Edit tour

Windows Analysis Report
https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

Overview

General Information

Sample URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Analysis ID:	1417337
Infos:

Detection

TechSupportScam

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2204,i,17419489808018516988,7401800398825426157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_75	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

Matcher: Template: microsoft matched with high similarity

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_75, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /postback?format=img&sum={replace} HTTP/1.1Host: m03lm.rdtk.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oom21.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952 HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oom21.z1.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: m03lm.rdtk.io

Source: chromecache_66.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_66.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_87.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_90.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_90.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_90.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49753 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_75, type: DROPPED

Source: classification engine

Classification label: mal64.phis.win@16/63@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2204,i,17419489808018516988,7401800398825426157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2204,i,17419489808018516988,7401800398825426157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	0%	Avira URL Cloud	safe
https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	2%	Virustotal		Browse
https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	100%	SlashNext	Scareware type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
wdc.rdtk.io	0%	Virustotal	Browse
userstatics.com	0%	Virustotal	Browse
windowsupdatebg.s.llnwi.net	0%	Virustotal	Browse
m03lm.rdtk.io	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://m03lm.rdtk.io/postback?format=img&sum={replace}	0%	Avira URL Cloud	safe
https://m03lm.rdtk.io/postback?format=img&sum={replace}	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
userstatics.com	172.67.208.186	true	false	0%, Virustotal, Browse	unknown
wdc.rdtk.io	23.108.56.75	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.253.62.147	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
windowsupdatebg.s.llnwi.net	69.164.0.0	true	false	0%, Virustotal, Browse	unknown
m03lm.rdtk.io	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://m03lm.rdtk.io/postback?format=img&sum={replace}	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://fontawesome.io	chromecache_66.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_90.2.dr	false	high
https://getbootstrap.com/)	chromecache_90.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_90.2.dr	false	high
https://ezgif.com/optimize	chromecache_87.2.dr	false	high
http://fontawesome.io/license	chromecache_66.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.208.186	userstatics.com	United States	13335	CLOUDFLARENETUS	false
23.108.56.75	wdc.rdtk.io	United States	393886	LEASEWEB-USA-MIA-11US	false
172.253.62.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417337
Start date and time:	2024-03-29 01:15:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@16/63@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.115.101, 172.253.115.113, 172.253.115.139, 172.253.115.102, 172.253.115.138, 172.253.115.100, 172.253.63.94, 172.253.62.84, 34.104.35.123, 20.150.101.36, 20.114.59.183, 69.164.0.0, 192.229.211.108, 13.85.23.206, 20.242.39.171, 172.253.122.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, web.jnb21prdstr05a.store.core.windows.net, slscr.update.microsoft.com, oom21.z1.web.core.windows.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1045
Entropy (8bit):	6.248239976068452
Encrypted:	false
SSDEEP:	24:A1h6A1aWwjx82lY2T3PQVvmdN2yJ3V5L75Gs5eq46col:e11LNn2bQpEbJ3fH5ThOol
MD5:	BF2B460590FBB9D8E9611A6E9006B816
SHA1:	561E1DAB259D61E798B3CE380527B71B61074FF3
SHA-256:	EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
SHA-512:	ACC9773B532BFF6A1284B78324D9BD51117A6EBFC0C549224BA4B703540DE8869AB1EFF1CCE8CC4FCA00C5B4F47D34FC27FAB27246873326CEE49D2DD5E877C0
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.../..........{@.....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)" xmpMM:InstanceID="xmp.iid:2413D6EDFC2911EA865EEF9650A38354" xmpMM:DocumentID="xmp.did:2413D6EEFC2911EA865EEF9650A38354"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2413D6EBFC2911EA865EEF9650A38354" stRef:documentID="xmp.did:2413D6ECFC2911EA865EEF9650A38354"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0......b..".#............N$..B2.U..inw.8p.^g......i......e...x.......<x......J.........[.._....C..

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (1266)
Category:	downloaded
Size (bytes):	8998
Entropy (8bit):	5.073503499348402
Encrypted:	false
SSDEEP:	192:MsW6dQjSpBjOnVX/tDSIZG43JPxDgXhCvl3RQ29Pibt04gxNgS0IOLh:MQqjujSX/5SIZV3JPJnvRvdxaLF
MD5:	6EF2560453A7B6BFF8EA7EC4265A9816
SHA1:	1ED7044A0579BB751B10BA7353A36E9D208C659E
SHA-256:	A072681FF11D60E33EB625E1D75E828542F80C9362D905C3EB9626063E27B4CC
SHA-512:	9F5F4680B6B344291F675C0E164CE20BF1626CA5B6FB84681CACD439EA8FA1DC02C0E9D9DA1DE09090DF3346E29460FAA71BA5557639B1CAF0829C34BD99AD50
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/css/styles.css
Preview:	body {. background: #fff;. -webkit-user-select: none;.-ms-user-select: none;.user-select: none;. /. background: url('bg.png');. background-repeat: no-repeat;. background-size: cover;. /.font-family: "Calibri", sans-serif;. overflow-y: hidden;. overflow-x: hidden;. }. .top {. padding-left: 10px;.. }..progress {.. width: 250px;..background: #d1d1d1;. height: 04px;..}...progress .progress__bar {. height: 100%;. width: 0%;. border-radius: 2px;. background-color: #3182be;. animation: fill-bar 6s 1;.}..@keyframes fill-bar {. from {width: 0%;}. to {width: 100%;}..}..textc {. color: grey;. font-size: 13px;.}..flex {. display: flex;.}..button {.background: #cccccc;.color: #000;.padding: 6px 32px;.text-align: center;.text-decoration: none;.display: inline-block;.font-size: 13px;.margin: 4px 2px;.cursor: pointer;.font-weight:350;..}.. .centerright img {. max-width: 100%;.}..centerright ul {. padding: 0;. list-style-type: none;.}..centerright ul {. columns: 3;.}..cente

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1358
Entropy (8bit):	4.717392968695026
Encrypted:	false
SSDEEP:	24:SNWd8mpIpM8YuQI8cx8Iwopl8HoWe8HohN8HouBh8HocQKHhKVaL1UbBkV59BLF4:SNWd8WcC+dpHW4hfupcQKcVi1UbBmzv4
MD5:	DA6AACC1CA8EAA4902D9FEE5C9C984B7
SHA1:	A06F41817583CE6182DD7121460C0BD16EA8B088
SHA-256:	989120D05B8F3D703FD6E63B49B94845D7E038D536DD27723619E1F00623683F
SHA-512:	F6DD131520E31356B9A722D091FBEDCDE35FC0978A05B505ACF132429DC689A56EF49CC93729F1220B034B6F24CE26BC47DE12237CCB03D64352C885B85DF4CF
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/js/main.js
Preview:	.. $(document).ready(function() {.. $("#chat-box").delay(1000).fadeIn(100);..});.... $(document).ready(function () {.. $("#mycanvas").click(function () {.. $("#welcomeDiv").show();.. });.. });......$(document).ready(function() {.. var audioElement = document.createElement('audio');.. audioElement.setAttribute('src', '_Fm7-alert.mp3');.. .. audioElement.addEventListener('ended', function() {.. this.play();.. }, false);.. .. .. $('.map').click(function() {.. audioElement.play();.. .. });.... $('.black').click(function() {.. audioElement.play();.. .. });.. .... $('#footer').click(function() {.. audioElement.play();.. .. });.... $('#poptxt').click(function() {.. audioElement.play();.. .. });.. .. .. .. .. ..});....$("#footer").fadeIn('slow')...css({top: '75%', position: 'absolute'})...animate({top: '92%'}, 80, function() {

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1045
Entropy (8bit):	6.248239976068452
Encrypted:	false
SSDEEP:	24:A1h6A1aWwjx82lY2T3PQVvmdN2yJ3V5L75Gs5eq46col:e11LNn2bQpEbJ3fH5ThOol
MD5:	BF2B460590FBB9D8E9611A6E9006B816
SHA1:	561E1DAB259D61E798B3CE380527B71B61074FF3
SHA-256:	EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
SHA-512:	ACC9773B532BFF6A1284B78324D9BD51117A6EBFC0C549224BA4B703540DE8869AB1EFF1CCE8CC4FCA00C5B4F47D34FC27FAB27246873326CEE49D2DD5E877C0
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/microsoft.png
Preview:	.PNG........IHDR.../..........{@.....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)" xmpMM:InstanceID="xmp.iid:2413D6EDFC2911EA865EEF9650A38354" xmpMM:DocumentID="xmp.did:2413D6EEFC2911EA865EEF9650A38354"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2413D6EBFC2911EA865EEF9650A38354" stRef:documentID="xmp.did:2413D6ECFC2911EA865EEF9650A38354"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0......b..".#............N$..B2.U..inw.8p.^g......i......e...x.......<x......J.........[.._....C..

