Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/

Overview

General Information

Sample URL:https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/
Analysis ID:1592162

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected suspicious URL
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1992,i,10166080106252298425,1315085545750906946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 3676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://slvraircomfort.com
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: https://slvraircomfort.com
Source: https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/#_0HTTP Parser: Base64 decoded: sv=o365_1_voice&rand=TjVVUjk=&uid=USER08012025U04010806
Source: unknownHTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.18:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.227.215:443 -> 192.168.2.18:49753 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: global trafficDNS traffic detected: DNS query: pub.marq.com
Source: global trafficDNS traffic detected: DNS query: app.marq.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: analytics-pub.marq.com
Source: global trafficDNS traffic detected: DNS query: cdn-cashy-static-assets.marq.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: analytics-pub.app.marq.com
Source: global trafficDNS traffic detected: DNS query: slvraircomfort.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.242.162:443 -> 192.168.2.18:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.227.215:443 -> 192.168.2.18:49753 version: TLS 1.2
Source: classification engineClassification label: sus21.win@18/26@20/251
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1992,i,10166080106252298425,1315085545750906946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1992,i,10166080106252298425,1315085545750906946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
cdn-cashy-static-assets.marq.com
18.245.60.10
truefalse
    unknown
    analytics-pub.marq.com
    54.204.91.219
    truefalse
      unknown
      www.google.com
      216.58.206.36
      truefalse
        high
        d3v04nmt9jknbk.cloudfront.net
        99.86.4.28
        truefalse
          unknown
          slvraircomfort.com
          192.185.107.17
          truetrue
            unknown
            app.marq.com
            3.93.140.3
            truefalse
              unknown
              analytics-pub.app.marq.com
              35.171.222.254
              truefalse
                unknown
                stats.g.doubleclick.net
                173.194.76.157
                truefalse
                  high
                  pub.marq.com
                  unknown
                  unknownfalse
                    unknown
                    NameMaliciousAntivirus DetectionReputation
                    https://slvraircomfort.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VGpWVlVqaz0mdWlkPVVTRVIwODAxMjAyNVUwNDAxMDgwNg==N0123Nfalse
                      unknown
                      https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/#_0false
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.186.46
                        unknownUnited States
                        15169GOOGLEUSfalse
                        3.93.140.3
                        app.marq.comUnited States
                        14618AMAZON-AESUSfalse
                        142.250.186.78
                        unknownUnited States
                        15169GOOGLEUSfalse
                        173.194.76.157
                        stats.g.doubleclick.netUnited States
                        15169GOOGLEUSfalse
                        142.250.185.67
                        unknownUnited States
                        15169GOOGLEUSfalse
                        1.1.1.1
                        unknownAustralia
                        13335CLOUDFLARENETUSfalse
                        173.194.76.84
                        unknownUnited States
                        15169GOOGLEUSfalse
                        54.204.91.219
                        analytics-pub.marq.comUnited States
                        14618AMAZON-AESUSfalse
                        99.86.4.85
                        unknownUnited States
                        16509AMAZON-02USfalse
                        142.251.5.156
                        unknownUnited States
                        15169GOOGLEUSfalse
                        192.185.107.17
                        slvraircomfort.comUnited States
                        46606UNIFIEDLAYER-AS-1UStrue
                        142.250.185.232
                        unknownUnited States
                        15169GOOGLEUSfalse
                        216.58.206.36
                        www.google.comUnited States
                        15169GOOGLEUSfalse
                        142.250.181.232
                        unknownUnited States
                        15169GOOGLEUSfalse
                        99.86.4.28
                        d3v04nmt9jknbk.cloudfront.netUnited States
                        16509AMAZON-02USfalse
                        239.255.255.250
                        unknownReserved
                        unknownunknownfalse
                        142.250.186.142
                        unknownUnited States
