Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052

Overview

General Information

Sample URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
Analysis ID:1431903
Infos:

Detection

TechSupportScam
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected TechSupportScam
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4556 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_86JoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
      0.1.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
        0.2.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

          Phishing

          barindex
          Phishing site detected (based on favicon image match)
          Source: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052Matcher: Template: microsoft matched with high similarity
          Yara detected TechSupportScam
          Source: Yara matchFile source: 0.0.pages.csv, type: HTML
          Source: Yara matchFile source: 0.1.pages.csv, type: HTML
          Source: Yara matchFile source: 0.2.pages.csv, type: HTML
          Source: Yara matchFile source: dropped/chromecache_86, type: DROPPED
          Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49768 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.5:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.5:49736 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49768 version: TLS 1.0
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /postback?format=img&sum={replace} HTTP/1.1Host: m03lm.rdtk.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iij110.z27.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
          Source: global trafficHTTP traffic detected: GET /get/script.js?referrer=https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052 HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://iij110.z27.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: chromecache_102.2.drString found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: m03lm.rdtk.io
          Source: global trafficDNS traffic detected: DNS query: userstatics.com
          Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714082806004&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
          Source: chromecache_79.2.drString found in binary or memory: http://fontawesome.io
          Source: chromecache_79.2.drString found in binary or memory: http://fontawesome.io/license
          Source: chromecache_101.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
          Source: chromecache_102.2.drString found in binary or memory: https://cct.google/taggy/agent.js
          Source: chromecache_91.2.drString found in binary or memory: https://ezgif.com/optimize
          Source: chromecache_112.2.drString found in binary or memory: https://getbootstrap.com/)
          Source: chromecache_112.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
          Source: chromecache_112.2.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
          Source: chromecache_102.2.drString found in binary or memory: https://pagead2.googlesyndication.com
          Source: chromecache_102.2.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
          Source: chromecache_101.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
          Source: chromecache_101.2.drString found in binary or memory: https://tagassistant.google.com/
          Source: chromecache_102.2.drString found in binary or memory: https://td.doubleclick.net
          Source: chromecache_102.2.drString found in binary or memory: https://www.google-analytics.com/analytics.js
          Source: chromecache_101.2.drString found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
          Source: chromecache_101.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
          Source: chromecache_101.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
          Source: chromecache_102.2.drString found in binary or memory: https://www.google.com
          Source: chromecache_101.2.drString found in binary or memory: https://www.google.com/ads/ga-audiences
          Source: chromecache_102.2.drString found in binary or memory: https://www.googleadservices.com
          Source: chromecache_102.2.drString found in binary or memory: https://www.googletagmanager.com
          Source: chromecache_101.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
          Source: chromecache_86.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-xxx-x
          Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.5:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.5:49736 version: TLS 1.2

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Yara detected TechSupportScam
          Source: Yara matchFile source: 0.0.pages.csv, type: HTML
          Source: Yara matchFile source: 0.1.pages.csv, type: HTML
          Source: Yara matchFile source: 0.2.pages.csv, type: HTML
          Source: Yara matchFile source: dropped/chromecache_86, type: DROPPED
          Source: classification engineClassification label: mal64.phis.win@18/73@6/5
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4556 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4556 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          Registry Run Keys / Startup Folder          		1
          Process Injection          		1
          Masquerading          		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Registry Run Keys / Startup Folder          		1
          Process Injection          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
          Ingress Tool Transfer          		Traffic DuplicationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-10520%Avira URL Cloudsafe
          https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052100%SlashNextScareware type: Phishing & Social Engineering

