Edit tour

Windows Analysis Report
https://www.wjx.cn/vm/h4qfUbg.aspx

Overview

General Information

Sample URL:	https://www.wjx.cn/vm/h4qfUbg.aspx
Analysis ID:	1417132

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wjx.cn/vm/h4qfUbg.aspx MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,6617503017148607142,9164832695687996193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.wjx.cn/vm/h4qfUbg.aspx	HTTP Parser: No favicon
Source: https://www.wjx.cn/vm/h4qfUbg.aspx	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90

Source: unknown

DNS traffic detected: queries for: www.wjx.cn

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/36@32/221

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wjx.cn/vm/h4qfUbg.aspx
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,6617503017148607142,9164832695687996193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,6617503017148607142,9164832695687996193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.wjx.cn/vm/h4qfUbg.aspx	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
nvkfkpsp2pyh1bj9bwcv79lsm66x0l1t.aliyundunwaf.com	0%	Virustotal	Browse
pubnew.paperol.cn.w.kunlungr.com	0%	Virustotal	Browse
usercsscdn.wjx.com.w.kunlungr.com	0%	Virustotal	Browse
pubnew.paperol.cn	0%	Virustotal	Browse
image.wjx.cn.w.cdngslb.com	0%	Virustotal	Browse
usercsscdn.wjx.com	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
sojump.cn-hangzhou.log.aliyuncs.com	121.199.107.25	true	false		high
usercsscdn.wjx.com.w.kunlungr.com	8.25.82.243	true	false	0%, Virustotal, Browse	unknown
pubnew.paperol.cn.w.kunlungr.com	8.25.82.239	true	false	0%, Virustotal, Browse	unknown
image.wjx.cn.w.cdngslb.com	47.246.23.227	true	false	0%, Virustotal, Browse	unknown
g.alicdn.com.danuoyi.alicdn.com	8.45.52.140	true	false		high
vip-chinanet.ynuf.aliapp.org	124.239.14.253	true	false		unknown
www.google.com	142.251.167.105	true	false		high
vip.cfc.aliyuncs.com	59.82.132.149	true	false		high
nvkfkpsp2pyh1bj9bwcv79lsm66x0l1t.aliyundunwaf.com	101.37.42.250	true	false	0%, Virustotal, Browse	unknown
www.wjx.cn	unknown	unknown	false		high
cf.aliyun.com	unknown	unknown	false		high
pubnew.paperol.cn	unknown	unknown	false	0%, Virustotal, Browse	unknown
g.alicdn.com	unknown	unknown	false		high
image.wjx.cn	unknown	unknown	false		high
usercsscdn.wjx.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
ynuf.aliapp.org	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.wjx.cn/vm/h4qfUbg.aspx	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
8.25.82.239	pubnew.paperol.cn.w.kunlungr.com	United States	14112	NET-SECURENET-MTLCA	false
142.251.163.139	unknown	United States	15169	GOOGLEUS	false
8.25.82.249	unknown	United States	14112	NET-SECURENET-MTLCA	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
101.37.42.250	nvkfkpsp2pyh1bj9bwcv79lsm66x0l1t.aliyundunwaf.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
142.251.167.105	www.google.com	United States	15169	GOOGLEUS	false
142.251.111.94	unknown	United States	15169	GOOGLEUS	false
8.25.82.243	usercsscdn.wjx.com.w.kunlungr.com	United States	14112	NET-SECURENET-MTLCA	false
172.253.122.95	unknown	United States	15169	GOOGLEUS	false
172.253.122.94	unknown	United States	15169	GOOGLEUS	false
142.251.16.139	unknown	United States	15169	GOOGLEUS	false
124.239.14.252	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
124.239.14.253	vip-chinanet.ynuf.aliapp.org	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
8.45.52.140	g.alicdn.com.danuoyi.alicdn.com	United States	17639	CONVERGE-ASConvergeICTSolutionsIncPH	false
59.82.132.149	vip.cfc.aliyuncs.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
121.199.107.25	sojump.cn-hangzhou.log.aliyuncs.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
47.246.23.232	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
47.246.23.227	image.wjx.cn.w.cdngslb.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
142.251.163.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417132
Start date and time:	2024-03-28 16:36:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.wjx.cn/vm/h4qfUbg.aspx
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/36@32/221

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.111.94, 142.251.163.84, 142.251.163.139, 142.251.163.138, 142.251.163.100, 142.251.163.102, 142.251.163.113, 142.251.163.101, 34.104.35.123, 172.253.122.95, 142.251.111.95, 142.251.167.95, 172.253.115.95, 172.253.63.95, 142.251.16.95, 142.251.163.95, 172.253.62.95, 142.250.31.95
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 14:36:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9877452150724086
Encrypted:	false
SSDEEP:
MD5:	B145B62EB4D89E5D3F32A78B7064646A
SHA1:	398B36F6C629F70C9960392C4CD889AF3678438C
SHA-256:	CFC4ADAC59C8B110F3B7E37C8670F5A5B6D6C7AA230CA26301A0ED82C5E88064
SHA-512:	24963C03826800549E82FD521CB4715BA561E9E8D46F8A55C9B9155A4E2BFF4B26F1B37DCCE0626A0914D34147F697BF6DBD88D26615E4A2049ACF2A6FF24748
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....S..%...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 14:36:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0035831759266065
Encrypted:	false
SSDEEP:
MD5:	6A390007A844EE4B7AE1EEC3220B7A97
SHA1:	C6EDFB3609D3AB8DA33DFABA261384923595A210
SHA-256:	D136FCE5BF63D155DF50B7812069EB1A953523403CD154B34B5A9D316824A780
SHA-512:	CDE9EC6EF9587C790F8EEB8E944A490D6E2CBB35C1C48069272CB0BC7DBF0353CC7865EE1D6763537DEDC3E1BF992BE7037100DE173FC4ED565B2D0409673E29
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....,E..%...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011489751604107
Encrypted:	false
SSDEEP:
MD5:	86580D47EFF758DFCEB24E446A4C32DB
SHA1:	62653F47888EF4C12451E9E0549EF88B23419B46
SHA-256:	5920779E9D2DFB3CCE68723886239D01900AAF8B6869458D1CCF5550AE0A7BE3
SHA-512:	CF5407BA872E50EF17AC8CF5A1A01FA04B6989DB8FC401E6C242E740C5A521DCC2AD5035E366B357B0C44E08F10A1314E8C0E6FD0A1E5A14F3BFF3EDF3F27E3B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 14:36:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0052420038566385
Encrypted:	false
SSDEEP:
MD5:	96B1D794127272A823AC1D2F35651961
SHA1:	AAB678104190DA520303D726998D4C3B4C91CDF0
SHA-256:	EF9F52EB45DBB922B83644713A271D91D95F337C99F83C77788CECDF01A36438
SHA-512:	D208C54E244C2C03A0616DCA9128F26AA8DCB2953B466DA5626E0EFC4F7F44955213EC43AAFB6F8F1F5C8865625B5A458FC0AF80A20BD6D6C348A6383A2F4EEA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....z.%...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 14:36:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9938970890920347
Encrypted:	false
SSDEEP:
MD5:	5BCEBF4DAEAB5C6AFC58ABEC7A04C646
SHA1:	9DCCA2C684F1FD561809813FDAFA42B145016E4F
SHA-256:	DA06A69EF4D3DD315DD6C10EBABE2111D93B5EF08C48EE9B22B2E12E786D888F
SHA-512:	EE20F1464B60A4EA56719BE9EEBB3D8CBA0543B276601AF2CAC5370FAB9150B2F3D08463C3FEDE1F785E72864DDEF7CD04EB2C3F7E9E1AC7A2A41D3A3AD331A5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......%...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 14:36:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.99935744014338
Encrypted:	false
SSDEEP:
MD5:	56AA58C84CC92099806975EEEC796F99
SHA1:	A62F9A057FF50BB5EA4D58AC829D2880624D9896
SHA-256:	DEC85D917AA2E032A92C0F12D9667C83445AF8B41E46A23656C4CE0828C2310D
SHA-512:	69E4189FBD8BD37CBAC879003227A9E5A6709BE0B8CCD065CB0950BE842B47DAF5476972091F606AD14B1432A07F21D8920E5C33618C649D51696F543C646518
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....T.o.%...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.\|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.\|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.\|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.\|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.\|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ .E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32072), with CRLF line terminators
Category:	downloaded
Size (bytes):	93106
Entropy (8bit):	5.301174639249758
Encrypted:	false
SSDEEP:
MD5:	E39D7F174407886A84C437F14182E57A
SHA1:	77E9EED704C96C3EB0180D35C6BA430B3F69A43A
SHA-256:	C1BCC5F2066E4476E6DBAB0B5A9B9700B86F4D6EBEB2900D73EE97E53753D4F9
SHA-512:	3E153156A11B21A66500B592B574BC2E2EBDDD41014216177C0C2D5E6B31F2D0A742F68899527DBAE47309DF2922F81544450F73E3E2981C88CD9ECAE0C570E7
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/cdn/jquery/1.10.2/jquery.min.js
Preview:	/! jQuery v1.10.2 \| (c) 2005, 2013 jQuery Foundation, Inc. \| jquery.org/license..//@ sourceMappingURL=jquery.min.map../..(function(e,t){var n,r,i=typeof t,o=e.location,a=e.document,s=a.documentElement,l=e.jQuery,u=e.$,c={},p=[],f="1.10.2",d=p.concat,h=p.push,g=p.slice,m=p.indexOf,y=c.toString,v=c.hasOwnProperty,b=f.trim,x=function(e,t){return new x.fn.init(e,t,r)},w=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,T=/\S+/g,C=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:\s(<[\w\W]+>)[^>]\|#([\w-]))$/,k=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,E=/^[\],:{}\s]$/,S=/(?:^\|:\|,)(?:\s\[)+/g,A=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,j=/"[^"\\\r\n]"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,D=/^-ms-/,L=/-([\da-z])/gi,H=function(e,t){return t.toUpperCase()},q=function(e){(a.addEventListener\|\|"load"===e.type\|\|"complete"===a.readyState)&&(_(),x.ready())},_=function(){a.addEventListener?(a.removeEventListener("DOMContentLoaded",q,!1),e.removeEventListener("load",q,!1)):(a.detachEvent("onreadystatechange"