                        15169GOOGLEUSfalse
                        18.245.60.10
                        cdn-cashy-static-assets.marq.comUnited States
                        16509AMAZON-02USfalse
                        142.250.184.232
                        unknownUnited States
                        15169GOOGLEUSfalse
                        216.239.36.178
                        unknownUnited States
                        15169GOOGLEUSfalse
                        142.250.186.99
                        unknownUnited States
                        15169GOOGLEUSfalse
                        35.171.222.254
                        analytics-pub.app.marq.comUnited States
                        14618AMAZON-AESUSfalse
                        IP
                        192.168.2.18
                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1592162
                        Start date and time:2025-01-15 20:58:09 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                        Sample URL:https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:15
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • EGA enabled
                        Analysis Mode:stream
                        Analysis stop reason:Timeout
                        Detection:SUS
                        Classification:sus21.win@18/26@20/251
                        • Exclude process from analysis (whitelisted): SIHClient.exe
                        • Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.186.78, 173.194.76.84, 142.250.181.238, 172.217.18.110
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                        • Not all processes where analyzed, report is missing behavior information
                        • VT rate limit hit for: https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:43 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2675
                        Entropy (8bit):3.9740185463577613
                        Encrypted:false
                        SSDEEP:
                        MD5:0FA405168C50F78E7EF6DAB47963A81B
                        SHA1:8B33264C88D46B01F1C176B8FB8CA9FB99974E99
                        SHA-256:8A5B8B062577CCEE09B17F277603923FE5912F0D9AA80B857B64ABE20906EDDD
                        SHA-512:984A02CC1B518B1E372BD1964FA340776CA8A97D5E7C347A9E0B1E1CC2E5D1938984B9B1A0B0F7C41F5B8E0113FF77CD1EFDE169DE7EA0048366649B3407E66F
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....1-..g......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I/ZL.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZU.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V/ZU.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V/ZU............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZV......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............*0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:43 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2677
                        Entropy (8bit):3.9914251343095226
                        Encrypted:false
                        SSDEEP:
                        MD5:87B439990A2EF6E4DF03F4C3A19C3D26
                        SHA1:9CEFED503A384663DCAEAF698AB7F8AB94864266
                        SHA-256:815BB8A6BBACF6719CF88683FD76375373E56A54FEC46CB637491F7207553186
                        SHA-512:CADFC1E8175B2A02CBA543E7119EE7075656293BEDAAB8E378690BE8541EE79DDF2E7334ED9D4126FDF8FE8F8F22D995CE3E3C104E78691AEF7017D504FD4FF7
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....=F...g......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I/ZL.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZU.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V/ZU.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V/ZU............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZV......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............*0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2691
                        Entropy (8bit):4.002678697780342
                        Encrypted:false
                        SSDEEP:
                        MD5:FBCE8AC3EEA0D43003D9447D133F90F5
                        SHA1:E014F4DF4E0B3575F853E5A06AAFC4720F517A53
                        SHA-256:C719455DB3067081C7EDCC0E01602A03EC4686A3DC4075027EB125186D381A5E
                        SHA-512:164E038759624CDDC6DD8C84F6FE2D475C7488F967F10E4C174F4F1E3C7C6E1DFEDE9A255CFBD1A26B00EF567541D8FDC269BFB2EBE1DF871F0B2DA0466848C7
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I/ZL.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZU.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V/ZU.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V/ZU............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............*0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:42 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2679
                        Entropy (8bit):3.992201335323172
                        Encrypted:false
                        SSDEEP:
                        MD5:583BD0803479F25921F5268095D4FCA0
                        SHA1:845BBA9EA55C0A059E0311CEE9FE335FF9912D7C
                        SHA-256:A4A703BEDAA3F6CA94FFEEDA6C54DF10049C6F3EC9D7E68028DF0E1F04444915