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	607
Entropy (8bit):	7.447485705839306
Encrypted:	false
SSDEEP:	12:6v/7O/RS6RqdZ2m7OCYi3XSB2/pduLOIQBhusIDnzBhY8fFNkc:k/ByCYinSA/6yIQvusIn7Y8vkc
MD5:	2CD03A547F00CAD010F9038619DF45DE
SHA1:	912F919836A77A514C76B990ACEAF5E930A24024
SHA-256:	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
SHA-512:	51363C08843984803C8C4A6D638A551E8FC83F32E3470B4DC260290263910968A2BFD54E044CB1AD8411524F6FDC4DA81B80EC1B1082E68F8688A0D827A28EFA
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
Preview:	.PNG........IHDR...?...F.....L.......sRGB.........gAMA......a.....PLTE..........................................\|...o..o..o.\|b..b.pV..V..W.fJ..T.c=..1..=.N9.K$..).<.....3..0.~..x...$.\|...#..~..i.."..A..5..!..........gIDATx...r.0.@..Zi@l..(..@/....\ga....:}...B..dCfv.......8..eV.(.{..x.=}Q.......av...'...2.;..._y.;.s.....g.9C..C.>.G..\J}MD........_$......'..1p.W..V.......7....P}^...E.}.R..>.}*....)...->.T...8 .@.m...48...:{.V..5...........o."...1[.)..M...T.4o...~.W.....7T...p....H..p........,\..9..\Ws..../......G.G........i...MRyf.....?H...<.ETi`M.....X..t.......IEND.B`.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.418889610906542
Encrypted:	false
SSDEEP:	12:6v/7mWM/pflYMfu+trSAY6azsD0I3PIeIexo841+kSfLI5Hn+EJnx:eMGOuAYHsD/3PIeIexo/okXeEb
MD5:	0E9558D2D6E8000CE5C6C749C8FC67C2
SHA1:	F7BA9490807EF70BB6195150D6287CD54B7FEFD0
SHA-256:	91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
SHA-512:	C9EAA2F8FCADC41379CB22A7DFD3CDBE2AF35C14E38E6F328A78A38746BEF3902832E0DBB89E7A918F026A9768B520CDB1764113D130443C373ED97F2638FFC2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...B...D.............sRGB.........gAMA......a....3PLTE................\|..o..b..V..J..=..1..$......~..x..x......IDATx.... .E.E.y....Y.h[..vM.b..S..!i....u.Q}.P. ........}.eN...&.(.w...L..`.>.......e\:.. ...Z.Y../.....&...Q.O..'W.Q}.mQ...e..S..S.{...&r.p..0..6C$o..:...E..t...x...O....b...o .../U...Z=...D.t...$'.....E.<...@.'.+..@.c.\|b..\|.8.A........)?./.A...XdXA;V.3.N..b-...v.<g......oS...?......8.:.I....0.P.E.%....Az.t(...\|".l...}I...>......Y..fEe..U...T..!&.p.Uz...Wr..4M......5['.}..D....IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.4.0, contains:\012- MPEG ADTS, layer III, v2, 48 kbps, 22.05 kHz, Monaural
Category:	downloaded
Size (bytes):	179819
Entropy (8bit):	7.89500521498798
Encrypted:	false
SSDEEP:	3072:ur5+OdKdJhLE5qcnFh7EpM2aVdrtohIXsx+6vWN0U9KVrGqbo5T6Q/hIiekEy:oNKHh8qcruM2azrtohbxdxU9YaLN3GiJ
MD5:	384A26AB5D9435562373A982306936A6
SHA1:	A1E6069E39BB9D254A2A330AB218C8A0EC43D8D4
SHA-256:	7E46949CC293D6B27CCA754AEFB0F5487328B8762AD556695B5B24905CCF81CF
SHA-512:	0F3371CF298216986C3D0673CECFBE2048A4F84108C3607CBAE5AA9C7327500A0EBD8BFC3F5ACFB4EB3907A6537B92736BF12035AA2E6AA7AB67E300704E9A4A
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3:2f7357d5062687:0
Preview:	ID3......#TSSE.......Lavf58.45.100.............`...\|...`Fh..~...o..,......N.@3.....q=.....WB.X.........B....\..q.......^..4J.w......%s......M.......Bs......y....G.......h.0!..z..G.........@P....b.. .N$.O@..x(bD"!.(..17..{{...^....}8..r...=.....DB..Dww......wwt..B....&....+.......D .......<\\>...?..{.....r.....v.%..k.V...,.S...5.Fy!.......90.J...b.&(#.._.@.....Z.......t.U..T4U.w&;.?..D.y...C..(..J.....J...nC.!3.w{J.+c...^.>...HY.OJ".ww.q....F....\|.L....... ,.5.Tq=}.=.....U....(...a.s............b.."....@..=.n.0.S......4..[2{R.;8CbB`....8....0PG....:....<........x.......b.}Y..{2.B..9.....$....8Gx.......{v...^....R.}..D@....K.'..ji.....ijL..`..$...\.Rn....cLI.A.a.....k......nmC\k.n.0.H..6....%3....r=I..5h.........M......{.........G.IF...8.k..C...S.c..AA+.........Pl.jh{....... #$....L...b..$.....J..2.:C..fCV..$.......j.....H......)%ZP....K...k.)..ps..$.:.h.&.g%D.d-...a....O.?z..a......GGM?.?V.V_R?9.Q..euo...\.-..vs.......%.W;.(....Z..b..#k......B

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27265)
Category:	downloaded
Size (bytes):	27428
Entropy (8bit):	4.747313933055305
Encrypted:	false
SSDEEP:	384:ci5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8c:3lr+Klk3YlKfwYUf8l8yQ/T
MD5:	FD1609EB97E739683ACF23120FD6F6C9
SHA1:	19B2E83FE8DF09B85E74835C398AEFEE816BDFCB
SHA-256:	CE26D1B76DAE2F3B5D0CCC8D0ECD88D2EDB411101B8A4C5EDC4D9AA7008C9B04
SHA-512:	2183FDCC8AEF88B15048E735EB2D588868AE4CAAD624B4C369F276402188CABA9C962065699798AA27BC4C18AE97E16BF8FCF219D762B73726AFB1A924BABCD2
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont_1.eot#iefix&v=4.5.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../images/fontawesome-webfont.svg#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{pa

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Category:	dropped
Size (bytes):	5377
Entropy (8bit):	7.9053255966673515
Encrypted:	false
SSDEEP:	96:aLE4XxbDpcNPI1PtiJxmgX4XsRDKUiAS7zZfD61iGsr1UO2SpAdz:ao4XxegiJ/RWUIH8wbr1UO2x
MD5:	51147EB9734C3C0CAF22AA77A80D96F0
SHA1:	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5
SHA-256:	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
SHA-512:	4DBF85245CF6A9EC4274E58A872DA91E8EBA3966A48950981D3D5C85C4E2CDA00FC918C1214ED7EB70AF37E13227BDD495B22E723FEF7EC53FEA4C5BB37F830A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................sRGB.........IDATx..=v.X..c..Bb..-....%...1....F..I....T.%.......').5?...;F<Hx ..fz.>E.:Y.,....E....(..U........fP..P...@....A...a `0......`JU...@.... .!i.I.D..S(I.0.....0..#@PM.fP3..4DM....d..`...I...Z.@.B..:..J.4..F3.O@.j.....d.0...B..@...3......~.V7.)..T..T..E6.6j..~..$.@...$.....&e.....(._.%....>F.ui.O1.RA.F%j..w.&.5..TU...U......$...l......a......0..T3.jTU.....9.O..#..J.5../..k......TP.0X.K.......$...h$H.(.._0l../..d.G...=..Y.\|..`.F}..4B..5`P.../.....%.6.=4.?....6....l....o...T#.3....w...n7......v.gU.B...J....Y...b....xm..s....)HEC....Z.FZ...}....T@.L..J@H#..@.....j.a.hCmH.L.2H.j.A.v............a.\|..fT.....T.Y.j..m..m..i.$(..H..d....`h<.a...b...k(.....c_UU..T.xH.L.>S.."..^!.......a.G.t(.....1..d.x&..P.1;......^5x)..>.e...7.#.P5...6q..U........Ii`.........RD.O......P.&..0`.x.2.B.......,.G.3H.nah..[B.3..4I.U......^nI..h....k..K...S.5..36 j.l.UbaW.....&..gy.-..u....d..-hS..%6j@CE...1.......phe.QA.A.q.T..x%FX..

