Edit tour

Windows Analysis Report
https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

Overview

General Information

Sample URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Analysis ID:	1417348
Infos:

Detection

TechSupportScam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,13556058029828321484,11051818688580674655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_81	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

Matcher: Template: microsoft matched with high similarity

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_81, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.188.128
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /postback?format=img&sum={replace} HTTP/1.1Host: m03lm.rdtk.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jpn104.z23.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952 HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jpn104.z23.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: m03lm.rdtk.io

Source: chromecache_61.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_61.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_57.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_76.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_76.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_76.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.4:49758 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_81, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@16/61@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,13556058029828321484,11051818688580674655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,13556058029828321484,11051818688580674655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	0%	Avira URL Cloud	safe
https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	2%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://m03lm.rdtk.io/postback?format=img&sum={replace}	0%	Avira URL Cloud	safe
https://m03lm.rdtk.io/postback?format=img&sum={replace}	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
userstatics.com	172.67.208.186	true	false	unknown
wdc.rdtk.io	207.244.126.81	true	false	unknown
www.google.com	172.253.63.103	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
m03lm.rdtk.io	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://m03lm.rdtk.io/postback?format=img&sum={replace}	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://fontawesome.io	chromecache_61.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_76.2.dr	false	high
https://getbootstrap.com/)	chromecache_76.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_76.2.dr	false	high
https://ezgif.com/optimize	chromecache_57.2.dr	false	high
http://fontawesome.io/license	chromecache_61.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
207.244.126.81	wdc.rdtk.io	United States	30633	LEASEWEB-USA-WDCUS	false
172.67.208.186	userstatics.com	United States	13335	CLOUDFLARENETUS	false
172.253.63.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417348
Start date and time:	2024-03-29 02:00:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@16/61@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.111.94, 142.251.167.139, 142.251.167.101, 142.251.167.100, 142.251.167.113, 142.251.167.102, 142.251.167.138, 142.251.167.84, 34.104.35.123, 20.150.86.129, 52.165.165.26, 72.21.81.240, 192.229.211.108, 13.95.31.18, 52.165.164.15, 172.253.62.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, jpn104.z23.web.core.windows.net, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, web.sin21prdstr05a.store.core.windows.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 21716, version 1.0
Category:	downloaded
Size (bytes):	21716
Entropy (8bit):	7.988919175869214
Encrypted:	false
SSDEEP:	384:DfspV407P6+jGlbMAA2cdv92Dg3AuGZ0KGKBb2ZXdWgb98JmSKMrN:D64Ei+n2c19NuqKuZXdWv79N
MD5:	D4FF90DB5DA894C833F356F47A16E408
SHA1:	30606044507D81B996C992895AB16B8A8D68BE97
SHA-256:	F2C761EE3CE27469F940A05B64E38A829A400427727CD0BDBB4E36F1D572AFD7
SHA-512:	85C6305EE6973EBF449EFCFC95BB10A66E5CBA92D026A2EC4F1072DC8CCBC5B4A4A384FE425E53E2DADE2180F37CCA56243ED354033CFCA5821CBB77FB8B0FA1
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Preview:	wOF2......T........P..Tp..........................4..,..@.`..~..d..u.....<..4.....6.$.... ..V..X..^...'..:...m......?..ts..6(#k.y........ON....Mn..X..~X%A...T...q.r.L..9..B}#e....}......{..l.I>.n.....u.>v(..}lo.2.f..D.TG...:mc.3.M..A...../aJl..ZT.b.S.E}..wq.B...&...Y..s.o....Qs....>.]u^O....d..Y....oEfh.........u..X.....E.3c....r...Eb.....N2+%\...J.6]N:.g[~..,..>@.`IXs........LP...c.!K.X[......A7Z....O..g....5..1...=..X....e!._.A..u.raef..y.....>li,/+..-.P-)...w.I..3\..s^.....T.\.1.;.x.:.r.7g...dK.$;....L2.t.i..hz.....>............5...,~}...W#..X.2...E,.Y.3..f.#........[..X......fDW.d...Y..8..T....^.{BC...+.W..9...`...\ ...c`.nc........_...}6A5eM.0r.IG...Km...l.'.o..py.~7.........P....9...hI.A'...D9.....4Q...9sc..9..........9lw.P...dI..z...S.>U.5.@Z...{.....=`R(...l.T.5...4{K.....L..A.]...Rg.3......l..a......I.>...p.q.H.E=.$...Ps..LU..=.$......YU....#Fn..Q..c...B...4...B..3....?....ywJ.$.I..L....yK...m.!..b_g.eH.3,.5 .@.D.........)N.?.<yR......Ro

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.418889610906542
Encrypted:	false
SSDEEP:	12:6v/7mWM/pflYMfu+trSAY6azsD0I3PIeIexo841+kSfLI5Hn+EJnx:eMGOuAYHsD/3PIeIexo/okXeEb
MD5:	0E9558D2D6E8000CE5C6C749C8FC67C2
SHA1:	F7BA9490807EF70BB6195150D6287CD54B7FEFD0
SHA-256:	91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
SHA-512:	C9EAA2F8FCADC41379CB22A7DFD3CDBE2AF35C14E38E6F328A78A38746BEF3902832E0DBB89E7A918F026A9768B520CDB1764113D130443C373ED97F2638FFC2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...B...D.............sRGB.........gAMA......a....3PLTE................\|..o..b..V..J..=..1..$......~..x..x......IDATx.... .E.E.y....Y.h[..vM.b..S..!i....u.Q}.P. ........}.eN...&.(.w...L..`.>.......e\:.. ...Z.Y../.....&...Q.O..'W.Q}.mQ...e..S..S.{...&r.p..0..6C$o..:...E..t...x...O....b...o .../U...Z=...D.t...$'.....E.<...@.'.+..@.c.\|b..\|.8.A........)?./.A...XdXA;V.3.N..b-...v.<g......oS...?......8.:.I....0.P.E.%....Az.t(...\|".l...}I...>......Y..fEe..U...T..!&.p.Uz...Wr..4M......5['.}..D....IEND.B`.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	5.102751486482574
Encrypted:	false
SSDEEP:	3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
MD5:	FEA7FBF2C619FD4B7716FCAA64070C6C
SHA1:	F192732937981A26F526B7C1293A2AE13BC59A22
SHA-256:	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
SHA-512:	145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
Malicious:	false
Reputation:	low
URL:	https://userstatics.com/get/script.js?referrer=https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Preview:	document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	607
Entropy (8bit):	7.447485705839306
Encrypted:	false
SSDEEP:	12:6v/7O/RS6RqdZ2m7OCYi3XSB2/pduLOIQBhusIDnzBhY8fFNkc:k/ByCYinSA/6yIQvusIn7Y8vkc
MD5:	2CD03A547F00CAD010F9038619DF45DE
SHA1:	912F919836A77A514C76B990ACEAF5E930A24024
SHA-256:	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
SHA-512:	51363C08843984803C8C4A6D638A551E8FC83F32E3470B4DC260290263910968A2BFD54E044CB1AD8411524F6FDC4DA81B80EC1B1082E68F8688A0D827A28EFA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...?...F.....L.......sRGB.........gAMA......a.....PLTE..........................................\|...o..o..o.\|b..b.pV..V..W.fJ..T.c=..1..=.N9.K$..).<.....3..0.~..x...$.\|...#..~..i.."..A..5..!..........gIDATx...r.0.@..Zi@l..(..@/....\ga....:}...B..dCfv.......8..eV.(.{..x.=}Q.......av...'...2.;..._y.;.s.....g.9C..C.>.G..\J}MD........_$......'..1p.W..V.......7....P}^...E.}.R..>.}*....)...->.T...8 .@.m...48...:{.V..5...........o."...1[.)..M...T.4o...~.W.....7T...p....H..p........,\..9..\Ws..../......G.G........i...MRyf.....?H...<.ETi`M.....X..t.......IEND.B`.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27265)
Category:	downloaded
Size (bytes):	27428
Entropy (8bit):	4.747313933055305
Encrypted:	false
SSDEEP:	384:ci5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8c:3lr+Klk3YlKfwYUf8l8yQ/T
MD5:	FD1609EB97E739683ACF23120FD6F6C9
SHA1:	19B2E83FE8DF09B85E74835C398AEFEE816BDFCB
SHA-256:	CE26D1B76DAE2F3B5D0CCC8D0ECD88D2EDB411101B8A4C5EDC4D9AA7008C9B04
SHA-512:	2183FDCC8AEF88B15048E735EB2D588868AE4CAAD624B4C369F276402188CABA9C962065699798AA27BC4C18AE97E16BF8FCF219D762B73726AFB1A924BABCD2
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont_1.eot#iefix&v=4.5.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../images/fontawesome-webfont.svg#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{pa