                        SHA-512:6447B06735332CC7016E1B497BC3D7AB529F4EC3E87323E69C48E4871D5A80A2929EFEAA42B2F30AB4B7FC485E6414DFA1E3C54B6BB11A93859BA7F06936B1B6
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,.........g......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I/ZL.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZU.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V/ZU.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V/ZU............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZV......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............*0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:43 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2679
                        Entropy (8bit):3.9769063745609974
                        Encrypted:false
                        SSDEEP:
                        MD5:02A3D77DC59526463D0EB15C39DE4E60
                        SHA1:518B7DAA8CD7D994352E1669C14F3F1C6BF5317C
                        SHA-256:C1FD3F34B68228E89A0EFFF2331882FE420C5B9C5458E1C114A4C69B55A56580
                        SHA-512:146E90999FCD90D7224C6DED9FB734152B624452F61CAA25930C20D1738A8735FE89730C129FEAEF2C1573466E7AF26897849D18C41128DEEC19C391BAAA07AF
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,.....`..g......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I/ZL.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZU.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V/ZU.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V/ZU............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZV......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............*0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:42 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2681
                        Entropy (8bit):3.9896949182199406
                        Encrypted:false
                        SSDEEP:
                        MD5:E73838EB84322DE79E70611A88DD84A9
                        SHA1:D1D75AC081C8E6FC38C3A3A58FB144CA67F184A9
                        SHA-256:4DCE9D710C0D4D6E527B75B23FC956EA1862A07AD1233BA8C53F00D9674051E4
                        SHA-512:5B6B3A5FA436F17A1A7A81350BE32ADE86C5CCCEC519862A03986DB50A43EA2A3338979D3E53DA889CE143A103B4C6DBC1411B1541A750A055965C939F250EA2
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,...../...g......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I/ZL.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZU.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V/ZU.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V/ZU............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZV......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............*0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58144
                        Category:downloaded
                        Size (bytes):13623
                        Entropy (8bit):7.982345482870034
                        Encrypted:false
                        SSDEEP:
                        MD5:80645EC96EFAEE4E97EFFEAA22C552E3
                        SHA1:AC4C15EC431AC8436A9A83E4B7F1BB6EBA38AD89
                        SHA-256:C7B6CB863CE60101E181E0255F05372E48B16361C1B9D3FA0927F2F24F032DF1
                        SHA-512:6C473649110F913E1E2665DCFF1D9CEA6D84A479DC7334FB695B4A56931CEA5675349EA8F84F008AF74E0692879F932FCB06FE9BB2D7FEE5D08FD53C6443B2FA
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/b4d35a7b-802a-4694-a64d-d2582b2259ea/en.js
                        Preview:...........}.$.u.$I@K...,...}......%.Q.QU........!.,wl..l. `..%?..`.. ...../....%"3.*32.f-X.b.+...s..'.g...2;........~,.T~......I.Ga,B...X.$u.(....O........y.?te.D..F.$.CIx.v...Q..N.9.L.d......YEy..a&.P.`......]..Qfq &....2"~#.....pc?..p.......Y...=:!.t"...:Wi B.r.(..%..B...}.g.s..1v..~"2.Z....l.B?.Dh..P...Y..h.s,.q..v..f9..A{....5v.>C&...y.&(....<u..A.22...QK.?.".X,.;.j.LB.B;.a.2...3...0b.<..v...R.-./T....g.....1Vk.>.........}.....q..t.....9..ZF....a../.6..T...@x2.[.y...`...+$..<y..:.".....<...i<.T..'...nC.z....W.B....*..d.......W..E..8.M{.....u..O-...".g~:w...@`.Y..~....?......../7.....?.>.O ........K.;^.U,....W...#m.'.SO.f....(.<.R...R".t..'......:.~..Ej..7...].x..y..q.O.....p...O(@.X.7.K?{.r.........}..."?.Wp...=v.3.'s...}5} v...On4I.";.U-....IO....q,....tr.........C.9J..#..B9K.\.d.W56...B.......=i..'...X:.2..3.35..(n.k...o..U..Ox.....y.Mr....X.............l_..,.N?..Q.Ye.).S...n..+....sz[...2N.j..d..?S.R.....l.EK>c
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (2343)
                        Category:downloaded
                        Size (bytes):52916
                        Entropy (8bit):5.51283890397623
                        Encrypted:false
                        SSDEEP:
                        MD5:575B5480531DA4D14E7453E2016FE0BC
                        SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                        SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                        SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                        Malicious:false
                        Reputation:unknown
                        URL:https://www.google-analytics.com/analytics.js
                        Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (1305)