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://www.google.%/ads/ga-audiences0%URL Reputationsafe
          https://cct.google/taggy/agent.js0%URL Reputationsafe
          https://m03lm.rdtk.io/postback?format=img&sum={replace}0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          userstatics.com
          		104.21.53.38
          		truefalse
            		unknown
            wdc.rdtk.io
            		207.244.126.81
            		truefalse
              		unknown
              www.google.com
              		142.250.217.228
              		truefalse
                		high
                fp2e7a.wpc.phicdn.net
                		192.229.211.108
                		truefalse
                  		unknown
                  m03lm.rdtk.io
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://m03lm.rdtk.io/postback?format=img&sum={replace}false
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.google.comchromecache_102.2.drfalse
                      		high
                      http://fontawesome.iochromecache_79.2.drfalse
                        		high
                        https://github.com/twbs/bootstrap/graphs/contributors)chromecache_112.2.drfalse
                          		high
                          https://www.google.com/ads/ga-audienceschromecache_101.2.drfalse
                            		high
                            https://www.google.%/ads/ga-audienceschromecache_101.2.drfalse
                            • URL Reputation: safe
                            		low
                            https://td.doubleclick.netchromecache_102.2.drfalse
                              		high
                              https://github.com/twbs/bootstrap/blob/main/LICENSE)chromecache_112.2.drfalse
                                		high
                                https://tagassistant.google.com/chromecache_101.2.drfalse
                                  		high
                                  https://stats.g.doubleclick.net/j/collectchromecache_101.2.drfalse
                                    		high
                                    https://ampcid.google.com/v1/publisher:getClientIdchromecache_101.2.drfalse
                                      		high
                                      https://getbootstrap.com/)chromecache_112.2.drfalse
                                        		high
                                        https://cct.google/taggy/agent.jschromecache_102.2.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://ezgif.com/optimizechromecache_91.2.drfalse
                                          		high
                                          http://fontawesome.io/licensechromecache_79.2.drfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            239.255.255.250
                                            		unknownReserved
                                            		unknownunknownfalse
                                            207.244.126.81
                                            		wdc.rdtk.ioUnited States
                                            		30633LEASEWEB-USA-WDCUSfalse
                                            142.250.217.228
                                            		www.google.comUnited States
                                            		15169GOOGLEUSfalse
                                            104.21.53.38
                                            		userstatics.comUnited States
                                            		13335CLOUDFLARENETUSfalse

                                            Private

                                            IP
                                            192.168.2.5

                                            General Information

                                            Joe Sandbox version:40.0.0 Tourmaline
                                            Analysis ID:1431903
                                            Start date and time:2024-04-26 00:06:12 +02:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 3m 17s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:browseurl.jbs
                                            Sample URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:9
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal64.phis.win@18/73@6/5
                                            EGA Information:Failed
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 0
                                            • Number of non-executed functions: 0

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 192.178.50.35, 142.250.217.174, 173.194.217.84, 34.104.35.123, 20.60.142.36, 142.250.64.136, 192.178.50.78, 40.127.169.103, 72.21.81.240, 192.229.211.108, 20.166.126.56, 20.242.39.171
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                            • VT rate limit hit for: https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            No context