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (14040), with no line terminators
Category:	downloaded
Size (bytes):	14306
Entropy (8bit):	5.691165859538299
Encrypted:	false
SSDEEP:
MD5:	DD6329617ED192958BDDEFEF74A70268
SHA1:	7AB811278150D2F5E148C41D0FC0010B7377A767
SHA-256:	5BB60FA1CB3AD73CC28B59CD7F25152EB52BDAD65B271E861EA050F8EAEB3739
SHA-512:	84837CB554C89AF98A3689C2EC9F554D7E9479FA0384FEFB1D08CC565783AA7A4020B54CBD061EF0A2A2F55388A93F378AA01AECA27765824ED1F873349AE262
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/joinnew/js/matchawardinfmobilenew.js?v=3913
Preview:	function getGender(a,b,c,d){"3"==a&&-1!=c.indexOf("..")&&(d.each(function(){if(this.checked){var b=$(this.parentNode.parentNode).find(".label").html();return b.indexOf(".")>-1?gender=1:b.indexOf(".")>-1&&(gender=2),!1}}),gender>0&&window.localStorage&&window.localStorage.setItem("wjxge",gender))}function getMarriage(a,b,c,d){"3"==a&&-1!=c.indexOf("..")&&(marriage\|\|(d.each(function(){if(this.checked){var b=$(this.parentNode.parentNode).find(".label").html();return b.indexOf("..")>-1?marriage=1:(b.indexOf("..")>-1\|\|b.indexOf("..")>-1)&&(marriage=2),!1}}),marriage>0&&window.localStorage&&window.localStorage.setItem("wjxma",marriage)))}function getEducation(a,b,c,d){"3"==a&&(c=c.replace(".","."),c=c.replace("...","..").replace("....","..").replace("...",".."),c=c.replace("....",".."),education\|\|((c.indexOf("..")>-1&&c.indexOf("..")>-1\|\|c.indexOf("....")>-1\|\|c.indexOf("..")>-1&&c.indexOf("...")

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6578), with no line terminators
Category:	downloaded
Size (bytes):	6578
Entropy (8bit):	5.1849425365867985
Encrypted:	false
SSDEEP:
MD5:	618E9D4A2C33008BFF262C6A48FD212C
SHA1:	8B10F4A8B9524272BE1955DC8B6F500C0A4E9B60
SHA-256:	729F8CD2E714975CE701E346A318A524B33F33ECEB8119B7DB21CE5F0F140354
SHA-512:	C8182F5999DFC301307FC3974BABF75B1DEB7BA28FCF99965B4D1B4A06667D85B5C35C71CCC41524AC52F93D334E43AD45171B951DBDF04F241CC335C1321129
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/joinnew/css/jqmobo_pc.css?v=3913
Preview:	#divFengMian{display:none}.icon_lookBigpic{cursor:pointer}.search-clear{margin-right:0!important}#tpwjxhead{width:425px;margin:20px auto 10px!important}.ui-controlgroup .divlabel{border:none}body .aloneAnswer .tr_label .divlabel{padding:10px 14px!important}.increase-btn{width:300px;margin:20px auto}.aloneAnsItemDiv{padding:10px 20px 4px}.rowmaxwidth{max-width:240px}.customWidth .rowmaxwidth{max-width:none;padding-right:10px}#divMaxTime{height:40px;line-height:40px}#spanMaxTime{background-position:0 10px}#headsplitdiv{height:80px!important}.saveProgress{width:400px;margin-left:auto;margin-right:auto}#divMa{display:block!important;position:absolute;z-index:555;width:32px;height:32px;right:10px;top:10px;background-image:url("//image.wjx.cn/images/commonImgPC/qrIcon.png");background-size:cover}#divMa .qrwrap{display:none;width:190px;height:224px;background:#f7f7f7;position:absolute;top:32px;right:0;z-index:999;text-align:center}#divMa .qrwrap img{width:170px;margin:10px 0 14px}#divMobileCo

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (304), with no line terminators
Category:	dropped
Size (bytes):	304
Entropy (8bit):	5.262708730436293
Encrypted:	false
SSDEEP:
MD5:	26001F0E4AC58B95166116E7D7D771DB
SHA1:	BE336A006B4300DB32F0B3FCD04379DD94EAB746
SHA-256:	3B76C4D2A1F6A1FDF2A32A5884FCBBCFA55EF4AAA1CCF2E4FF105485B03E518D
SHA-512:	C6A3A09F2B0A0472F2B7E2CB43FA21A55D8C49945DD853A1C15A05D4C51DFCF9A4648F5CA144E418BC14292A8AF148D70516C511B74DA862BA4C1F5DDE355CD5
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.</p><p>denied by Referer ACL</p><hr/>Powered by Tengine <br/>CDN Request Id: 0819529517116402001772261e</body></html>