                        Category:dropped
                        Size (bytes):46274
                        Entropy (8bit):5.48786904450865
                        Encrypted:false
                        SSDEEP:
                        MD5:E9372F0EBBCF71F851E3D321EF2A8E5A
                        SHA1:2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
                        SHA-256:1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
                        SHA-512:C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
                        Malicious:false
                        Reputation:unknown
                        Preview:(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/\(/g,"%28").replace(/\)/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (821), with no line terminators
                        Category:downloaded
                        Size (bytes):821
                        Entropy (8bit):4.928988316591256
                        Encrypted:false
                        SSDEEP:
                        MD5:1E3905F5023861EB1288AE33B170141C
                        SHA1:7436128DB1D269DED8397D5B02A22B62FD5E2C10
                        SHA-256:420BE7CE8B8002392E4D6A030229150F54A1AA22A56E52CAD6DF56EE1CB23B42
                        SHA-512:CF362890ACFDF69F3DA261E29885AB42A6738B9B20ACCFEF146CC2DEF552609B6E382148725C784817D31BE33A03E5EC6290C6FAA24E7373E1F1D694CA15F6AB
                        Malicious:false
                        Reputation:unknown
                        URL:https://app.marq.com/css/apps/press/viewer/loading.css
                        Preview:.loading-svg{width:0;height:0}.loading-dots{width:120px;height:20px;position:relative}.loading-dots div{background:#a5abb4;width:20px;height:20px;border-radius:50%;-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0);position:absolute;left:0;-webkit-animation:slide 2s infinite ease;animation:slide 2s infinite ease}@-webkit-keyframes slide{5%,95%{-webkit-transform:translateX(0);transform:translateX(0)}45%,55%{-webkit-transform:translateX(100px);transform:translateX(100px)}}@keyframes slide{5%,95%{-webkit-transform:translateX(0);transform:translateX(0)}45%,55%{-webkit-transform:translateX(100px);transform:translateX(100px)}}.loading-dots div:nth-child(2){-webkit-animation-delay:.15s;animation-delay:.15s}.loading-dots div:nth-child(3){-webkit-animation-delay:.3s;animation-delay:.3s}
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 301175
                        Category:dropped
                        Size (bytes):93211
                        Entropy (8bit):7.99719837734357
                        Encrypted:true
                        SSDEEP:
                        MD5:36112B327CC80CADA0143492D7D6F4B0
                        SHA1:054628F42BFF19CC2A13AFDA0863143A6C9C1728
                        SHA-256:D4275B611919B91BFB62574C419085046612F189132A63C7784BFE63BC32942E
                        SHA-512:5A0E66731FEED74A24F609FC66D5DADEECB95B70B14431AFB72F0317B72ABD107B20C7FF21B6B8FAF83765999BC0E87554D66B9A07E6661C810FD526FB8A9338
                        Malicious:false
                        Reputation:unknown
                        Preview:............{..8.._....@\R.....!>..4n.&W.MZ.IA.$!..E@...}.........w.|...E.......m.o..L..-Y.=8..2.J'...M..[..&.E...dq2O.$v.2s..7.d.....;....^......:.......)..'.[..n..|.../.b\....HVs........-!...|`67E.*.m.3.E..(Z.C.g.t.........2,..!......p...d.6y.bk.......=[...3Q.....i..I{F.EP.L..I....f..(-3,.y.m.p...HJ..3.5^.l.*.i.......U...}..^..Z+A...0.z.$..j.......t..(..m.m.d........-.a..7.e....5...Us0K.f..s<Ma....e..P.l..H=>.t... .Y..w.6..=.+.P...U......%..m.$.....[I..e.&.*.J........m.>...U.F.+.......7..wi\.Yv..2I..r...?.,Y./.aV..}7.......d.f....Fs..*)[e..I.+...Z..U.....D.......[..z.[..a..h...96..w.V.V......'}.0..`......<......NXE.....M.....H.U....q...X."H.%H...2...#..*..]...X...|3....d.}.)Nq.S....Z.!>+`..k...[#.J.....v1s.....x......^......P.\U.M... .pJ.w.!....M{CV.Uo.1......0t.......^qz...G.....P0r3...........|.U..9=.6rk..Vy...e.A......L....I,.=~..`.........\/8.0...Ne./.5.....U...I$...i...%.,...E.g7'.7[@..[H|..~'..H......9...n.n...ZBNe..e-Y..~.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:very short file (no magic)
                        Category:downloaded
                        Size (bytes):1
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:
                        MD5:68B329DA9893E34099C7D8AD5CB9C940
                        SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                        SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                        SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                        Malicious:false
                        Reputation:unknown
                        URL:https://slvraircomfort.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VGpWVlVqaz0mdWlkPVVTRVIwODAxMjAyNVUwNDAxMDgwNg==N0123N
                        Preview:.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 13909
                        Category:downloaded
                        Size (bytes):5362
                        Entropy (8bit):7.967745462012116
                        Encrypted:false
                        SSDEEP:
                        MD5:FF8D9B8D9CD9DCEEF7B14D8B6515EE60
