1.3.3.8.1.3.4.0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IENVXPTO6ZV511FFEAZQ.temp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	9556
Entropy (8bit):	4.057310173251172
Encrypted:	false
SSDEEP:
MD5:	DF7ED9186186AA1EB581B9E90CC78D2E
SHA1:	A5B2DE40C29110E63975CB5AE69E5933B10CA25F
SHA-256:	EC1814F30B7BA3B88DAE75129D3B02A790C3DFB4308974211C0552ED26A90906
SHA-512:	B16D6D8AC179D48AB2F6F0E1991B27C00B83B674F1D936F949F5CEA482E27529657070BA98892BBA81AFA52663621700B0AE6FD07B1CEE4868A22317815D5A0E
Malicious:	false
Reputation:	unknown
Preview:	...................................FL..................F.@.. ......,.....a..dg.....q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.V/ZD}..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c...................C:\Program Files\Google\Chrome\Application\chrome.exe....-.-.a.p.p.-.i.d.=.o.o.g.b.b.p.f.b.k.d.f.o.k.e.c.o.h.b.c.p.h.a.o.a.h.j.n.k.h.j.e.k. .-.-.a.p.p.-.l.a.u.n.c.h.-.u.r.l.-.f.o.r.-.s.h.o.r.t.c.u.t.s.-.m.e.n.u.-.i.t.e.m.=.h.t.t.p.s.:././.e.u...j.o.t.f.o.r.m...c.o.m./.a.p.p./.2.1.3.3.8.1.3.4.0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:26 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.987124784279843
Encrypted:	false
SSDEEP:
MD5:	4B1C53AEF693D08E32D7CB6CB902D8E4
SHA1:	FD5AB67D3D14EBECB233DC6C361001C930110120
SHA-256:	038689E7C72AC441099E1496AE4E3961FA0AE7BBED932108826374C232BBCB1B
SHA-512:	2AC0BA655C3EDCD214B2F935A6750B0B37920EC7A04DA5FA6BD2070899EAE00783EA9A5AB50537A7C03B72267DC27A5F59A03790757C64923E3C2034A5264C0B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....;...dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:26 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0026180014545965
Encrypted:	false
SSDEEP:
MD5:	076976073344DE3D99BE105F42ADB05C
SHA1:	B61F9DCAC75284933129A699EB1768A423DA777E
SHA-256:	BC0B918576013363620480A96D37DBCAADAADBE0153F38F0977B66F688B7BAFD
SHA-512:	6A599D250371E3B093352BDB84E1CD03CBAA9DA97DE378C60AA2CDA738AC45644319DE8C9F3A3EE1A312811BF639C361026EBF294610451325D443E64F8A2232
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....>..dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011852642265895
Encrypted:	false
SSDEEP:
MD5:	DB91E3342DE4A1AE889EC8FBF42FEC67
SHA1:	9253786536FD9C7D3D50F49D056FF88833A50547
SHA-256:	E427DE40D0807BDDBE30F0DB5C1F0D2A20BD2237DB10AE89FAE7DC690F3D9F44
SHA-512:	FF6189834D71C40A069EC155C83C1F9AD8985E39B7392A464CBB3665DED6FF9B1BF78200F9C069980ED4BAA3988DAD8F354634370F7C8E8BAFF3651A10239624
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RMS Customer.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:51 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	4.025842831063196
Encrypted:	false
SSDEEP:
MD5:	F5540911F62F051F36CD77E26C9BE7CC
SHA1:	4D07BCB3413F0DB5DFB9F2877C33BE9DF49E86AE
SHA-256:	B3651E4E07AC8360AA116D2F1CD75E815A9DA200EC934BEF36B2B87C8ACD4786
SHA-512:	FA823CBD8D2E7D5725CBBC1FCE4F4F1B70395490B919A1D0279D942B795123309028A49DF64A0FE11F34DC004800665A10806A9856A54B7C1BE7F6AFC4ECCBA3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......."dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..'.R.e.m.o.t.e. .M.o.n.i.t.o.r.i.n.g. .S.e.r.v.i.c.e.s. .C.u.s.t.o.m.e.r. .A.p.p.S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:26 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9993578355389605
Encrypted:	false
SSDEEP:
MD5:	B4488F3F2E8A98256734D4D163692AD2
SHA1:	7B90DD8A7A8B0A9E2CD9818D10F301E9B0375C66
SHA-256:	38A4B3605506660F17961AE123EBB7CB50ACCC909EC8E9CA299BDCDE8125AE9C
SHA-512:	9972FC0F93E0A476151DE1C0A99D3892D91548E80AFBC97176201156A4D1FCE683126C9E5866F27B7A7B5A5C542F832487E18A8B0BEAC306D4B0630882A82FD8
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:26 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9878065871577055
Encrypted:	false
SSDEEP:
MD5:	E335740A79C159AA81F48D9887BC663D
SHA1:	67283274EC09D2BE4FCAA1E1DF2E49571D080A29
SHA-256:	0DF6A9AD039D6132C605CD99075468AAD7FBD330A73D5C5BDAC5ACA350971FEB
SHA-512:	9F0F6DE544586A496F152BF5D429BE9C4EE78595F4EB3174DF6679713287269DD0984C503A08E7AEB2603F3FBCC96EA4318141209A5882897C8A55BDBF51A96D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....G...dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:26 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.997381533405575
Encrypted:	false
SSDEEP:
MD5:	A7CE13252A1C0E10EE9672FE2348F017
SHA1:	4680471E6C28BCCD16A743FE520A798F8DB8E18B
SHA-256:	62E51C90679C82D614461D51A047E3359897D7D51C6C733BDD14D2866D37037E
SHA-512:	1F6F2B7F5C04672D5A72D643453F024B3E317BED2D05AF90EBFFBE272A059E61458691D9F0E85E5BCAFB3178CEC827E927623EACE67865DDCD849D16FA6D2C0F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....p8..dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Desktop\RMS Customer.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 14:42:36 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2733
Entropy (8bit):	4.027904861270585
Encrypted:	false
SSDEEP:
MD5:	6CFFBDBDDAD6B32092E6238DFC6041D8
SHA1:	A4596EDE9C630300F971CA871D89B589C60A3C6F
SHA-256:	E34CCCFAC94A4DEDB01499666AFD4C7E40F4354AE518E1C8F111F6DD27DFA2B0
SHA-512:	D7CA82279E31E119777700D8592794D8B24C7B0B9CDFF35E516A3531DC3D2241CE7391DB6EFFF5604A7558D268095EB4A0E2F4CC32649984886F4A33CC1575AE
Malicious:	true
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....DV..dg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/ZD}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZL}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZL}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZL}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZN}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..'.R.e.m.o.t.e. .M.o.n.i.t.o.r.i.n.g. .S.e.r.v.i.c.e.s. .C.u.s.t.o.m.e.r. .A.p.p.A.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 144 x 144, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	934
Entropy (8bit):	7.503764964979933
Encrypted:	false
SSDEEP:
MD5:	88BCF8B9693D101ED0F51D5FCBED4690
SHA1:	53A2221A74D176C20D6EF19FFB221880733331CB
SHA-256:	F4AC53890B1FC6B17DBF9495C150F606461549C1B130FD7D27198A790B09134F
SHA-512:	83295B3705AA56EEDEC1B871AB485855C387958BC65AA59180DAB3CD3380854236F11674F57D124CCE92A4AACF7394EF81596A94E45AF85705EEA74BD2F934B5
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/assets/img/favicons/favicon-2021-light.png
Preview:	.PNG........IHDR....................PLTE....a......)..Q.......u ..............y)2g..Q................@...~0...... ...._..`..@..7......D.k.`............p...P.........p...................OW..#\..P......0..........em....9Ar..l:.}.....IDATx...n.@........q..z...zy..:....2.h.D....4.{waY.eY.eY.e.....".............mt.c.!../>8.y....z.&..y....#...%xr...z(...<T.......}^.@I{...t..:D....fEP......DYzZ....{.Q...d..4....3J.P..=.0....O.=T.....y<O....y..2..R.)).x+e..2O.`.aOC.'l..`.....H..ee.h.@..-e.,.y.T._.....<.[.<.IY..H.g.J..G.....p.....7...'.Z<...=Se..P....'.........5<.....z.:....T.....T<.S..."u..JfF...........h..P=...0=.[..=.9....PUH.s=T....,.<.7.4...]..&....^..y..\|r..#.V.O.....xK..K..a..........9..D.......8...X.....y..".K....qDuy..G...qD5y..CT.......x... ...C.d..c...x.8.....#..{.8.@......=xJ.]._...n...qO.....H.........P.J..=..;u.=.H&..R.}....g[-...q..eY.eY.eY.A..dUC.A.......IEND.B`.

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29183
Entropy (8bit):	7.845228010769097
Encrypted:	false
SSDEEP:
MD5:	E456C6BD465A4CE329F97CE24B27FC7B
SHA1:	359EF59ADE4C128BB79F7FC4D61C28F3E815D04D
SHA-256:	9D42B1DB41B7A43F7CF57C6B63391437AA66CD095ED7294EEB0A9C3BFBAF9F61
SHA-512:	D7BC216C5F959EA8213C56F851C23919D2C96C458465F7806B09B826297E4EEAF26A9DFE598BEAAC950A73806B7B3328AD48425B1157405EDC7549E73F349A59
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............x......sRGB........DeXIfMM.*.......i..............................................................@.IDATx....T....v........b..A...._...[....D.BE.Q@..iDz......03;qg..;w....3;7..>w.9.y.s....A@..@..@..,E .R.EeA..@..@....P.. ..........@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.............@..`... .. .. ............X.....6:... .. ..P.........

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (54783)
Category:	downloaded
Size (bytes):	54850
Entropy (8bit):	5.398978030024841
Encrypted:	false
SSDEEP:
MD5:	18E84C63F0FD5894D1AF9EBC85654B71
SHA1:	5E2B637FCF494B6D40351F26B20BFACEB05B6B8E
SHA-256:	16447AAC9E55506F4C0D146E94FB28FA1A3C42E91792C432DCDDB19889EF72BB
SHA-512:	0F5A9F0E18986669B58383F5FFCA5DF569DE1A67255C0BDECEAFFA29D3A8B8134ABAEB4BB63732FF57535A2F428A1A9938FD2395F1382432594B0B647CB37473
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/s/umd/latest/for-custom-widgets.js
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports["for-custom-widgets"]=t():e["for-custom-widgets"]=t()}(this,function(){return function(){var e={47918:function(e){var t;t=function(){"use strict";let{entries:e,setPrototypeOf:t,isFrozen:n,getPrototypeOf:i,getOwnPropertyDescriptor:o}=Object,{freeze:r,seal:a,create:s}=Object,{apply:l,construct:c}="undefined"!=typeof Reflect&&Reflect;r\|\|(r=function(e){return e}),a\|\|(a=function(e){return e}),l\|\|(l=function(e,t,n){return e.apply(t,n)}),c\|\|(c=function(e,t){return new e(...t)});let u=S(Array.prototype.forEach),d=S(Array.prototype.pop),f=S(Array.prototype.push),p=S(String.prototype.toLowerCase),m=S(String.prototype.toString),h=S(String.prototype.match),g=S(String.prototype.replace),v=S(String.prototype.indexOf),y=S(String.prototype.trim),w=S(Object.prototype.hasOwnProperty),b=S(RegExp.prototype.test),T=(G=TypeError,function(){fo

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2180
Entropy (8bit):	4.863327855607409
Encrypted:	false
SSDEEP:
MD5:	5D6561FC3170DCE014DA86C8BBBF3D9E
SHA1:	38E3F8C55CC2FDB72B86E9A6F665B1D6EC876B6C
SHA-256:	EC50BA93294FAF03A9309995D59EB528179C89696368B6E71428189D476752A8
SHA-512:	828C3C994AD0D7462FC36177724EF1F02E550D1659B9149C044235433754CDFDDC0B065424EB4CB1E365625697B8B4CAA297553A4404FAB43D212CCE607FC0D4
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/fonts/?display=swap&family=Arimo
Preview:	@font-face {. font-family: "Arimo";. src: url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-SemiBold.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-SemiBold.woff) format("woff");. font-display: swap;. font-style: normal;. font-weight: 600;.}..@font-face {. font-family: "Arimo";. src: url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-Medium.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-Medium.woff) format("woff");. font-display: swap;. font-style: normal;. font-weight: 500;.}..@font-face {. font-family: "Arimo";. src: url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-SemiBoldItalic.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-SemiBoldItalic.woff) format("woff");. font-display: swap;. font-style: italic;. font-weight: 600;.}..@font-face {. font-family: "Arimo";. src: url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-BoldItalic.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/Arimo/fonts/Arimo-BoldI