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1600 x 180, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	23761
Entropy (8bit):	7.870688672010908
Encrypted:	false
SSDEEP:
MD5:	714DF1591DE361FB1D92CF798F0FBD98
SHA1:	10FE565F4939B3A0DCD2E7E36A311C82BA9F82BD
SHA-256:	999C65ED777F0718156AA3E96E7B6A8C84340CEF666E507245548525C877B4D9
SHA-512:	1F55E6C18BBAB003DDA6C72FF528F985252562E0BC5278FEEC91933F1F9C2C1E7B5FBA2D99BFCCDDA164639D2170F64A19F0C75805474FC2B8C502EB93A74508
Malicious:	false
Reputation:	unknown
URL:	https://pubnew.paperol.cn/20230630/1688107277Z3NJ7Y.png
Preview:	.PNG........IHDR...@.........C.w.....sRGB........DeXIfMM........i.......................................@......................@.IDATx...%.y...w....v.E&....R...l.2mY.mIT2mQ.....}.._...R.U...)..EQ"......9.bw..&.....{.o.>o.....,..v...x...I=u...H 4....2..tN....^.<..L...H..H..H..H..H..H ................................8%@..)).G.$@.$@.$@.$@.$@.$@.$@.$....X.`g.$@.$@.$@.$@.$@.$@.$@.$@.N.P.rJ...........................B..V .Y(........................S......~$@.$@.$@.$@.$@.$@.$@.$@.......v.J.$@.$@.$@.$@.$@.$@.$@.$....,...........................@ .(`............................8%@..)).G.$@.$@.$@.$@.$@.$@.$@.$....X.`g.$@.$@.$@.$@.$@.$@.$@.$@.N.P.rJ...........................B..V .Y(........................S......~$@.$@.$@.$@.$@.$@.$@.$@.......v.J.$@.$@.$@.$@.$@.$@.$@.$....,...........................@ .(`............................8%@..)).G.$@.$@.$@.$@.$@.$@.$@.$....X.`g.$@.$@.$@.$@.$@.$@.$@.$@.N.P.rJ...........................B..V .Y(........................S......~$@.$@.$@.$@.$@.$

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	798
Entropy (8bit):	7.607545959827561
Encrypted:	false
SSDEEP:
MD5:	F0CBADA1819089F187A466C9C4618B6D
SHA1:	5469116F63B3E64CC9085E13501036DCE3DBFB0D
SHA-256:	F6F971ECE4C5687A19A0CA08486AC764BAF539B35A8C1AF00BA4AFA924CEF9CE
SHA-512:	887403EA3364F7606456F2F7187E079FE345FFCF8943E53090AF736C0C0EFEC3588AB4967A0C79D4C832B4167987FA93BF1BAAC5899FFECA26E6125BE4D7D145
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[..1Q.?..Y.H.\|mXHJ!..66...N..Nv.Zv....l.%...l$..l(..m..O.....#..lf...o....q..p8..../..5.M.9..9...q.....X....t:.f...T.V..sY.b..T.@.P.......s@0....&..N...f..+..@ ...G...x..z..W.........-.V.A.\~..H$..PH..V...B...F@r..n.0.L.....T...+....0...9V..4.....4..nC>.'...d.b.0.`:.B:.&.$...z...j....9.#..zM.^....o..p<.a.\.r.Z./...i.4.].&......\T..D.(.......S........H.l6...@I.!A+..Ih, V.....& ...d%.....d..6......r....sR..,...9..,.`y.~y\.$..F..r......T..F4..2t+)+k0$........<j....l.d.....p....n7.....\|>.n..."I8,WeH..N....$.5@..[h...!.Z...5.+.X,..Dr.........4...9..5@..bM.f..C...6..M..9.w.k..hP.G.#2.#.w.S..uHJ..<...qB..K.v..4..B.......{..;...a.&...hGd.5U*..V...$......<c....Sb........mP.o r.....4...."......^?M}..R....IEND.B`.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (22680)
Category:	downloaded
Size (bytes):	22738
Entropy (8bit):	5.3418483677632045
Encrypted:	false
SSDEEP:
MD5:	E710AABA7133D392C3AE01BDCC36451D
SHA1:	F02223198F057582EC01C7A02488060687B58C2E
SHA-256:	A97E4941CEB1A7DF7BCF5E9631B8D9E8F7B47D7CCB59B5ED3968380465E0E824
SHA-512:	6E7EB80A072885F7E6F63D5835E89BC5C1E11A1E6EC28E23BD67E76E96E61D22FFEA1283211117D96E457C2872663AF04C93D526F78E1536426D7011FDFC016C
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/cdn/layer/3.5.1/layer.js
Preview:	/! layer-v3.5.1 Web ....... MIT License /. ;!function(e,t){"use strict";var i,n,a=e.layui&&layui.define,o={getPath:function(){var t=document.currentScript?document.currentScript.src:function(){for(var e,t=document.scripts,i=t.length-1,n=i;n>0;n--)if("interactive"===t[n].readyState){e=t[n].src;break}return e\|\|t[i].src}(),i=e.LAYUI_GLOBAL\|\|{};return i.layer_dir\|\|t.substring(0,t.lastIndexOf("/")+1)}(),config:{},end:{},minIndex:0,minLeft:[],btn:["确定","取消"],type:["dialog","page","iframe","loading","tips"],getStyle:function(t,i){var n=t.currentStyle?t.currentStyle:e.getComputedStyle(t,null);return n[n.getPropertyValue?"getPropertyValue":"getAttribute"](i)},link:function(t,i,n){if(r.path){var a=document.getElementsByTagName("head")[0],s=document.createElement("link");"string"==typeof i&&(n=i);var l=(n\|\|t).replace(/\.\|\//g,""),f="layuicss-"+l,c="creating",u=0;s.rel="stylesheet",s.href=r.path+t,s.id=f,document.getElementById(f)\|\|a.appendChild(s),"func

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (304), with no line terminators
Category:	dropped
Size (bytes):	304
Entropy (8bit):	5.2519580722647765
Encrypted:	false
SSDEEP:
MD5:	52EBE05E6024BCAC164F9D457D736372
SHA1:	F4D9C6FC0E6177757E9219ACE5643C1FC679B742
SHA-256:	C0D67C767C31906A2E7281694129583C68C83E22C3D513305E9536427024E673
SHA-512:	CDA018BE600C6F0387534CDBFA4E738F6206FEE4F0706993DBCFCBA4632FA10500EEFD01C59B9A24D8C58BDDCBD93ACEEA32DEA1602F794D694AA6AAE96211F7
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.</p><p>denied by Referer ACL</p><hr/>Powered by Tengine <br/>CDN Request Id: 0819529b17116402001784800e</body></html>

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1526
Entropy (8bit):	4.831372892985757
Encrypted:	false
SSDEEP:
MD5:	FF70B6DA5F20CB707DF0176FF7BD9891
SHA1:	7FE46C88ABEB83F361EE4C01E8BF76A242990398
SHA-256:	2A048ECDCADB0E1B48DE9D4CFEF2293D2C8C575DD39026596D564A3D465FE997
SHA-512:	9B49ACF873105E35EC8806840FBA49CDD95B24D4A9D182093C295812130FF1408FCF1120576D63EEAFA100E6BA7CE6C85C1DA4C60403E6777BE810E50EBDB15D
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/joinnew/css/newCover.css?v=3913
Preview:	.body {.. -webkit-overflow-scrolling: touch;..}..html, body {.. height: 100%..}....#divFengMian {.. height: 100%;.. background-image: none;.. background-color: #F4F7F9;.. width: 100%;.. position: relative;.. overflow:hidden;..}....#fengMianTitle {.. font-size: 24px;.. font-weight: 600;.. color: #262626;.. line-height: 33px;.. text-align: center;.. padding: 0 40px 20px;.. padding-top: 100px;.. -webkit-font-smoothing: antialiased;.. position:relative;.. z-index:4;..}....#divTitle {.. color: #373000;.. font-size: 16px;.. margin-bottom: 30px;.. display: none;..}....#slideChunk {.. width: 220px;.. height: 48px !important;.. line-height: 48px;.. background: #0095FF;.. border-radius: 2px;.. color: #fff;.. position: absolute;.. left: 50%;.. bottom: 40px;.. margin-left: -110px;.. z-index: 10;.. text-align: center;.. padding:0 !important;..}....#slideChunkArrow {.. display:none;..}.....s