                        SHA1:2C669AEC35BB9F751DC66BD1F3A7926BF60B3388
                        SHA-256:BFE09B27A2B52B6C0EB7A7628BE324B7D8FADE845EEAB2AB0A73769CB721BAA1
                        SHA-512:6F99911AC3A47EEEA2D675EAEC0D2FAC485352C8FB221C96D69CBC8ACAB64BDA3B0FC91DEBBD7D20FBC81BCDE9E6DC58CBD765724FD4E5E666FF2A6AD37868AF
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/b4d35a7b-802a-4694-a64d-d2582b2259ea/fonts.js
                        Preview:...........[..Wv..+.oe.3.;...^x%......).OR..U.b6.A..873.....m....d...p..8G_.{u...w.../..o_..O...^...w....?........O/O_.}{^n....n..}x:M....w...|zY.$.<=/..W?........i...........y..oN/c....><>.g....7.&.....n.^.....tz}...}J...o......9.p.[x.B...s......y~...._..OO.9......>>.q.|../b.......y.}.......n.....|.y:}.......p....=>.i..s.8..I..C...z\..&....w..:.5..?.>.)..LshS...Tpg.x6y..{..../......w.F.N/...n..g.....^..:.2y.+...+i..........q..1..'.'..W\.8..0l..G..&...ac..yXqOlS,zk.\.1L5M!L5O.-...s>MX/.+..gL7...*>R..qp.......W....C.iJ.n..k.....)..._'.e...}...p.....~....4..W..:O...8o.................:.e.2.nxO.......Xh.3.P...hO..&hVUwc.h8.,g.23o..}....".pa`?)....1...0<...V...a..9....a..:.#..k.....u.gEg.}...s?9.2..-..n...q....L.u.-...F?.\2..9...t..N...{...k..7.O..l.5....7c......e..9=[..i......r,..j;T.y.U..$/......hJ......N.f.2].{,._......G.d.3-........AA..E...t.BoQ.j....F...e3=.'...........d..5N....u..C.(....7......mrnx...K.(\d|......)..Y..Fc..m7c..&..pshc.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:PNG image data, 3024 x 1700, 8-bit/color RGBA, non-interlaced
                        Category:downloaded
                        Size (bytes):89473
                        Entropy (8bit):7.128180612788688
                        Encrypted:false
                        SSDEEP:
                        MD5:69E057BB9FA0B50BCDBEF8370B63C915
                        SHA1:0C6D112AE6E383DFC85274B28D2DCE26504D6390
                        SHA-256:642F084D89860B0AC1570BAE32B87C5DCB2F1652CBF50F8C02D0B310AEFF1D89
                        SHA-512:7427C96E987CB7A716C9EDCFF7229F977DA9D7E07564A299C2349363C7A756ABED2C51AF0D401E1194B1EB8B3B9C3A4E2A48E48C4DD1540156CE261A090F924F
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/b4d35a7b-802a-4694-a64d-d2582b2259ea/F518497E9BF8BED878BDC09CD56C458A-3024
                        Preview:.PNG........IHDR....................7iCCPicc..H..W.XS...[.... t).7ADJ.)!...`#$.B.1.T.eQ....l.b.."v..}........&.t.W.w.o...?g.s..e....I$..&.y.Bi\h stJ*....@.$..*._ a..D.h.......U'..?...i...|........<....W.%.B..r.rR.D.a.:R. ...8S.+.8]..*|..8....F...h\.<....54z!v..Db..L........Al.}$...Y.?.d.M3}P......(L-HT ..M.?..-/W6...6j.4,N>gX..9..rL..G.....6..D..?.(%K....G....X3.........1.!..H...!..B.W.:YT.M.......x..&i~.*.Z.!.U.9.T.W..,'.....%..1..d.).[.... .. '>B.3.8..5.#....8N(..T.cE..8..i^..|.MY"n.../.J.S..k.....`..bv..`t..\..`..gBqb.J.00N9..HrcT...07T.[@.VP....'......3$.1..<..l^x.2.|)......@.[:...@..S....=!... ............c<(..B$.......BP........2..E..9...y ...k.b.x0Z.x...?..`..|sa...{~...!..bd.....Ob01..F.!..F...G.c.l.8.....w...B;.!.:..pk.h...,G.N....E....m..;...Bu....F..w.q.?...Y.*oyU.?i.m.?..........d..Gj8h....k.c}.....3..s|.....s......v.;...b...5a.X+vL..W.c.......'....o...+Y.R....E.W(.,.G.N.d.T..U.d./.....2]]\...._...7.............M...G.s.M........~:
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3127
                        Category:downloaded
                        Size (bytes):1180
                        Entropy (8bit):7.846276337783843
                        Encrypted:false
                        SSDEEP:
                        MD5:ACEFF3D1C8B73505B46F6DB1B38713B9
                        SHA1:7E2C4D835FEA790F9F1EAEE910D8CDF4382F0BC9
                        SHA-256:01E93C81945157BFD1516A64E39FCB1365FF8FB4B7BCD90D38B33F93A07FDF6C
                        SHA-512:FB3270AB1C299EFDE3BBC2F7DC8BECBD88F45985774718AA56A27701381465EE20F3308C48287CF7C54997BAB68D04EADEBD7D14B8BE31D231F9691E72BDE462
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/b4d35a7b-802a-4694-a64d-d2582b2259ea/stackblur.js
                        Preview:...........V.n.F.}.W.) .....&p.<.....C.C..,E..%..d..wvfT.A..AP..[...3.H..M&.....k..0..V...?tj....{....z......_....n...j.K.....]Oo.YQ....'...1...N..w...a.I.C[....yf..C..L.).Z.<`.9.G...Lz....v..>[+y.al..2t..}nB.vQfC..M.^..w.]V6.^|..Y.\.k.....e.!.'.....A...O.R.aqj.N.`U+-.f(...(D-.....ekV.....jl.O..pG..Z.S...b%............q..}6.nwhKc;.=S.....=..q....?=7....o...F...1.s..9.rB....MB..]..6....>.F.......ub.j..K.P3....$T;....!.o..3.".....]..x6.....`...0&".Cd...%>...X........~@D.....G...........DL.....#....B|X.O./..c..q....q.1.........M.$..r....zD..`.G..q..'a...)f.b.+!.M.!o.....a........gM#....^...8.....(..D(v`.....M.E6..b...C&....y...lJ....M.dP.&Ed..'.<6,.....Y..%.....D1...k...M...........h....p.I.......Z.R%...N...a...(.QD....G..M.O8.#~d..ox?}.?cL~P.UZ..j-./.....,...#.;.V>.G.1.\q..:..D.. ^R}!g.I.e.fp!.2.a..2)..3^dn...8wx...../.m...8.6.]...1W..I..{5~O...p..y'k.9.M..|.%oge........4.R..P..D..n%..0N....:3.K.+.x.0*..*.33.,.q..9..\.R..........R.z..1.%.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3322
                        Category:dropped
                        Size (bytes):1425
                        Entropy (8bit):7.869700643963619
                        Encrypted:false
                        SSDEEP:
                        MD5:FD7D80CB7B8CC4451BF1090C37D5BC9A
                        SHA1:9EDA32F2212B9C01BCE9422517048056F4576B44
                        SHA-256:22635A30CA729DBFED8F407348E893768FFD68E8745C0C9E56E9096A06A9D982
                        SHA-512:FAC9A401CE9F73FBEB555651065CA37274AE5446ED400CFAA95FB16D5CC3678339D8BFEFB29A90204C2BD5673F708A1361FBD7B71B437A033363C6D730DE0E6A
                        Malicious:false
                        Reputation:unknown
                        Preview:...........V[s.6.~...)A..x..Xv.....tg.G..HB.1...$...#.6......;G.~.g.e".(ML..b.`I..Y..u&...3..:.>.u...:.g.UN..Z..).....5(LF.f(.&......(.0,....,..4...a.E.a..eQ..@.Gf%.V.......7..a.......Gz.R....ro....^..rS7......&r7(.W.Y..i.I{+...M...t9.A.U.4.H/.M..R..Ra.I..C*..u,.>V&P\....O..<.o..!.....t.O.[..3K.%[J..]k7MY_.#y.<S....a.....0..v......K...................q..i.(z\{7gr.J>..uy"..D.=..B.....0.S...w7...p..5[....'p.i.aE!......#...9.{[.D(......'....p....{B..41..]..JA...X\j}......a..F.eR ..6.J.....+.J|G..&..jv....s,.Z....Gx..v.~Nw2..m.....U.>..k_."!.c.;..P?D6..d..k.mh..3.[[2...l..6...g....<.......^.......$.c.,..',K.dMCUd2..s..L......$...).T:...3....{d.|,.(Y......n..XA.T.x|..E..hq..d_n._yZf.7.. .A8....:.......!J......@.Q"8..$.`...$g...x....^`c...a...9v..oez........~...X....7.w...o.T......<..z......=...n...@....Gk..`....-<..IU..~..8.q=>.].q..^..dA..T9.MM.=.8......!$..s..v.F$..|.`..=.g.pf.E`...%....MT.<k.-..J!#m0rU..}.Y...e......h.....5..X.`...[#.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 52366
                        Category:dropped
                        Size (bytes):20357
                        Entropy (8bit):7.989892637251917
                        Encrypted:false
                        SSDEEP:
                        MD5:293233758C8D9686A755C155C1DD6915
                        SHA1:513C46A75C9463283584CA374B3953CB4B4EA0E3
                        SHA-256:1D2624B780411A5BB7FD8153EC3606120CC94796B64D74A17A809404B788553E
                        SHA-512:E978747F2B11A85F2FBC54245331BF5E0CF1276CB1BB3E15EFC35CC6C3D2819C5D5E8DC8D70A907608A7CDDEBDDD2F76C6F595D2BFFF04B78683A5E42B7BE62A
                        Malicious:false
                        Reputation:unknown
                        Preview:...........g.H.6.W&.|T...D.q....766.Bx+......6..{w{fg..U.S).$.m........8]^}...k^....&.K..w(B..eX..._;..i..~....W..w_..`..$.E.......[&..oc,..2G."....._.K..#b*.....[.d.oc...P.F..%..s.:..w. $.....?..wqs,.t.n?x{y-M...Z.j~SL}.....,..5...7V...o.u..#N.:|&.?........]Z.....|+..4t.7...o.4................o.._.o..$B~....Cq........H.._o..b$.Q,...!p8.2$....f`L0h.7.S.m..Z>.~..v.`.k...&.$..S.e...K....i...'0..S|..Q...n...C.s.....o..do.....9.I..&.g....C..s.......o..lC...l.N..c.4.N..'I.a..%.."..H..(.@1.!(.....D..oa."a..p.&....oq.g..!i.!.?5....../Y......F.0MS8...Gc....E).\-..`..p...........b/S_.?F..u..]?........../?.E.,..;.z....m<..m.i.m...Q4..9.|.g).-...R.$...P.%3.A..J.n...}s|\....G..^!.....+..W../_..A.qA.^......S.N..>%g...."n.......^.?X.^..P4.......1....|_...s.....P.........X.$......X.}..;.L....5...p..Mmz.cy....]..C..M....?....a.....Y>3...i.....k.. ....g...j...|.O._.`.~z=_....q....Q.........._OOb0...@h....z...OS...`.........../8..:..}........./$..&..76L.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (5960)
                        Category:dropped
                        Size (bytes):290427
                        Entropy (8bit):5.587956499820691
                        Encrypted:false
                        SSDEEP:
                        MD5:CA85F4600258DEDBA1EABF8A64494FA4
                        SHA1:22BCCE8D33E3BC4FA4BD6238F8B6BAF4E42BDB98
                        SHA-256:15A0EC3AED0AE35FC82D550DBABDE1ADB6401847B996DA0C1BAA4178D2126D65
                        SHA-512:656550E8B8A2B92503CF95A5A692942FE9C100D0837873E7E6471A8E1935C3751A3E846718A0C0960257208F554575E0C687FFDB41CC2DB96841BD6BC1EDC866
                        Malicious:false
                        Reputation:unknown
                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":10},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","lucidpress\\.com"],"tag_id":12},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECT
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (5960)
                        Category:downloaded
                        Size (bytes):290437
                        Entropy (8bit):5.588132565393743
                        Encrypted:false
                        SSDEEP:
                        MD5:F081C300E369EC01E30F50972C706AFC
                        SHA1:B93D957FC01943BA1C96536F2393A44177DC90C7
                        SHA-256:2FAC01A760D124F4B9B891655FAF3AA2482AFD32400EEB1664C3EFEB4C5343D1
                        SHA-512:3C74D0DCD445EE2A11A0FA18C14A2AB9A9F2CA8BFAAF38DF3D587F89EAA21DEF88169082C0FA6C7FC180FC0EDCBCB9110D661F2B825E5A93A06BB2A6936DA11B
                        Malicious:false
                        Reputation:unknown
                        URL:https://www.googletagmanager.com/gtag/js?id=G-3SKTR3WGB4&cx=c&_slc=1
                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":10},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","lucidpress\\.com"],"tag_id":12},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECT
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 429880