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48041)
Category:	downloaded
Size (bytes):	48412
Entropy (8bit):	5.643634859551996
Encrypted:	false
SSDEEP:
MD5:	E79D301F6FC1E4CA783CA0F83A6804A6
SHA1:	1CF731EDF4144F7067B173EC5E1EE07F89E47141
SHA-256:	1C579E4A8FB78879008CD91841BE5D29335F83266340038817253020989CEF6D
SHA-512:	C15413E31CE5291AABC328E63FE306BAD929997704A5D4BDA91A4843170F7396C1786BE33A9B1CBFD13A1B01242CEBF59A771CF7E92A9AB231968FEF8B582677
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/6317.4c12bb20.js
Preview:	"use strict";.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="2a58066d-90de-5f8c-b0f7-858525cb6cc6")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["6317"],{91661:function(e,t,_){_.d(t,{Z:function(){return I}});var r=_("41663"),n=_("80557"),a=_("93565"),o=_("94653"),i=_("37897"),c=_("11268"),s=_("32358"),l=_("50728"),m=_("65301"),p=_("31157"),E=_("53235"),u=_("10504"),d=_("89544"),A=_("45615"),O=_("53075");var R=({isEnabled:e=!1,user:t=null}={})=>{const[_,r]=(0,i.useState)(!1);return(0,i.useEffect)((()=>{if(!e\|\|!(0,A.BB)()\|\|!t\|\|_)return;const n=e=>{"load"===e.type&&r(!0)},a=document.createElement("script");return a.id="hs-script-loader",a.type="application/javascript",a.src="//js.hs-scripts.com/4773329.js",a.async=!0,a.defer=!0,document.body.appendChil

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1736
Entropy (8bit):	7.624741766525625
Encrypted:	false
SSDEEP:
MD5:	2CBCD30D0231A80962D7286273835D33
SHA1:	8793F51984A74CB562D2B621FD5496E314E2018A
SHA-256:	6F8F27D3485A78C9CDCCEB2E5E9182018094D392F80C0A0F184BB0B8CDE480B7
SHA-512:	D28EF4AE4C1A321887F8501FCE21475A9E11DDA916AB15D5A6F72264AABDCBE460E244D27BE78833B2022987A819E2A9F3327AA2DFE1976216461A103BD400B9
Malicious:	false
Reputation:	unknown
URL:	https://eu-files.jotform.com/jufs/Claire_Elgie/form_files/_mainPWAIcon61ac7a7c41fb5.png?md5=NjuiWxsTK74Tnn9xw7Zl9w&expires=1736955771&width=32&height=32
Preview:	.PNG........IHDR... ... .....szz.....pHYs.................eXIfMM..............................J...........R.(...........i.........Z.......H.......H..............0210........0100....................... ........... ............IDATx..[l.W......$..k...;....A..H.Z<@h@.hD.J..UPU..}.!Z..B.P....qZ5..... -R....]Kx.4ll..w..]....MDy.<..9g.3.?s.S""\G1.......km`-.).....1..QW..ZW).... ..<...}....4....c;..9....H>..P(..R.\....Z...m.H8L.-Nw:........C..R...J.,D..5..%fgg....P("..Z[[.-..\|.c.Pdn~..\|.......j..a`.k_.Z...E(..8.....................L&..qB.P.P.ap......p..YN.>...\|..qhnj.\.......[I........Wq=....R....[w...}R.N.mq...Z.....%.N.;R.!)..t&.ecW..z..\|.o.h....&._\|QZ....}_..r...a.MwI.w....J_w.tut......$35U....a.._..}..i<...<.......;ngrr..9..S\|b......C?.q....iK....)v.v.C.#"..2.....k/.b.X__=UV5A.....\.....l.Z'._..'.9........D......B.T....446..d..k/.p...i..b%.@6..wc/.......-D....hS...}7".eY.B!fgf.g...9...../.....?.#.H$..1<..I$..\|t.g.<C.\.Rp... .../..

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	473
Entropy (8bit):	4.832909142539336
Encrypted:	false
SSDEEP:
MD5:	2C9A49D87DDED3D4D089B5852288C0A5
SHA1:	5A39D44D957D9691CD45288777CC738643196615
SHA-256:	EF1DF30DA21516FB3CDAD089A57A9FA0018874475A4CEFA20CC2807F5D615274
SHA-512:	F403DF717F66458DC5D44B29D8050427EB40B3EC68BA4659F5903CCFF0B1832BDC9E18C89E09019ED939EDCD1536E6995E1A51815279670C28F331CF1C0DC349
Malicious:	false
Reputation:	unknown
URL:	https://eu.jotform.com/cardforms/assets/icons/icon-sets-v2/solid/Time/jfc_icon_solid-alarm-check.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>alarm-check</title><g id="alarm-check"><path id="alarm-check-2" data-name="alarm-check" d="M23.625,4.219l-5-4a1,1,0,0,0-1.25,1.562l5,4a1,1,0,0,0,1.25-1.562Zm-17-2.438A1,1,0,0,0,5.375.219l-5,4a1,1,0,0,0,1.25,1.562ZM12,3A10.5,10.5,0,1,0,22.5,13.5,10.5,10.5,0,0,0,12,3Zm3.832,7.555-4.555,6.832L7.445,14.832a1,1,0,0,1,1.11-1.664l2.168,1.445,3.445-5.168a1,1,0,0,1,1.664,1.11Z"/></g></svg>

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 96 x 96, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1551
Entropy (8bit):	7.465590537155889
Encrypted:	false
SSDEEP:
MD5:	049910BF2FCEEBD2175B9475609CEA3E
SHA1:	2A65ABF05D99F612E7786EAE8837EAA22788861F
SHA-256:	CAE897669334C0BD1C3F673AA77917677D61614F6A83AD1A26E7E3DC9E342E54
SHA-512:	5AC2A281AF115362D3CA559CBA8AC9862CC5E4B41C72DCA38E7AAD72806BEF80B045AFBF301A87D55A549D7EE502A9D838D7C5061EA1DF60B96B7E271E15DB94
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...`...`......F......PLTE....a.........).................%....i+..........a.....?.)..........&.............-.f#...rt...;.c......]..Q..9..6.J...........e..b.....H.......2[.%V..P..9..).C...........p..?.e.....X..S..M..<......................d%W..V..Q..D..2.h(.g&.c.......;..4.....................zL.. ....d..E..............................o.j/....]..........{..o..............................{}.mn...y..w..l58]..C.9.......c..M..I.......................................o..kBDe#(W.!T.s>.j-.l(............IDATh...W.Q..oL#...8...EAQ(..B........{.............;..9zN.{...<g./...}..........f.5.....j. ^2.. !IB@....b0.}8....W{..TJ..q$U./....Kic.;.....O.8@T.3p..'!.i~.A...$....!...z.~E>.;.....?.&....z@T>.j@.:v/.....!.....PD..I.?^;....).6^.H...$...>.........$..Q(....\...E..K...!.g~.A..u..o3...I. ..[...z..)...,.q......S......N.2.?..:......I6w8.. I.....U...Kl..SAe..W......"......?Y.?SA.7%*...Iv..m.qM...O.i+..68.L...y..K.~tZV.~.."~k?..k...n...Zv?._..../...

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (18756)
Category:	downloaded
Size (bytes):	827318
Entropy (8bit):	5.5207513533091115
Encrypted:	false
SSDEEP:
MD5:	2457E8807E22861FB3D74BC686355B53
SHA1:	B72EF95D59B298CD13BDF3A446642CECEB6AC0B9
SHA-256:	76A0394101DD6EE44A2631E6DB5BA57B154052C503F03BFAA5393285310F1B8E
SHA-512:	12F8D38E4789BB15183AF212F356340684D57F24B6235E289A0122D3DC708F0160768671CE5006E8D286F675A2784793D3202E50BAC39A39A1B4319221217F66
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/8986.e817291a.js
Preview:	"use strict";.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="310da2e1-6f32-58f1-a739-21f4d66dd999")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["8986"],{18479:function(e,t,a){var o,i=a(37897);function n(){return n=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var a=arguments[t];for(var o in a)({}).hasOwnProperty.call(a,o)&&(e[o]=a[o])}return e},n.apply(null,arguments)}t.Z=e=>i.createElement("svg",n({xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{maxWidth:"100%",height:"auto"},viewBox:"0 0 498 105"},e),i.createElement("rect",{width:105,height:105,rx:8,style:{fill:"url(#cardItemPlaceholder_svg__a)"}}),i.createElement("g",{clipPath:"url(#cardItemPlaceholder_svg__b)"},i.createElement("rect",{width:373,height:

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9110)
Category:	dropped
Size (bytes):	152960
Entropy (8bit):	5.519030214693963
Encrypted:	false
SSDEEP:
MD5:	2DB8B7861DBFC92847845B2AD6477BFE
SHA1:	57E23190A5C6E4F37773322027B2073267397E2B
SHA-256:	2343C8672185644C4A01626975E53FCAA841733F309CF1790103F991224CA105
SHA-512:	CB156101504D3D409908D64237B307D94804CC11B69C62B43BE90966BD69CAAE89C83218C2780968487F059A31F13581F0C1E351E28C1802E0A0B8E6631EED79
Malicious:	false
Reputation:	unknown
Preview:	"use strict";.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="4f51bb27-7165-5421-88f5-8ca04331ec11")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["3619"],{4523:function(e,t,o){o.r(t),o.d(t,{default:function(){return Lr}});var n=o("94653"),i=o("37897"),r=o("11268"),a=o.n(r),s=o("27219"),l=o("31028"),c=o("66187"),p=o("22722"),d=o("45050"),m=o("27505"),u=o("95474"),g=o("65957"),h=o("38111"),x=o("55767"),f=o("47085"),v=o("38675"),b=o("32358"),w=o("30886"),y=o("11759"),C=o("54513"),I=o("81885"),k=o("19195");const j=y.ZP.div`. display: flex;. flex-direction: column;. align-items: center;. width: 100%;.. ${(0,I.c)(C.DT.AppFooter)?y.iv`. height: 100%;. margin: 0 auto;. `:y.iv`. height: fit-content;. margin: 0 auto;. margin-bottom: calc(${({isOrder

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	522
Entropy (8bit):	5.397462429272544
Encrypted:	false
SSDEEP:
MD5:	9CE82F11E83A2F8772D450263C80323F
SHA1:	EC4ECB26C2EC1FC03A0DDFEB4DE366B798261864
SHA-256:	912C4A02E118B61699801589F9762A2B684817ED4219BD9189B0AAC3376902DD
SHA-512:	F877BCE0143E937078DD78F1177CD7E23553D23C75B51883B84E1047B2185E08C5C6B7F651D69B29586E662F01E841462C02EF519826F757B96DEAB9C90A293C
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/jotform.css.2fa685b2.js
Preview:	"use strict";(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["7222"],{83852:function(){},39284:function(){},7220:function(){},18797:function(){}}]);.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="564d5f1a-d0b1-52b1-bf3b-f62dd4be50a6")}catch(e){}}();.//# debugId=564d5f1a-d0b1-52b1-bf3b-f62dd4be50a6.