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Category:	dropped
Size (bytes):	17173
Entropy (8bit):	6.662336090490458
Encrypted:	false
SSDEEP:	192:ZjA6YNMtKwZPJrQy4luZBYNMtKwZPvRknP1tRQpw5v:ZdYNg7517i6YNg75vqnPzzN
MD5:	4BF52EB9B3EFCE840ADD1A90D83A40E5
SHA1:	6348A7617DFCE3165E07AF53A48DF7892D62FFE1
SHA-256:	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
SHA-512:	5EA12290BA3A6F3EFC59B91A594E8C5C652FE21E035AF851BF81ED40FE1C7D226A1DCD4A159E0D8207881AF3F65F4E20DE76E623BFDD5F4A663F479E414EE977
Malicious:	false
Reputation:	low
Preview:	......Exif..II*...........................'...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2023:02:24 11:53:28.............0221................................'...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	5.102751486482574
Encrypted:	false
SSDEEP:	3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
MD5:	FEA7FBF2C619FD4B7716FCAA64070C6C
SHA1:	F192732937981A26F526B7C1293A2AE13BC59A22
SHA-256:	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
SHA-512:	145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
Malicious:	false
Reputation:	low
URL:	https://userstatics.com/get/script.js?referrer=https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Preview:	document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1903 x 1020, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	549442
Entropy (8bit):	7.994805157826083
Encrypted:	true
SSDEEP:	12288:IjQ8p0xvN9qc86dWDRfhVlu9vuInKyZH6Wjvp4qZaqAG58/:Ijfp0p/8dRE9K+bp4q0KW
MD5:	F3E18C4DA95B83AB519A72F2876019F2
SHA1:	209F613FED2D2202E134E00081AD3C32EC5E6A25
SHA-256:	466835EF2D6F0F0BFDDAFA405154702E36A5588F69684DD3B6642F9013EB778B
SHA-512:	169598F9793AA478FD14E5BE8785BA583EE9D0AF6C31E64BF8C2EDD05F9F5F6D2510669C38600E90448645CA12D4EC729E7953AC6DB99BF1E3C2AE98231E234B
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
Preview:	.PNG........IHDR...o..........b.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........6.u....zTXtRaw profile type 8bim..X...]..*....E...@0.~...k.r...so....1B.ikK.\........%.X$H.yHH...{...5.{O,.l.._....7}.p......6,O..=..].w...MA=....b.n..[...G...p[4...{.;.zL..y}....i......E1..S{^.Q...:..K.........]....7...s.t..y.O..N...#z.{.....c7.........7..............}..[`.G..%H...g....M3<.P.......}Sox....n.e.e..x.~..W.....D.].KQ.!o.V..y.j9.. ..U.u...$.?\.......)g.?...v..q...y..5./.......9.......G./......WT.="..L.zzO...'..D@.:>...H\.2$..ZOA.{...Q..Dm&[..;n.\|..V.._T...K...........p....]8..a..\|3......v.L.K.'..._.c.V...C.-....l.........^.e..\.{.....I...aQ...M..d......o."..l@.M='W..6,..z....?.~V..<0..].<.....l!..S^q[',..' ...L..G....O._....B'e.By..tq?..K....C....r..rg.U.w%.t.)y].X........P..~.Y.^.\i.Q.h..)..L.I.L.h.x.I..[.X....a......[.c..b`\q\|T..>.1.C.g...tl.c.....Y.......o.....:.I.=......]p)..y..k.l...W...PP.1.+R..

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1162
Entropy (8bit):	7.723808800061788
Encrypted:	false
SSDEEP:	24:dpNeMBuYZOmwwtJweyghnv6TxsJhbNyLLiSQ7Dcx8kiffy:dXJQHmwe6TxsncuSyjkiffy
MD5:	35629CC2ADC804353A548305F1217206
SHA1:	CDA6E89C5F6A644683AEA6999A5D11E00DC64275
SHA-256:	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
SHA-512:	EF05981D640985C67612B881F3EE426818589499EFB8B7F695A57D4C53634B22A097B47311673C105EF414A6062086761967EBFC638FE6131046D767689DEE03
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............4.....sRGB.........gAMA......a.....PLTE.........................................................................................................................................................................................................................................................................................}....\|.............r.~...............k.w...d.r...`.o`.n......[.j......N.^...E.VD.U...A.R...@.Q\|\|\|_.f9.K8.Jyyy6.H7.Httt<.Jrrrpppooo.=mmm&.98.Fkkkjjj#.7!.5".5=.Ihhh..2gggfff<.Heee../..1../..+....```..&..$]]]..#\\\@nH.. ..,ZZZ......YYYXXXWWW..................UUU......AZFPPPMMMLLLEOGIII@HBCCCBBBAAA???777666555444333111---+++**(((%'%&&&....................'9....IDATx.c`.( m.W..X.b/..#b].5y.C.t..".....M.?%....,....(!F...&[.c3.y!<....~"0..+.Wj..J.....A9.7..1dg`.6...eS....&w.zO..4.h.y............MK.u...o(@L..n..S....q.A.10..G.#...4T9.....P....rB!W#.X8......d..1..]NRv...=...SJ...3......_.a....= rr9..A.v.=.R;'9@.O