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (10521), with no line terminators
Category:	downloaded
Size (bytes):	10551
Entropy (8bit):	5.390385213500186
Encrypted:	false
SSDEEP:
MD5:	51849F9EB6270F005B70E6F06D9D1344
SHA1:	A5B0673F368744B2FD59908097035D745DB4D4CE
SHA-256:	2C04E47281493A9DD11557E73640FA1A02780D5B16A3CF68C7B02A7E76BF98B2
SHA-512:	EBA9BF0BB933DD85C52E0AC33969DD8A2B63674048359698D5CAE822CFA7C82FF4CADE158686271D13A295B6A5B5BBEBC40322C62A5C998E784BB33D7F5B6B48
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/sd/nvc/1.1.156/nvc.js
Preview:	!function(t){var e={};function n(o){if(e[o])return e[o].exports;var a=e[o]={i:o,l:!1,exports:{}};return t[o].call(a.exports,a,a.exports,n),a.l=!0,a.exports}n.m=t,n.c=e,n.d=function(t,e,o){n.o(t,e)\|\|Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:o})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=3)}([function(t,e,n){"use strict";var o=0;function a(t){if(!(this instanceof a))return new a(t);this._state=o,this._onFulfilled=[],this._onRejected=[],this._value=null,this._reason=null,s(t)&&t(r(this.resolve,this),r(this.reject,this))}function c(t,e){if(t!==e)if(function(t){return t&&s(t.then)}(e))try{e.then(function(e){c(t,e)},function(e){t.reject(e)})}catch(e){t.reject(e)}else t.resolve(e);else t.reject(new TypeError("A promise cannot be resolved with itself."))}function i(t,e,n){return function(o){if(s(e))try{var a=e(o);c(t,a)}catch(e

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 43304, version 1.0
Category:	downloaded
Size (bytes):	43304
Entropy (8bit):	7.996196935206352
Encrypted:	true
SSDEEP:
MD5:	51E3191E7D70FC5B296457078A7AC4B2
SHA1:	13B70AA245A159B2A555248A0C64963D39279A1E
SHA-256:	64EAF760CCB1BB05E28711C5805B8803727C7B99A239E3536406BB643793160C
SHA-512:	792265DC3665C7E1BE05CE4B17C6BAF80F096E03C27438CA878B789F15FE1AD023C8D4E9A2CC349F63F02FB42448E249F6E9A338C410CE9B416368C69750EABD
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/wjxui/font/1070120/iconfont.woff2?t=1653967509898
Preview:	wOF2.......(......r..............................T.`......h..$.6.$..\|..... ..g..E[.5q..F;'R._.!.......<....@.b....v@..-I......."...s....$.#U....{._.J...euT.U.4.S9..)u....9.....O.~y.;.-..<Xfs6...5.1?.arL.V...5....o...}.....`....?....<..m.a4G\|.>..../.7.{. hF8.....D2=.0+]b..\e...Z..f.`RY..qx3.Ji....E.xf..2.:..cK.d....R2d./<Ok..0..p.&[p..FD.......Yb!.C..C.f.U.........PT.... ...).L.QS.&1]c..si.\L+&.K4.\r-..... (.t.J..AF....T.....zD+.....5.......#"\U..$.pTI#.Z.&....%..l@.B........{.@:{oU7.`m......A.@....rb......:....f;o.A!....._.r.F...e[......`.1G....`$...._[..He...]c..".....93b..j..9.%F..\q;...........++.Hk....xoFvzX...f..t..7.8v...H....PX.$;.. ..7...o.}....H@gpn!......!ujcdn13.o.\.....Rf`......@.H.....@..C&W.m*.Uw....,k`...b....L...e.G..I_2..$...x...k.JV....gEd...0[..l...J..).......-u.f.G`a..).....9..k.....EdJ.@.~.@ q.}.5......(E....S..j...!)..l'\r......=_...o.Dw.0....{....K..!....._&..Z-.>.7Q...E..\|..N..rS.0......3...."........Ec@...0...}...G...9...

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14271), with no line terminators
Category:	downloaded
Size (bytes):	14271
Entropy (8bit):	5.053740005561225
Encrypted:	false
SSDEEP:
MD5:	C234EB06D5F32055092294E78957F17D
SHA1:	F15EE0BCB9694F32F5E1D524F2653AA0DD043402
SHA-256:	5CDF3EDB27B0C9F8E48918C486E9AE65A9E5BEAB806B64C4A7BC5BAC53C0F540
SHA-512:	3F06B51116D7F8026D81C7EB6A3C4D871462D09FE0A5B8CC8B7FEAF20CBC88B0B6A545F0EC7CBC17566A9FF609405F58FAD6EDDFB3A8B3F6D530EDE8FA3FAD5C
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/cdn/layer/3.5.1/theme/default/layer.css?v=3.5.1
Preview:	.layui-layer-imgbar,.layui-layer-imgtit a,.layui-layer-tab .layui-layer-title span,.layui-layer-title{text-overflow:ellipsis;white-space:nowrap}html #layuicss-layer{display:none;position:absolute;width:1989px}.layui-layer,.layui-layer-shade{position:fixed;_position:absolute;pointer-events:auto}.layui-layer-shade{top:0;left:0;width:100%;height:100%;_height:expression(document.body.offsetHeight+"px")}.layui-layer{-webkit-overflow-scrolling:touch;top:150px;left:0;margin:0;padding:0;background-color:#fff;-webkit-background-clip:content;border-radius:2px;box-shadow:1px 1px 50px rgba(0,0,0,.3)}.layui-layer-close{position:absolute}.layui-layer-content{position:relative}.layui-layer-border{border:1px solid #B2B2B2;border:1px solid rgba(0,0,0,.1);box-shadow:1px 1px 5px rgba(0,0,0,.2)}.layui-layer-load{background:url(loading-1.gif) center center no-repeat #eee}.layui-layer-ico{background:url(icon.png) no-repeat}.layui-layer-btn a,.layui-layer-dialog .layui-layer-ico,.layui-layer-setwin a{display

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (329), with no line terminators
Category:	downloaded
Size (bytes):	329
Entropy (8bit):	5.701702131738858
Encrypted:	false
SSDEEP:
MD5:	A726BE04D28CCEABCC94CB71C10F0642
SHA1:	C5D9B71D156552B4B803A37F14B05380F53F4395
SHA-256:	70713DCCA595E7C9B62655E5867D3750FA1028FC270485ED711F787211D277A8
SHA-512:	146AB16E569493FFC0A03DD9B42CE9F8B940C395E567064B99D6C8CC0D485673AA25A83BFF469408F1C0E387C6F63C084F5468CD8A94D448AAA177CA3B0B5EC7
Malicious:	false
Reputation:	unknown
URL:	https://cf.aliyun.com/nvc/nvcPrepare.jsonp?a=%7B%22a%22%3A%22FFFF00000000016770EE%22%2C%22d%22%3A%22ic_activity%22%2C%22c%22%3A%221711640198336%3A0.39026792877265404%22%7D&callback=jsonp_08024238096929395
Preview:	jsonp_08024238096929395({"result":{"code":200,"msg":"nvc","result":{"a":"1.1.156","b":"1.1.156","c":"_feh6pzByJQrZO2oT19OvXp331ata4X8Lh1Xj8eNJVaOu02fmTbbQ8TJwo5S8wQyxFTeobcgqh4RB6SlJnz3dfhP9_15dpnrtSqJnvya92AqwVDaHNZgpMg_4xpYvsTMEAm48ZHXJRNfarQNwp4bK8uwcStZ8e2-Jb9ewcXMyAVpj-R60jwupuq2sUfOi9-5"},"success":true},"success":true});