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	369019
Entropy (8bit):	5.471884287546806
Encrypted:	false
SSDEEP:
MD5:	D458B68730A7330653700489333A7837
SHA1:	4059AECA1D0B99AEC8006B37A927F09D9C0E794D
SHA-256:	430725B95468277DCBCCC27E08E3D873276C0082737310B0B1AD330392511847
SHA-512:	E363C4D2B77EC19DA13577ED94CEFC0527A1206CDECCD790BB38A18810AF504077095C47BEC4A117CEB0056C1039137134836504FBAAEEB1B859684D89354716
Malicious:	false
Reputation:	unknown
Preview:	!function(e,a){"object"==typeof exports&&"undefined"!=typeof module?module.exports=a():"function"==typeof define&&define.amd?define(a):e.moment=a()}(this,function(){"use strict";var E;function M(){return E.apply(null,arguments)}function F(e){return e instanceof Array\|\|"[object Array]"===Object.prototype.toString.call(e)}function z(e){return null!=e&&"[object Object]"===Object.prototype.toString.call(e)}function l(e,a){return Object.prototype.hasOwnProperty.call(e,a)}function N(e){if(Object.getOwnPropertyNames)return 0===Object.getOwnPropertyNames(e).length;for(var a in e)if(l(e,a))return;return 1}function d(e){return void 0===e}function J(e){return"number"==typeof e\|\|"[object Number]"===Object.prototype.toString.call(e)}function R(e){return e instanceof Date\|\|"[object Date]"===Object.prototype.toString.call(e)}function C(e,a){for(var t=[],s=e.length,n=0;n<s;++n)t.push(a(e[n],n));return t}function I(e,a){for(var t in a)l(a,t)&&(e[t]=a[t]);return l(a,"toString")&&(e.toString=a.toString),

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12844), with no line terminators
Category:	downloaded
Size (bytes):	12844
Entropy (8bit):	5.201036246141972
Encrypted:	false
SSDEEP:
MD5:	A7344ACD9CB5A4C43B0426AA838E5FAC
SHA1:	D1E9FB34CA160837C95BC2B28358CC8C63F4A34B
SHA-256:	8BFD7B24CC7E074DD991630C436F0947D46DF097EB1942FB2CC368C342A3EF62
SHA-512:	A4C8B121A05AA3179EF8ABDE0AF6B95911FDEFD2A1938F36841FD2DECAEFA74175C6267D6A68E5EF72973ED4F81A9115B3010F94B139D111AABB021524155EE8
Malicious:	false
Reputation:	unknown
URL:	https://widgets.jotform.io/socialFollow/min/scripts.min.js?v=0.2
Preview:	"use strict";function _slicedToArray(t,e){return _arrayWithHoles(t)\|\|_iterableToArrayLimit(t,e)\|\|_unsupportedIterableToArray(t,e)\|\|_nonIterableRest()}function _nonIterableRest(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function _unsupportedIterableToArray(t,e){if(t){if("string"==typeof t)return _arrayLikeToArray(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r\|\|"Set"===r?Array.from(t):"Arguments"===r\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(r)?_arrayLikeToArray(t,e):void 0}}function _arrayLikeToArray(t,e){(null==e\|\|e>t.length)&&(e=t.length);for(var r=0,l=new Array(e);r<e;r++)l[r]=t[r];return l}function _iterableToArrayLimit(t,e){var r=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]\|\|t["@@iterator"];if(null!=r){var l,o,n,c,i=[],a=!0,s=!1;try{if(n=(r=r.call(t)).next,0===e){if

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2469
Entropy (8bit):	5.280366794969939
Encrypted:	false
SSDEEP:
MD5:	C6C9C99AB0CEF3940D8C9FE04EDE06CA
SHA1:	C4A7C476D801EE329510ADE8E248C85BDE138DCB
SHA-256:	B2AE944EE19C7B0E3C17DB8115D6F088711CBFF6F7FAF3C6FC7D106220607578
SHA-512:	AF12C66DAE68B371D9BA2261B2C2E9AD76BFA8337F4FE3800D7A76C03ED1B796A7A4EF206D780CBB6DE574383AE926397AF8A6C160A6A9DE2278711ED143FD74
Malicious:	false
Reputation:	unknown
Preview:	{"name":"RMS Customer","short_name":"RMS Customer","description":"Remote Monitoring Services Customer App","scope":"\/app\/213381340657353","start_url":"\/app\/213381340657353?utm_source=jotform_pwa","display":"standalone","theme_color":"#000000","background_color":"#ffffff","icons":[{"src":"https:\/\/eu.jotform.com\/uploads\/Claire_Elgie\/form_files\/_mainPWAIcon61ac7a7c41fb5.png?width=16&height=16&time=1731060009","sizes":"16x16","type":"image\/png"},{"src":"https:\/\/eu.jotform.com\/uploads\/Claire_Elgie\/form_files\/_mainPWAIcon61ac7a7c41fb5.png?width=32&height=32&time=1731060009","sizes":"32x32","type":"image\/png"},{"src":"https:\/\/eu.jotform.com\/uploads\/Claire_Elgie\/form_files\/_mainPWAIcon61ac7a7c41fb5.png?width=48&height=48&time=1731060009","sizes":"48x48","type":"image\/png"},{"src":"https:\/\/eu.jotform.com\/uploads\/Claire_Elgie\/form_files\/_mainPWAIcon61ac7a7c41fb5.png?width=128&height=128&time=1731060009","sizes":"128x128","type":"image\/png"},{"src":"https:\/\/eu.jo

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	771
Entropy (8bit):	7.002084230570441
Encrypted:	false
SSDEEP:
MD5:	9728C13B855B821D21E2D50C71E7E5AD
SHA1:	CE1B4D482B032F1BB0B5B30C9A3020044FCF2FE3
SHA-256:	271DF7D2DF7BB25F183DDFC2ACD85C871C28A55736C13E691D5B4E616757990C
SHA-512:	247F3CBA168517E009FBDEE52DA05C1F16B55FDE2D44B3C947753117D31FFBC5582AC5818EC23A8758E6305D44A49C20F5B4CB519187251F4625D59D1BEAFF79
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................a....pHYs.................eXIfMM..............................J...........R.(...........i.........Z.......H.......H..............0210........0100........................................R.......IDATx...KTQ..?..7o~4o...Q3pe.."k....@...._!.....A`.,."ik.j.F.`c..B5N...w.-....:...p8..DD8..I........0.K.c...F)E...ZK..Q..l...I...:h..(..Y....8.a'....{{{G...2..h6...qf.n.o.......O.=.....WV.V..r9&&'....b.X\[[...%..'..7X/.x.....!J)..C.R...2.Z...R(..d.G%. .!....7\|.@..k....y..<..P(.......x.........l..\....+.<.r.......;...2sm.{......<.....?..:.....#s7..q..6Tv....5....D.\|......*.!.?GW6.....m.........N...\...B2..R.l7..Q..y.FA..:J ""A@PZ....1....;..FE\$.._5@!.b.i..D..B...mp#(.E:..C.t. .....A).bQ.8...C:...L........._....IEND.B`.

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	711
Entropy (8bit):	4.663905766011454
Encrypted:	false
SSDEEP:
MD5:	5C9C2B304EE35219C3035055680F769C
SHA1:	F7C8EA20667C1DA667290AE6E746699512275869
SHA-256:	F9F7F5B3F29B9AB357A0C2C3495D7E16F271C9E919016F217734C9E5B66F8CEB
SHA-512:	EBF22DFAB487BCF15BBDF9A20699339F3A470F7BDBF675CDF5FF21FEE3A617AB7A7DEE76F19CF39808EB093BACED1F43A1A295A47E15C52C174524F6E279A3A1
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>file-txt</title><g id="file-txt"><path id="file-txt-2" data-name="file-txt" d="M16,0V6h6ZM14,0H4A2,2,0,0,0,2,2V22a2,2,0,0,0,2,2H20a2,2,0,0,0,2-2V8H14ZM8.5,13.75H7.75V19a.75.75,0,0,1-1.5,0V13.75H5.5a.75.75,0,0,1,0-1.5h3a.75.75,0,0,1,0,1.5Zm7-1.5h3a.75.75,0,0,1,0,1.5h-.75V19a.75.75,0,0,1-1.5,0V13.75H15.5a.75.75,0,0,1,0-1.5Zm-1.329,1.085L12.838,16l1.333,2.665a.75.75,0,0,1-.336,1.006.741.741,0,0,1-.334.079.75.75,0,0,1-.672-.415L12,17.677l-.829,1.658a.75.75,0,0,1-.672.415.741.741,0,0,1-.334-.079.75.75,0,0,1-.336-1.006L11.162,16,9.829,13.335a.75.75,0,1,1,1.342-.67L12,14.323l.829-1.658a.75.75,0,1,1,1.342.67Z"/></g></svg>

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8371), with no line terminators
Category:	downloaded
Size (bytes):	8371
Entropy (8bit):	5.047863494963382
Encrypted:	false
SSDEEP:
MD5:	7635C910C0C8342B483BDBA314E4D50D
SHA1:	4AC8DB2DDD4792F72B4891C5BC07D5A511232BB6
SHA-256:	59F5590F1BD2E53145FF6CAFD7F6D07A04BBC6CB6B0E31B274A615EE7A73FFA1
SHA-512:	56F3E9325AC0CAFA635531637843F336CCC338E855AFE7E8643875CAC4ADF1CA2E6C6990319510DCE5DA2E2046D745179188E7FF688156D69AD5714C41E3CBB1
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/stylebuilder/static/donationBox.css?v=3ff9d3e
Preview:	.donationBoxV2{width:100%}.donationBoxV2 .ScProgressBar{display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;font-size:14px;width:100%;height:17px;border-radius:149px;border:1px solid var(--ScProgressBarBorderColor);background-color:var(--ScProgressBarTotalBarBg)}.donationBoxV2 .ScProgressBar span{color:#3e437a;font-size:14px;height:13px;border-radius:149px;margin-left:2px;width:var(--ScProgressBarSpanreducedPercentage);background-color:var(--ScProgressBarSpanBackgroundColor)}.donationBoxV2 .ScDonationMeter{margin-top:12px;margin-bottom:36px}.donationBoxV2 .ScDonationMeter .ScDonationMeterTexts{display:-ms-flexbox;display:flex;font-size:16px;margin-bottom:10px;color:var(--ScDonationMeterTextsColor)}.donationBoxV2 .ScDonationMeter .ScDonationMeterTexts .ScGoal{font-weight:500;margin-left:.3rem}.donationBoxV2 .ScCustomInputContainer{border:1px solid transparent;border-color:var(--ScCustomInputContainerBorderColor);border-radius:4px;display:-ms-flexbox;display:flex;-m

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	444510
Entropy (8bit):	5.372986011586992
Encrypted:	false
SSDEEP:
MD5:	E217781C0358FDD237BD5C363FD517EC
SHA1:	59BFCA5684FFBDF500D7B6C1B624A3336A604E66
SHA-256:	F493CB94C9E0BF68F496011C7ECA962DC21AFA7346260C7FCA321FE8070A095B
SHA-512:	42403787989BB9BA15F846DF6608675A1033D5B358A668FBC66F30C5BF01407D2C0063612C8DA72EE4DB9D68B45311A0ADE2097E421DE94F7AD4EF7615F617F6
Malicious:	false
Reputation:	unknown
URL:	https://cdn02.jotfor.ms/s/portal/88179083df8/static/css/index.9b20d868.css
Preview:	.jfErrorPage{height:100%}.jfErrorPage-wrapper{z-index:100;background-color:#f5f5f5;width:100%;height:100%;position:absolute}.jfErrorPage-container{justify-content:center;align-items:center;width:100%;min-height:100%;padding:80px 0;display:flex}.jfErrorPage-content{color:#0a1551;background:#fff;border-radius:4px;flex-direction:column;flex:none;justify-content:center;align-items:center;width:100%;max-width:600px;padding:60px 80px;display:flex;box-shadow:0 4px 4px rgba(0,0,0,.25)}.jfErrorPage-header{background-color:#0a1551;width:100%;padding:18px 20px 22px;position:absolute}.jfErrorPage-logo{height:30px}.jfErrorPage-icon-container{color:#ffb629;background-color:rgba(255,182,41,.25);border-radius:100%;width:96px;height:96px;padding:1px 8px 15px}.jfErrorPage-title{margin-top:16px;font-size:32px;font-weight:700}.jfErrorPage-highlight{text-align:center;margin-top:12px;font-size:17px;font-weight:400}.jfErrorPage-action{cursor:pointer;color:#fff;background-color:#09f;border:none;border-radius:

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11971)
Category:	downloaded
Size (bytes):	11972
Entropy (8bit):	5.24652740231673
Encrypted:	false
SSDEEP:
MD5:	B308A09E3BDEBF4FFF2CFF7B77CCDC7A
SHA1:	D0249AE74E1E7A75422C37830FBCB072C44D0684
SHA-256:	50A653379E5FAE866A0BB4AB00A387F74AC1B1B7CFBB9F9CBFA797419E134DF6
SHA-512:	50098CE42175351C3CD9F045C84C9DE6E8BBB363F46698D26E0B51B874F1EB4BB5A2EF880418C0C697E5E3C85E5336BEA4DD8EACF443DC016BDF9A1EE42BFA45
Malicious:	false
Reputation:	unknown
URL:	https://js.jotform.com/actions.js
Preview:	var JotFormActions=function(){"use strict";function o(n,r){return function(){for(var e=new Array(arguments.length),t=0;t<e.length;t++)e[t]=arguments[t];return n.apply(r,e)}}var t=Object.prototype.toString;function a(e){return"[object Array]"===t.call(e)}function n(e){return null!==e&&"object"==typeof e}function r(e){return"[object Function]"===t.call(e)}function i(e,t){if(null!=e)if("object"!=typeof e&&(e=[e]),a(e))for(var n=0,r=e.length;n<r;n++)t.call(null,e[n],n,e);else for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.call(null,e[o],o,e)}var d={isArray:a,isArrayBuffer:function(e){return"[object ArrayBuffer]"===t.call(e)},isBuffer:function(e){return null!=e&&null!=e.constructor&&"function"==typeof e.constructor.isBuffer&&e.constructor.isBuffer(e)},isFormData:function(e){return"undefined"!=typeof FormData&&e instanceof FormData},isArrayBufferView:function(e){return e="undefined"!=typeof ArrayBuffer&&ArrayBuffer.isView?ArrayBuffer.isView(e):e&&e.buffer&&e.buffer instanceof Ar

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	780925
Entropy (8bit):	4.121014646987528
Encrypted:	false
SSDEEP:
MD5:	A6604ABAADCF1A25A434A312AE70E0ED
SHA1:	E78CCA5BE7631D49BA661E7F328F5D98D7E5E22D
SHA-256:	1202C7B0881D7C5ABF572B1008B0361CF485298DDA5734A77B7919ECD809D06B
SHA-512:	28223E7D1DDB51B39C534642DD471A3F008BB8EE4B124BA469605875D9A12CF5E0A403D627C8FAA492E64C8EADF42318733138602AD6650FF0AD9CFF26CC82F8
Malicious:	false
Reputation:	unknown
Preview:	!function(M,z){"use strict";"object"==typeof module&&module.exports?module.exports=z(require("moment")):"function"==typeof define&&define.amd?define(["moment"],z):z(M.moment)}(this,function(O){"use strict";void 0===O.version&&O.default&&(O=O.default);var z,W={},A={},c={},d={},R={},M=(O&&"string"==typeof O.version\|\|C("Moment Timezone requires Moment.js. See https://momentjs.com/timezone/docs/#/use-it/browser/"),O.version.split(".")),b=+M[0],p=+M[1];function q(M){return 96<M?M-87:64<M?M-29:M-48}function o(M){var z=0,b=M.split("."),p=b[0],O=b[1]\|\|"",A=1,c=0,b=1;for(45===M.charCodeAt(0)&&(b=-(z=1));z<p.length;z++)c=60c+q(p.charCodeAt(z));for(z=0;z<O.length;z++)A/=60,c+=q(O.charCodeAt(z))A;return cb}function a(M){for(var z=0;z<M.length;z++)M[z]=o(M[z])}function L(M,z){for(var b=[],p=0;p<z.length;p++)b[p]=M[z[p]];return b}function n(M){for(var M=M.split("\|"),z=M[2].split(" "),b=M[3].split(""),p=M[4].split(" "),O=(a(z),a(b),a(p),p),A=b.length,c=0;c<A;c++)O[c]=Math.round((O[c-1]\|\|0)+6e4O[c

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (21703)
Category:	downloaded
Size (bytes):	32756
Entropy (8bit):	5.286180574962932
Encrypted:	false
SSDEEP:
MD5:	EA856BCA36F5C6039B1F829D7C0D4907
SHA1:	6D37CFABCF263FDCB980E9A4B7C8DC201EE1AE25
SHA-256:	71DCD9A87EE349F3C89CAA11719CCC22089D5D033F48D7D5FCCF7EADA8EE91FE
SHA-512:	EE06FC3D17CDCC7690FBC2985CB1CC880001B38C8403FC6B0A2756C6CF03D7C5D015D02250966463DE5626F59D9712E8B1CA6333AB58AC2533651046C493E697
Malicious:	false
Reputation:	unknown
URL:	https://eu.jotform.com/app/213381340657353
Preview:	<!doctype html>.<html lang="en-US">. <head>. <meta charset="utf-8">. <meta name="robots" content="noindex,nofollow">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=5">. <link rel='alternate' type='application/json+oembed' href='https://www.jotform.com/oembed/?format=json&url=https%3A%2F%2Fwww.jotform.com%2Fapp%2F213381340657353' /><link rel='alternate' type='text/xml+oembed' href='https://www.jotform.com/oembed/?format=xml&url=https%3A%2F%2Fwww.jotform.com%2Fapp%2F213381340657353' /> <link rel="preload" href="https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff2" as="font" crossorigin="anonymous" />. <link rel="preload" href="https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Medium.woff2" as="font" crossorigin="anonymous" />. <link rel="preload" href="https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Bold.woff2" as="font" crossorigin="anonymous"

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.0047495334499015
Encrypted:	false
SSDEEP:
MD5:	202B3573AA1DC3DF898A47F827848713
SHA1:	7EF5A1711726B0E80B0C10D1FC892D3A5D657A6A
SHA-256:	EC5DA82860F5317FC70E9A244204DCF3761ACFADCFDBE97FCD52836562664356
SHA-512:	85166B0B987D4B4C9010BDD841EB79317D4C005FE5A5F85AFEF152487D8CB297591B35E218882C2D47C7F54ADC5AC47447592F56838B7376E4AFAA9F3905416F
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>chat-conversation</title><g id="chat-conversation"><path id="chat-conversation-2" data-name="chat-conversation" d="M15,0H9A9,9,0,0,0,7,17.769V24l7-6h1A9,9,0,0,0,15,0ZM13,12H7a1,1,0,0,1,0-2h6a1,1,0,0,1,0,2Zm4-4H7A1,1,0,0,1,7,6H17a1,1,0,0,1,0,2Z"/></g></svg>

Chrome Cache Entry: 189

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65199)
Category:	dropped
Size (bytes):	1618634
Entropy (8bit):	5.369326231025125
Encrypted:	false
SSDEEP:
MD5:	32A05213C56AA08E5FF668639EE8A7C1
SHA1:	991123A5796EA241CC9CA6FDD916B51498A77EAF
SHA-256:	071EFD31708E4F763340433B34B2DE2FBBF1A569139717F4F7B073131192057B
SHA-512:	9742D2B39B1CE7B2536BAA98BE3B542ACB94D82E0BE28784635D29D1457BA4348843E328F0DF2CED09AD0A8D312F947EBF5B87E99705B40271426538920B2B9D
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see 9678.1a80a518.js.LICENSE.txt /..!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="2f8b19d1-ae86-5c42-b474-fab4aa6af55f")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["9678"],{16008:function(e,t,n){"use strict";n.d(t,{B:function(){return l},Hr:function(){return u},IG:function(){return f},S1:function(){return h},dk:function(){return m},ur:function(){return p},yV:function(){return c},y_:function(){return d}});var r,o,i=function(){return window[window._fs_namespace]},a=function(){!function(){if(!i())throw Error("FullStory is not loaded, please ensure the init function is invoked before calling FullStory API functions")}();for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return t.every((function

Chrome Cache Entry: 190

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65254)
Category:	downloaded
Size (bytes):	81711
Entropy (8bit):	5.649982760902277
Encrypted:	false
SSDEEP:
MD5:	E422704E7F75F94ECF57195B28B7AC9B
SHA1:	DA56BB3F41168FEDFAD8E0E37EC77CC318B68F5A
SHA-256:	73442B162C8088FA3958FC35E1BDB55B10525337A93AE59B22E0C7E699BB103B
SHA-512:	58AB0171BE93F0E68774145A2D06C56A4C4880EFF0624B93A365E0F61667B7E0F7A2E155B798FDAAF409026BFA8BE239162E73E570CDC3B1D2A98B94C24DE81D
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/4518.cfbe00a6.js
Preview:	"use strict";.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="21dd2480-7c7b-520f-b079-5a61751cc9db")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["4518"],{42833:function(e,t,n){n.d(t,{Z:function(){return pn}});var s=n("20366"),i=n("94653"),o=n("37897"),a=n("11268"),r=n.n(a),l=n("32358"),c=n("58935"),d=n("50728"),u=n("57665"),p=n("65301");const m={LOGIN_FLOW:"loginFlow",ACCOUNT_SETTINGS:"accountSettings"},g={TOTAL_SUBMISSONS:"totalSubmissions",PAYMENTS:"payments",FORMS:"formCount",AI_AGENTS:"aiAgents",AI_CONVERSATIONS:"aiConversations",AI_SESSIONS:"aiSessions",AI_PHONE_CALLS:"aiPhoneCalls",AI_KNOWLEDGE_BASE:"aiKnowledgeBase",SIGNED_DOCUMENTS:"signedDocuments",WORKFLOW_RUNS:"workflowRuns",SUBMISSONS:"submissions",UPLOAD_SPACE:"uploads",FORM_VIEWS:"view

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1116
Entropy (8bit):	4.847937605692606
Encrypted:	false
SSDEEP:
MD5:	67F7000D16CA64A070B2EE07A94E4891
SHA1:	65253965886241865F7DB3C8BD5CC75C570B6926
SHA-256:	B7338951DD851E0317AD253AB2FF6B9F771643C61DC900B0AC238452F9D86A6E
SHA-512:	7BFF71AB4C6DF75BBD5A6D87C651AC8594D7E046BB300F7C1CD87845271E777B2A18C237B4BF72A5806998525F3E5E737D694CF88A25B1BB81438A54C1DCA554
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/fonts/?family=Circular:400:500:700
Preview:	@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff) format("woff");. font-display: swap;. font-style: normal;. font-weight: 400;.}..@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Italic.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Italic.woff) format("woff");. font-display: swap;. font-style: italic;. font-weight: 400;.}..@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Medium.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Medium.woff) format("woff");. font-display: swap;. font-style: normal;. font-weight: 500;.}..@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Bold.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts

Chrome Cache Entry: 193

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	450
Entropy (8bit):	4.747230111566237
Encrypted:	false
SSDEEP:
MD5:	8152A730D4A331858AAE0507518718B2
SHA1:	2019821C7DE09B3F2F7E1A4172EB81806DBC0032
SHA-256:	05C871D442960CC8E5FA8F73CF03F9A258E482205020A01BF5C9A6C2FB9F1F33
SHA-512:	B8F902D6CE3F0D25133552B7DE75F3A2EFBE9C9AF6E534DCD71703A84CCDEB4BCCD14662D85AA9F046A6114614FF7499CA838756E9B802B84A846C2DEE828F10
Malicious:	false
Reputation:	unknown
URL:	https://widgets.jotform.io/socialFollow/?qid=6&isOpenedInPortal=true&isOpenedInAgent=undefined&align=Left&ref=https%3A%2F%2Feu.jotform.com&injectCSS=false
Preview:	<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <title>Social Follow widget</title>. <link rel="stylesheet" href="min/social.min.css?v=0.1"/>. </head>. <body>. <ul class="social-networks"></ul>. <script type="text/javascript" src="https://cdn.jotfor.ms/s/umd/latest/for-custom-widgets.js"></script>. <script type="text/javascript" src="min/scripts.min.js?v=0.2"></script>. </body>.</html>