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1358
Entropy (8bit):	4.717392968695026
Encrypted:	false
SSDEEP:	24:SNWd8mpIpM8YuQI8cx8Iwopl8HoWe8HohN8HouBh8HocQKHhKVaL1UbBkV59BLF4:SNWd8WcC+dpHW4hfupcQKcVi1UbBmzv4
MD5:	DA6AACC1CA8EAA4902D9FEE5C9C984B7
SHA1:	A06F41817583CE6182DD7121460C0BD16EA8B088
SHA-256:	989120D05B8F3D703FD6E63B49B94845D7E038D536DD27723619E1F00623683F
SHA-512:	F6DD131520E31356B9A722D091FBEDCDE35FC0978A05B505ACF132429DC689A56EF49CC93729F1220B034B6F24CE26BC47DE12237CCB03D64352C885B85DF4CF
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/js/main.js
Preview:	.. $(document).ready(function() {.. $("#chat-box").delay(1000).fadeIn(100);..});.... $(document).ready(function () {.. $("#mycanvas").click(function () {.. $("#welcomeDiv").show();.. });.. });......$(document).ready(function() {.. var audioElement = document.createElement('audio');.. audioElement.setAttribute('src', '_Fm7-alert.mp3');.. .. audioElement.addEventListener('ended', function() {.. this.play();.. }, false);.. .. .. $('.map').click(function() {.. audioElement.play();.. .. });.... $('.black').click(function() {.. audioElement.play();.. .. });.. .... $('#footer').click(function() {.. audioElement.play();.. .. });.... $('#poptxt').click(function() {.. audioElement.play();.. .. });.. .. .. .. .. ..});....$("#footer").fadeIn('slow')...css({top: '75%', position: 'absolute'})...animate({top: '92%'}, 80, function() {

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	463
Entropy (8bit):	7.179067065082675
Encrypted:	false
SSDEEP:	12:6v/7Kk/ZULAVExM3OCHtL5bCRyqYJkz6Ziu/SAF5p9UCNb:dDEO+3VHt95tEWiu/SAF5p2ob
MD5:	905D91C276116928FA306EA732723FA9
SHA1:	092604F6A8786E46A7DEE06065D29D2896FCF568
SHA-256:	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
SHA-512:	701EF9AF42666AA12CE68726C8BE76F093A6C22999E0869B05462163372ACD3A6E7B728815035B7C29423C3E74EFB3F8CD36806F709C6C3BFA744F036F67FE97
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
Preview:	.PNG........IHDR...!.........^JT.....sRGB.........gAMA......a....~PLTE.................................................W.fT.c...=.Nzzz9.K5.G).<iii..39xD.."WWW/n:...GGG.t..b..].444.?.###.............IDATx....6.0.....%.:=.F..]D....-.Io.5...'.LZ...j....<d.Pg..g.s..-v....&.....&o#....q.H.........@L).].T.@....d..%.1....o...P..B..y.%;.k.a]fG.....g..3..'.....d.O.{...J.Y.N..z...tus:?.%...(]rv8J..w.ty8J.K...$.$........_..k~......nt.O....IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.4.0, contains:\012- MPEG ADTS, layer III, v2, 48 kbps, 22.05 kHz, Monaural
Category:	downloaded
Size (bytes):	130667
Entropy (8bit):	7.884028849207301
Encrypted:	false
SSDEEP:	3072:ur5+OdKdJhLE5qcnFh7EpM2aVdrtohIXsx+6vWN0U99:oNKHh8qcruM2azrtohbxdxU99
MD5:	6085909B0A73574D61241C48D638C920
SHA1:	E4D60E92B4A0671C37D762816A67B4B94368CD49
SHA-256:	AAF506F9CF80EF32C241BB42F29C104BE07524F144A9E2F43D181D7795D6AA10
SHA-512:	24E5F4260B7E69380303E3A543E9A4F25898CB0D211A330965018EB322DC1553E1C597DA0B370EF13DB996458CF426ABCD07107FFA98C52424B09746A8A2C145
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3:2f735876d1421f:0
Preview:	ID3......#TSSE.......Lavf58.45.100.............`...\|...`Fh..~...o..,......N.@3.....q=.....WB.X.........B....\..q.......^..4J.w......%s......M.......Bs......y....G.......h.0!..z..G.........@P....b.. .N$.O@..x(bD"!.(..17..{{...^....}8..r...=.....DB..Dww......wwt..B....&....+.......D .......<\\>...?..{.....r.....v.%..k.V...,.S...5.Fy!.......90.J...b.&(#.._.@.....Z.......t.U..T4U.w&;.?..D.y...C..(..J.....J...nC.!3.w{J.+c...^.>...HY.OJ".ww.q....F....\|.L....... ,.5.Tq=}.=.....U....(...a.s............b.."....@..=.n.0.S......4..[2{R.;8CbB`....8....0PG....:....<........x.......b.}Y..{2.B..9.....$....8Gx.......{v...^....R.}..D@....K.'..ji.....ijL..`..$...\.Rn....cLI.A.a.....k......nmC\k.n.0.H..6....%3....r=I..5h.........M......{.........G.IF...8.k..C...S.c..AA+.........Pl.jh{....... #$....L...b..$.....J..2.:C..fCV..$.......j.....H......)%ZP....K...k.)..ps..$.:.h.&.g%D.d-...a....O.?z..a......GGM?.?V.V_R?9.Q..euo...\.-..vs.......%.W;.(....Z..b..#k......B

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	386359
Entropy (8bit):	7.918825986924844
Encrypted:	false
SSDEEP:	6144:NA4ofIJI3N5DUXeDZyvPUeNf4N7CPKGfMZM2ZIc6zN3Nl6aF9YfUtuQ/iKgQbN:NDCx3jguDZynO7CPKGkZM2n6Dl6yYG7J
MD5:	BE42AD7752720327D28BF52DBDBB64C2
SHA1:	F4CCE31B9236319AA9C87FEE038638D1DE12C07D
SHA-256:	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
SHA-512:	AFD543CC2D26243B5AC4EECCB90BAD2149A18713F7F904265337203B9D67D9E47ADAD554AE2A049C2D80D48D095048F091C40AE974621062F786B81821783AE0
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/cross.png
Preview:	.PNG........IHDR... ... ......V......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1903 x 1020, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	549442
Entropy (8bit):	7.994805157826083
Encrypted:	true
SSDEEP:	12288:IjQ8p0xvN9qc86dWDRfhVlu9vuInKyZH6Wjvp4qZaqAG58/:Ijfp0p/8dRE9K+bp4q0KW
MD5:	F3E18C4DA95B83AB519A72F2876019F2
SHA1:	209F613FED2D2202E134E00081AD3C32EC5E6A25
SHA-256:	466835EF2D6F0F0BFDDAFA405154702E36A5588F69684DD3B6642F9013EB778B
SHA-512:	169598F9793AA478FD14E5BE8785BA583EE9D0AF6C31E64BF8C2EDD05F9F5F6D2510669C38600E90448645CA12D4EC729E7953AC6DB99BF1E3C2AE98231E234B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...o..........b.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........6.u....zTXtRaw profile type 8bim..X...]..*....E...@0.~...k.r...so....1B.ikK.\........%.X$H.yHH...{...5.{O,.l.._....7}.p......6,O..=..].w...MA=....b.n..[...G...p[4...{.;.zL..y}....i......E1..S{^.Q...:..K.........]....7...s.t..y.O..N...#z.{.....c7.........7..............}..[`.G..%H...g....M3<.P.......}Sox....n.e.e..x.~..W.....D.].KQ.!o.V..y.j9.. ..U.u...$.?\.......)g.?...v..q...y..5./.......9.......G./......WT.="..L.zzO...'..D@.:>...H\.2$..ZOA.{...Q..Dm&[..;n.\|..V.._T...K...........p....]8..a..\|3......v.L.K.'..._.c.V...C.-....l.........^.e..\.{.....I...aQ...M..d......o."..l@.M='W..6,..z....?.~V..<0..].<.....l!..S^q[',..' ...L..G....O._....B'e.By..tq?..K....C....r..rg.U.w%.t.)y].X........P..~.Y.^.\i.Q.h..)..L.I.L.h.x.I..[.X....a......[.c..b`\q\|T..>.1.C.g...tl.c.....Y.......o.....:.I.=......]p)..y..k.l...W...PP.1.+R..