                        Category:downloaded
                        Size (bytes):64615
                        Entropy (8bit):7.9952759513139995
                        Encrypted:true
                        SSDEEP:
                        MD5:ACDE650545ADD62208AD57544090E972
                        SHA1:72A91DE71DB9035D31FC563CA1BAE9C10A36188F
                        SHA-256:F95FC0636DB444426B89B7D5391B2EFE7A9E79FFE0A922DA0AAD9BB47C98C7CA
                        SHA-512:075AA6AA4E9B2AE7CCF52EA7A9E5A83F538CA050E0B246C90FA09158BE81AEA757D64EE5708EBC6188F51407FB55B922AF5CAAA85DB6791CD0926B58F4692BC8
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/b4d35a7b-802a-4694-a64d-d2582b2259ea/style.css
                        Preview:............w..0.W...4.&.${u..M.....v...(...P.JR............$.$AYv...-...`f0.....I.....2...UVg...L.....lY.O=..].-.....o...8.4........ju.(.eZ....IU..r.`..Oi.U..l_.z..&....(...(eUlk........f...I^TiG[.@..uzVf.....u.#..)Nt#...?Z...MV.*...l{~J.B)g.T..#..:.....:...8...I....,...*..8...KDM.!T..EZ.Y....j.Y./+T...i.."-1.N.....-SEz...Ur8]...L..D1j......}(.m....k"...b.n..j;P....R.e.DZPa.0..y..O.*~Gf...eV....i..4,."y..(%.....:..].....w....0.zI.M.G.i......d...(..r4l..q:...Z]z.0..x....e.E.-....;..:M....-.m'#...$......-i...{.m........1.. J.'. ...i.V`h.....0.....M0.,U..&.t.>..UM.S...F9d...Gwm...H...'..s..$.f.k<..%...0<#.F..v..F./.\.....]la.....0{..UVA{.Uj..R..z.m[.+..@A....kO.......6..5r...Tm..L...0j..f6..Za*a.....2].Y....L.~T..&.ZS..M1.q%.*kdJKv...,.7.N.x.F...i.....[.......r...!..T..<u......F/J..p..i..C..Y .?.`. .....V......Z.,H.gfd.A.P..A.o.w....E.vb/..h......S..A...*++..u./i.B]......,.s.".4.\...N{@....53.G2(8..q......S.(.......c..!N.Y.q...J..n
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1704906
                        Category:downloaded
                        Size (bytes):482396
                        Entropy (8bit):7.999096717935178
                        Encrypted:true
                        SSDEEP:
                        MD5:7755B68460A0689906B9F382381FD066
                        SHA1:981B3C98480E6D215076EFFDE550C201220DFDBC
                        SHA-256:30A17C4C5BB1F77CA14EBEDB42CEF932C24D7A70A0ADF6E82C33E74966685817
                        SHA-512:73DA13B82646AAFB0740754774BAEF039397B84E091188212CC5312A3C7DA18FF18477BC0CE809241BAD6CB2DB0A35F985454E432FC77A9AABFAD05756507EBA
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/b4d35a7b-802a-4694-a64d-d2582b2259ea/viewer.js
                        Preview:............{..8.0.?."....&n.........e)t).l.>.-'!Gr.a.<.....m.t.......ei$.F...ht...y+[M..`:...|.\..8...|..O**..\...........7...9..x.u.j..n...z.>...,..$/..W3>.*..<Y.R..&.d>...r......n...0.....h.>gW..|.."..H..ub [.Z..n.....l.g.!!4...M..ioo4...S....6.!..9/..tz..-~...|.mo...7.Y..me.....U..b...{..t$..I.-.Q..U....?.^T..s.....d...nSYWE6!h..b.@......I....?.XS6..X.j..h.....S.O..n.N..V......R.|^.@S. .s6..J...k..1E....Y..G....x+J..'..h+.......F.:.N.Ao5g..I1.....YPk....{.G...8.....Yp.{......V..l..H.@._T>..I..X..xf.h.b9_%...."...$..u.L....9.>P...U...M!......,..V....o...{.|...3.`w.}....d.Fb&Lm9=]...^T....uK..b.k ..........A.[+.D.b...|..y.h..Q<}....#6..Tgk<6..3$?.3....h.....S.\.0..&.b5..E.).~'.$.n..qj:.}..-.j...(.J.......q..nN...<XkV.8..KVw=..&0B..Bw.....t.Cl..o5..<5....s.lo.+.t.k....pS.S-U..%mm...4..vR..P..i....c`[......\....j..c.P.@..A.d..mKZ..].....[..ul.=b6...!T.c.{...-..D....T$*......]...k......E.k../..r~uM/..3j..YD9[T8..XK..u.I.{....k..zm..8...4.%.J.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:XML 1.0 document, ASCII text
                        Category:downloaded
                        Size (bytes):243
                        Entropy (8bit):5.490269030021324
                        Encrypted:false
                        SSDEEP:
                        MD5:9A191A9D0F07C113BF330B131E05923C
                        SHA1:BAFAFED908EF1ED1AE1E3F10EF0D0E040231EFE0
                        SHA-256:E154842C755B805732E5253581FDAC280C542281FE3C02FE889A29C2A5936AC5
                        SHA-512:5BB0B6A7FB684235596040155FADF8190872132D57AEDDCA39351DD19554FCA8FE7D6FBE4C923B0F4BDF69B29CBA914BD3A7ED9115B38524CF7D9CEDBCFDC6A4
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/favicon.ico
                        Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EEZZ49FN0R467FYS</RequestId><HostId>NxU8Gz46OuPaWPW2rmeF1FiqOMGDNmkksAsetB4ihDrG18r8LM76UxHXC2+43DMWqeadA4r9a2s=</HostId></Error>
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:TrueType Font data, 13 tables, 1st "GDEF", 17 names, Microsoft, language 0x409
                        Category:downloaded
                        Size (bytes):158240
                        Entropy (8bit):6.749916892166723
                        Encrypted:false
                        SSDEEP:
                        MD5:093EE89BE9EDE30383F39A899C485A82
                        SHA1:FDD3002E7D814EE47C1C1B8487C72C6BBB3A2D00
                        SHA-256:707FDC5C8BAB57A90061C6A8ED7B70D5FFB82FC810E994E79F90BACE890C255A
                        SHA-512:4BE480DF0B639750483EB09229B4EDCFDCD16141EB95D92A3F28A13BF737146D7CC5DB6AD03A5CDE258F71B589E5310B6D9BC1563AC7B1D40408EEA236D96F4B
                        Malicious:false
                        Reputation:unknown
                        URL:https://cdn-cashy-static-assets.marq.com/app/webroot/css/css-common/fonts/poppins/Poppins-Regular.ttf