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	177654
Entropy (8bit):	5.580185006593278
Encrypted:	false
SSDEEP:
MD5:	A4CFF78229E56FDE5F28D1999679A1D1
SHA1:	8D8F89AA7D26569337192DCE8A12DAAA1867BCD4
SHA-256:	4C4701CA975DF0019B9CE5FFD2A8D33F413BAD55663A9F64BA9369DA7A444DB0
SHA-512:	93F873E74D03BBD48C545B3D2F58B3F760A2C4326D9CEB6FB2C5977724E81BB6D90F00C3CB4CD3E453557EA59AB4C738192C2D872EC7876558BDDFFA923D2932
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/AWSC/WebUMID/1.93.0/um.js
Preview:	!function(){function e(b,k,o,t,n){var d,v,h,l,u,f,C,p,g,m,w,S,A,j,$,M,y,T,B,I,P,_,E,L,V,N,O,R,x,D,H,G,U,F,W,z,X,Q,q,K,J,Y,Z,ee,ae,re,ce,se,be,ke,ie,oe,te,ne,de,ve,he,le,ue,fe,Ce,pe,ge,me,we,Se,Ae,je,$e,Me,ye,Te,Be,Ie,Pe,_e,Ee,Le,Ve,Ne,Oe,Re,xe,De,He,Ge,Ue,Fe,We,ze,Xe,Qe,qe,Ke,Je,Ye,Ze,ea,aa,ra,ca,sa,ba,ka,ia,oa,ta,na,da,va,ha,la,ua,fa,Ca,pa,ga,ma,wa,Sa,Aa,ja,$a,Ma,ya,Ta,Ba,Ia,Pa,_a,Ea,La;Sa=this,Aa=-1,ja=0;try{function Va(e,a){for(var r=2;void 0!==r;){var c,s,b=3&r>>2;switch(3&r){case 0:!function(){switch(b){case 0:r=t<i.length?1:3;break;case 1:t++,r=0;break}}();break;case 1:var k=357^i.charCodeAt(t);o+=String.fromCharCode(k),r=4;break;case 2:var i="\u0100\u0111\u0104\u0102\u0130\u0115\u0104\u0101\u0100\u0136\u0111\u0104\u0111\u0110\u0116",o="",t=0;r=0;break;case 3:var n;return a[e+o]=!1,void 0}}}function Na(){for(var e=1;void 0!==e;){var a,r,c=3&e>>2;switch(3&e){case 0:!function(){switch(c){case 0:e=void 0;break}}();break;case 1:var s="ed";s+="oNtn",s+="era",s=(s+="p").split("").rever

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1614), with CRLF line terminators
Category:	downloaded
Size (bytes):	12427
Entropy (8bit):	5.35117493854223
Encrypted:	false
SSDEEP:
MD5:	0C78E136D5E0F8A71E6A29DD34AB5BD3
SHA1:	6E9327B69BB0B50FD2982E1D3B55A1BF9D80DB5D
SHA-256:	0B598A754B7C955B28D367609C107C0DC61D9894F09D419413DA47C210F8808B
SHA-512:	DB9453F2B3000B84263E7F49359EFE7208E43B985859EBAB2A3DB6F8497E87F4AF4621A4CA9F7AA84E8DAD7C689F8AD70E6E335C1A3B620F62D051255D7DBF85
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/css/viewer.css?v=3913
Preview:	/!.. Viewer.js v1.10.0.. * https://fengyuanchen.github.io/viewerjs.. .. Copyright 2015-present Chen Fengyuan.. * Released under the MIT license.. .. Date: 2021-06-12T07:57:06.776Z.. */.....viewer-zoom-in::before,...viewer-zoom-out::before,...viewer-one-to-one::before,...viewer-reset::before,...viewer-prev::before,...viewer-play::before,...viewer-next::before,...viewer-rotate-left::before,...viewer-rotate-right::before,...viewer-flip-horizontal::before,...viewer-flip-vertical::before,...viewer-fullscreen::before,...viewer-fullscreen-exit::before,...viewer-close::before {.. background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAARgAAAAUCAYAAABWOyJDAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAALEgAACxIB0t1+/AAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAAAQPSURBVHic7Zs/iFxVFMa/0U2UaJGksUgnIVhYxVhpjDbZCBmLdAYECxsRFBTUamcXUiSNncgKQbSxsxH8gzAP3FU2jY0kKKJNiiiIghFlccnP4p3nPCdv3p9778vsLOcHB2bfveeb7955c3jvvNkBIMdxnD64a94GHMfZu3iBcRynN7zAOI7TG15gHCeeNUkr8zaxG2lbYDYsdgMbktBsP0

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	3.3978987608111737
Encrypted:	false
SSDEEP:
MD5:	9D266505B08265FD54EE1DD49AA70DE2
SHA1:	7D11C2CEA3D80F6EF3DE219648D6E56A7B52FBA6
SHA-256:	6857EAD3F665E9BF519FB0850A49E858FF7218236C2EB2523E0D1AF1E320072A
SHA-512:	30CAA4B2FD511903D367A3074434C77DFA27BA59397A251B6C6BB5858813C462D3A9339729B80C1B4510BE642999B30662954C8DD9A21D597A74B9D6799FDB86
Malicious:	false
Reputation:	unknown
URL:	https://www.wjx.cn/favicon.ico
Preview:	............ .h.......(....... ..... ...................................."...^...............................&.......................................l...............<.......j...................................h...........z....................................................... ...........................n...............................................p.......(.......R...........................d.......N...................x.......4...................................x...........................................................p...........................................................6...................................T.....................An...............d.......................................L.."X...............................................x...D...........................~.......0...Z.......X...................................................~...........................................................f....................................................................`..h...$..

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (15116), with CRLF line terminators
Category:	downloaded
Size (bytes):	88507
Entropy (8bit):	6.223974296108147
Encrypted:	false
SSDEEP:
MD5:	B89E7700FD7A3640A6CECF38576DC287
SHA1:	CB0C67B4208A5C826D9111E817F782BF2D405254
SHA-256:	8F8691B407583B24D3B291A97473B72C90FED2544344BBE5AC024A9EA7A24F90
SHA-512:	42941518BACDCE22F114FB446FA40A967D883B157F4DA45D927EE8A8A1A26B7099317398A9478E849E15C012382831F5DF7BD22A77379E173B1F23F2A23167FE
Malicious:	false
Reputation:	unknown
URL:	https://www.wjx.cn/vm/h4qfUbg.aspx
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title>2024 Revvity BetterUp Care...</title>.. <meta name="renderer" content="webkit" />.. <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>.. <meta name="viewport" content="width=device-width, minimum-scale=1, maximum-scale=1,user-scalable=no, viewport-fit=cover"/>.. <meta name="format-detection" content="telephone=no" />.. .. <meta property="og:type" content="article"/> .. <meta property="og:release_date" content="2024-03-22"/>.. <meta property="og:image" content="https://image.wjx.com/images/wlogo.png"/>.. <meta property="og:description" content="............2024 Revvity BetterUp Care................"/>.. .. <meta name="applicable-device" content="pc,mobile" />.. <meta name="google" value=