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1162
Entropy (8bit):	7.723808800061788
Encrypted:	false
SSDEEP:	24:dpNeMBuYZOmwwtJweyghnv6TxsJhbNyLLiSQ7Dcx8kiffy:dXJQHmwe6TxsncuSyjkiffy
MD5:	35629CC2ADC804353A548305F1217206
SHA1:	CDA6E89C5F6A644683AEA6999A5D11E00DC64275
SHA-256:	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
SHA-512:	EF05981D640985C67612B881F3EE426818589499EFB8B7F695A57D4C53634B22A097B47311673C105EF414A6062086761967EBFC638FE6131046D767689DEE03
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
Preview:	.PNG........IHDR...............4.....sRGB.........gAMA......a.....PLTE.........................................................................................................................................................................................................................................................................................}....\|.............r.~...............k.w...d.r...`.o`.n......[.j......N.^...E.VD.U...A.R...@.Q\|\|\|_.f9.K8.Jyyy6.H7.Httt<.Jrrrpppooo.=mmm&.98.Fkkkjjj#.7!.5".5=.Ihhh..2gggfff<.Heee../..1../..+....```..&..$]]]..#\\\@nH.. ..,ZZZ......YYYXXXWWW..................UUU......AZFPPPMMMLLLEOGIII@HBCCCBBBAAA???777666555444333111---+++**(((%'%&&&....................'9....IDATx.c`.( m.W..X.b/..#b].5y.C.t..".....M.?%....,....(!F...&[.c3.y!<....~"0..+.Wj..J.....A9.7..1dg`.6...eS....&w.zO..4.h.y............MK.u...o(@L..n..S....q.A.10..G.#...4T9.....P....rB!W#.X8......d..1..]NRv...=...SJ...3......_.a....= rr9..A.v.=.R;'9@.O

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	813
Entropy (8bit):	7.634265238983043
Encrypted:	false
SSDEEP:	24:h00pTjSMySX+80rKccuDFg9QaHIUv6NtSMRNCYtcaW:h00+e/8K/2eQaHIDzTW5
MD5:	D648C1837D01495ECCD63E053491F72A
SHA1:	991D8F6C72777239472410D6129FD5F25ED9D134
SHA-256:	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
SHA-512:	522F6CC26722C7335CF574716FF3EF4C9040FEFD6F8F065F49F05D235D077B1980858824A6FF1C98710DB35511525D37FD350822FF412F38420317E82BD305A2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...M...H........1....sRGB.........gAMA......a.....PLTE............................................\|...o..o.\|b..e..b.pV..W.fJ..T.c=..1..=.N5..9.K$..).<.....3..0.~..x..z...$.\|..}..~...i..B..U..5..!....._..../IDATx..mW.0.....RCr.+Q.....[.....p.N..o......>)B'.tR.Mb.8..j..f..R...+...V2...r.z.`...NX.\.c....e........Fev.8\|<..1..A..v.E..!.&..\|........n.T..(....q.<.b.[U[......MmAjq.S.........>.g..l2.q..H.wZ-..#...O..3!.E.r...wg.C./wS......O...O.k=....u`=}.J.B[..z.......,cI..h*../.(5.{ ....i...LB.k.W.4....fr.....,..G+...#.na.H.F..m.0t...1c.^.........q?@.?... K...q...!4n..b..FZ...!L..AC.(v...+X&K....[w.&L..0...b]..`b...x...D....H=.....>..i..[...wK.R..g.....r..R....6.p...1}.j.6......\.G..p..i$.........h...L..v.A.....#2JI...,!...b..osk.....q....IEND.B`.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (1266)
Category:	downloaded
Size (bytes):	8998
Entropy (8bit):	5.073503499348402
Encrypted:	false
SSDEEP:	192:MsW6dQjSpBjOnVX/tDSIZG43JPxDgXhCvl3RQ29Pibt04gxNgS0IOLh:MQqjujSX/5SIZV3JPJnvRvdxaLF
MD5:	6EF2560453A7B6BFF8EA7EC4265A9816
SHA1:	1ED7044A0579BB751B10BA7353A36E9D208C659E
SHA-256:	A072681FF11D60E33EB625E1D75E828542F80C9362D905C3EB9626063E27B4CC
SHA-512:	9F5F4680B6B344291F675C0E164CE20BF1626CA5B6FB84681CACD439EA8FA1DC02C0E9D9DA1DE09090DF3346E29460FAA71BA5557639B1CAF0829C34BD99AD50
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/css/styles.css
Preview:	body {. background: #fff;. -webkit-user-select: none;.-ms-user-select: none;.user-select: none;. /. background: url('bg.png');. background-repeat: no-repeat;. background-size: cover;. /.font-family: "Calibri", sans-serif;. overflow-y: hidden;. overflow-x: hidden;. }. .top {. padding-left: 10px;.. }..progress {.. width: 250px;..background: #d1d1d1;. height: 04px;..}...progress .progress__bar {. height: 100%;. width: 0%;. border-radius: 2px;. background-color: #3182be;. animation: fill-bar 6s 1;.}..@keyframes fill-bar {. from {width: 0%;}. to {width: 100%;}..}..textc {. color: grey;. font-size: 13px;.}..flex {. display: flex;.}..button {.background: #cccccc;.color: #000;.padding: 6px 32px;.text-align: center;.text-decoration: none;.display: inline-block;.font-size: 13px;.margin: 4px 2px;.cursor: pointer;.font-weight:350;..}.. .centerright img {. max-width: 100%;.}..centerright ul {. padding: 0;. list-style-type: none;.}..centerright ul {. columns: 3;.}..cente

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	920
Entropy (8bit):	7.724066066811572
Encrypted:	false
SSDEEP:	12:6v/7mB/l0/J6RqecpVWT8b+KOKdshUh+fawoZ0fIJJXTSpB9rXMnhiXy1wps22h:RLO5XWT8ahKdshUhgpuZTuB9rgiICw
MD5:	B0495EDE4C875843FEC037C794E9FF9A
SHA1:	C813AEFBA255A5CC53AEA7811F987CCB551C3128
SHA-256:	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
SHA-512:	41C4F6A27BA85162C03B80AFB29CCE78F4F6BCED74D1249D4E8DECD53E9D9B52230CBC8321F7B579ED30C0285F75B9EECB14724D55DC2F4D4906BFDB2C2B75C3
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
Preview:	.PNG........IHDR...M...?......=.H....sRGB.........gAMA......a.....PLTE..........................................\|......o..o.\|b..b.pV..W.fJ..T.c=..D..1..=.N9.K$..(..).<........3..0.~..x..z...$.\|...7..i..U..6..!....<......IDATx..m..@...I.R.Ff..;......p...?....:{...o....7.......(..k.B..`BdCZ..cp.Tz..E.....q.6.\._)Q....._.)..q....}....r.B.\|.q<.ZR,...v....:K.....e#.A/.o....p..]...j-..mu.p8....h\...>.....7!. u...JR.....V.N..Y..^a0..K5..... ......;p'!..'.R....Rx.L>....t-.......)....&%X.8.I......}.VZ....4..2`.=.n..6(.6..cpl.l.82..H[X.=..VH.e.c..r..Eom.Lm.+..F.r=..h..jn\l.-..../?e-.g.&..c...........9kB...].4..U....AK..::%3h........}..Tsw....P..+.M.vZ....d.......q'w.,t..a.~.<..:i;..$.O.O..4.Phig.F..=.......,.._..]....O~...+l.../y........I..,..........,..m.<9k/w...~..g:../.@...n.m#;...b..k..zD.....+.4..[..i"ma.pg.J...;..h^....2...y.lF7.(...C.W.V.nAor.......c.....IEND.B`.