                                            Domains

                                            No context

                                            ASNs

                                            No context

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:07:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):3.9878230222043305
                                            Encrypted:false
                                            SSDEEP:48:8FdrTzSw3HneidAKZdA19ehwiZUklqehTy+3:8D730Iy
                                            MD5:931BF86090EDF3898D0743950D312F16
                                            SHA1:0356DC3DE17B76A79478C3D11AC8823CC693BCF8
                                            SHA-256:2432311240E56EF92DAC394EB15458996910C6C1E0D0D9DBB1FE11EA3062BA4D
                                            SHA-512:188AA0F834C94643851D0BCED39FF691CA1E3022B646D17838513F1858660F673EFCE01868E189E436144E78970278041EA71B9A4D802A423A81040724450575
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.@.. ...$+.,......!.\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:07:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2679
                                            Entropy (8bit):4.000417155879824
                                            Encrypted:false
                                            SSDEEP:48:87drTzSw3HneidAKZdA1weh/iZUkAQkqeh4y+2:8h73G9Q1y
                                            MD5:719DEDB5AE93DDEA09A79B87D7F9D7F6
                                            SHA1:A28F6AE5CB5A3CFE964113A0E99863626B02982B
                                            SHA-256:CB42F050302EA1163950FE2893328571720DA92A9FB9ADE3EEB5A1B806B071C0
                                            SHA-512:C7D825A399C735F36CF9F6628FA036962BEDFFC6BFECA76D107A541818B46154D180EB66F32227C01A15A7BE60EFAF646DB3A9F2DE8B3C0B2F47CA1E79BC6C9F
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.@.. ...$+.,....)...\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2693
                                            Entropy (8bit):4.010124802307313
                                            Encrypted:false
                                            SSDEEP:48:8xMdrTzSwsHneidAKZdA14tseh7sFiZUkmgqeh7s6y+BX:8x872unUy
                                            MD5:60475A69A9F946BA6D82034A260C0FD9
                                            SHA1:4EB89E839A24548FF4187765C41CF6CC824211ED
                                            SHA-256:D12B32EB9CF29AE0C9C6441CC8439072FD1F2F30E177680A03E88E716E33E33C
                                            SHA-512:01A0F6A969027959D674C075985D7CA03CAA0FE0E83CCF8F36693D1BB68B8599D350610144BF6851EF81FA259E275576BB4956D08BAE18EA91F68A3F4894E4A5
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:07:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2681
                                            Entropy (8bit):3.9989799172756793
                                            Encrypted:false
                                            SSDEEP:48:8ZdrTzSw3HneidAKZdA1vehDiZUkwqeh8y+R:8/73NCy
                                            MD5:9779A736C2D473BD9D62A62794C8A14C
                                            SHA1:7AFA3AD32E9C9E66A25EF7B5DB1154A0E73C65E9
                                            SHA-256:39DAE741025C12923AFB55464D47C3A64D758A2E046AF8256249B1A571321EEF
                                            SHA-512:126EAA9D9AACDDA3D91355015EF5CEBB70CEECDE8EFA2F8D23D52E92D1F6B903C19FADCEC3B066FEFBFC08005C141E358B06BDFB512DDF3C03735CE0FC266791
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.@.. ...$+.,........\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:07:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2681
                                            Entropy (8bit):3.9878043998759063
                                            Encrypted:false
                                            SSDEEP:48:8CdrTzSw3HneidAKZdA1hehBiZUk1W1qehGy+C:8C73N9my
                                            MD5:2F8D1C47B984C7A29F4155979F0524C9
                                            SHA1:04632649A8186CD15FEAB7402D27E3F5AC3AF338
                                            SHA-256:8D535A087623C1890C32D4DA8AFA19E97C3BB804B59B0391F88275AD1057706A
                                            SHA-512:E466D01DC2650D80C5AF0F06323D4C951A150F10256702E7DF95E92475605DF747592128DCBEB028BEF524237DF59622A051D9025C9BFF92E16C77ABABF1AD8E
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.@.. ...$+.,....)...\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:07:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2683
                                            Entropy (8bit):4.000744792305584
                                            Encrypted:false
                                            SSDEEP:48:8wdrTzSw3HneidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbUy+yT+:8Y73RT/TbxWOvTbUy7T
                                            MD5:B550A5F4EFBF9801EBD6ACFFAEEC9B04
                                            SHA1:27DC95D3094A19E9E6A83A72F00A3F53A375806A
                                            SHA-256:D39B4823723509D80102C02798089EDFE9BF0951B1FA1E530C82AE4BED80AE00
                                            SHA-512:BA6F312CD266D6A131FF941E2983203F9519FF8F37557BB756AAC3BECA5A645114AD581C4D9D036E005F7DBC3B9769A2257DCC20D18F8D44DFC72B3BCAEBA834
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.@.. ...$+.,........\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?a......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            Chrome Cache Entry: 100