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	542
Entropy (8bit):	7.418889610906542
Encrypted:	false
SSDEEP:	12:6v/7mWM/pflYMfu+trSAY6azsD0I3PIeIexo841+kSfLI5Hn+EJnx:eMGOuAYHsD/3PIeIexo/okXeEb
MD5:	0E9558D2D6E8000CE5C6C749C8FC67C2
SHA1:	F7BA9490807EF70BB6195150D6287CD54B7FEFD0
SHA-256:	91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
SHA-512:	C9EAA2F8FCADC41379CB22A7DFD3CDBE2AF35C14E38E6F328A78A38746BEF3902832E0DBB89E7A918F026A9768B520CDB1764113D130443C373ED97F2638FFC2
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
Preview:	.PNG........IHDR...B...D.............sRGB.........gAMA......a....3PLTE................\|..o..b..V..J..=..1..$......~..x..x......IDATx.... .E.E.y....Y.h[..vM.b..S..!i....u.Q}.P. ........}.eN...&.(.w...L..`.>.......e\:.. ...Z.Y../.....&...Q.O..'W.Q}.mQ...e..S..S.{...&r.p..0..6C$o..:...E..t...x...O....b...o .../U...Z=...D.t...$'.....E.<...@.'.+..@.c.\|b..\|.8.A........)?./.A...XdXA;V.3.N..b-...v.<g......oS...?......8.:.I....0.P.E.%....Az.t(...\|".l...}I...>......Y..fEe..U...T..!&.p.Uz...Wr..4M......5['.}..D....IEND.B`.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	463
Entropy (8bit):	7.179067065082675
Encrypted:	false
SSDEEP:	12:6v/7Kk/ZULAVExM3OCHtL5bCRyqYJkz6Ziu/SAF5p9UCNb:dDEO+3VHt95tEWiu/SAF5p2ob
MD5:	905D91C276116928FA306EA732723FA9
SHA1:	092604F6A8786E46A7DEE06065D29D2896FCF568
SHA-256:	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
SHA-512:	701EF9AF42666AA12CE68726C8BE76F093A6C22999E0869B05462163372ACD3A6E7B728815035B7C29423C3E74EFB3F8CD36806F709C6C3BFA744F036F67FE97
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
Preview:	.PNG........IHDR...!.........^JT.....sRGB.........gAMA......a....~PLTE.................................................W.fT.c...=.Nzzz9.K5.G).<iii..39xD.."WWW/n:...GGG.t..b..].444.?.###.............IDATx....6.0.....%.:=.F..]D....-.Io.5...'.LZ...j....<d.Pg..g.s..-v....&.....&o#....q.H.........@L).].T.@....d..%.1....o...P..B..y.%;.k.a]fG.....g..3..'.....d.O.{...J.Y.N..z...tus:?.%...(]rv8J..w.ty8J.K...$.$........_..k~......nt.O....IEND.B`.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	23236
Entropy (8bit):	5.7125320397887345
Encrypted:	false
SSDEEP:	192:ClIazFsyvfAWkPV17BEg8NQnF8HtN1vZnzoMuGrm4gYn7ZiQ4l0AnkZZ4VmXEPSw:0ri2to8tZnnuGrm4TMjaXltLG/uQzT
MD5:	2FE10C2E18939D250D347BAB1D9FA025
SHA1:	55B6EBCD7EA3D897961C13A899AC02E460F03D5F
SHA-256:	C1500B37F0B256D94481688CDF1CDD64A252E68AC1A4D079BD0C3CDD2AB5DFA1
SHA-512:	7643EB47AE7A5147E826537D5F640B65663062B80779B36B339A9F71DFC7E263416E45EA31BDB221355BE755682618CAEFF70E6FFCF428F0B4E87BB8D3680E45
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Preview:	<!DOCTYPE html><html>.<head>.. <script>. function jkdhasjkhdgwqhgehkqgweyuodq(name). {. name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");. var regexS = "[\\?&]"+name+"=([^&#]*)";. var regex = new RegExp( regexS );. var results = regex.exec( window.location.href );. if( results == null ). return "";. else. return results[1];. }. var bcda = jkdhasjkhdgwqhgehkqgweyuodq('bcda');. </script>..<meta name="robots" content="noindex, nofollow">. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title></title>. <link rel="stylesheet" href="css/styles.css">.<link rel="shortcut icon" href="images/microsoft.png" type="image/png">.<link rel="stylesheet" href="css/font-awesome.min.css">.<style>. @font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1162
Entropy (8bit):	7.723808800061788
Encrypted:	false
SSDEEP:	24:dpNeMBuYZOmwwtJweyghnv6TxsJhbNyLLiSQ7Dcx8kiffy:dXJQHmwe6TxsncuSyjkiffy
MD5:	35629CC2ADC804353A548305F1217206
SHA1:	CDA6E89C5F6A644683AEA6999A5D11E00DC64275
SHA-256:	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
SHA-512:	EF05981D640985C67612B881F3EE426818589499EFB8B7F695A57D4C53634B22A097B47311673C105EF414A6062086761967EBFC638FE6131046D767689DEE03
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
Preview:	.PNG........IHDR...............4.....sRGB.........gAMA......a.....PLTE.........................................................................................................................................................................................................................................................................................}....\|.............r.~...............k.w...d.r...`.o`.n......[.j......N.^...E.VD.U...A.R...@.Q\|\|\|_.f9.K8.Jyyy6.H7.Httt<.Jrrrpppooo.=mmm&.98.Fkkkjjj#.7!.5".5=.Ihhh..2gggfff<.Heee../..1../..+....```..&..$]]]..#\\\@nH.. ..,ZZZ......YYYXXXWWW..................UUU......AZFPPPMMMLLLEOGIII@HBCCCBBBAAA???777666555444333111---+++**(((%'%&&&....................'9....IDATx.c`.( m.W..X.b/..#b].5y.C.t..".....M.?%....,....(!F...&[.c3.y!<....~"0..+.Wj..J.....A9.7..1dg`.6...eS....&w.zO..4.h.y............MK.u...o(@L..n..S....q.A.10..G.#...4T9.....P....rB!W#.X8......d..1..]NRv...=...SJ...3......_.a....= rr9..A.v.=.R;'9@.O