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 66 x 68, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	542
Entropy (8bit):	7.418889610906542
Encrypted:	false
SSDEEP:	12:6v/7mWM/pflYMfu+trSAY6azsD0I3PIeIexo841+kSfLI5Hn+EJnx:eMGOuAYHsD/3PIeIexo/okXeEb
MD5:	0E9558D2D6E8000CE5C6C749C8FC67C2
SHA1:	F7BA9490807EF70BB6195150D6287CD54B7FEFD0
SHA-256:	91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
SHA-512:	C9EAA2F8FCADC41379CB22A7DFD3CDBE2AF35C14E38E6F328A78A38746BEF3902832E0DBB89E7A918F026A9768B520CDB1764113D130443C373ED97F2638FFC2
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
Preview:	.PNG........IHDR...B...D.............sRGB.........gAMA......a....3PLTE................\|..o..b..V..J..=..1..$......~..x..x......IDATx.... .E.E.y....Y.h[..vM.b..S..!i....u.Q}.P. ........}.eN...&.(.w...L..`.>.......e\:.. ...Z.Y../.....&...Q.O..'W.Q}.mQ...e..S..S.{...&r.p..0..6C$o..:...E..t...x...O....b...o .../U...Z=...D.t...$'.....E.<...@.'.+..@.c.\|b..\|.8.A........)?./.A...XdXA;V.3.N..b-...v.<g......oS...?......8.:.I....0.P.E.%....Az.t(...\|".l...}I...>......Y..fEe..U...T..!&.p.Uz...Wr..4M......5['.}..D....IEND.B`.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 33 x 31, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	463
Entropy (8bit):	7.179067065082675
Encrypted:	false
SSDEEP:	12:6v/7Kk/ZULAVExM3OCHtL5bCRyqYJkz6Ziu/SAF5p9UCNb:dDEO+3VHt95tEWiu/SAF5p2ob
MD5:	905D91C276116928FA306EA732723FA9
SHA1:	092604F6A8786E46A7DEE06065D29D2896FCF568
SHA-256:	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
SHA-512:	701EF9AF42666AA12CE68726C8BE76F093A6C22999E0869B05462163372ACD3A6E7B728815035B7C29423C3E74EFB3F8CD36806F709C6C3BFA744F036F67FE97
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...!.........^JT.....sRGB.........gAMA......a....~PLTE.................................................W.fT.c...=.Nzzz9.K5.G).<iii..39xD.."WWW/n:...GGG.t..b..].444.?.###.............IDATx....6.0.....%.:=.F..]D....-.Io.5...'.LZ...j....<d.Pg..g.s..-v....&.....&o#....q.H.........@L).].T.@....d..%.1....o...P..B..y.%;.k.a]fG.....g..3..'.....d.O.{...J.Y.N..z...tus:?.%...(]rv8J..w.ty8J.K...$.$........_..k~......nt.O....IEND.B`.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	386359
Entropy (8bit):	7.918825986924844
Encrypted:	false
SSDEEP:	6144:NA4ofIJI3N5DUXeDZyvPUeNf4N7CPKGfMZM2ZIc6zN3Nl6aF9YfUtuQ/iKgQbN:NDCx3jguDZynO7CPKGkZM2n6Dl6yYG7J
MD5:	BE42AD7752720327D28BF52DBDBB64C2
SHA1:	F4CCE31B9236319AA9C87FEE038638D1DE12C07D
SHA-256:	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
SHA-512:	AFD543CC2D26243B5AC4EECCB90BAD2149A18713F7F904265337203B9D67D9E47ADAD554AE2A049C2D80D48D095048F091C40AE974621062F786B81821783AE0
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... ......V......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 27 x 28, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1162
Entropy (8bit):	7.723808800061788
Encrypted:	false
SSDEEP:	24:dpNeMBuYZOmwwtJweyghnv6TxsJhbNyLLiSQ7Dcx8kiffy:dXJQHmwe6TxsncuSyjkiffy
MD5:	35629CC2ADC804353A548305F1217206
SHA1:	CDA6E89C5F6A644683AEA6999A5D11E00DC64275
SHA-256:	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
SHA-512:	EF05981D640985C67612B881F3EE426818589499EFB8B7F695A57D4C53634B22A097B47311673C105EF414A6062086761967EBFC638FE6131046D767689DEE03
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............4.....sRGB.........gAMA......a.....PLTE.........................................................................................................................................................................................................................................................................................}....\|.............r.~...............k.w...d.r...`.o`.n......[.j......N.^...E.VD.U...A.R...@.Q\|\|\|_.f9.K8.Jyyy6.H7.Httt<.Jrrrpppooo.=mmm&.98.Fkkkjjj#.7!.5".5=.Ihhh..2gggfff<.Heee../..1../..+....```..&..$]]]..#\\\@nH.. ..,ZZZ......YYYXXXWWW..................UUU......AZFPPPMMMLLLEOGIII@HBCCCBBBAAA???777666555444333111---+++**(((%'%&&&....................'9....IDATx.c`.( m.W..X.b/..#b].5y.C.t..".....M.?%....,....(!F...&[.c3.y!<....~"0..+.Wj..J.....A9.7..1dg`.6...eS....&w.zO..4.h.y............MK.u...o(@L..n..S....q.A.10..G.#...4T9.....P....rB!W#.X8......d..1..]NRv...=...SJ...3......_.a....= rr9..A.v.=.R;'9@.O

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59765)
Category:	downloaded
Size (bytes):	60044
Entropy (8bit):	5.145139926823033
Encrypted:	false
SSDEEP:	768:wfAnnayQIk8HVheIE8Dg76TXQI4vPKMEK6viTlCDFm4n6xOp6Pxg3/wCVaAk2:wfUnTcWCw6xJxg7aAz
MD5:	02D223393E00C273EFDCB1ADE8F4F8B1
SHA1:	0CC93B8421D89C24A889642428B363CB831DE78A
SHA-256:	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
SHA-512:	339296DF3B6E2080A65488634AA5DED35A15D9BA5EDB8F203B1AA695C62B13302FC2CECFC37CFA04AD2219BAF0BDDAD4414862DDE5E0B71A7923C3C3A3D61F8D
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(){return(s=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&Objec