Chrome Cache Entry: 196

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4096), with no line terminators
Category:	downloaded
Size (bytes):	4096
Entropy (8bit):	5.042681507029249
Encrypted:	false
SSDEEP:
MD5:	51592CC10DC5512916C14764FBC673D6
SHA1:	DB4E26B3EC4F714A9C3A0C9A3986757DA26665FD
SHA-256:	B451822F68E98FDE3B2728A3BF9EEC827CCC480D5F23188BD657CC6E76606ABA
SHA-512:	ED17ADFC2B1279433864DFC0EBAE343B9D92D2A569A41583AB3B82DDF16B7C25BD2D7D0749ADF3712FFC42A9574F836F52E81169C00B39D3EFA29BD720B06765
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/css/PublicAppContainer.0eeb5429.chunk.css
Preview:	.link-thumnail-wrapper{justify-content:center;align-items:center;display:flex}.link-thumnail-wrapper .linkThumbnail{border-radius:2px}.jfOverflowableList{flex-wrap:wrap;display:flex;overflow:hidden}.jfOverflowableList-item{flex-shrink:1;justify-content:center;align-items:center;display:flex}.jfOverflowableList-item.isOverflowItem{flex-grow:1}.jfOverflowableList-item[data-hidden=true]{opacity:0;visibility:hidden;pointer-events:none}.jfOverflowableList-overflow-items{flex-direction:column;max-height:min(50vh,320px);display:flex;overflow:auto}.jfOverflowableList-popover{display:flex}.jfOverflowableList-popover[data-popper-placement=top-end] .jfOverflowableList-overflow-items{flex-direction:column-reverse}.item-paragraph{word-wrap:break-word;white-space:pre-wrap;text-align:left;width:100%;line-height:normal;overflow-x:auto}.item-paragraph h1,.item-paragraph h2,.item-paragraph h3,.item-paragraph h4,.item-paragraph h5,.item-paragraph h6,.item-paragraph p{margin:revert;font-weight:revert;font

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (15296)
Category:	dropped
Size (bytes):	3552477
Entropy (8bit):	5.683965051212815
Encrypted:	false
SSDEEP:
MD5:	5B8FF8C2E606DEC8A6F76D495E1BB779
SHA1:	8B16E2B82A537E635D077FACBBF90C369741DAF7
SHA-256:	601BE30CC3E8DDE3140B19D9B9F9506D876DF5158C6A5008A45D5AF82D46A3CE
SHA-512:	135728E8812A65489E12834A875E3898A6C9B5C6C48E48E56A417CB5A6C8F78D8BD3169ECCEE091D4B57A98C971F88A466D62E20BF33295ECA44C86553D6C47D
Malicious:	false
Reputation:	unknown
Preview:	.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="d30b0487-66aa-5036-9be3-94cfe54978de")}catch(e){}}();.(function(){var __webpack_modules__={97835:function(){},27310:function(){},58501:function(e,t,n){"use strict";n.d(t,{Z:function(){return g}});var o=n("94653"),a=n("37897"),r=n("11268"),i=n("27219"),l=n("60518"),s=n("99216"),c=n("42695"),d=n("11759"),u=n("65964");var p=d.ZP.div`. ${u.z}. border-radius: 10px;. ${({isSVG:e,bgColor:t})=>e?`background: ${t};`:""}. margin-bottom: 5px;.. .jfIconSVG-wrapper {. display: flex;. }.`,m=n("96757"),h=n("45050");const f=({withBorder:e})=>{const{appIconType:t,appIconBackground:n,appIconColor:a,appIconSvgRef:r,appIconURL:d,installableIconURL:u}=(0,i.v9)(h.Z.getAppIconProperties),f=(0,i.v9)(h.Z.getAppTitle),g=(0,i.v9)(h.Z.getAppVersionSelector),y=(0,i.v9)(h.Z.getLogoProperties),v=p,C

Chrome Cache Entry: 199

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2072
Entropy (8bit):	4.823613668196928
Encrypted:	false
SSDEEP:
MD5:	66181FC92B95EED979E887318F7A2C54
SHA1:	1B1085D06527AC44A172633AB72E22CDF54EDA1D
SHA-256:	5A5D05905C71612E4A9D16BF4B6C79B52E91C44914E2AECE78ED21AD35F38479
SHA-512:	4104B37FF7C8FCC3131A0DFEF623E298DDFA07AA6B8AEEEB2347F15093F84D130CD0DE1B6B903239037C147182D07FFD81293D825F322C58F25AFFC44FD3C666
Malicious:	false
Reputation:	unknown
URL:	https://eu.jotform.com/app/213381340657353/serviceWorker.js
Preview:	/* eslint-disable no-undef,no-restricted-globals */.console.log('service worker succeed for app RMS Customer');..const cacheName = 'dynamic-v1-213381340657353';..try {. importScripts('https://cdn01.jotfor.ms/s/umd/88179083df8/for-push-notification.js');. self['for-push-notification'].initialize({. resourceId: '213381340657353',. resourceType: 'portal'. });.} catch(err) {. console.error('Can not initialize push notification service worker handlers', err);.}..const corsPreferences = new Map();..self.addEventListener('fetch', (event) => {. if (event.request.destination !== 'image' \|\| event.request.method !== 'GET') {. return;. }.. event.respondWith(caches.open(cacheName).then((cache) => {. return cache.match(event.request).then(async (cachedResponse) => {. if (cachedResponse) {. if (cachedResponse.type === 'opaque') {. fetch(event.request, { mode: "no-cors" }).then(response => {. cache.put(event.request, response.clone());. });.

Chrome Cache Entry: 201

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (20291)
Category:	dropped
Size (bytes):	20662
Entropy (8bit):	5.3589506884272
Encrypted:	false
SSDEEP:
MD5:	AE32096993733BAF8AF66AF200E834B6
SHA1:	AFB7B86D6E679555DE28C112BC828F8E5C6D4404
SHA-256:	277FD9EA32B4390FBBAF115A90E96A36346961D424B23A234B6AB3112CA49FF0
SHA-512:	86ABEC4C8D48694A197FAAE526CB45A154901DA263B4B8F83A048A4BF348F6EDE7106E7A59BC4E6F6A2F44A8FB5A9F3BF8AA7F181EF46CDFD944D3739DB86AD7
Malicious:	false
Reputation:	unknown
Preview:	"use strict";.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="d055d6e0-71aa-5931-a817-81db7c7ab987")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["2224"],{47456:function(n,e,t){t.d(e,{Z:function(){return h}});var i=t("94653"),a=t("37897"),r=t("11268"),u=t("41663"),c=t("12857"),o=t("98651");const l=({assetType:n,assetProps:e,campaignInfo:t,Fallback:r})=>{const l=Object.keys(t).includes("type")?[t]:[t.promotion,t.campaign,t.announcement,t.launch].filter((n=>!!n)),[y,d]=l.map((e=>{const{status:t=!0,type:i,assetsVersion:a,assetsAvailable:r=!0,assetYear:u="2024"}=e,o=(0,c.YZ)({assetInfo:{campaignType:i,assetsVersion:a,assetYear:u},assetType:n}),l=(0,c.ai)({assetType:n,assetsVersion:a,campaignType:i});return o&&r&&t&&!l?[o,e]:[]})).filter((n=>!!n.length))[

Chrome Cache Entry: 203

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	77901
Entropy (8bit):	5.375949240962371
Encrypted:	false
SSDEEP:
MD5:	9CFC1B51E86FF2B286D08C07BEABCEAB
SHA1:	7F45BFE5E022059BD2B5B881ABE2336C2D070A0C
SHA-256:	E097329E1D8DCBC91580722928D682A24EFBF1C3F2F2C90482C5D0D0FFF2F019
SHA-512:	0702AF1CDA53858C2F4E198000268F20815DA981D985B3529C5294349849601D92D92EA896E90F42B8D355E6C7C6AD99808159053A68B269BBA64C56A43F1883
Malicious:	false
Reputation:	unknown
URL:	https://cdn01.jotfor.ms/s/umd/88179083df8/for-push-notification.js
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports["for-push-notification"]=t():e["for-push-notification"]=t()}(this,function(){return function(){var e={52312:function(e,t,r){var n=r(83743)(r(92373),"DataView");e.exports=n},23715:function(e,t,r){var n=r(56037),o=r(37609),i=r(29391),s=r(94191),a=r(42721);function u(e){var t=-1,r=null==e?0:e.length;for(this.clear();++t<r;){var n=e[t];this.set(n[0],n[1])}}u.prototype.clear=n,u.prototype.delete=o,u.prototype.get=i,u.prototype.has=s,u.prototype.set=a,e.exports=u},56629:function(e,t,r){var n=r(1171),o=r(67838),i=r(44859),s=r(4073),a=r(28541);function u(e){var t=-1,r=null==e?0:e.length;for(this.clear();++t<r;){var n=e[t];this.set(n[0],n[1])}}u.prototype.clear=n,u.prototype.delete=o,u.prototype.get=i,u.prototype.has=s,u.prototype.set=a,e.exports=u},91739:function(e,t,r){var n=r(83743)(r(92373),"Map");e.exports=n},10503:function(

Chrome Cache Entry: 204

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	327
Entropy (8bit):	4.882211487520502
Encrypted:	false
SSDEEP:
MD5:	EAF6A427B1BAC4EE38EBF19798C04CD5
SHA1:	534827E7F84A7F78890E1D551F3CDC77C3977456
SHA-256:	4EA5452CB24249621C51EB97DBC3800FC6DD92B2946AD0BD0813385F27E0B86E
SHA-512:	6C4F39B97034BDC8BBD6C5731682F1FE9F73F5EF558EAE3C1D6E82653961FAF960998E15265C43822A5F6F10874DC5CA80F2E9BD420C8D7F30B42741CE150185
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>android-phone</title><g id="android-phone"><path id="android-phone-2" data-name="android-phone" d="M17,0H7A4,4,0,0,0,3,4V20a4,4,0,0,0,4,4H17a4,4,0,0,0,4-4V4A4,4,0,0,0,17,0ZM14,22H10a1,1,0,0,1,0-2h4a1,1,0,0,1,0,2Zm4-4H6V4H18Z"/></g></svg>

Chrome Cache Entry: 207

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	622
Entropy (8bit):	4.601325708674874
Encrypted:	false
SSDEEP:
MD5:	56FEF3BD1AF71766AA22AC22F4FFAE59
SHA1:	A71AD9388FF0CA52A3CF47C9DC3AE78D1CA5E98E
SHA-256:	FA7D9E2DE0D90CA3B68F1DE7352F96C2B804FEFCF577AE847F331F2C6707520A
SHA-512:	FBE05EC51DE580DAB45FA685B0BA9B1ED5A871A9F9DEE632D5C133BB3B549514D8B89EEB071CFC11C0F6278377203B0CF16CAE6C8649279EF1CB74D0976415D8
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>phone-talking</title><g id="phone-talking"><path id="phone-talking-2" data-name="phone-talking" d="M14,2a8.009,8.009,0,0,1,8,8,1,1,0,0,0,2,0A10.011,10.011,0,0,0,14,0a1,1,0,0,0,0,2Zm0,5a3,3,0,0,1,3,3,1,1,0,0,0,2,0,5.006,5.006,0,0,0-5-5,1,1,0,0,0,0,2Zm6.179,7.27a2.2,2.2,0,0,0-3.112,0L14.433,16.9A13.706,13.706,0,0,1,7.1,9.567L9.73,6.933a2.2,2.2,0,0,0,0-3.112L6.554.645a2.2,2.2,0,0,0-3.112,0l-1.51,1.51a6.661,6.661,0,0,0-1.806,6A19.971,19.971,0,0,0,15.849,23.874a6.661,6.661,0,0,0,6-1.806l1.51-1.51a2.2,2.2,0,0,0,0-3.112Z"/></g></svg>

Chrome Cache Entry: 208

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2933
Entropy (8bit):	7.819483410354461
Encrypted:	false
SSDEEP:
MD5:	5BCA4EB779086FD85DC89883CCC042D8
SHA1:	B1A8C99E68C545AAFC609F77F1706CA10B14EC14
SHA-256:	83248A61515A8A32E950EDFFA348DA623436CC1C4AEB73A2E86C871F22B693B4
SHA-512:	84EC88FAAD4866FE189A86E888CC8FD6C02DB2B8936EF38064AF321F97E7167BAB8189A37D3A251758977C96D0C9EDA9476568321420DF57310666D81E53BDB5
Malicious:	false
Reputation:	unknown
URL:	https://eu-files.jotform.com/jufs/Claire_Elgie/form_files/_mainPWAIcon61ac7a7c41fb5.png?md5=93Vqdu1QWSwmCIeXDu-EgA&expires=1736955777&width=48&height=48
Preview:	.PNG........IHDR...0...0.....W.......pHYs.................eXIfMM..............................J...........R.(...........i.........Z.......H.......H..............0210........0100.......................0...........0.....m.P....IDATx..{..U..?..}_3s'sg2.$d..L..J"D........r.l.R["..%.Z..".....Z.h.T.5..D.bI%....H..@...d....{.o..?..f.. [..,[.Vu..}..}...{.V""......)..Xl.!..8C`.a-...1.$).Z..j=P.Y.....I.^.X..R........F.j.J.^..<\|.'...0D.0Fc.6.x.LW'........2^D.....yf.3.J.<..7...n..,..u...`........r..B..L.Z......Jk...q.,.Bk....{4\|...Q.V.....A@.....^..+....9.C....j.j.N.^.,R.$...:.v,.......LO.p......e..>..-,.W.PA...Bk=..0..n.-..L..d.....A...B..b../...SO.>ZK).,Y.0.r...y..4.L.8."2G.R.z.N6.m...b.q.Z.R.Dooo..1.f.I.\Y.z....fq]..(W.\y...... ......G.%.LF3.OAG..5...~...!.......?...8...3z.s...y..O..=.].v../.....m.?..c.3...+E.Vc..U..]w1S,R*..^..sFF..d.../"".l.$.TZ...J&...d.}u&S...)...y.;.).=....l.U.Ri..,.M.s....A .fSDD.....=YY..%.]sm4f.....l.[:.II.$..$...b.$.W2....."".