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	920
Entropy (8bit):	7.724066066811572
Encrypted:	false
SSDEEP:	12:6v/7mB/l0/J6RqecpVWT8b+KOKdshUh+fawoZ0fIJJXTSpB9rXMnhiXy1wps22h:RLO5XWT8ahKdshUhgpuZTuB9rgiICw
MD5:	B0495EDE4C875843FEC037C794E9FF9A
SHA1:	C813AEFBA255A5CC53AEA7811F987CCB551C3128
SHA-256:	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
SHA-512:	41C4F6A27BA85162C03B80AFB29CCE78F4F6BCED74D1249D4E8DECD53E9D9B52230CBC8321F7B579ED30C0285F75B9EECB14724D55DC2F4D4906BFDB2C2B75C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...M...?......=.H....sRGB.........gAMA......a.....PLTE..........................................\|......o..o.\|b..b.pV..W.fJ..T.c=..D..1..=.N9.K$..(..).<........3..0.~..x..z...$.\|...7..i..U..6..!....<......IDATx..m..@...I.R.Ff..;......p...?....:{...o....7.......(..k.B..`BdCZ..cp.Tz..E.....q.6.\._)Q....._.)..q....}....r.B.\|.q<.ZR,...v....:K.....e#.A/.o....p..]...j-..mu.p8....h\...>.....7!. u...JR.....V.N..Y..^a0..K5..... ......;p'!..'.R....Rx.L>....t-.......)....&%X.8.I......}.VZ....4..2`.=.n..6(.6..cpl.l.82..H[X.=..VH.e.c..r..Eom.Lm.+..F.r=..h..jn\l.-..../?e-.g.&..c...........9kB...].4..U....AK..::%3h........}..Tsw....P..+.M.vZ....d.......q'w.,t..a.~.<..:i;..$.O.O..4.Phig.F..=.......,.._..]....O~...+l.../y........I..,..........,..m.<9k/w...~..g:../.@...n.m#;...b..k..zD.....+.4..[..i"ma.pg.J...;..h^....2...y.lF7.(...C.W.V.nAor.......c.....IEND.B`.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	463
Entropy (8bit):	7.179067065082675
Encrypted:	false
SSDEEP:	12:6v/7Kk/ZULAVExM3OCHtL5bCRyqYJkz6Ziu/SAF5p9UCNb:dDEO+3VHt95tEWiu/SAF5p2ob
MD5:	905D91C276116928FA306EA732723FA9
SHA1:	092604F6A8786E46A7DEE06065D29D2896FCF568
SHA-256:	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
SHA-512:	701EF9AF42666AA12CE68726C8BE76F093A6C22999E0869B05462163372ACD3A6E7B728815035B7C29423C3E74EFB3F8CD36806F709C6C3BFA744F036F67FE97
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...!.........^JT.....sRGB.........gAMA......a....~PLTE.................................................W.fT.c...=.Nzzz9.K5.G).<iii..39xD.."WWW/n:...GGG.t..b..].444.?.###.............IDATx....6.0.....%.:=.F..]D....-.Io.5...'.LZ...j....<d.Pg..g.s..-v....&.....&o#....q.H.........@L).].T.@....d..%.1....o...P..B..y.%;.k.a]fG.....g..3..'.....d.O.{...J.Y.N..z...tus:?.%...(]rv8J..w.ty8J.K...$.$........_..k~......nt.O....IEND.B`.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32478)
Category:	downloaded
Size (bytes):	84817
Entropy (8bit):	5.373777901642572
Encrypted:	false
SSDEEP:	1536:AP1Wk7i6GUHdXXeyQazBu+4HhiO2Id0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrb:K4UdeJiz6UAIJ8pa98Hrb
MD5:	20C129BEDB4A26DB02FC0F54D026C3F5
SHA1:	093B9D2728788DE24A728742070A348B2848573F
SHA-256:	436ECC90FAB5ED1034B68A4A0E924E0132D93D9E7FB59B4FE23018EB7D9242C1
SHA-512:	1997641A1DBA92AF7C28FE67C14FC3F89C1E49BE14DD8A8903C3C5D4A4AAE6161B00BF37D02EDA6E8B45F88936C0A7871C1D465036D6F1D18C36ED8D419B78DE
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
Preview:	/! jQuery v2.1.3 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	813
Entropy (8bit):	7.634265238983043
Encrypted:	false
SSDEEP:	24:h00pTjSMySX+80rKccuDFg9QaHIUv6NtSMRNCYtcaW:h00+e/8K/2eQaHIDzTW5
MD5:	D648C1837D01495ECCD63E053491F72A
SHA1:	991D8F6C72777239472410D6129FD5F25ED9D134
SHA-256:	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
SHA-512:	522F6CC26722C7335CF574716FF3EF4C9040FEFD6F8F065F49F05D235D077B1980858824A6FF1C98710DB35511525D37FD350822FF412F38420317E82BD305A2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...M...H........1....sRGB.........gAMA......a.....PLTE............................................\|...o..o.\|b..e..b.pV..W.fJ..T.c=..1..=.N5..9.K$..).<.....3..0.~..x..z...$.\|..}..~...i..B..U..5..!....._..../IDATx..mW.0.....RCr.+Q.....[.....p.N..o......>)B'.tR.Mb.8..j..f..R...+...V2...r.z.`...NX.\.c....e........Fev.8\|<..1..A..v.E..!.&..\|........n.T..(....q.<.b.[U[......MmAjq.S.........>.g..l2.q..H.wZ-..#...O..3!.E.r...wg.C./wS......O...O.k=....u`=}.J.B[..z.......,cI..h*../.(5.{ ....i...LB.k.W.4....fr.....,..G+...#.na.H.F..m.0t...1c.^.........q?@.?... K...q...!4n..b..FZ...!L..AC.(v...+X&K....[w.&L..0...b]..`b...x...D....H=.....>..i..[...wK.R..g.....r..R....6.p...1}.j.6......\.G..p..i$.........h...L..v.A.....#2JI...,!...b..osk.....q....IEND.B`.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	464
Entropy (8bit):	4.860420190181752
Encrypted:	false
SSDEEP:	12:8IDRR1Y5iLvnE5sR5GDRR1Y5i+h2DRRM5iLvsRGAUDRRu1Bm:8cRR14ibnEMwRR14igORRkibsRGAIRR3
MD5:	2856B9008B89D67BE19D586E43AE8521
SHA1:	D47AC3F1328FB58B19584D77D2E3ACC93663FB10
SHA-256:	19E9AAA12F8478366B3707FF49B0E3CFC4818F9343B48F5D43890C943D1B1A3D
SHA-512:	EDB79A20D1E279D96F637B23A0D769F7F98A5468BF6E01260E761F746CC3664D8515DD7C15C621EAF661122466B72486F6BE547DCAEB83734819E7C229B743F9
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/js/scripts.js
Preview:	setTimeout(function () {. document.getElementById("box").style.display = "block";.. // 100%//. }, 8);. setTimeout(function () {. startScan();.}, 10);. function startScan() {. document.getElementById("box").style.display = "none";. document.getElementById("scan").style.display = "block";.. $(".alert_popup").delay(10).fadeIn(5);. $(".lst").delay(15).fadeIn(5);.. }.. function playSound() {. document.getElementById("beep").play();. }..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	386359
Entropy (8bit):	7.918825986924844
Encrypted:	false
SSDEEP:	6144:NA4ofIJI3N5DUXeDZyvPUeNf4N7CPKGfMZM2ZIc6zN3Nl6aF9YfUtuQ/iKgQbN:NDCx3jguDZynO7CPKGkZM2n6Dl6yYG7J
MD5:	BE42AD7752720327D28BF52DBDBB64C2
SHA1:	F4CCE31B9236319AA9C87FEE038638D1DE12C07D
SHA-256:	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
SHA-512:	AFD543CC2D26243B5AC4EECCB90BAD2149A18713F7F904265337203B9D67D9E47ADAD554AE2A049C2D80D48D095048F091C40AE974621062F786B81821783AE0
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... ......V......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Category:	downloaded
Size (bytes):	17173
Entropy (8bit):	6.662336090490458
Encrypted:	false
SSDEEP:	192:ZjA6YNMtKwZPJrQy4luZBYNMtKwZPvRknP1tRQpw5v:ZdYNg7517i6YNg75vqnPzzN
MD5:	4BF52EB9B3EFCE840ADD1A90D83A40E5
SHA1:	6348A7617DFCE3165E07AF53A48DF7892D62FFE1
SHA-256:	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
SHA-512:	5EA12290BA3A6F3EFC59B91A594E8C5C652FE21E035AF851BF81ED40FE1C7D226A1DCD4A159E0D8207881AF3F65F4E20DE76E623BFDD5F4A663F479E414EE977
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
Preview:	......Exif..II*...........................'...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2023:02:24 11:53:28.............0221................................'...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	386359
Entropy (8bit):	7.918825986924844
Encrypted:	false
SSDEEP:	6144:NA4ofIJI3N5DUXeDZyvPUeNf4N7CPKGfMZM2ZIc6zN3Nl6aF9YfUtuQ/iKgQbN:NDCx3jguDZynO7CPKGkZM2n6Dl6yYG7J
MD5:	BE42AD7752720327D28BF52DBDBB64C2
SHA1:	F4CCE31B9236319AA9C87FEE038638D1DE12C07D
SHA-256:	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
SHA-512:	AFD543CC2D26243B5AC4EECCB90BAD2149A18713F7F904265337203B9D67D9E47ADAD554AE2A049C2D80D48D095048F091C40AE974621062F786B81821783AE0
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/cross.png
Preview:	.PNG........IHDR... ... ......V......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	813
Entropy (8bit):	7.634265238983043
Encrypted:	false
SSDEEP:	24:h00pTjSMySX+80rKccuDFg9QaHIUv6NtSMRNCYtcaW:h00+e/8K/2eQaHIDzTW5
MD5:	D648C1837D01495ECCD63E053491F72A
SHA1:	991D8F6C72777239472410D6129FD5F25ED9D134
SHA-256:	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
SHA-512:	522F6CC26722C7335CF574716FF3EF4C9040FEFD6F8F065F49F05D235D077B1980858824A6FF1C98710DB35511525D37FD350822FF412F38420317E82BD305A2
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
Preview:	.PNG........IHDR...M...H........1....sRGB.........gAMA......a.....PLTE............................................\|...o..o.\|b..e..b.pV..W.fJ..T.c=..1..=.N5..9.K$..).<.....3..0.~..x..z...$.\|..}..~...i..B..U..5..!....._..../IDATx..mW.0.....RCr.+Q.....[.....p.N..o......>)B'.tR.Mb.8..j..f..R...+...V2...r.z.`...NX.\.c....e........Fev.8\|<..1..A..v.E..!.&..\|........n.T..(....q.<.b.[U[......MmAjq.S.........>.g..l2.q..H.wZ-..#...O..3!.E.r...wg.C./wS......O...O.k=....u`=}.J.B[..z.......,cI..h*../.(5.{ ....i...LB.k.W.4....fr.....,..G+...#.na.H.F..m.0t...1c.^.........q?@.?... K...q...!4n..b..FZ...!L..AC.(v...+X&K....[w.&L..0...b]..`b...x...D....H=.....>..i..[...wK.R..g.....r..R....6.p...1}.j.6......\.G..p..i$.........h...L..v.A.....#2JI...,!...b..osk.....q....IEND.B`.