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 72, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	813
Entropy (8bit):	7.634265238983043
Encrypted:	false
SSDEEP:	24:h00pTjSMySX+80rKccuDFg9QaHIUv6NtSMRNCYtcaW:h00+e/8K/2eQaHIDzTW5
MD5:	D648C1837D01495ECCD63E053491F72A
SHA1:	991D8F6C72777239472410D6129FD5F25ED9D134
SHA-256:	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
SHA-512:	522F6CC26722C7335CF574716FF3EF4C9040FEFD6F8F065F49F05D235D077B1980858824A6FF1C98710DB35511525D37FD350822FF412F38420317E82BD305A2
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
Preview:	.PNG........IHDR...M...H........1....sRGB.........gAMA......a.....PLTE............................................\|...o..o.\|b..e..b.pV..W.fJ..T.c=..1..=.N5..9.K$..).<.....3..0.~..x..z...$.\|..}..~...i..B..U..5..!....._..../IDATx..mW.0.....RCr.+Q.....[.....p.N..o......>)B'.tR.Mb.8..j..f..R...+...V2...r.z.`...NX.\.c....e........Fev.8\|<..1..A..v.E..!.&..\|........n.T..(....q.<.b.[U[......MmAjq.S.........>.g..l2.q..H.wZ-..#...O..3!.E.r...wg.C./wS......O...O.k=....u`=}.J.B[..z.......,cI..h*../.(5.{ ....i...LB.k.W.4....fr.....,..G+...#.na.H.F..m.0t...1c.^.........q?@.?... K...q...!4n..b..FZ...!L..AC.(v...+X&K....[w.&L..0...b]..`b...x...D....H=.....>..i..[...wK.R..g.....r..R....6.p...1}.j.6......\.G..p..i$.........h...L..v.A.....#2JI...,!...b..osk.....q....IEND.B`.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 77 x 63, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	920
Entropy (8bit):	7.724066066811572
Encrypted:	false
SSDEEP:	12:6v/7mB/l0/J6RqecpVWT8b+KOKdshUh+fawoZ0fIJJXTSpB9rXMnhiXy1wps22h:RLO5XWT8ahKdshUhgpuZTuB9rgiICw
MD5:	B0495EDE4C875843FEC037C794E9FF9A
SHA1:	C813AEFBA255A5CC53AEA7811F987CCB551C3128
SHA-256:	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
SHA-512:	41C4F6A27BA85162C03B80AFB29CCE78F4F6BCED74D1249D4E8DECD53E9D9B52230CBC8321F7B579ED30C0285F75B9EECB14724D55DC2F4D4906BFDB2C2B75C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...M...?......=.H....sRGB.........gAMA......a.....PLTE..........................................\|......o..o.\|b..b.pV..W.fJ..T.c=..D..1..=.N9.K$..(..).<........3..0.~..x..z...$.\|...7..i..U..6..!....<......IDATx..m..@...I.R.Ff..;......p...?....:{...o....7.......(..k.B..`BdCZ..cp.Tz..E.....q.6.\._)Q....._.)..q....}....r.B.\|.q<.ZR,...v....:K.....e#.A/.o....p..]...j-..mu.p8....h\...>.....7!. u...JR.....V.N..Y..^a0..K5..... ......;p'!..'.R....Rx.L>....t-.......)....&%X.8.I......}.VZ....4..2`.=.n..6(.6..cpl.l.82..H[X.=..VH.e.c..r..Eom.Lm.+..F.r=..h..jn\l.-..../?e-.g.&..c...........9kB...].4..U....AK..::%3h........}..Tsw....P..+.M.vZ....d.......q'w.,t..a.~.<..:i;..$.O.O..4.Phig.F..=.......,.._..]....O~...+l.../y........I..,..........,..m.<9k/w...~..g:../.@...n.m#;...b..k..zD.....+.4..[..i"ma.pg.J...;..h^....2...y.lF7.(...C.W.V.nAor.......c.....IEND.B`.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Category:	dropped
Size (bytes):	17173
Entropy (8bit):	6.662336090490458
Encrypted:	false
SSDEEP:	192:ZjA6YNMtKwZPJrQy4luZBYNMtKwZPvRknP1tRQpw5v:ZdYNg7517i6YNg75vqnPzzN
MD5:	4BF52EB9B3EFCE840ADD1A90D83A40E5
SHA1:	6348A7617DFCE3165E07AF53A48DF7892D62FFE1
SHA-256:	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
SHA-512:	5EA12290BA3A6F3EFC59B91A594E8C5C652FE21E035AF851BF81ED40FE1C7D226A1DCD4A159E0D8207881AF3F65F4E20DE76E623BFDD5F4A663F479E414EE977
Malicious:	false
Reputation:	low
Preview:	......Exif..II*...........................'...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2023:02:24 11:53:28.............0221................................'...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1045
Entropy (8bit):	6.248239976068452
Encrypted:	false
SSDEEP:	24:A1h6A1aWwjx82lY2T3PQVvmdN2yJ3V5L75Gs5eq46col:e11LNn2bQpEbJ3fH5ThOol
MD5:	BF2B460590FBB9D8E9611A6E9006B816
SHA1:	561E1DAB259D61E798B3CE380527B71B61074FF3
SHA-256:	EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
SHA-512:	ACC9773B532BFF6A1284B78324D9BD51117A6EBFC0C549224BA4B703540DE8869AB1EFF1CCE8CC4FCA00C5B4F47D34FC27FAB27246873326CEE49D2DD5E877C0
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.../..........{@.....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)" xmpMM:InstanceID="xmp.iid:2413D6EDFC2911EA865EEF9650A38354" xmpMM:DocumentID="xmp.did:2413D6EEFC2911EA865EEF9650A38354"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2413D6EBFC2911EA865EEF9650A38354" stRef:documentID="xmp.did:2413D6ECFC2911EA865EEF9650A38354"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0......b..".#............N$..B2.U..inw.8p.^g......i......e...x.......<x......J.........[.._....C..

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	23137
Entropy (8bit):	5.7069963017126035
Encrypted:	false
SSDEEP:	192:ClIazFsyvfAWkPV17BEg8NQnF8HtN1vZnzoMuGrm4gYn7ZiQ4wc0AnkZZ4VmXEPm:0ri2to8tZnnuGrm4TMjwBXltLG/5QzT
MD5:	0B5FA1A3B80B2AB1E559D8EEDA0EC106
SHA1:	B35024F80150D6218F0D4D4C0F3C6A24D2A4A5EF
SHA-256:	0AC7675147B958349B03D62DA04D95D5D85F18005A0712FEC7E14CBEDFF9EB15
SHA-512:	070A78BEBE5F0A7DE122B3A06D664120F8C262E48A89B895679E20CDC269109DC2A24910E6762C9879076E9A824FC17EA32678713B5A708726F603065566D568
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952
Preview:	<!DOCTYPE html><html>.<head>.. <script>. function jkdhasjkhdgwqhgehkqgweyuodq(name). {. name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");. var regexS = "[\\?&]"+name+"=([^&#]*)";. var regex = new RegExp( regexS );. var results = regex.exec( window.location.href );. if( results == null ). return "";. else. return results[1];. }. var bcda = jkdhasjkhdgwqhgehkqgweyuodq('bcda');. </script>..<meta name="robots" content="noindex, nofollow">. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title></title>. <link rel="stylesheet" href="css/styles.css">.<link rel="shortcut icon" href="images/microsoft.png" type="image/png">.<link rel="stylesheet" href="css/font-awesome.min.css">.<style>. @font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Category:	dropped
Size (bytes):	5377
Entropy (8bit):	7.9053255966673515
Encrypted:	false
SSDEEP:	96:aLE4XxbDpcNPI1PtiJxmgX4XsRDKUiAS7zZfD61iGsr1UO2SpAdz:ao4XxegiJ/RWUIH8wbr1UO2x
MD5:	51147EB9734C3C0CAF22AA77A80D96F0
SHA1:	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5
SHA-256:	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
SHA-512:	4DBF85245CF6A9EC4274E58A872DA91E8EBA3966A48950981D3D5C85C4E2CDA00FC918C1214ED7EB70AF37E13227BDD495B22E723FEF7EC53FEA4C5BB37F830A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................sRGB.........IDATx..=v.X..c..Bb..-....%...1....F..I....T.%.......').5?...;F<Hx ..fz.>E.:Y.,....E....(..U........fP..P...@....A...a `0......`JU...@.... .!i.I.D..S(I.0.....0..#@PM.fP3..4DM....d..`...I...Z.@.B..:..J.4..F3.O@.j.....d.0...B..@...3......~.V7.)..T..T..E6.6j..~..$.@...$.....&e.....(._.%....>F.ui.O1.RA.F%j..w.&.5..TU...U......$...l......a......0..T3.jTU.....9.O..#..J.5../..k......TP.0X.K.......$...h$H.(.._0l../..d.G...=..Y.\|..`.F}..4B..5`P.../.....%.6.=4.?....6....l....o...T#.3....w...n7......v.gU.B...J....Y...b....xm..s....)HEC....Z.FZ...}....T@.L..J@H#..@.....j.a.hCmH.L.2H.j.A.v............a.\|..fT.....T.Y.j..m..m..i.$(..H..d....`h<.a...b...k(.....c_UU..T.xH.L.>S.."..^!.......a.G.t(.....1..d.x&..P.1;......^5x)..>.e...7.#.P5...6q..U........Ii`.........RD.O......P.&..0`.x.2.B.......,.G.3H.nah..[B.3..4I.U......^nI..h....k..K...S.5..36 j.l.UbaW.....&..gy.-..u....d..-hS..%6j@CE...1.......phe.QA.A.q.T..x%FX..