Chrome Cache Entry: 209

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 69055, version 3.0
Category:	downloaded
Size (bytes):	69055
Entropy (8bit):	7.9965577137904935
Encrypted:	true
SSDEEP:
MD5:	EF5660E92EBB4915A6330A611A2A52AE
SHA1:	B91817F84EBA76DE4BA27D9B561C2600DB187FD8
SHA-256:	258E5A96A9BBFDA38743ABF0AD8C61751F86D907108F204ACC4F46DB5A871018
SHA-512:	5F69A9F6312D1E6D10AA1D9DDD1AE5735ACF16D8CB8AA0B7205AD5CB0A30C2482EDA6076D559CD735F3BF6F3D6194395B77447907D7F2D3D8455D31629334C7C
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff2
Preview:	wOF2...............(...............................\|..h..w.`....^..s.....\|......8.6.$..L..P.. ........q[.R...5..o..8..a.6...U....8..r..8.96...2....9....UV.b,.............".lw..k "...h......9...J.)J^PB.DUN..JfR...y+..\-u.kT.H.u.i.....v.r.F..yH!q-.rRnf.:....{8.U:HR.$G8.+.....B.!.I.k.r...(.......w..p..=O.....N.s.7.Zud.u..X....U...xP(^..?.C.i....KD...L.q.......S.9;....r..?(.n.....ag........E.w....>.U.......k.7A..0p...48...j&......ex..#[4.9...._...k.YY.N....=...S..GL.o^yV.....Y.._......^..E.x.M.?Q.."...7wx..A.dD4.K~..?M\|...........l..Zu.u...t.."$!i..(.7^.7.A...d...xj.8.P.r@..y...g5xx.......yB..>ZweB...Z.\D.QM....;).^=@m.5......H...@.....(L.3I/.Fl.}.?.^.?.^~. .N..$..q..B.Z.C.[...M..B.$.@H ...)=.."-.)..EP..c.X..b<..W...Z.......T..E....xk.p.v.g...s..W,`.G..N.=U$..F.,lG4..qd}b.I....{.2.q.L..q.N ...J.+81[....-\........@C......{.....4..#..m...qy..l{._........k@%.uN...g....b+..e.[... wU...i./..$..o.4.0..7..n...V..(X...Q.1..L......./._........_.U}.U.

Chrome Cache Entry: 212

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	14968
Entropy (8bit):	7.953182029403513
Encrypted:	false
SSDEEP:
MD5:	DE48945C008B98D509E12848766A054E
SHA1:	F1A258A8D7A2D88CD532A6A4959E2207D42CF89D
SHA-256:	DC299EB3ADF5E378485B2F93D06C6C123F78669A8913058023F54F6B55CB902D
SHA-512:	950CA5497587EE0386976ADA7DE9C3663D432F9833C99979D655B5E6873480DD1DEA2E176582430366D52241B586E31DB974A9E0B1038B1032C32302B71A9E47
Malicious:	false
Reputation:	unknown
URL:	https://eu-files.jotform.com/jufs/Claire_Elgie/form_files/_mainPWAIcon61ac7a7c41fb5.png?md5=93Vqdu1QWSwmCIeXDu-EgA&expires=1736955777&width=192&height=192
Preview:	.PNG........IHDR.............R.l.....pHYs.................eXIfMM..............................J...........R.(...........i.........Z.......H.......H..............0210........0100........................................+aN... .IDATx..w\|....).$.d....1... .nJ.f:.$_...7@....B1....%.j.{...muiw%m.r.?fg..W..,....-FS..9..s.9..$.....(rOW..'q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.q..%.Q{....o.@.~.W...+.\.p...?1-.\J@.;....b..Cr?.....E.#A3M..M.iljB...@.4.....c...)....&..:.$.$..2.,!...........z....x<H..S].f..n....tA.$d....:....4...H&.$...p..4..Y....;).Nm.$!......$!K..,SX.. ?...".....,%i]..p{..'.A....cq..M...b...X.D"A4.C..,7.S..?S.......V&.4.x<...RTTHqQ1%%.N=..%.... .....i.466...@(.&..%.L..:.d..0S...$....]9.m...."eV.x<^..........(J...@..I... .O.O$.G.......;-...YQ.`'a..DGJS..4.@A~>#...o.>.{.W....g.Dc1.."444...H...x<.X....$i...l..m+.....9\|8^..

Chrome Cache Entry: 213

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9504
Entropy (8bit):	7.93887049704118
Encrypted:	false
SSDEEP:
MD5:	45E1E5A517BBCD83467BB950A9DF1963
SHA1:	8C8E09E5C7400F307F94F016BC3D94311B004B7D
SHA-256:	10BE4F71BF9D23CDAED6FF85885A78CF7B1918A7A5609FFD293A9DD83EE10A62
SHA-512:	8C16A1FB6EBF9AA0EA08955C89B75A1F6DA8F51114CC547751622BA8402606D8FBF00A423DC6F732D9CE326BEE7735B8A4E5B2FFD937E47E97A368B5C1EF7CBB
Malicious:	false
Reputation:	unknown
URL:	https://eu-files.jotform.com/jufs/Claire_Elgie/form_files/_mainPWAIcon61ac7a7c41fb5.png?md5=93Vqdu1QWSwmCIeXDu-EgA&expires=1736955777&width=128&height=128
Preview:	.PNG........IHDR..............>a.....pHYs.................eXIfMM..............................J...........R.(...........i.........Z.......H.......H..............0210........0100..........................................s+.. .IDATx..y.\U..?w.....,.t...a..E"..$(..... . .:.:3...08...B....e.Q.$,..l...I.$...KuUwU.....uoWUWwz..T}..>]u..s.s..y.....[..BPB.B.K.P._.%..9J.(r..P.(...Q"@..D."G..E.....%..9J.(r..P.(...Q"@..D."G..E.....%..9J.(r..P.(...Q"@..D."G..E../-@.]....I..U...][z2.Gv.....w.....[ko.(...@v..R........61...1L.9g.......YVPU.....h..........!z$Ai..b.....e.L&.L&I&..Ri..4.a.J.1]..&B.HH}..$I........B...".(.U.h..l%.08.!.8..W.m..i..q..q...Ri,..0M..H.e.$.Ev\|rI.].=..m...!l\|>.>.....G.&..{2....0@..M...L......ko....^.........f(.....!........cQ..._"@..mfs.C<.'.k#.K...A"..0.dYF...f........4M....5c.~..G...Q.q.B`Y...v..;Fk[...FO....((..]..p..e=2.'..!...!...H..,K92...$..:#..g.....r..2...L%i..ini..ft=.\.u..Q..m.......(....H....h..)_.4.>..yS.%l..@O..!0...t.t:..!..(.&.eY

Chrome Cache Entry: 214

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3693
Entropy (8bit):	4.869057565144107
Encrypted:	false
SSDEEP:
MD5:	FC99BE36A7ECB84D151F13EA0D504207
SHA1:	B54641C60D017AC6AD6AA949BFA28ECB9A09816C
SHA-256:	156E1E031B36D2B62F2FF9102B8D179350966CB5AEEC6B70A4AC7398D319805C
SHA-512:	A147270B8ECFE9E3B6D8CFE3501422FF1DF98B1867D79839BDDD32FF157E037297A8FEB1C5641F56F84447A0C7E5AE513F194334FF623D0EFB7E6D5017FC71F9
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/fonts/?family=Circular
Preview:	@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Light.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Light.woff) format("woff");. font-display: swap;. font-style: normal;. font-weight: 300;.}..@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-ThinItalic.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-ThinItalic.woff) format("woff");. font-display: swap;. font-style: italic;. font-weight: 100;.}..@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-BoldItalic.woff2) format("woff2"), url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-BoldItalic.woff) format("woff");. font-display: swap;. font-style: italic;. font-weight: 700;.}..@font-face {. font-family: "Circular";. src: url(https://cdn.jotfor.ms/fonts/circular/fonts/Circular-BlackItalic.woff2) format("woff2"), url(ht

Chrome Cache Entry: 215

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (41136), with no line terminators
Category:	downloaded
Size (bytes):	41137
Entropy (8bit):	5.269641395050074
Encrypted:	false
SSDEEP:
MD5:	EB0B91383091D8D0834A4D80E170DC34
SHA1:	384F1D70B5AA73FCFD81523A57EA89EEB715F871
SHA-256:	0803567823274F1C60D01116A7A559F37A2B24365326F18A093F3993FEEBC312
SHA-512:	6CCF15D74562B743243DC53E85DBCFC28E6874A2C84BA3093852C107874ACE2570DD05402C6C2B89E91BB3D1BFE2BB0F6BB25126BB65DCF805C032A00602885D
Malicious:	false
Reputation:	unknown
URL:	https://cdn01.jotfor.ms/s/portal/88179083df8/static/css/9678.c2dbea13.css
Preview:	:root{--tagify-dd-color-primary:#3595f6;--tagify-dd-bg-color:white}.tagify{--tags-border-color:#ddd;--tags-hover-border-color:#ccc;--tags-focus-border-color:#3595f6;--tag-bg:#e5e5e5;--tag-hover:#d3e2e2;--tag-text-color:black;--tag-text-color--edit:black;--tag-pad:.3em .5em;--tag-inset-shadow-size:1.1em;--tag-invalid-color:#d39494;--tag-invalid-bg:rgba(211,148,148,.5);--tag-remove-bg:rgba(211,148,148,.3);--tag-remove-btn-color:black;--tag-remove-btn-bg:none;--tag-remove-btn-bg--hover:#c77777;--input-color:inherit;--tag--min-width:1ch;--tag--max-width:auto;--tag-hide-transition:.3s;--placeholder-color:rgba(0,0,0,.4);--placeholder-color-focus:rgba(0,0,0,.25);--loader-size:.8em;border:1px solid #ddd;border:1px solid var(--tags-border-color);cursor:text;box-sizing:border-box;outline:0;flex-wrap:wrap;align-items:flex-start;padding:0;line-height:1.1;transition:all .1s;display:flex;position:relative}@keyframes tags--bump{30%{transform:scale(1.2)}}@keyframes rotateLoader{to{transform:rotate(1tu