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Category:	downloaded
Size (bytes):	5377
Entropy (8bit):	7.9053255966673515
Encrypted:	false
SSDEEP:	96:aLE4XxbDpcNPI1PtiJxmgX4XsRDKUiAS7zZfD61iGsr1UO2SpAdz:ao4XxegiJ/RWUIH8wbr1UO2x
MD5:	51147EB9734C3C0CAF22AA77A80D96F0
SHA1:	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5
SHA-256:	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
SHA-512:	4DBF85245CF6A9EC4274E58A872DA91E8EBA3966A48950981D3D5C85C4E2CDA00FC918C1214ED7EB70AF37E13227BDD495B22E723FEF7EC53FEA4C5BB37F830A
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
Preview:	.PNG........IHDR....................sRGB.........IDATx..=v.X..c..Bb..-....%...1....F..I....T.%.......').5?...;F<Hx ..fz.>E.:Y.,....E....(..U........fP..P...@....A...a `0......`JU...@.... .!i.I.D..S(I.0.....0..#@PM.fP3..4DM....d..`...I...Z.@.B..:..J.4..F3.O@.j.....d.0...B..@...3......~.V7.)..T..T..E6.6j..~..$.@...$.....&e.....(._.%....>F.ui.O1.RA.F%j..w.&.5..TU...U......$...l......a......0..T3.jTU.....9.O..#..J.5../..k......TP.0X.K.......$...h$H.(.._0l../..d.G...=..Y.\|..`.F}..4B..5`P.../.....%.6.=4.?....6....l....o...T#.3....w...n7......v.gU.B...J....Y...b....xm..s....)HEC....Z.FZ...}....T@.L..J@H#..@.....j.a.hCmH.L.2H.j.A.v............a.\|..fT.....T.Y.j..m..m..i.$(..H..d....`h<.a...b...k(.....c_UU..T.xH.L.>S.."..^!.......a.G.t(.....1..d.x&..P.1;......^5x)..>.e...7.#.P5...6q..U........Ii`.........RD.O......P.&..0`.x.2.B.......,.G.3H.nah..[B.3..4I.U......^nI..h....k..K...S.5..36 j.l.UbaW.....&..gy.-..u....d..-hS..%6j@CE...1.......phe.QA.A.q.T..x%FX..

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
Category:	downloaded
Size (bytes):	66624
Entropy (8bit):	7.996443365254666
Encrypted:	true
SSDEEP:	1536:P7P0ehdxE792JHJ2qrz+MoCpeUtsG9eDeh9Zw+ZyqJ:PPlYw1re8Lsqh7MqJ
MD5:	DB812D8A70A4E88E888744C1C9A27E89
SHA1:	638C652D623280A58144F93E7B552C66D1667A11
SHA-256:	FF82AEED6B9BB6701696C84D1B223D2E682EB78C89117A438CE6CFEA8C498995
SHA-512:	17222F02957B3335849E3FE277B17C21C4AAF0C76CD3DA01A4CA39C035629695D29645913865B78E097066492F9CEE5618AF5159560363D2723BED7C3B9CF2A8
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
Preview:	wOF2.......@...................................?FFTM.. .`..r........5.6.$........ ..... ?webf.[.....@...nC....t.TL...f...t....q...5....?=i.l..\.vl ..T...b.... .1.f..7.T.Q....D.;:...1.l.jv..e....n..E....k5>.d.7Q.l..Ba....u.x].......W.C....$.8.v#..y`..F..1aM.8.....w.=\|'..0..T\|..2/..M.%.b.. .tY$!.....5cb.....(.&.-A/mY......./y..o\........Z=.....5c.k._.n3...(W.........Nag+.....O.R.'...5...=?....m...L......:..._V...........z+zc.1`..Q#j.../.Z0...-..F..i.b.F"2.<EE...;.."u?..........R.Z.HR..D...x.Y,.5.Tt.vb...e..YN..sFND+........1.......`.....D.(.&6baP6(.....X.6gNW.6k..9]..v......$Cf.v.v..x@..-J.`G...w..w[..A.......4.msI>....i.......p..F(2b....~H.]J.]..j....F.f-~.@......gg.B.-..Tx.%..pU.u..me....'........;...@7..t.=pN....../_.U8.....r....s...X=g....H........j..c....d._1l:1i..I..T.r..>.....v{Gb...T1*...f.-.x.-i..{..1..h...>..(..3.3..!.$.:.....j.~....:ugv.......%.....?...d..5+......fU.z...X.X.<.c%@fBHO.8.....i..G...{...[..M#.FZk."_.'.n{.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.063690284738201
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOpIV+WULdR2p020c+E:hax0rKRHkhzRH/Un2i2GprK5YWOiXULs
MD5:	2CFDBAD56A2E2E764DFEA069F3053444
SHA1:	2C384FD931C68D0CAF09953D15D1A5F5FB9BA6C6
SHA-256:	F32242E7610213C5D095AF5CF0705FF94F9F2AF8B5F005063467404117161283
SHA-512:	67EE5C3CCF334949B78E225E59E95E2F3F26C91E85B6E6AF1B519E2B52F63482C55A55FCF202A798AF1BB2AE2206CFF90B124567C1FB113FE490A5F0CC23A0D1
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 7371b60d-a01e-001a-6e6e-81c948000000</li><li>TimeStamp : 2024-03-29T00:16:19.1224392Z</li></ul></p></body></html>

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59765)
Category:	downloaded
Size (bytes):	60044
Entropy (8bit):	5.145139926823033
Encrypted:	false
SSDEEP:	768:wfAnnayQIk8HVheIE8Dg76TXQI4vPKMEK6viTlCDFm4n6xOp6Pxg3/wCVaAk2:wfUnTcWCw6xJxg7aAz
MD5:	02D223393E00C273EFDCB1ADE8F4F8B1
SHA1:	0CC93B8421D89C24A889642428B363CB831DE78A
SHA-256:	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
SHA-512:	339296DF3B6E2080A65488634AA5DED35A15D9BA5EDB8F203B1AA695C62B13302FC2CECFC37CFA04AD2219BAF0BDDAD4414862DDE5E0B71A7923C3C3A3D61F8D
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(){return(s=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&Objec

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 21716, version 1.0
Category:	downloaded
Size (bytes):	21716
Entropy (8bit):	7.988919175869214
Encrypted:	false
SSDEEP:	384:DfspV407P6+jGlbMAA2cdv92Dg3AuGZ0KGKBb2ZXdWgb98JmSKMrN:D64Ei+n2c19NuqKuZXdWv79N
MD5:	D4FF90DB5DA894C833F356F47A16E408
SHA1:	30606044507D81B996C992895AB16B8A8D68BE97
SHA-256:	F2C761EE3CE27469F940A05B64E38A829A400427727CD0BDBB4E36F1D572AFD7
SHA-512:	85C6305EE6973EBF449EFCFC95BB10A66E5CBA92D026A2EC4F1072DC8CCBC5B4A4A384FE425E53E2DADE2180F37CCA56243ED354033CFCA5821CBB77FB8B0FA1
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Preview:	wOF2......T........P..Tp..........................4..,..@.`..~..d..u.....<..4.....6.$.... ..V..X..^...'..:...m......?..ts..6(#k.y........ON....Mn..X..~X%A...T...q.r.L..9..B}#e....}......{..l.I>.n.....u.>v(..}lo.2.f..D.TG...:mc.3.M..A...../aJl..ZT.b.S.E}..wq.B...&...Y..s.o....Qs....>.]u^O....d..Y....oEfh.........u..X.....E.3c....r...Eb.....N2+%\...J.6]N:.g[~..,..>@.`IXs........LP...c.!K.X[......A7Z....O..g....5..1...=..X....e!._.A..u.raef..y.....>li,/+..-.P-)...w.I..3\..s^.....T.\.1.;.x.:.r.7g...dK.$;....L2.t.i..hz.....>............5...,~}...W#..X.2...E,.Y.3..f.#........[..X......fDW.d...Y..8..T....^.{BC...+.W..9...`...\ ...c`.nc........_...}6A5eM.0r.IG...Km...l.'.o..py.~7.........P....9...hI.A'...D9.....4Q...9sc..9..........9lw.P...dI..z...S.>U.5.@Z...{.....=`R(...l.T.5...4{K.....L..A.]...Rg.3......l..a......I.>...p.q.H.E=.$...Ps..LU..=.$......YU....#Fn..Q..c...B...4...B..3....?....ywJ.$.I..L....yK...m.!..b_g.eH.3,.5 .@.D.........)N.?.<yR......Ro