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (8763), with no line terminators
Category:	downloaded
Size (bytes):	8763
Entropy (8bit):	5.468611324696898
Encrypted:	false
SSDEEP:
MD5:	3E22BE187EB8411DCFFB16E45D1D8A45
SHA1:	25642BBADBD7B8D073D72A965245833ABC1ED167
SHA-256:	737E7B43414D8B16B18BB34BF894F4DEAF53504356DE2A9A4F51EC4A841AB73D
SHA-512:	F31FF7A620666367F0EB45E72ABB0796BA76B6C5FBB55D3E1106D6A8ECF9F75AC99743C9F10E047DC949399A503CA7A4541F050CC5BED909FB0A7FCE092821F7
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/AWSC/AWSC/awsc.js?_t=475456
Preview:	!function(e,t){var n=1e4,g_moduleConfig={uabModule:{grey:["AWSC/uab/1.140.0/collina.js"],stable:["AWSC/uab/1.140.0/collina.js"],greyBr:["AWSC-br/uab/1.140.0/collina.js"],stableBr:["AWSC-br/uab/1.140.0/collina.js"],ratio:1e4,greyConfig:{},stableConfig:{}},fyModule:{grey:["AWSC/fireyejs/1.227.0/fireyejs.js"],stable:["AWSC/fireyejs/1.227.0/fireyejs.js"],greyBr:["AWSC-br/fireyejs/1.227.0/fireyejs.js"],stableBr:["AWSC-br/fireyejs/1.227.0/fireyejs.js"],ratio:1e4,greyConfig:{},stableConfig:{}},nsModule:{grey:["js/nc/60.js"],stable:["js/nc/60.js"],ratio:1e4,greyConfig:{},stableConfig:{}},umidPCModule:{grey:["AWSC/WebUMID/1.93.0/um.js"],stable:["AWSC/WebUMID/1.93.0/um.js"],greyBr:["AWSC-br/WebUMID/1.93.0/um.js"],stableBr:["AWSC-br/WebUMID/1.93.0/um.js"],ratio:1e4,greyConfig:{},stableConfig:{}},etModule:{grey:["AWSC/et/1.77.4/et_f.js","AWSC/et/1.77.4/et_n.js"],stable:["AWSC/et/1.77.3/et_f.js","AWSC/et/1.77.3/et_n.js"],greyBr:["AWSC-br/et/1.80.0/et_f.js","AWSC-br/et/1.80.1/et_n.js"],stableBr:["AW

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.408694969562842
Encrypted:	false
SSDEEP:
MD5:	809F9BDA1630A140F4AB9F5BBA9F6B0A
SHA1:	26B11899DF8FAB076779D7DF9C3F10A11BCA0590
SHA-256:	BB94E5315DD9F342BE819F2A92E86B2F5DB1EC2574E392CD49E7FF2AB6DB3A06
SHA-512:	0B2315655B96A2F4A976675BD5672F688283C1A31CFC3254341FF1F5F00C9D6A61AAF5CA49EEF909441E6E5D445E0709D75D0A26AB2D5F574EDFAF826DFA84C6
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmO2XadbR9qVBIFDdNOeFQSBQ02SSWZEgUNeWjLWQ==?alt=proto
Preview:	ChsKBw3TTnhUGgAKBw02SSWZGgAKBw15aMtZGgA=

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	248730
Entropy (8bit):	5.620510675374292
Encrypted:	false
SSDEEP:
MD5:	75FB6B94DCB3A9C89ABB59A3FFD7546F
SHA1:	96101820857EF511BA83017E928AEEB88353B162
SHA-256:	04975704505B42DC124568D9D4BE26AEE2D4592826A0487920CB1D016D1A8E58
SHA-512:	E02E6E241F2C231AF62B43429B6CA36E2F25DF8349642C22FCB6FB1E16E4ECC607895811FB42B181F8ACEA5045A89418613F3D84675741F85DEB1DAB8BBA9B32
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/AWSC/uab/1.140.0/collina.js
Preview:	!function(){function e(r,s,d,p,v){var u,g,m,y,R,_,L,T,M,I,P,D,N,U,B,z,V,Q,W,G,F,q,H,X,J,K,Y,$,Z,ee,oe,ne,te,re,ae,ie,he,ce,se,de,pe,ve,ue,ge,le,Ce,fe,me,be,Ae,ke,Se,xe,we,je,Oe,ye,Ee,Re,_e,Le,Te,Me,Ie,Pe,De,Ne,Ue,Be,ze,Ve,Qe,We,Ge,Fe,qe,He,Xe,Je,Ke,Ye,$e,Ze,eo,oo,no,to,ro,ao,io,ho,co,so,po,vo,uo,go,lo,Co,fo,mo,bo,Ao,ko,So,xo,wo,jo,Oo,yo,Eo,Ro,_o,Lo,To,Mo,Io,Po,Do,No,Uo,Bo,zo,Vo,Qo,Wo,Go,Fo,qo,Ho,Xo,Jo,Ko,Yo,$o,Zo,en,on,nn,tn,rn,an,hn,cn,sn,dn,pn,vn,un,gn,ln,Cn,fn,mn,bn,An,kn,Sn,xn,wn,jn,On,yn,En,Rn,_n,Ln,Tn,Mn,In,Pn,Dn,Nn,Un,Bn,zn,Vn,Qn,Wn,Gn,Fn,qn,Hn,Xn,Jn,Kn,Yn,$n,Zn,et,ot,nt,tt,rt,at,it,ht,ct,st,dt,pt,vt,ut,gt,lt,Ct,ft,mt,bt,At,kt,St,xt,wt,jt,Ot,yt,Et,Rt,_t,Lt,Tt,Mt,It,Pt,Dt,Nt,Ut,Bt,zt,Vt,Qt,Wt,Gt,Ft,qt,Ht,Xt,Jt,Kt,Yt,$t,Zt,er,or,nr,tr,rr,ar,ir,hr,cr,sr,dr,pr,vr,ur,gr,lr,Cr,fr,mr,br,Ar,kr,Sr,xr,wr,jr,Or,yr,Er,Rr,_r,Lr,Tr,Mr,Ir,Pr,Dr,Nr,Ur,Br,zr,Vr,Qr,Wr,Gr,Fr,qr,Hr,Xr,Jr,Kr,Yr,$r,Zr,ea,oa,na,ta,ra,aa,ia,ha,ca,sa,da,pa,va,ua,ga,la,Ca,fa,ma,ba,Aa,ka,Sa,xa,wa,ja,Oa,ya,Ea,Ra,_a,La,Ta,M

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1696)
Category:	downloaded
Size (bytes):	1724
Entropy (8bit):	5.248593832843771
Encrypted:	false
SSDEEP:
MD5:	20E738FB59A3F6D2DAA248CF6616C9A1
SHA1:	9A533F961990CA3FB81C89DBE6E3A3DE5F8146BD
SHA-256:	91636A55F95DB3B97A0A9C2836BB47F632684598035CF3C637CA27766F9201FA
SHA-512:	E76B0C4E1E24166A4B38DA567519C432FE9EFFADC0983665B89C97D44AB467CB0C2DD1ED55AD13F4871653B3027245EC45F23453484E26297DDF65A7CB1E9B97
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/sd/nvc/1.1.112/guide.js
Preview:	/! 2/7/2018, 5:02:18 PM /.!function(e){function t(r){if(n[r])return n[r].exports;var c=n[r]={i:r,l:!1,exports:{}};return e[r].call(c.exports,c,c.exports,t),c.l=!0,c.exports}var n={};t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)\|\|Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="",t(t.s=6)}({6:function(e,t,n){"use strict";var r=n(7);window.NVC_Result={},function(){NVC_Opt.token=(new Date).getTime()+":"+Math.random();var e={a:NVC_Opt.appkey,d:NVC_Opt.scene,c:NVC_Opt.token},t=JSON.stringify(e);r.jsonp({url:"//cf.aliyun.com/nvc/nvcPrepare.jsonp",callback:"callback",data:{a:t},success:function(e){e.result&&(NVC_Opt.capCode=e.result.code,e.result.result&&(NVC_Result.nvcPreRes=e.result.result),NVC_Opt.isH5?r.loadScript("//g.alicdn.com/sd/nvc/"+NVC_Result.nvcPreRes.b+"/nvch5.js"):r.loadScript("//g.al