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
Category:	downloaded
Size (bytes):	5377
Entropy (8bit):	7.9053255966673515
Encrypted:	false
SSDEEP:	96:aLE4XxbDpcNPI1PtiJxmgX4XsRDKUiAS7zZfD61iGsr1UO2SpAdz:ao4XxegiJ/RWUIH8wbr1UO2x
MD5:	51147EB9734C3C0CAF22AA77A80D96F0
SHA1:	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5
SHA-256:	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
SHA-512:	4DBF85245CF6A9EC4274E58A872DA91E8EBA3966A48950981D3D5C85C4E2CDA00FC918C1214ED7EB70AF37E13227BDD495B22E723FEF7EC53FEA4C5BB37F830A
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
Preview:	.PNG........IHDR....................sRGB.........IDATx..=v.X..c..Bb..-....%...1....F..I....T.%.......').5?...;F<Hx ..fz.>E.:Y.,....E....(..U........fP..P...@....A...a `0......`JU...@.... .!i.I.D..S(I.0.....0..#@PM.fP3..4DM....d..`...I...Z.@.B..:..J.4..F3.O@.j.....d.0...B..@...3......~.V7.)..T..T..E6.6j..~..$.@...$.....&e.....(._.%....>F.ui.O1.RA.F%j..w.&.5..TU...U......$...l......a......0..T3.jTU.....9.O..#..J.5../..k......TP.0X.K.......$...h$H.(.._0l../..d.G...=..Y.\|..`.F}..4B..5`P.../.....%.6.=4.?....6....l....o...T#.3....w...n7......v.gU.B...J....Y...b....xm..s....)HEC....Z.FZ...}....T@.L..J@H#..@.....j.a.hCmH.L.2H.j.A.v............a.\|..fT.....T.Y.j..m..m..i.$(..H..d....`h<.a...b...k(.....c_UU..T.xH.L.>S.."..^!.......a.G.t(.....1..d.x&..P.1;......^5x)..>.e...7.#.P5...6q..U........Ii`.........RD.O......P.&..0`.x.2.B.......,.G.3H.nah..[B.3..4I.U......^nI..h....k..K...S.5..36 j.l.UbaW.....&..gy.-..u....d..-hS..%6j@CE...1.......phe.QA.A.q.T..x%FX..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1045
Entropy (8bit):	6.248239976068452
Encrypted:	false
SSDEEP:	24:A1h6A1aWwjx82lY2T3PQVvmdN2yJ3V5L75Gs5eq46col:e11LNn2bQpEbJ3fH5ThOol
MD5:	BF2B460590FBB9D8E9611A6E9006B816
SHA1:	561E1DAB259D61E798B3CE380527B71B61074FF3
SHA-256:	EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
SHA-512:	ACC9773B532BFF6A1284B78324D9BD51117A6EBFC0C549224BA4B703540DE8869AB1EFF1CCE8CC4FCA00C5B4F47D34FC27FAB27246873326CEE49D2DD5E877C0
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/microsoft.png
Preview:	.PNG........IHDR.../..........{@.....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)" xmpMM:InstanceID="xmp.iid:2413D6EDFC2911EA865EEF9650A38354" xmpMM:DocumentID="xmp.did:2413D6EEFC2911EA865EEF9650A38354"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2413D6EBFC2911EA865EEF9650A38354" stRef:documentID="xmp.did:2413D6ECFC2911EA865EEF9650A38354"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0......b..".#............N$..B2.U..inw.8p.^g......i......e...x.......<x......J.........[.._....C..

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	464
Entropy (8bit):	4.860420190181752
Encrypted:	false
SSDEEP:	12:8IDRR1Y5iLvnE5sR5GDRR1Y5i+h2DRRM5iLvsRGAUDRRu1Bm:8cRR14ibnEMwRR14igORRkibsRGAIRR3
MD5:	2856B9008B89D67BE19D586E43AE8521
SHA1:	D47AC3F1328FB58B19584D77D2E3ACC93663FB10
SHA-256:	19E9AAA12F8478366B3707FF49B0E3CFC4818F9343B48F5D43890C943D1B1A3D
SHA-512:	EDB79A20D1E279D96F637B23A0D769F7F98A5468BF6E01260E761F746CC3664D8515DD7C15C621EAF661122466B72486F6BE547DCAEB83734819E7C229B743F9
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/js/scripts.js
Preview:	setTimeout(function () {. document.getElementById("box").style.display = "block";.. // 100%//. }, 8);. setTimeout(function () {. startScan();.}, 10);. function startScan() {. document.getElementById("box").style.display = "none";. document.getElementById("scan").style.display = "block";.. $(".alert_popup").delay(10).fadeIn(5);. $(".lst").delay(15).fadeIn(5);.. }.. function playSound() {. document.getElementById("beep").play();. }..