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	920
Entropy (8bit):	7.724066066811572
Encrypted:	false
SSDEEP:	12:6v/7mB/l0/J6RqecpVWT8b+KOKdshUh+fawoZ0fIJJXTSpB9rXMnhiXy1wps22h:RLO5XWT8ahKdshUhgpuZTuB9rgiICw
MD5:	B0495EDE4C875843FEC037C794E9FF9A
SHA1:	C813AEFBA255A5CC53AEA7811F987CCB551C3128
SHA-256:	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
SHA-512:	41C4F6A27BA85162C03B80AFB29CCE78F4F6BCED74D1249D4E8DECD53E9D9B52230CBC8321F7B579ED30C0285F75B9EECB14724D55DC2F4D4906BFDB2C2B75C3
Malicious:	false
Reputation:	low
URL:	https://oom21.z1.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
Preview:	.PNG........IHDR...M...?......=.H....sRGB.........gAMA......a.....PLTE..........................................\|......o..o.\|b..b.pV..W.fJ..T.c=..D..1..=.N9.K$..(..).<........3..0.~..x..z...$.\|...7..i..U..6..!....<......IDATx..m..@...I.R.Ff..;......p...?....:{...o....7.......(..k.B..`BdCZ..cp.Tz..E.....q.6.\._)Q....._.)..q....}....r.B.\|.q<.ZR,...v....:K.....e#.A/.o....p..]...j-..mu.p8....h\...>.....7!. u...JR.....V.N..Y..^a0..K5..... ......;p'!..'.R....Rx.L>....t-.......)....&%X.8.I......}.VZ....4..2`.=.n..6(.6..cpl.l.82..H[X.=..VH.e.c..r..Eom.Lm.+..F.r=..h..jn\l.-..../?e-.g.&..c...........9kB...].4..U....AK..::%3h........}..Tsw....P..+.M.vZ....d.......q'w.,t..a.~.<..:i;..$.O.O..4.Phig.F..=.......,.._..]....O~...+l.../y........I..,..........,..m.<9k/w...~..g:../.@...n.m#;...b..k..zD.....+.4..[..i"ma.pg.J...;..h^....2...y.lF7.(...C.W.V.nAor.......c.....IEND.B`.

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1903 x 1020, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	549442
Entropy (8bit):	7.994805157826083
Encrypted:	true
SSDEEP:	12288:IjQ8p0xvN9qc86dWDRfhVlu9vuInKyZH6Wjvp4qZaqAG58/:Ijfp0p/8dRE9K+bp4q0KW
MD5:	F3E18C4DA95B83AB519A72F2876019F2
SHA1:	209F613FED2D2202E134E00081AD3C32EC5E6A25
SHA-256:	466835EF2D6F0F0BFDDAFA405154702E36A5588F69684DD3B6642F9013EB778B
SHA-512:	169598F9793AA478FD14E5BE8785BA583EE9D0AF6C31E64BF8C2EDD05F9F5F6D2510669C38600E90448645CA12D4EC729E7953AC6DB99BF1E3C2AE98231E234B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...o..........b.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........6.u....zTXtRaw profile type 8bim..X...]..*....E...@0.~...k.r...so....1B.ikK.\........%.X$H.yHH...{...5.{O,.l.._....7}.p......6,O..=..].w...MA=....b.n..[...G...p[4...{.;.zL..y}....i......E1..S{^.Q...:..K.........]....7...s.t..y.O..N...#z.{.....c7.........7..............}..[`.G..%H...g....M3<.P.......}Sox....n.e.e..x.~..W.....D.].KQ.!o.V..y.j9.. ..U.u...$.?\.......)g.?...v..q...y..5./.......9.......G./......WT.="..L.zzO...'..D@.:>...H\.2$..ZOA.{...Q..Dm&[..;n.\|..V.._T...K...........p....]8..a..\|3......v.L.K.'..._.c.V...C.-....l.........^.e..\.{.....I...aQ...M..d......o."..l@.M='W..6,..z....?.~V..<0..].<.....l!..S^q[',..' ...L..G....O._....B'e.By..tq?..K....C....r..rg.U.w%.t.)y].X........P..~.Y.^.\i.Q.h..)..L.I.L.h.x.I..[.X....a......[.c..b`\q\|T..>.1.C.g...tl.c.....Y.......o.....:.I.=......]p)..y..k.l...W...PP.1.+R..