                        Preview:...........PGDEF.......X...@GPOS.G!...#(....GSUB.'....Y...&tOS/2..w........`cmap5.;.........glyfQ..........head..$a... ...6hhea.u. .......$hmtxf..1........loca.#.....T...Hmaxp...,....... name............post:.h...7..."......#.....v.............d...............d.....n..................."...........S_.<..................6........)..................................."."...y.z...}.}.........\._...g.l...s.s.....S.........X...K...X...^.2.H............................ITFO...........d.o.s ........$..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7470
                        Category:downloaded
                        Size (bytes):2441
                        Entropy (8bit):7.909540748188688
                        Encrypted:false
                        SSDEEP:
                        MD5:7284F4E0358C3E34F12006700AEF59D9
                        SHA1:74AC0FF418E8D0FF9BC37DFE98075B209C124963
                        SHA-256:943409287C5D7020886B3208A38312743D3DD8F4F03208331264CBC5DC1010F6
                        SHA-512:5B5AE9949E861DA1B5C4B762FC7D3ADD4C60420712E2A86C642E581F3980AF7408B9F15CC07E2C6F82A5A0A303227C2271BE6057CE63D7CBDF99F255523EC28C
                        Malicious:false
                        Reputation:unknown
                        URL:https://pub.marq.com/f459f366-29c1-4795-9b3e-a3c3f6e24fda/
                        Preview:............ks.6.~..fB."....%g.G3.i.L.....y@..`.....u....DI...u......v..}/..._.....?>. ..&..a}c4...:a........K...f.%o.I.E.L..B..Q."'C.D....M.d..Rz.05aL[d".xd..A..H...do@.......Dn48<.....)....B.,.9z>.s/..7/...(8..\2x.q6g.G.f...._A2.4.Y\.S..&z.........0O...,.so.#.uB% ...`._B^t.dMM.pW..\.g.....?I..O.......;....LS.....E ..H(2.2=.2."g..........9..d.....k^z$..O..U!M........*....0....&n.-..V.07.......eHs.mp.`j7T....X6..V..$4..TV.^...'..P.,.,<..EK...........i.w..O...`..t?......8....i..yy..E...p]2.!........E9.~.#F..b..0.O4......Dd..|.s.3..A.C.9.."b..........B..`,.3..<..3"....%.3.5.E!6...|.j.FF.........].x.PiUR.a.....F.3..D.0.d.Ks..Ab...k....D....c.:..G.........U....}.`.qs...su....U...h..zb.3c#.....GO....@....=...a3..c4Y...........>...E..#..C..(b..%.C..QI..@...F"J...jl...............}.....nI...t!.*....Y..i.`..y.......t.|Fg<.ZH.C.e...N~.....;.^....S.t=..zj.6U...`&..^.dT.w.....V.KQ.A(.g,.&.U.u..J..yN#?.z.)...K^.Bn`o.4..&..^z..;.x.M.......m.....Z
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (358)
                        Category:downloaded
                        Size (bytes):11816
                        Entropy (8bit):5.037139572888145
                        Encrypted:false
                        SSDEEP:
                        MD5:A8063BD37D3C8FB3176A6BF140558A4D
                        SHA1:E32CF4B407DB3D3773DED13FF64B70FDBAD7735F
                        SHA-256:BCCB23D41C2CC69CF0C7D22C4314CA8181A513C6999B73E45307792830F4E482
                        SHA-512:82D749F6B17B21587FB345CA196A2AA83ECA80AD66ED9C1AB88B36709BED14175D53AFEFE9ACC0DAFC4FAD78FFB8DF155193A6829BC857AD6D68B1C84AF7B854
                        Malicious:false
                        Reputation:unknown
                        URL:https://slvraircomfort.com/favicon.ico
                        Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>404 - PAGE NOT FOUND</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid404 #gatorbottom{position:relative;left:39px;float:left;}. #
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (912), with no line terminators
                        Category:downloaded
                        Size (bytes):912
                        Entropy (8bit):4.870708269087067
                        Encrypted:false
                        SSDEEP:
                        MD5:6BB741A257193BC93135061153E7EAFA
                        SHA1:08475903411B0A05671348677FD440A81EA2C8F3
                        SHA-256:97F73F9EC67FE0A2304EC48B51B1B23822D714E4B2B4069EA6D23890A0A6568C
                        SHA-512:F4B111BF1CFBCC9CBD6A7A345F7FFD76BA0FE244C0F6ACD1818AE07ED33183161B7195DF186FF100CE9255CAEA893FA8212303A0CBDB6DEBB7CBD9431C5A741F
                        Malicious:false
                        Reputation:unknown
                        URL:https://app.marq.com/css/apps/press/viewer/app-banner.css
                        Preview:.app-banner{position:absolute;top:0;left:0;right:0;width:auto;height:64px;padding:10px;background:#f2f2f2;border-bottom:#ccc solid 1px}.app-banner-close{position:absolute;display:block;top:0;left:0;bottom:0;width:30px;height:auto;margin:0;padding:0;border:none;-webkit-appearance:none;font-size:20px;text-align:center;line-height:84px;color:#2c323a}.app-banner-icon{position:absolute;left:30px}.app-banner-info{position:absolute;left:104px;font-size:12px;line-height:16px;color:#999;padding-top:8px}.app-banner-info strong{font-weight:400;font-size:14px;color:#000}.app-banner-info em{font-style:normal;color:#333}.app-banner-actions{float:right}.app-banner-action{float:left;height:48px;margin-top:8px;margin-left:10px;line-height:48px;padding:0 16px;background:#f8f8f8;border:1px solid rgba(0,0,0,.1);border-radius:6px;color:#da005a;font-size:18px;text-transform:uppercase}.app-banner-action:active{opacity:.5}
                        No static file info