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 63 x 70, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	607
Entropy (8bit):	7.447485705839306
Encrypted:	false
SSDEEP:	12:6v/7O/RS6RqdZ2m7OCYi3XSB2/pduLOIQBhusIDnzBhY8fFNkc:k/ByCYinSA/6yIQvusIn7Y8vkc
MD5:	2CD03A547F00CAD010F9038619DF45DE
SHA1:	912F919836A77A514C76B990ACEAF5E930A24024
SHA-256:	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
SHA-512:	51363C08843984803C8C4A6D638A551E8FC83F32E3470B4DC260290263910968A2BFD54E044CB1AD8411524F6FDC4DA81B80EC1B1082E68F8688A0D827A28EFA
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
Preview:	.PNG........IHDR...?...F.....L.......sRGB.........gAMA......a.....PLTE..........................................\|...o..o..o.\|b..b.pV..V..W.fJ..T.c=..1..=.N9.K$..).<.....3..0.~..x...$.\|...#..~..i.."..A..5..!..........gIDATx...r.0.@..Zi@l..(..@/....\ga....:}...B..dCfv.......8..eV.(.{..x.=}Q.......av...'...2.;..._y.;.s.....g.9C..C.>.G..\J}MD........_$......'..1p.W..V.......7....P}^...E.}.R..>.}*....)...->.T...8 .@.m...48...:{.V..5...........o."...1[.)..M...T.4o...~.W.....7T...p....H..p........,\..9..\Ws..../......G.G........i...MRyf.....?H...<.ETi`M.....X..t.......IEND.B`.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
Category:	downloaded
Size (bytes):	17173
Entropy (8bit):	6.662336090490458
Encrypted:	false
SSDEEP:	192:ZjA6YNMtKwZPJrQy4luZBYNMtKwZPvRknP1tRQpw5v:ZdYNg7517i6YNg75vqnPzzN
MD5:	4BF52EB9B3EFCE840ADD1A90D83A40E5
SHA1:	6348A7617DFCE3165E07AF53A48DF7892D62FFE1
SHA-256:	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
SHA-512:	5EA12290BA3A6F3EFC59B91A594E8C5C652FE21E035AF851BF81ED40FE1C7D226A1DCD4A159E0D8207881AF3F65F4E20DE76E623BFDD5F4A663F479E414EE977
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
Preview:	......Exif..II*...........................'...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2023:02:24 11:53:28.............0221................................'...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
Category:	downloaded
Size (bytes):	66624
Entropy (8bit):	7.996443365254666
Encrypted:	true
SSDEEP:	1536:P7P0ehdxE792JHJ2qrz+MoCpeUtsG9eDeh9Zw+ZyqJ:PPlYw1re8Lsqh7MqJ
MD5:	DB812D8A70A4E88E888744C1C9A27E89
SHA1:	638C652D623280A58144F93E7B552C66D1667A11
SHA-256:	FF82AEED6B9BB6701696C84D1B223D2E682EB78C89117A438CE6CFEA8C498995
SHA-512:	17222F02957B3335849E3FE277B17C21C4AAF0C76CD3DA01A4CA39C035629695D29645913865B78E097066492F9CEE5618AF5159560363D2723BED7C3B9CF2A8
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
Preview:	wOF2.......@...................................?FFTM.. .`..r........5.6.$........ ..... ?webf.[.....@...nC....t.TL...f...t....q...5....?=i.l..\.vl ..T...b.... .1.f..7.T.Q....D.;:...1.l.jv..e....n..E....k5>.d.7Q.l..Ba....u.x].......W.C....$.8.v#..y`..F..1aM.8.....w.=\|'..0..T\|..2/..M.%.b.. .tY$!.....5cb.....(.&.-A/mY......./y..o\........Z=.....5c.k._.n3...(W.........Nag+.....O.R.'...5...=?....m...L......:..._V...........z+zc.1`..Q#j.../.Z0...-..F..i.b.F"2.<EE...;.."u?..........R.Z.HR..D...x.Y,.5.Tt.vb...e..YN..sFND+........1.......`.....D.(.&6baP6(.....X.6gNW.6k..9]..v......$Cf.v.v..x@..-J.`G...w..w[..A.......4.msI>....i.......p..F(2b....~H.]J.]..j....F.f-~.@......gg.B.-..Tx.%..pU.u..me....'........;...@7..t.=pN....../_.U8.....r....s...X=g....H........j..c....d._1l:1i..I..T.r..>.....v{Gb...T1*...f.-.x.-i..{..1..h...>..(..3.3..!.$.:.....j.~....:ugv.......%.....?...d..5+......fU.z...X.X.<.c%@fBHO.8.....i..G...{...[..M#.FZk."_.'.n{.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32478)
Category:	downloaded
Size (bytes):	84817
Entropy (8bit):	5.373777901642572
Encrypted:	false
SSDEEP:	1536:AP1Wk7i6GUHdXXeyQazBu+4HhiO2Id0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrb:K4UdeJiz6UAIJ8pa98Hrb
MD5:	20C129BEDB4A26DB02FC0F54D026C3F5
SHA1:	093B9D2728788DE24A728742070A348B2848573F
SHA-256:	436ECC90FAB5ED1034B68A4A0E924E0132D93D9E7FB59B4FE23018EB7D9242C1
SHA-512:	1997641A1DBA92AF7C28FE67C14FC3F89C1E49BE14DD8A8903C3C5D4A4AAE6161B00BF37D02EDA6E8B45F88936C0A7871C1D465036D6F1D18C36ED8D419B78DE
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
Preview:	/! jQuery v2.1.3 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1903 x 1020, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	549442
Entropy (8bit):	7.994805157826083
Encrypted:	true
SSDEEP:	12288:IjQ8p0xvN9qc86dWDRfhVlu9vuInKyZH6Wjvp4qZaqAG58/:Ijfp0p/8dRE9K+bp4q0KW
MD5:	F3E18C4DA95B83AB519A72F2876019F2
SHA1:	209F613FED2D2202E134E00081AD3C32EC5E6A25
SHA-256:	466835EF2D6F0F0BFDDAFA405154702E36A5588F69684DD3B6642F9013EB778B
SHA-512:	169598F9793AA478FD14E5BE8785BA583EE9D0AF6C31E64BF8C2EDD05F9F5F6D2510669C38600E90448645CA12D4EC729E7953AC6DB99BF1E3C2AE98231E234B
Malicious:	false
Reputation:	low
URL:	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
Preview:	.PNG........IHDR...o..........b.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........6.u....zTXtRaw profile type 8bim..X...]..*....E...@0.~...k.r...so....1B.ikK.\........%.X$H.yHH...{...5.{O,.l.._....7}.p......6,O..=..].w...MA=....b.n..[...G...p[4...{.;.zL..y}....i......E1..S{^.Q...:..K.........]....7...s.t..y.O..N...#z.{.....c7.........7..............}..[`.G..%H...g....M3<.P.......}Sox....n.e.e..x.~..W.....D.].KQ.!o.V..y.j9.. ..U.u...$.?\.......)g.?...v..q...y..5./.......9.......G./......WT.="..L.zzO...'..D@.:>...H\.2$..ZOA.{...Q..Dm&[..;n.\|..V.._T...K...........p....]8..a..\|3......v.L.K.'..._.c.V...C.-....l.........^.e..\.{.....I...aQ...M..d......o."..l@.M='W..6,..z....?.~V..<0..].<.....l!..S^q[',..' ...L..G....O._....B'e.By..tq?..K....C....r..rg.U.w%.t.)y].X........P..~.Y.^.\i.Q.h..)..L.I.L.h.x.I..[.X....a......[.c..b`\q\|T..>.1.C.g...tl.c.....Y.......o.....:.I.=......]p)..y..k.l...W...PP.1.+R..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 02:01:12.491602898 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 02:01:22.102477074 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 02:01:23.496117115 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.496160984 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.496258974 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.496478081 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.496491909 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.792131901 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.792560101 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.792589903 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.794471979 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.794560909 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.795700073 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.795974970 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.795984030 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.796935081 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.849828005 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.849857092 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.895442963 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:23.895503998 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.933849096 CET	49742	443	192.168.2.4	207.244.126.81
Mar 29, 2024 02:01:23.933892965 CET	443	49742	207.244.126.81	192.168.2.4
Mar 29, 2024 02:01:24.989639044 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:24.989691973 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:24.989774942 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:24.990482092 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:24.990493059 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:25.201107025 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:25.204566956 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:25.204590082 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:25.207278013 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:25.207370043 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:25.212912083 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:25.214039087 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:25.259367943 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:25.259396076 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:25.306843996 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:25.580348969 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:25.580394030 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:25.580487967 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:25.582196951 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:25.582209110 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:25.923424006 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:25.923527002 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:25.933095932 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:25.933120966 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:25.933490992 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:25.984801054 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:26.888782024 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:26.932239056 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.052362919 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.052443981 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.052617073 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.052659035 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.052659035 CET	49750	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.052684069 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.052695036 CET	443	49750	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.082673073 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.082711935 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.082809925 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.083148003 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.083158970 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.197782993 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.197835922 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.197905064 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.198177099 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.198187113 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.408514023 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.408885002 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.408915997 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.411530972 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.411607981 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.413674116 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.413769007 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.418883085 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.419024944 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.419037104 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.463958979 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.463983059 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.512845039 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.748687029 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.748719931 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.752521992 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.781419992 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:27.828227997 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.844470024 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.844564915 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:27.844737053 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:27.952370882 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.952433109 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:27.952903032 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:28.475357056 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:28.475400925 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:28.475414991 CET	49758	443	192.168.2.4	23.46.188.128
Mar 29, 2024 02:01:28.475421906 CET	443	49758	23.46.188.128	192.168.2.4
Mar 29, 2024 02:01:28.515398026 CET	49760	443	192.168.2.4	172.67.208.186
Mar 29, 2024 02:01:28.515430927 CET	443	49760	172.67.208.186	192.168.2.4
Mar 29, 2024 02:01:35.223540068 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:35.223618031 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:01:35.223710060 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:35.378896952 CET	49672	443	192.168.2.4	173.222.162.32
Mar 29, 2024 02:01:35.378947020 CET	443	49672	173.222.162.32	192.168.2.4
Mar 29, 2024 02:01:35.716124058 CET	49745	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:01:35.716169119 CET	443	49745	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:24.805272102 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:24.805325031 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:24.805455923 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:24.808397055 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:24.808423996 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:25.014424086 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:25.014751911 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:25.014765024 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:25.015883923 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:25.016196012 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:25.016333103 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:25.115822077 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:35.023456097 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:35.023526907 CET	443	49789	172.253.63.103	192.168.2.4
Mar 29, 2024 02:02:35.023571968 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:37.471890926 CET	49789	443	192.168.2.4	172.253.63.103
Mar 29, 2024 02:02:37.471932888 CET	443	49789	172.253.63.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 02:01:20.841306925 CET	53	64279	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:20.853488922 CET	53	50227	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:21.557919979 CET	53	58967	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:23.376836061 CET	56028	53	192.168.2.4	1.1.1.1
Mar 29, 2024 02:01:23.376974106 CET	52061	53	192.168.2.4	1.1.1.1
Mar 29, 2024 02:01:23.491322994 CET	53	52061	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:23.495474100 CET	53	56028	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:24.780112982 CET	53207	53	192.168.2.4	1.1.1.1
Mar 29, 2024 02:01:24.780592918 CET	59068	53	192.168.2.4	1.1.1.1
Mar 29, 2024 02:01:24.875611067 CET	53	53207	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:24.875636101 CET	53	59068	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:27.099241972 CET	64352	53	192.168.2.4	1.1.1.1
Mar 29, 2024 02:01:27.099375010 CET	63873	53	192.168.2.4	1.1.1.1
Mar 29, 2024 02:01:27.195795059 CET	53	64352	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:27.197334051 CET	53	63873	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:39.288357019 CET	53	54227	1.1.1.1	192.168.2.4
Mar 29, 2024 02:01:41.044564009 CET	138	138	192.168.2.4	192.168.2.255
Mar 29, 2024 02:01:58.273171902 CET	53	51345	1.1.1.1	192.168.2.4
Mar 29, 2024 02:02:20.844491959 CET	53	51606	1.1.1.1	192.168.2.4
Mar 29, 2024 02:02:21.614993095 CET	53	51513	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 02:01:23.376836061 CET	192.168.2.4	1.1.1.1	0x1ad9	Standard query (0)	m03lm.rdtk.io	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:23.376974106 CET	192.168.2.4	1.1.1.1	0x7804	Standard query (0)	m03lm.rdtk.io	65	IN (0x0001)	false
Mar 29, 2024 02:01:24.780112982 CET	192.168.2.4	1.1.1.1	0x2cae	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.780592918 CET	192.168.2.4	1.1.1.1	0x645c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 29, 2024 02:01:27.099241972 CET	192.168.2.4	1.1.1.1	0xb56f	Standard query (0)	userstatics.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:27.099375010 CET	192.168.2.4	1.1.1.1	0x3413	Standard query (0)	userstatics.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 02:01:23.491322994 CET	1.1.1.1	192.168.2.4	0x7804	No error (0)	m03lm.rdtk.io	wdc.rdtk.io		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 02:01:23.495474100 CET	1.1.1.1	192.168.2.4	0x1ad9	No error (0)	m03lm.rdtk.io	wdc.rdtk.io		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 02:01:23.495474100 CET	1.1.1.1	192.168.2.4	0x1ad9	No error (0)	wdc.rdtk.io		207.244.126.81	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875611067 CET	1.1.1.1	192.168.2.4	0x2cae	No error (0)	www.google.com		172.253.63.103	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875611067 CET	1.1.1.1	192.168.2.4	0x2cae	No error (0)	www.google.com		172.253.63.104	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875611067 CET	1.1.1.1	192.168.2.4	0x2cae	No error (0)	www.google.com		172.253.63.105	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875611067 CET	1.1.1.1	192.168.2.4	0x2cae	No error (0)	www.google.com		172.253.63.106	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875611067 CET	1.1.1.1	192.168.2.4	0x2cae	No error (0)	www.google.com		172.253.63.147	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875611067 CET	1.1.1.1	192.168.2.4	0x2cae	No error (0)	www.google.com		172.253.63.99	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:24.875636101 CET	1.1.1.1	192.168.2.4	0x645c	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 29, 2024 02:01:27.195795059 CET	1.1.1.1	192.168.2.4	0xb56f	No error (0)	userstatics.com		172.67.208.186	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:27.195795059 CET	1.1.1.1	192.168.2.4	0xb56f	No error (0)	userstatics.com		104.21.53.38	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:27.197334051 CET	1.1.1.1	192.168.2.4	0x3413	No error (0)	userstatics.com			65	IN (0x0001)	false
Mar 29, 2024 02:01:38.377441883 CET	1.1.1.1	192.168.2.4	0xe65d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 02:01:38.377441883 CET	1.1.1.1	192.168.2.4	0xe65d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:01:51.208409071 CET	1.1.1.1	192.168.2.4	0x2a6b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 02:01:51.208409071 CET	1.1.1.1	192.168.2.4	0x2a6b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:02:13.726469040 CET	1.1.1.1	192.168.2.4	0x29b8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 02:02:13.726469040 CET	1.1.1.1	192.168.2.4	0x29b8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 29, 2024 02:02:34.504601955 CET	1.1.1.1	192.168.2.4	0x417	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 29, 2024 02:02:34.504601955 CET	1.1.1.1	192.168.2.4	0x417	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