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
                                            Category:downloaded
                                            Size (bytes):66624
                                            Entropy (8bit):7.996443365254666
                                            Encrypted:true
                                            SSDEEP:1536:P7P0ehdxE792JHJ2qrz+MoCpeUtsG9eDeh9Zw+ZyqJ:PPlYw1re8Lsqh7MqJ
                                            MD5:DB812D8A70A4E88E888744C1C9A27E89
                                            SHA1:638C652D623280A58144F93E7B552C66D1667A11
                                            SHA-256:FF82AEED6B9BB6701696C84D1B223D2E682EB78C89117A438CE6CFEA8C498995
                                            SHA-512:17222F02957B3335849E3FE277B17C21C4AAF0C76CD3DA01A4CA39C035629695D29645913865B78E097066492F9CEE5618AF5159560363D2723BED7C3B9CF2A8
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/fonts/fontawesome-webfont.woff2
                                            Preview:wOF2.......@......*.............................?FFTM.. .`..r........5.6.$........ ..... ?webf.[.....@...nC....t.TL...f...t....q...5....?=i.l..\.vl ..T...b.... .1.f..7.T.Q....D.;:...1.l.jv..e....n..E....k5>.d.7Q.l..Ba....u.x].......W.C....$.8.v#..y`..F..1aM.8.....w.=|'..0..T|..2/..M.%.b.. .tY$!.....5cb.....(.&.-A/mY......./y..o\........Z=.....5c.k._.n3...(W.........Nag+.....O.R.'...5...=?....m...L......:..*._V...........z+zc.1`..Q#j.../.Z0...-..F..i.b.F"2.<EE...;.."u?..........R.Z.HR..D...x.Y,.5.Tt.vb...e..YN..sFND+........1.......`.....D.(.&6baP6(.....X.6gNW.6k..9]..v......$Cf.v.v..x@..-J.`G...w..w[..A.......4.msI>....i.......p..F(2b....~H.]J.]..j....F.f-~.@......gg.B.-..Tx.%..pU.u..me....'........;...@7..t.=pN....../_.U8.....r....s...X=g....H........j..c....d._1l:1i..I..T.r..>.....v{Gb...T1*...f.-.x.-i..{..1..h...>..(..3.3..!.$.:.....j.~....:ugv.......%.....?...d..5+......fU.z...X.X.<.c%@fBHO.8.....i..G...{...[..M#.FZk."_.'.n{.

                                            Chrome Cache Entry: 101

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (2343)
                                            Category:downloaded
                                            Size (bytes):52916
                                            Entropy (8bit):5.51283890397623
                                            Encrypted:false
                                            SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                            MD5:575B5480531DA4D14E7453E2016FE0BC
                                            SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                            SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                            SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                            Malicious:false
                                            Reputation:low
                                            URL:https://www.google-analytics.com/analytics.js
                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                            Chrome Cache Entry: 102

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (1763)
                                            Category:downloaded
                                            Size (bytes):189683
                                            Entropy (8bit):5.527297250834467
                                            Encrypted:false
                                            SSDEEP:3072:LUQaf5qZ3fhO+WW48zG1LceF2/eazQthTnXDL9btIM01hu4:IQX5NfYLceF+CTnXP9RIMmV
                                            MD5:5095DB143AB6A8CA163819FF10D34081
                                            SHA1:44659BB666835738599DFDC422BC5CF80BF894F0
                                            SHA-256:29414EB5B76FD0932ADFB926F4B0A70D5E5C5E782772430AC80F71E4C9854FC7
                                            SHA-512:FD2F612DD4D7973F0511DB55060E1A3BD95F6106E931706271331113F3B726FD4D33C7FAA1B0CADBA0ADE8926B02B33965D2ED6A8A70B823080A9298148A9D45
                                            Malicious:false
                                            Reputation:low
                                            URL:https://www.googletagmanager.com/gtag/js?id=UA-xxx-x
                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__cid"}],. "tags":[{"function":"__rep","once_per_event":true,"vtp_containerId":["macro",1],"tag_id":1}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"}],. "rules":[[["if",0],["add",0]]].},."runtime":[ [50,"__cid",[46,"a"],[36,[17,[13,[41,"$0"],[3,"$0",["require","getContainerVersion"]],["$0"]],"containerId"]]]. .].,"entities":{."__cid":{"2":true,"4":true,"3":true}...}.,"blob":{"1":"1"}.,"permissions":{."__cid":{"read_container_data":{}}...}....,"security_groups":{."google":[."__cid"..]...}....};...var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},fa=function(a){for(var b=["object"==typeof globalThis