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65488), with no line terminators
Category:	downloaded
Size (bytes):	82036
Entropy (8bit):	5.134605735708408
Encrypted:	false
SSDEEP:
MD5:	D1128551B55B3F5C99A4C58168287A76
SHA1:	EDB0E891E48245C290BC10D51832DA4903F7D891
SHA-256:	02294DAC1DEAB71BFFAB0F483FFFC420CDF9B8776DDAC11C220CE0974B12575B
SHA-512:	69DEF88CF25DBAE255A2EA3F4119DC194518A3F930EABE05678A32CDF87E1776989DB173102840ECB61E1F0CF8A9DBA0B6752A22151F9EB9DAAE03ABC2682124
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/joinnew/css/jqmobo.css?v=3913
Preview:	@font-face{font-family:comIcon;src:url('//image.wjx.cn/wjxui/font/1070120/iconfont.woff2?t=1653967509898') format('woff2'),url('//image.wjx.cn/wjxui/font/1070120/iconfont.woff?t=1653967509898') format('woff'),url('//image.wjx.cn/wjxui/font/1070120/iconfont.ttf?t=1653967509898') format('truetype')}.comIcon,.iconfont,.iconfontNew{font-family:comIcon!important;font-size:16px;margin-right:5px;font-style:normal;-webkit-font-smoothing:antialiased;-webkit-text-stroke-width:0.2px;-moz-osx-font-smoothing:grayscale;font-weight:400!important;text-decoration:none}.comIcon{margin-right:0}.layui-layer-setwin .layui-layer-close{width:30px;height:20px;background:url(/images/dataservice/mobileimages/Close@2x.png) no-repeat;background-size:15px 15px;background-position:14px center!important}.layui-layer-dialog{min-width:200px!important}.chrome_scrollbar{overflow-y:auto;overflow-x:hidden}.chrome_scrollbar::-webkit-scrollbar-thumb{background:rgba(0,0,0,.2);border-radius:10px;border:2px solid #f2f2f2}.chro

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2400, components 3
Category:	downloaded
Size (bytes):	84417
Entropy (8bit):	5.7901126121401
Encrypted:	false
SSDEEP:
MD5:	60FB48E864E18A20D709B89A414E29C8
SHA1:	A9ABB8C2556451891004217FFAEAF42EC288EB6D
SHA-256:	3F72616E7BEECBA8DCEA89422B08B7FF4CC36A88167FA4E0C321927FCF344DB5
SHA-512:	5415645D4CFC7756FE7AA6D2A67D32C38973277551464D10AF3B8BFCDF445CB2144C2CA0AFB278B71764C8DFE9A435243329608DC7FDFD16E4C28DDB7F46974F
Malicious:	false
Reputation:	unknown
URL:	https://pubnew.paperol.cn/20230620/1687255656BRDPpA.jpg
Preview:	......JFIF.............C...........................".##!. %5-%'2( .?/279<<<$-BFA:F5;<9...C...........9& &99999999999999999999999999999999999999999999999999......`.................................................................................. R.......................D....h.....(...... .....P....!EH.b(R......U.........`-."X(......................(.............@.........RA@.B.P.j...B.EB.-!HP....,...Z........... ........................3@.DRT....EB......T.`..@..P..5.)h....@....@............@....P.(.................B.....[$.b...X..PR.....(.B... .bR%........................-...%....B..-....Q.....(...@%P@P...@..-B..HP... ...............@...@.@ ....)..@............).......E..,A@B. ....@... 5.....(........P.....Q.H...P.......................@....[$.b.B...@.R.....(.B."."..%.............................................TD.......P..P....R....( ...................@.@ .T(.)....%. .A....U....H...P.......@..@..H....(....... .(..... ...@......HZ.......P..@P.............j..l.U.-....... ).B.A

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	CSV text
Category:	downloaded
Size (bytes):	11693
Entropy (8bit):	6.361172629732785
Encrypted:	false
SSDEEP:
MD5:	0DA2D7B1E7D88FEA928C6BFE9BC3E21E
SHA1:	5A7337275A72FBC5464B405A82EDAF3C898680C7
SHA-256:	62F505D919D42FD3F25C3BF4B21CE777FA777C58D094E9B312F5D1CEB96927A5
SHA-512:	A93105DB923CCCE16A4CFE2626468D2D31811ACE7DED81C77B91D68D580D4A5AD807E4CEE2BC832EF9DA599AD4C90BA6D56275FCDFEE74686AB0AD1249A2B063
Malicious:	false
Reputation:	unknown
URL:	https://usercsscdn.wjx.com/wjxlang_zh.js?v=3913
Preview:	var wjxlang={add:"..",.anscardtitle:"...",.cancel:"..",.check_duoxuan:"........{0}.",.check_haschoice:".....{0}.",.check_shaoxuan:".....{0}.,....{1}.",.chioce:"...",.chuanguang_fail:"....",.chuanguang_success:"....",.chuanguang_success_tit:".......",.closeText:"....",.CN_TYPE:"..",.CONTACT_PUBLISHER:".......................",.CONTINUE:"......",.defaultOtherText:"",.dotitlelogo:"...",.ensure:"..",.eva_atleast:"......{0}..",.eva_atmost:"....{0}..",.eva_changeans:".............",.eva_empty:"........",.eva_nofinish:".........",.finish:"....",.getAward:"....",.heatmap_empty:"......",.heatmap_ie:"..............ie...............",.heatmap_max:

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	156
Entropy (8bit):	4.967056007579625
Encrypted:	false
SSDEEP:
MD5:	38A2DF3FACCB1367DE7CEED37DE96D75
SHA1:	74E8FEFF32BA122A3ABC0D42464F13A9F26E2F5C
SHA-256:	AA7D0BE85EB826BCB1E1C80C878DF5653B5781C92E66874709EF4D4D6D83F06F
SHA-512:	D43E75C06EAD0D0806A451A828E8CBFDAF1E86D7296B0D44DE7BF29421A8C23957482CC5E99FF8E03B494CFB8AB696E4BB85A111702FC701ADDC3EA34057540B
Malicious:	false
Reputation:	unknown
URL:	https://ynuf.aliapp.org/w/wu.json
Preview:	try{umx.wu('G76FAE776575CE1BF65F123AEA6F694C87E0BC24D6028FDBF35');}catch(e){}.try{__fycb('G76FAE776575CE1BF65F123AEA6F694C87E0BC24D6028FDBF35');}catch(e){}.