Chrome Cache Entry: 216

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	188877
Entropy (8bit):	5.87011986087482
Encrypted:	false
SSDEEP:
MD5:	DC7D4D348FE1F99AF4AC06D2A42B5088
SHA1:	65BB9F01723084A15404421BA1DB1895B968A0ED
SHA-256:	15B7CBC354E3B92301ACB88F9E8A95586A0B5A4444F1EDDAB0C8287A2B638CF7
SHA-512:	0B439413F57D1131C449B5BE533981B7FF252A4812B3A33B0787C1FE4C27C0A44C395ACC135985841C9980CB9AEFB6A27CDC677B6C04FF4864E06B4AE5CC8108
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/4646.d3fc3085.js
Preview:	/! For license information please see 4646.d3fc3085.js.LICENSE.txt /..!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="66243b25-ed31-5941-958c-2e958167edbd")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["4646"],{87868:function(e){!function(t){"use strict";function r(e,t){var r=(65535&e)+(65535&t);return(e>>16)+(t>>16)+(r>>16)<<16\|65535&r}function n(e,t,n,i,s,o){return r((a=r(r(t,e),r(i,o)))<<(c=s)\|a>>>32-c,n);var a,c}function i(e,t,r,i,s,o,a){return n(t&r\|~t&i,e,t,s,o,a)}function s(e,t,r,i,s,o,a){return n(t&i\|r&~i,e,t,s,o,a)}function o(e,t,r,i,s,o,a){return n(t^r^i,e,t,s,o,a)}function a(e,t,r,i,s,o,a){return n(r^(t\|~i),e,t,s,o,a)}function c(e,t){var n,c,l,u,h;e[t>>5]\|=128<<t%32,e[14+(t+64>>>9<<4)]=t;var p=1732584193,d=-271733879,f=-1732584194,m=2717

Chrome Cache Entry: 217

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	603
Entropy (8bit):	4.6176735510860825
Encrypted:	false
SSDEEP:
MD5:	C14F3BA21CE3BABEEE2E72BF8C7CB87B
SHA1:	ADD4276FFEFE97A325A83B57D57B14FF2E3B11F2
SHA-256:	C41A0E2E4131270185D0A5C79EC50AE9D02827FE9250E76059F22F5B0558A5D5
SHA-512:	B1B0BB7C45DCFDBE48833008825037EBE7778461906E9A192C7D8AF057DF3E76BF37BFE7A93547A37FF8F1BDE9EF47FACED72E91E752710D58F44E8CF6E6D24A
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>angel-smile</title><g id="angel-smile"><path id="angel-smile-2" data-name="angel-smile" d="M12,0C5.373,0,0,1.343,0,3S5.373,6,12,6,24,4.657,24,3,18.627,0,12,0Zm0,4C7.03,4,3,3.552,3,3s4.03-1,9-1,9,.448,9,1S16.971,4,12,4Zm0,4A39.12,39.12,0,0,1,2.787,7,11,11,0,1,0,21.213,7,39.12,39.12,0,0,1,12,8ZM7.5,10A1.5,1.5,0,1,1,6,11.5,1.5,1.5,0,0,1,7.5,10Zm10.2,7.717a8.25,8.25,0,0,1-11.394,0A1,1,0,1,1,7.7,16.283a6.25,6.25,0,0,0,8.606,0A1,1,0,0,1,17.7,17.717ZM16.5,13A1.5,1.5,0,1,1,18,11.5,1.5,1.5,0,0,1,16.5,13Z"/></g></svg>

Chrome Cache Entry: 219

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 74703, version 3.0
Category:	downloaded
Size (bytes):	74703
Entropy (8bit):	7.996549296180461
Encrypted:	true
SSDEEP:
MD5:	A9C3E34A0C3BE1FFEA1EF29AFE67F947
SHA1:	B0E4B24186B9B20353B54B0C241F020385837051
SHA-256:	FF7495D22E68DB3DB45DE276011A012B816220F40A84101B268F99ED8BD26114
SHA-512:	AFAF3AC9082C64C3D6A2D2AABF3FD1C72A4536084728B1C3B8918E6922F693E863A6403AE78560B2A7B0D333C447E9470911AD7ED79CE989B7B22C35BAB2F58B
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Bold.woff2
Preview:	wOF2......#........X..!.......!.......................h..w.`....b..s.....4......8.6.$..L..P.. ........A[+u.......kY.b:.....U...?..6.x].6..>._.f...6.x+.7.u.5............}.Bd......-..V.D..N...D4.vwq..7mQ.ZS..K.m6...2......e....#.<J....6...-lr.'...:u.\|t.U...6..Z...-x.urd.....z...Z..h5G...Y.nd._T..BHBJ.r..\T.#c.....9.q..Zr..h..z5H..M.y...:..F.t.0@...P.g\...^...._;.[..{..Z.pJ.]>...4I.....-..a@..{.Z.@O..6..T]..$$.......{...~}K..YZ.'Gx(..."D."n~..t..h.{j.R.L.....Q...#.......g)....D.4.X..#..h.yE7.w+..\|..5.S.(="..A.k..........'........[..L...H......Qu...\..4.3...q..d..%..EN.\...fU...Idf..s.gA....U....Hm.{....&$.#^......cs....."....b..E.p...<.....c.]u...A0."F.1........z?..clM,`..6....1.B[.H1.(N..;...0.'.......!"..T.....`..1.sS:..7.m._b..&...D..O...a.........9c..u......MAK.MdZ(\|...!y2,..>..4!j....&9.y.."Y$5bkb...FD9RA.....12...F..,.....9.?[.iYc9V......q .}.{.sM.&X.8..E>..... ..c...gkVP..XH..o....T...nR...........R.ex...?..}...i.l. H.YI5....p..l.8.lb78H..*.

Chrome Cache Entry: 220

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (521)
Category:	dropped
Size (bytes):	6376
Entropy (8bit):	5.422774271094704
Encrypted:	false
SSDEEP:
MD5:	EBC9F7B2083E930685A7BD68E8A9B982
SHA1:	1E6AB75B5C148463880615D9817CF5AD21A2CF87
SHA-256:	D74F3CA658E149F3E233094CAC69E619F6F544A13A291B96BBB28E62191C3CB2
SHA-512:	8E478F94822EFE60D04BD047C0234FF3EE97F85DB442D8CAE600E3EB1980430DC364FC358EF06D8420E1A43D567E0CBE508C12ECA06D0B6283D9AF5DF09D1CB6
Malicious:	false
Reputation:	unknown
Preview:	function S(n){var r=0;return function(){return r<n.length?{done:!1,value:n[r++]}:{done:!0}}}function T(n){var r="undefined"!=typeof Symbol&&Symbol.iterator&&n[Symbol.iterator];return r?r.call(n):{next:S(n)}}function U(n){for(var r,y=[];!(r=n.next()).done;)y.push(r.value);return y}.(function(){function n(a,b){a="__pwacompat_"+a;void 0!==b&&(z[a]=b);return z[a]}function r(){var a=(A=document.head.querySelector('link[rel="manifest"]'))?A.href:"";if(!a)throw'can\'t find <link rel="manifest" href=".." />\'';var b=y([a,window.location]),e=n("manifest");if(e)try{var g=JSON.parse(e);H(g,b)}catch(u){console.warn("PWACompat error",u)}else{var p=new XMLHttpRequest;p.open("GET",a);p.withCredentials="use-credentials"===A.getAttribute("crossorigin");p.onload=function(){try{var u=JSON.parse(p.responseText);.n("manifest",p.responseText);H(u,b)}catch(v){console.warn("PWACompat error",v)}};p.send(null)}}function y(a){for(var b={},e=0;e<a.length;b={c:b.c},++e){b.c=a[e];try{return new URL("",b.c),function

Chrome Cache Entry: 224

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15845)
Category:	downloaded
Size (bytes):	16274
Entropy (8bit):	5.366931692196057
Encrypted:	false
SSDEEP:
MD5:	D51F0731454569BC55A8E97325173207
SHA1:	9FF5CA189929176E99418FA78FD12E559C27EF8F
SHA-256:	A355A9F72BC3B79252611F14CCFA579B116E41C9198BD43B4AF97D3F3AAC7CC5
SHA-512:	87081711FB2F380D617B359C345E769B850990AC7E8CA25A64A0446CA74210EE8078EC5AF13147D8B07F06F63FE0D9BBFEA548D2CEF17FA84592457D60F7FE48
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/7988.f937c1ff.js
Preview:	/! For license information please see 7988.f937c1ff.js.LICENSE.txt /..!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="ec33327f-e33f-5d63-9d27-7c27340c3a43")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["7988"],{1625:function(e){"use strict";var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,r=Object.prototype.propertyIsEnumerable;e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map((function(e){return t[e]})).join(""))return!1;var r={};return"abcdefghijklmnopqrst".split("").forEach((function(e){r[e]=e})),"abcdefghijklmnopqrst"===Object.keys

Chrome Cache Entry: 225

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 71876, version 3.0
Category:	downloaded
Size (bytes):	71876
Entropy (8bit):	7.9965405338255335
Encrypted:	true
SSDEEP:
MD5:	B35B52EC5CCBEBF7AD2EFDB948B7A532
SHA1:	3A5655FE13DDC3763F1D3515895FA8E715C1C8D5
SHA-256:	2D463E335A26C491CBB6803EE61BCB4E254DE5053D937182B7AF54321988AA24
SHA-512:	95CD71C7CA8FAD73D9590AEAB9F2722A67EEBD590F598459C186AC0B4E6F0EFD1F181C6B2A8A2EB7C43CB285A8EA105BF13579F152BD9B6E4E35C292BEEA0F5A
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Medium.woff2
Preview:	wOF2...............L..................................h..w.`....V..s.....t..0...8.6.$..L..P.. .........[yE...O...m...U...b.\|.yo...x.~...6...0.~tD...jD..P.7.............."....I.E...\|.m.....HD..h-..uuQPz.]J..>.R.UA-k...j.,...[..f{-.........&s....Ht...cWZ....p1..U.c-O..a!2qT.'..V\...BbR.T..+L.or..O.~.=.Rg..'...u.3.p.Q.jz_U..;Q.]..(A.h.k.&<..m...1.p....P=R%U..pC.Id1vGx.I.0.Tg..O..Y.@.C..A..y....,."G..o....G.n......../..0W'.d..........W.I.q1k...B.....A..h....&I.AFj..&...S1A...w....j[..wl.5.{...Y.e.6....T..9.r..FR...yC....x(.i.T.;...^=1.".+z..6.....]M.f.H..9.G..b.l.......:C.$s.v....~D~....J>b....t..#. .."....X+i.....Bq.O....~./.......Q....T.<:+.C1..s..X...T..p.@...mz..w#K.,.........<E...q..1G..=...y..h.,..........R8...7-.3......x......B..%..n.HV..E..E..`.R.......F.6X.o.....[.m.i.P!.Ay..y`...{....y.....$.....w......gxI....\|.V.]UM.~Z~....C2@....h.~E.?....dK.Y...\.T.:.tO.&=....@.+.-.b.yp^.ysn>....S..'_e>..>.3.?,._.?..............s....Cpq...A.%9.]..t

Chrome Cache Entry: 226

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1115 x 662, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	41014
Entropy (8bit):	7.853108624084214
Encrypted:	false
SSDEEP:
MD5:	1C0AD63284E6F0991E47C0FCDE8B7E2E
SHA1:	5F783479AD30C359F0F8166871AF3DEC4B04DA09
SHA-256:	4EB61387AC27DFF9511C5FA6B7429674CFABDEA4C4D4BCC86C5D793544976169
SHA-512:	97DA0995E78BBC7E4DF49E2B9FB95149772B3100834B14821132A6549BBF5A5547EFEE9819E21EA31074C4A3AFF581A0C4976E46549D1F53DE526892653B5835
Malicious:	false
Reputation:	unknown
URL:	https://eu-files.jotform.com/jufs/Claire_Elgie/form_files/9aeee82c0f949e32fdbe70f6fd6f19ce.6374c6a71e4ce2.55193030.png?md5=XtJmqLCazravSW84wA7qbQ&expires=1736955770
Preview:	.PNG........IHDR...[............X....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:E33709F9F4AF11E9BB0AB8081A519A04" xmpMM:DocumentID="xmp.did:E33709FAF4AF11E9BB0AB8081A519A04"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E33709F7F4AF11E9BB0AB8081A519A04" stRef:documentID="xmp.did:E33709F8F4AF11E9BB0AB8081A519A04"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..-y....IDATx.....]...._..".$...0.....r.[..Z........T.]T[.t.Z.R....Zk'a.flS;.EB....9#.....{....z=.3a..s.....