                                            Chrome Cache Entry: 103

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):462770
                                            Entropy (8bit):7.96289736720607
                                            Encrypted:false
                                            SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                            MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                            SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                            SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                            SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                            Chrome Cache Entry: 104

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 33 x 31, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):463
                                            Entropy (8bit):7.179067065082675
                                            Encrypted:false
                                            SSDEEP:12:6v/7Kk/ZULAVExM3OCHtL5bCRyqYJkz6Ziu/SAF5p9UCNb:dDEO+3VHt95tEWiu/SAF5p2ob
                                            MD5:905D91C276116928FA306EA732723FA9
                                            SHA1:092604F6A8786E46A7DEE06065D29D2896FCF568
                                            SHA-256:9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
                                            SHA-512:701EF9AF42666AA12CE68726C8BE76F093A6C22999E0869B05462163372ACD3A6E7B728815035B7C29423C3E74EFB3F8CD36806F709C6C3BFA744F036F67FE97
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...!.........^JT.....sRGB.........gAMA......a....~PLTE.................................................W.fT.c...=.Nzzz9.K5.G).<iii..39xD.."WWW/n:...GGG.t..b..].444.?.###.............IDATx....6.0.....%.:=.F..]D....-.Io.5...'.LZ...j....<d.Pg..g.s..-v....&.....&o#....q.H.........@L).].T.@....d..%.1....o...P..B..y.%;.k.a]fG.....g..3..'.....d.O.{...J.Y.N..z...tus:?.%...(]rv8J..w.ty8J.K...$.$........_..k~......nt.O....IEND.B`.

                                            Chrome Cache Entry: 105

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Web Open Font Format (Version 2), TrueType, length 21716, version 1.0
                                            Category:downloaded
                                            Size (bytes):21716
                                            Entropy (8bit):7.988919175869214
                                            Encrypted:false
                                            SSDEEP:384:DfspV407P6+jGlbMAA2cdv92Dg3AuGZ0KGKBb2ZXdWgb98JmSKMrN:D64Ei+n2c19NuqKuZXdWv79N
                                            MD5:D4FF90DB5DA894C833F356F47A16E408
                                            SHA1:30606044507D81B996C992895AB16B8A8D68BE97
                                            SHA-256:F2C761EE3CE27469F940A05B64E38A829A400427727CD0BDBB4E36F1D572AFD7
                                            SHA-512:85C6305EE6973EBF449EFCFC95BB10A66E5CBA92D026A2EC4F1072DC8CCBC5B4A4A384FE425E53E2DADE2180F37CCA56243ED354033CFCA5821CBB77FB8B0FA1
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/fonts/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
                                            Preview:wOF2......T........P..Tp..........................4..,..@.`..~..d..u.....<..4.....6.$.... ..V..X..^...'..:...m......?..ts..6(#k.y........ON....Mn..X..~X%A...T...q.r.L..9..B}#e....*}......{..l.I>.n....*.u.>v(..}lo.2.f..D.TG...:mc.3.M..A...../aJl..ZT.b.S.E}..wq.B...&...Y..s.o....Qs....>.]u^O....d..Y....oEfh.........u..X.....E.3c*....r...Eb.....N2+%\...J.6]N:.g[~..,..>@.`IXs........LP...c.!K.X[......A7Z....O..g....5..1...=..X....e!._.A..u.raef..y.....>li,/+..-.P-)...w.I..3\..s^.....T.\.1.;.x.:.r.7g...dK.$;....L2.t.i..hz.....>............5...,~}...W#..X.2...E,.Y.3..f.#........[..X......fDW.d...Y..8..T....^.{BC...+.W..9...`...\ ...c`.nc........_...}6A5eM.0r.IG...Km...l.'.o..py.~7.........P....9...hI.A'...D9.....4Q...9sc..9..........9lw.P...dI..z...S.>U.5.@Z...{.....=`R(...l.T.5...4{K....*.L..A.]...Rg.3......l..a......I.>...p.q.H.E=.$...Ps..LU..=.$......YU....#Fn..Q..c...B...4...B..3....?....ywJ.$.I..L....yK...m.!..b_g.eH.3,.5 .@.D.........)N.?.<yR......Ro