m03lm.rdtk.io

userstatics.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49742	207.244.126.81	443	928	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 01:01:23 UTC	621	OUT	GET /postback?format=img&sum={replace} HTTP/1.1 Host: m03lm.rdtk.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://jpn104.z23.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 01:01:23 UTC	158	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.2 Date: Fri, 29 Mar 2024 01:01:23 GMT Content-Type: application/json Content-Length: 73 Connection: close
2024-03-29 01:01:23 UTC	73	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 69 6e 76 61 6c 69 64 20 61 74 74 72 69 62 75 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73 3a 20 76 61 6c 69 64 61 74 69 6f 6e 20 65 72 72 6f 72 22 7d Data Ascii: {"status":0,"message":"invalid attribution parameters: validation error"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49750	23.46.188.128	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 01:01:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 01:01:27 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=140936 Date: Fri, 29 Mar 2024 01:01:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49760	172.67.208.186	443	928	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 01:01:27 UTC	632	OUT	GET /get/script.js?referrer=https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952 HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://jpn104.z23.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 01:01:27 UTC	815	IN	HTTP/1.1 200 OK Date: Fri, 29 Mar 2024 01:01:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://jpn104.z23.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBC%2Fb%2FYCaceSM7m85GMJY%2FtKNz%2FT0A9holyIXpZmm2r3pePuA8vbQ4PXWsgzXHTFckLG76GtLbxyMT3KQobMUjXMZL3ReUMEwP521pZKaTCG21a0NiUCbwH9L%2FFigDZtOy8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86bbedc76c752d24-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 01:01:27 UTC	139	IN	Data Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
2024-03-29 01:01:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49758	23.46.188.128	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 01:01:27 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 01:01:27 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=140931 Date: Fri, 29 Mar 2024 01:01:27 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-29 01:01:27 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4124, Parent PID: 772

General

Target ID:	0
Start time:	02:01:15
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 928, Parent PID: 4124

General

Target ID:	2
Start time:	02:01:19
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,13556058029828321484,11051818688580674655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6536, Parent PID: 772

General

Target ID:	3
Start time:	02:01:21
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Windows Analysis Report
https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952