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	607
Entropy (8bit):	7.447485705839306
Encrypted:	false
SSDEEP:	12:6v/7O/RS6RqdZ2m7OCYi3XSB2/pduLOIQBhusIDnzBhY8fFNkc:k/ByCYinSA/6yIQvusIn7Y8vkc
MD5:	2CD03A547F00CAD010F9038619DF45DE
SHA1:	912F919836A77A514C76B990ACEAF5E930A24024
SHA-256:	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
SHA-512:	51363C08843984803C8C4A6D638A551E8FC83F32E3470B4DC260290263910968A2BFD54E044CB1AD8411524F6FDC4DA81B80EC1B1082E68F8688A0D827A28EFA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...?...F.....L.......sRGB.........gAMA......a.....PLTE..........................................\|...o..o..o.\|b..b.pV..V..W.fJ..T.c=..1..=.N9.K$..).<.....3..0.~..x...$.\|...#..~..i.."..A..5..!..........gIDATx...r.0.@..Zi@l..(..@/....\ga....:}...B..dCfv.......8..eV.(.{..x.=}Q.......av...'...2.;..._y.;.s.....g.9C..C.>.G..\J}MD........_$......'..1p.W..V.......7....P}^...E.}.R..>.}*....)...->.T...8 .@.m...48...:{.V..5...........o."...1[.)..M...T.4o...~.W.....7T...p....H..p........,\..9..\Ws..../......G.G........i...MRyf.....?H...<.ETi`M.....X..t.......IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 01:16:00.013082027 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 01:16:01.200603962 CET	49678	443	192.168.2.4	104.46.162.224
Mar 29, 2024 01:16:09.381442070 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.381450891 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.381516933 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.381844044 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.381853104 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.539287090 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.539319992 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.539397955 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.539750099 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.539762020 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.620877028 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 01:16:09.762305975 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.762737036 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.762748003 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.763712883 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.763782024 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.767452955 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.767513990 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.767678976 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.767904997 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.767925024 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.768938065 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.768996000 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.770937920 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.771002054 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.771496058 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.771503925 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.808345079 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.808353901 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:09.815494061 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.856261015 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:09.898525953 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.898641109 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:09.898694038 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.902985096 CET	49743	443	192.168.2.4	23.108.56.75
Mar 29, 2024 01:16:09.902995110 CET	443	49743	23.108.56.75	192.168.2.4
Mar 29, 2024 01:16:11.423536062 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.423557043 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:11.423646927 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.425621033 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.425632000 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:11.765742064 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:11.765979052 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.771636009 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.771641970 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:11.771883011 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:11.827533960 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.851454973 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:11.892234087 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.090971947 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.091160059 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.091192007 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:12.091207981 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.091236115 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:12.091243029 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.091265917 CET	49749	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:12.091269970 CET	443	49749	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.131562948 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:12.131587029 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.131750107 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:12.132091999 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:12.132105112 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.469016075 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:12.469079018 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:13.017409086 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:13.017427921 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.017748117 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.038490057 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:13.084233046 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.208106041 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.208164930 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.208209038 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:13.438087940 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:13.438097954 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.438129902 CET	49753	443	192.168.2.4	23.52.162.98
Mar 29, 2024 01:16:13.438134909 CET	443	49753	23.52.162.98	192.168.2.4
Mar 29, 2024 01:16:13.950925112 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:13.950954914 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:13.951029062 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:13.951303959 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:13.951313972 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.154551983 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.177184105 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:14.177196980 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.178289890 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.178452969 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:14.213031054 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:14.213031054 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:14.213048935 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.213136911 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.260332108 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:14.260346889 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.307318926 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:14.597533941 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.597657919 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:14.597718000 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:15.001673937 CET	49761	443	192.168.2.4	172.67.208.186
Mar 29, 2024 01:16:15.001697063 CET	443	49761	172.67.208.186	192.168.2.4
Mar 29, 2024 01:16:19.762402058 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:19.762465000 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:16:19.762523890 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:21.004551888 CET	49744	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:16:21.004582882 CET	443	49744	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.502931118 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:09.502959013 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.503103971 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:09.503427029 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:09.503442049 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.709500074 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.709825039 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:09.709836006 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.710156918 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.710530996 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:09.710594893 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:09.753454924 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:19.723644018 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:19.723722935 CET	443	49793	172.253.62.147	192.168.2.4
Mar 29, 2024 01:17:19.723895073 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:20.145024061 CET	49723	80	192.168.2.4	72.21.81.240
Mar 29, 2024 01:17:20.145131111 CET	49724	80	192.168.2.4	72.21.81.240
Mar 29, 2024 01:17:20.239612103 CET	80	49723	72.21.81.240	192.168.2.4
Mar 29, 2024 01:17:20.239633083 CET	80	49724	72.21.81.240	192.168.2.4
Mar 29, 2024 01:17:20.239695072 CET	49724	80	192.168.2.4	72.21.81.240
Mar 29, 2024 01:17:20.239696980 CET	49723	80	192.168.2.4	72.21.81.240
Mar 29, 2024 01:17:20.629861116 CET	49793	443	192.168.2.4	172.253.62.147
Mar 29, 2024 01:17:20.629887104 CET	443	49793	172.253.62.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 01:16:06.332568884 CET	53	59623	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:06.339071035 CET	53	58676	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:07.301568985 CET	53	52140	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:09.265013933 CET	54875	53	192.168.2.4	1.1.1.1
Mar 29, 2024 01:16:09.265153885 CET	50665	53	192.168.2.4	1.1.1.1
Mar 29, 2024 01:16:09.377269030 CET	53	54875	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:09.380701065 CET	53	50665	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:09.441687107 CET	57920	53	192.168.2.4	1.1.1.1
Mar 29, 2024 01:16:09.441874027 CET	63766	53	192.168.2.4	1.1.1.1
Mar 29, 2024 01:16:09.536776066 CET	53	57920	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:09.538172007 CET	53	63766	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:13.845200062 CET	56298	53	192.168.2.4	1.1.1.1
Mar 29, 2024 01:16:13.845201015 CET	56163	53	192.168.2.4	1.1.1.1
Mar 29, 2024 01:16:13.943129063 CET	53	56298	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:13.943934917 CET	53	56163	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:25.169625044 CET	53	50364	1.1.1.1	192.168.2.4
Mar 29, 2024 01:16:31.915529966 CET	138	138	192.168.2.4	192.168.2.255
Mar 29, 2024 01:16:43.946969986 CET	53	57052	1.1.1.1	192.168.2.4
Mar 29, 2024 01:17:05.957838058 CET	53	56353	1.1.1.1	192.168.2.4
Mar 29, 2024 01:17:07.224693060 CET	53	57619	1.1.1.1	192.168.2.4
Mar 29, 2024 01:17:07.232728004 CET	53	53013	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 01:16:09.265013933 CET	192.168.2.4	1.1.1.1	0xbd69	Standard query (0)	m03lm.rdtk.io	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.265153885 CET	192.168.2.4	1.1.1.1	0x3763	Standard query (0)	m03lm.rdtk.io	65	IN (0x0001)	false
Mar 29, 2024 01:16:09.441687107 CET	192.168.2.4	1.1.1.1	0xe3ac	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.441874027 CET	192.168.2.4	1.1.1.1	0x3602	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 29, 2024 01:16:13.845200062 CET	192.168.2.4	1.1.1.1	0xf347	Standard query (0)	userstatics.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:13.845201015 CET	192.168.2.4	1.1.1.1	0xce94	Standard query (0)	userstatics.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 01:16:09.377269030 CET	1.1.1.1	192.168.2.4	0xbd69	No error (0)	m03lm.rdtk.io	wdc.rdtk.io		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 01:16:09.377269030 CET	1.1.1.1	192.168.2.4	0xbd69	No error (0)	wdc.rdtk.io		23.108.56.75	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.380701065 CET	1.1.1.1	192.168.2.4	0x3763	No error (0)	m03lm.rdtk.io	wdc.rdtk.io		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 01:16:09.536776066 CET	1.1.1.1	192.168.2.4	0xe3ac	No error (0)	www.google.com		172.253.62.147	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.536776066 CET	1.1.1.1	192.168.2.4	0xe3ac	No error (0)	www.google.com		172.253.62.105	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.536776066 CET	1.1.1.1	192.168.2.4	0xe3ac	No error (0)	www.google.com		172.253.62.104	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.536776066 CET	1.1.1.1	192.168.2.4	0xe3ac	No error (0)	www.google.com		172.253.62.106	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.536776066 CET	1.1.1.1	192.168.2.4	0xe3ac	No error (0)	www.google.com		172.253.62.103	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.536776066 CET	1.1.1.1	192.168.2.4	0xe3ac	No error (0)	www.google.com		172.253.62.99	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:09.538172007 CET	1.1.1.1	192.168.2.4	0x3602	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 29, 2024 01:16:13.943129063 CET	1.1.1.1	192.168.2.4	0xf347	No error (0)	userstatics.com		172.67.208.186	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:13.943129063 CET	1.1.1.1	192.168.2.4	0xf347	No error (0)	userstatics.com		104.21.53.38	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:13.943934917 CET	1.1.1.1	192.168.2.4	0xce94	No error (0)	userstatics.com			65	IN (0x0001)	false
Mar 29, 2024 01:16:23.697341919 CET	1.1.1.1	192.168.2.4	0xfd11	No error (0)	windowsupdatebg.s.llnwi.net		69.164.0.0	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:24.027837038 CET	1.1.1.1	192.168.2.4	0x43f5	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 01:16:24.027837038 CET	1.1.1.1	192.168.2.4	0x43f5	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:37.598532915 CET	1.1.1.1	192.168.2.4	0x440	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 01:16:37.598532915 CET	1.1.1.1	192.168.2.4	0x440	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:16:59.066606998 CET	1.1.1.1	192.168.2.4	0xc7a4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 01:16:59.066606998 CET	1.1.1.1	192.168.2.4	0xc7a4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 29, 2024 01:17:20.521270990 CET	1.1.1.1	192.168.2.4	0x43e6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 01:17:20.521270990 CET	1.1.1.1	192.168.2.4	0x43e6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

m03lm.rdtk.io

userstatics.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	23.108.56.75	443	1436	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 00:16:09 UTC	619	OUT	GET /postback?format=img&sum={replace} HTTP/1.1 Host: m03lm.rdtk.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://oom21.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 00:16:09 UTC	158	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.2 Date: Fri, 29 Mar 2024 00:16:09 GMT Content-Type: application/json Content-Length: 73 Connection: close
2024-03-29 00:16:09 UTC	73	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 69 6e 76 61 6c 69 64 20 61 74 74 72 69 62 75 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73 3a 20 76 61 6c 69 64 61 74 69 6f 6e 20 65 72 72 6f 72 22 7d Data Ascii: {"status":0,"message":"invalid attribution parameters: validation error"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49749	23.52.162.98	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 00:16:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 00:16:12 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=197241 Date: Fri, 29 Mar 2024 00:16:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49753	23.52.162.98	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 00:16:13 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 00:16:13 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=143626 Date: Fri, 29 Mar 2024 00:16:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-29 00:16:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49761	172.67.208.186	443	1436	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 00:16:14 UTC	628	OUT	GET /get/script.js?referrer=https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952 HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://oom21.z1.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 00:16:14 UTC	809	IN	HTTP/1.1 200 OK Date: Fri, 29 Mar 2024 00:16:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://oom21.z1.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e1idfFgjaWd4YcZTrKXysFdz7X%2BstQEjNJ7AUfvNoKvAgKCBMxKuhIKUPiCzSSClCRR4k34WivL6%2BzhD1epaiCC2mjXhY8AOX347vLq%2B3tvEOB3SAw0fywyrRlgMrAmbbjA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86bbab899aff8f16-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 00:16:14 UTC	139	IN	Data Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
2024-03-29 00:16:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5640, Parent PID: 2016

General

Target ID:	0
Start time:	01:16:02
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1436, Parent PID: 5640

General

Target ID:	2
Start time:	01:16:04
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2204,i,17419489808018516988,7401800398825426157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 2016

General

Target ID:	3
Start time:	01:16:06
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Windows Analysis Report
https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952