Chrome Cache Entry: 227

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (538), with no line terminators
Category:	downloaded
Size (bytes):	538
Entropy (8bit):	4.806664267352961
Encrypted:	false
SSDEEP:
MD5:	4790F8CE80E35B327B3DE5517DDC2C88
SHA1:	1B5E23E0BC91B63381416F3EB3C2998BFC546664
SHA-256:	5D9A6030DD902F7E8A996A94D29326564A7A60040DC76FEAC0C652830C19289A
SHA-512:	4F47EF904F5D732EEA3E79C38291646D4814E1DB81FA24E2836406E9DE0830C28BD3E9936B6C04F9193E7753FF16800667E841C3B7E044E86A15AA9FEE929811
Malicious:	false
Reputation:	unknown
URL:	https://widgets.jotform.io/socialFollow/min/social.min.css?v=0.1
Preview:	.social-networks,body{padding:0;margin:0}.social-networks{width:100%;height:100%;display:flex;justify-content:center;align-items:center;list-style:none;flex-wrap:wrap}.social-list{display:inline-block;margin:4px;position:relative}.social-list svg{width:36px;height:36px;display:block;pointer-events:none}.social-list a{display:block}.social-list:before{content:"";position:absolute;bottom:-4px;left:0;width:100%;height:2px;border-radius:4px;opacity:0;box-shadow:inset 0 0 0 4px;transition:opacity .3s}.social-list:hover:before{opacity:.4}

Chrome Cache Entry: 229

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59987)
Category:	downloaded
Size (bytes):	60031
Entropy (8bit):	5.370598287940797
Encrypted:	false
SSDEEP:
MD5:	700E9FCA74FA92077675421461929668
SHA1:	BE066A0B6073EB5174C0B2B8938163D3B37428FA
SHA-256:	8A5142932F28D4A6FAF0DD2BBB977415E96A4A59F06C7429473856F3E74F592C
SHA-512:	016C70A6D59B517C475098D543DCC90A9CA588BEBAD472931496EFE2341385A2CCE774EA5FD71841D0E472CED30386AB6EF913E132F3C7B910E3F3007FB8C19E
Malicious:	false
Reputation:	unknown
URL:	https://cdn01.jotfor.ms/s/umd/88179083df8/for-csa-timeout.js
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports["for-csa-timeout"]=t():e["for-csa-timeout"]=t()}(this,function(){return function(){var e={23715:function(e,t,r){var n=r(56037),o=r(37609),i=r(29391),s=r(94191),a=r(42721);function l(e){var t=-1,r=null==e?0:e.length;for(this.clear();++t<r;){var n=e[t];this.set(n[0],n[1])}}l.prototype.clear=n,l.prototype.delete=o,l.prototype.get=i,l.prototype.has=s,l.prototype.set=a,e.exports=l},56629:function(e,t,r){var n=r(1171),o=r(67838),i=r(44859),s=r(4073),a=r(28541);function l(e){var t=-1,r=null==e?0:e.length;for(this.clear();++t<r;){var n=e[t];this.set(n[0],n[1])}}l.prototype.clear=n,l.prototype.delete=o,l.prototype.get=i,l.prototype.has=s,l.prototype.set=a,e.exports=l},91739:function(e,t,r){var n=r(83743)(r(92373),"Map");e.exports=n},10503:function(e,t,r){var n=r(73649),o=r(91186),i=r(59713),s=r(21431),a=r(36801);function l(e){var

Chrome Cache Entry: 234

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	344
Entropy (8bit):	4.815772053348513
Encrypted:	false
SSDEEP:
MD5:	5FCC4947F6D39657116E6479EC7155BF
SHA1:	933759071B5F3D3AC1B4ECA039685E349343C3A0
SHA-256:	61D19F68602197371A218277356B75FB5569F687227D94B8870246B3B27D7715
SHA-512:	8FE068FB8AC71A7D1E461663A366AFDF876118351C2B0FF9BD544A140CD22FEBCFE12AA4EC7CDF06FD9CE2101F562D0034327BE8E24704419FE7632199ABB86F
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>home</title><g id="home"><path id="home-2" data-name="home" d="M23.2,9.163,12,0,.8,9.163A2.185,2.185,0,0,0,0,10.852V21.818A2.182,2.182,0,0,0,2.182,24H8V18a4,4,0,0,1,8,0v6h5.818A2.182,2.182,0,0,0,24,21.818V10.852A2.185,2.185,0,0,0,23.2,9.163Z"/></g></svg>

Chrome Cache Entry: 236

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10749
Entropy (8bit):	7.95260838660248
Encrypted:	false
SSDEEP:
MD5:	6451124196EB51B57174C3EE9C3EF6D8
SHA1:	EAC417E549B906634B3516CA9C59AF028B2397BE
SHA-256:	E1D49B8D27F9140722E9BCDAD257E31DA75192798B376806B63AC3DD9DC54FC1
SHA-512:	8AF508E2A0FA29E535D59F6B23AF58A4081E7D1CA7FD3F1C7665048EAD2BCE5A12B4E7078B67656047F8CA2131DFFF0C94601D743D055B6C29DA0501FB34D54B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............F.....pHYs.................eXIfMM..............................J...........R.(...........i.........Z.......H.......H..............0210........0100........................................Ye}... .IDATx..w......&.l.P.Z!.V.$D....bL.".b@$.b....e...mp.D.....p.`[`.D.. ..HHZei.N..P..=.;.;.iv.v..3.3=.U.Uo.s..5..B....!...p..K .%.%......EIp..$..rQ.\..(...\...@.J.K .%.%......EIp..$..rQ.\..(...\...@.J.K .%.%......EIp..$..rQ.\..(...\...@.J.K .%.%......EIP?.......!I.'R......=<}.T!..i".p...b..I..e.Y.....$z..%...PH...L.A:.!.N..dI.R..I2..0.t.@..i....B`Q.$YF.-.x=^<.....`0...'.....:.K.Q....>A.$]...R)R...T.D"I2i.t..0,..../].....?.i:.....z.xT...............>F.#...L&C2."......H$.f5..,.a8....+.?(t.#......a....1.C.n$r.4..0.l...(.m....G.t...,w&..9Tv..i...^..q.....K..D1.h.F[{;.m..Q.....9..e.Y.(d....f0 I.B.4Mc..L.6.%g#........ .....NKk...Q...n....(...V'..{........$.l6....a.).1.@.C!.....X.....[.I$.hY.I.Q....N....{.l..lR.....VY..iB.tC'.i..?.N;....

Chrome Cache Entry: 237

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	80316
Entropy (8bit):	5.559067889144911
Encrypted:	false
SSDEEP:
MD5:	95332E7B1BE078E228494F1FBE513391
SHA1:	8A130C617B3794FC8FC2208ACBD08BEE070C3ACF
SHA-256:	C4AA2934E1E65AC6ED874C73A2DB9D742B80832EC12EF36F3EA72081B586500C
SHA-512:	C160481A5B737F507792C23B3D35E08082751254205D7D98DBC6C1D6A7ABC02AD2717D9D7528C3DF9DAAF221B238EACBFA0E5F258CDE9A0DC5190DEFC6A46A51
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/css/4518.4146ae59.chunk.css
Preview:	.formAccountBox-wrapper{text-align:left;position:absolute;top:12px;right:12px}.jfCardForm.isMobile .formAccountBox-wrapper{top:8px;right:8px}.avatarBox{cursor:pointer;background-color:#f98d02;background-position:50%;background-repeat:no-repeat;background-size:cover;border:1px solid #fff;border-radius:50%;width:40px;height:40px;box-shadow:0 0 4px rgba(0,0,0,.19)}.formAccountBox-tooltip{z-index:5;background-color:#fff;border-radius:6px;width:92vw;max-width:320px;margin-top:12px;padding:3px 0;font-family:-apple-system,system-ui,BlinkMacSystemFont,Segoe UI,Roboto,Noto Sans,Ubuntu,Cantarell,Helvetica Neue,roboto,oxygen-sans,ubuntu,cantarell,sans-serif;font-size:14px;font-weight:500;line-height:1.5;display:block;position:absolute;top:100%;right:0;box-shadow:0 0 6px rgba(0,0,0,.5)}.formAccountBox-tooltip.isClosed{display:none}.formAccountBox-tooltip:before{content:"";background:#fff;width:12px;height:12px;display:inline-block;position:absolute;top:-6px;right:15px;transform:rotate(45deg);box-s

Chrome Cache Entry: 238

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (48786)
Category:	downloaded
Size (bytes):	49207
Entropy (8bit):	5.487032065069287
Encrypted:	false
SSDEEP:
MD5:	FEBD6AF15D623E3099FA936D79108372
SHA1:	5239D78298152B66830A8E17BA3EF0AA9C8857B3
SHA-256:	460FE147AEA1FB956349D6797D174F825088EE40350D3C14EFC3CD63D44711C7
SHA-512:	85CAB84586F82A080A7EE5B8E87B51F93A53E6DE9A1C20755675FEEF9BC134BF4CE87571B23FA3C0C86DA0A15072862759667648F28CEEC6EE8F4875987D02F9
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/js/8508.b10487e3.js
Preview:	"use strict";.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds\|\|{},e._sentryDebugIds[n]="f9dd4401-9099-58ae-98a0-7ca1510b4145")}catch(e){}}();.(("undefined"==typeof self?this:self).chunkList=("undefined"==typeof self?this:self).chunkList\|\|[]).push([["8508"],{91918:function(e,o,t){t.d(o,{F4:function(){return O},fh:function(){return s}});var E=t(24840),r=t(60097),_=t(40991),a=t(31157),n=t(45615);const i=new E.m("/API",{interceptorConfig:{teamID:t.g.teamID,customResponseInterceptors:[r.D.requestManagerResponseNormalizer]}}),s=e=>{if((0,_.ko)())return;const o=new URLSearchParams,{lastProductAssetInteraction:t}=e;return t&&o.append("last_product_asset_interaction",t),i.post("ep/user/hubspot-contact-form",o)},O=({asset:e,target:o,action:t,intent:E})=>{if((0,n.BB)()){const r={project:a.ib.ENTERPRISE_PROMOTIONS,asset:e,target:o,action:t};E&&(r.intent=E);const

Chrome Cache Entry: 239

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	548
Entropy (8bit):	4.660801881684815
Encrypted:	false
SSDEEP:
MD5:	4B074B0B59693FA9F94FB71B175FB187
SHA1:	0004D4F82B546013424B2E0DE084395071EEF98B
SHA-256:	25FB23868EBF48348F9E438E00CB9B9D9B3A054F32482A781C762CC4F9CC6393
SHA-512:	F928E9FAA0BC776FC5D8A0326981853709D437B7B1C2E238894BFB2ACBB627442C425CBB00D369C52D15876B6C795E67F7580341686696D569A908A6ADD4B444
Malicious:	false
Reputation:	unknown
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 240

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	127727
Entropy (8bit):	5.179659976324763
Encrypted:	false
SSDEEP:
MD5:	B6A8806FE41CD62D3F5A7D3A4F204916
SHA1:	C08961B63DF60521A8821BAD6D6BE652DCEA3F84
SHA-256:	8DAE343841E8FC32B9A6BD95A3E70941D30993B20BDA77C3B78A7A005B7E32CC
SHA-512:	0A9E16CBD377308B0AF7A38D5C1CAB85351BFDD5618587F7B4DCE7465EC23C123826C5A714B33A890262D803A530092EFDE109A860EFD2423CAE08243A003ABF
Malicious:	false
Reputation:	unknown
URL:	https://cdn03.jotfor.ms/s/portal/88179083df8/static/css/jotform.css.e448a675.css
Preview:	@import "https://cdn.jotfor.ms/fonts/?family=Circular";@property --bg-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --color-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-t-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-r-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-b-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-l-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-x-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --border-y-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --outline-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --divide-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --fill-opacity{syntax:"<number>";inherits:false;initial-value:1}@property --stroke-opacity{

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eu.jotform.com/app/213381340657353

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\RMS Customer.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\42cce12df1d7c5f3.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IENVXPTO6ZV511FFEAZQ.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RMS Customer.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Desktop\RMS Customer.lnk

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 175

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 187

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 196

Windows Analysis Report
https://eu.jotform.com/app/213381340657353