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max compression, from Unix, original size modulo 2^32 244173
Category:	downloaded
Size (bytes):	85186
Entropy (8bit):	7.996309313303454
Encrypted:	true
SSDEEP:
MD5:	B1A9399C22898253E248638047063862
SHA1:	237CA6D16947CDBF14DCD9C00A88BB9D0AB422E7
SHA-256:	02AFEA774DD7985CEFE44C7AEDBD7315AAC3AF6E2B4AD7E34CFDA2946F493096
SHA-512:	3824534F592B2FDD83E8EC7332B85EDD292D20C451A95036C03F0A95EB23AD7B19EF780CB495A68C96E7AC843833F634EDEBA52C655F56686D2F7775BD90BEA1
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/AWSC/et/1.77.3/et_f.js
Preview:	...........{yS...o..$au..(y..V\@... .q..,26x.=f;....[^f..........V..j......(+.....2.Bl....x.y.L_L.i...~....\|...c.._S...7.K.+.g7.".m....d&^.Q...0].....07.8....l3.nqmZ..5(..r.......s.h......]....8._.w.c..!...M..bS...Sq-.3......G..Z.6....e&n4.!...L/:...$h9......R.02...A$Z.e..H.HZ.60..B.*5.(..`.Q...r..\|x..+......n..M..:....V..z.`l...3..j....F.`}n...[...u.K...\l..}.].^g..x..[....G.....pwQk....+:;.+.Z....izFdV..kL..kn..E..Hs.v46Gi.(.jW^y.O....d.T....h.Y.....h.m.Q..O=...m(.m:.2.X>.......Q.vC.r.C+.L..5..y. .. ...\N..{dj1Z_..&..i3.>...V.8....6.67.b..HxF.Fj]u.U.t..g.]...b.g.6......q..~..5.=..V.. .;U......v.,....!...&7.3."....s..^....._6....r".X..e.R...w.h.......s..e....N.'.....x..4..21+...?t.8....-..{.x..{..Uj...j..A....}.(.J.3..p.KjizU{...])..a....K.2.P.&..9U.!._C.d.A.J..vxh{(.U)0...eU-.LE......G..~:M.H..R'..n{!.<..h.c.-/.....x.~..u4b.z.V..D..L.l..T. A..Q.q....{.r....Q..o=..g.G6._.m{.<...{......._7. 2..7.&...n"......h..\|4..?..^......@.h..E.....M.Cj.D.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 37 x 37
Category:	dropped
Size (bytes):	701
Entropy (8bit):	5.791377312115629
Encrypted:	false
SSDEEP:
MD5:	1140BC5C7863F8E54A3C2B179E640758
SHA1:	49E54ACBF5674212195E581848EC0D490282448F
SHA-256:	7C6380E9985C8E4982F41F8DBA64D6B1C4A7997D0AA635D9F4BB7643AB815248
SHA-512:	A201E5637CDF8789FFCD3406A0ED8ABF449B9E41066FB1FC4DEC58B4AC42EF90E6E683AA3882C0B15B252DD33983B045F813F76BF358A7CEC1110AD46165D409
Malicious:	false
Reputation:	unknown
Preview:	GIF89a%.%........+N......!..NETSCAPE2.0.....!.......,....%.%..........!. ZE.."..0.A.IRi...&...(2.3].xl.Yl..Px!.....dV.P.,...V..R..;v....<.E.u{m>..1.x.m.y...Qf.4".@.c...7.F.....S.u...f.).E.'..Gz.zP..!.......,...............\.!.......,............/.....qRe...v/1.!..!.......,.................!.......,............b..j...j.je.SS.,F..!.......,...............\.!.......,............/.....qRe...v/1.!..!.......,.................!.......,............`..j...j.je.SS.,F..!.......,...............\.!.......,............/.....qRe...v/1.!..!.......,.................!.......,............`..j...j.je.SS.,F..!.......,...............\.!.......,............/.....qRe...v/1.!..!.......,.................;

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (64681), with no line terminators
Category:	downloaded
Size (bytes):	235062
Entropy (8bit):	5.541024781780108
Encrypted:	false
SSDEEP:
MD5:	951EB72B679E3FAC34E60D3FA5A6A292
SHA1:	95D683850A9B3BAA7A31DF247316ADA4D2586A66
SHA-256:	B533A92D3A7763E0EBFB5B8DA4E61CA63C9A09304EEB23F6D7884358C81562A0
SHA-512:	B10203A9586020C1D56CB2060F79CAA31B348784849A6B812631F53634B023DF4C0D3F63FC700EC662DBFA28B191D0EB25ABA5F6F776F32724522FD2A21F5C04
Malicious:	false
Reputation:	unknown
URL:	https://image.wjx.cn/joinnew/js/jqmobo2.js?v=3913
Preview:	var curField=null,relationQs=new Object,ItemrelationQs=new Object,relationBindTopic=new Object,itemRelationBindTopic=new Object,relationNotDisplayQ=new Object,relationItemNotDisplayQ=new Object,HasSetItemrelationList=new Object,verifymob="",verifyControl=null,hasQingJing=!1,needConfirmAnswer=window.reachMaxCheatCount=!1,isMatchTitle=0,loadStylerArr=[],assoData=[],scoreTotal360={},nfjoinid="",pz="",catiSubmit=!1,topichtmlclass=".topichtml",validateProStr="",wjxlangkeyarr=["type_radio_down","type_check_limit5","defaultOtherText","validate_email","validate_phone","validate_mobile","validate_mo_phone","validate_reticulation","validate_chinese","validate_english","validate_englishdigit","validate_idcardNum","validate_num","validate_decnum","validate_car","validate_num1","validate_num2","validate_date","validate_qq","validate_only","validate_textbox","validate_info","validate_info_wd1","validate_info_q1","validate_info_c1","validate_info_f1","validate_info_wd3","validate_info_wd4","validate_

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (61850), with no line terminators
Category:	downloaded
Size (bytes):	63454
Entropy (8bit):	5.7059091208281
Encrypted:	false
SSDEEP:
MD5:	65B569B83219812139BDAA167CD9C86E
SHA1:	233C50D00DF83A06CC0D5813ADF29AC897625EF1
SHA-256:	B58464053B59500775CB5F24BD07DB5AC8EAE4EB54991F2D467552482E3BC980
SHA-512:	80A9CF2FD5E920A6D838ED5E822EF03A5DABAAD167F72C63544084AE6666EFEAADAFEB0A2A4CB2593738C2A788EB66C6E44A6A1697478BFF02FFE18782943631
Malicious:	false
Reputation:	unknown
URL:	https://g.alicdn.com/sd/smartCaptcha/0.0.4/index.js
Preview:	!function(t){function e(i){if(n[i])return n[i].exports;var r=n[i]={i:i,l:!1,exports:{}};return t[i].call(r.exports,r,r.exports,e),r.l=!0,r.exports}var n={};e.m=t,e.c=n,e.i=function(t){return t},e.d=function(t,n,i){e.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:i})},e.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=11)}([function(t,e,n){"use strict";function i(t,e){e&&!r(t,e)&&(t.classList?t.classList.add.apply(t.classList,e.split(/\s+/)):t.className+=" "+e)}function r(t,e){if(!e)return!1;if(t.classList){for(var n=e.split(/\s+/),i=0;i<n.length;i++)if(!t.classList.contains(n[i]))return!1;return!0}return new RegExp("(\\s\|^)"+e+"(\\s\|$)").test(t.className)}function o(t,e){e&&r(t,e)&&(t.classList?t.classList.remove.apply(t.classList,e.split(/\s+/)):t.className=t.className.replace(new RegExp("(\\s\|^)"+e+"(\\s\|$)")," ").replace(/

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Reputation:	unknown
URL:	https://sojump.cn-hangzhou.log.aliyuncs.com/logstores/foreinvisit/track.gif?APIVersion=0.6.0&activity=258807670&jointimes=60&title=2024%20Revvity%20BetterUp%20Care%E6%8A%A5%E5%90%8D%E5%95%A6&p=%E5%9B%BD%E5%A4%96&c=%E5%BE%B7%E5%9B%BD&ip=102.165.48.43&m=1&fh=0&cr=0
Preview:	GIF89a.............!.......,...........L..;

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.wjx.cn/vm/h4qfUbg.aspx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 76

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://www.wjx.cn/vm/h4qfUbg.aspx