                                            Chrome Cache Entry: 106

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (32478)
                                            Category:downloaded
                                            Size (bytes):84817
                                            Entropy (8bit):5.373777901642572
                                            Encrypted:false
                                            SSDEEP:1536:AP1Wk7i6GUHdXXeyQazBu+4HhiO2Id0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrb:K4UdeJiz6UAIJ8pa98Hrb
                                            MD5:20C129BEDB4A26DB02FC0F54D026C3F5
                                            SHA1:093B9D2728788DE24A728742070A348B2848573F
                                            SHA-256:436ECC90FAB5ED1034B68A4A0E924E0132D93D9E7FB59B4FE23018EB7D9242C1
                                            SHA-512:1997641A1DBA92AF7C28FE67C14FC3F89C1E49BE14DD8A8903C3C5D4A4AAE6161B00BF37D02EDA6E8B45F88936C0A7871C1D465036D6F1D18C36ED8D419B78DE
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/js/jquery.min.js
                                            Preview:/*! jQuery v2.1.3 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

                                            Chrome Cache Entry: 107

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 66 x 68, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):542
                                            Entropy (8bit):7.418889610906542
                                            Encrypted:false
                                            SSDEEP:12:6v/7mWM/pflYMfu+trSAY6azsD0I3PIeIexo841+kSfLI5Hn+EJnx:eMGOuAYHsD/3PIeIexo/okXeEb
                                            MD5:0E9558D2D6E8000CE5C6C749C8FC67C2
                                            SHA1:F7BA9490807EF70BB6195150D6287CD54B7FEFD0
                                            SHA-256:91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
                                            SHA-512:C9EAA2F8FCADC41379CB22A7DFD3CDBE2AF35C14E38E6F328A78A38746BEF3902832E0DBB89E7A918F026A9768B520CDB1764113D130443C373ED97F2638FFC2
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/kxFy-clip.png
                                            Preview:.PNG........IHDR...B...D.............sRGB.........gAMA......a....3PLTE................|..o..b..V..J..=..1..$......~..x..x......IDATx.... .E.E.y....Y.h[..vM.b..S..!i....u.Q}.P. ........}.eN...&.(.w...L..`.>.......e\:.. ...Z.Y../.....&...Q.O..'W.Q}.mQ...e..S..S.{...&r.p..0..6C$o..:...E..t...x...O....b..*.o .../U...Z=...D.t...$'.....E.<...@.'.+..@.c.|b..|.8.A........)?./.A...XdXA;V.3.N..b-...v.<g*......oS...?......8.:.I....0.P.E.%....Az.t(...|".l...}I...>......Y..fEe..U...T..!&.p.Uz...Wr..4M......5['.}..D....IEND.B`.

                                            Chrome Cache Entry: 108

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):462770
                                            Entropy (8bit):7.96289736720607
                                            Encrypted:false
                                            SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                            MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                            SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                            SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                            SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                            Chrome Cache Entry: 109

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):386359
                                            Entropy (8bit):7.918825986924844
                                            Encrypted:false
                                            SSDEEP:6144:NA4ofIJI3N5DUXeDZyvPUeNf4N7CPKGfMZM2ZIc6zN3Nl6aF9YfUtuQ/iKgQbN:NDCx3jguDZynO7CPKGkZM2n6Dl6yYG7J
                                            MD5:BE42AD7752720327D28BF52DBDBB64C2
                                            SHA1:F4CCE31B9236319AA9C87FEE038638D1DE12C07D
                                            SHA-256:C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
                                            SHA-512:AFD543CC2D26243B5AC4EECCB90BAD2149A18713F7F904265337203B9D67D9E47ADAD554AE2A049C2D80D48D095048F091C40AE974621062F786B81821783AE0
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/cross.png
                                            Preview:.PNG........IHDR... ... ......V......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                            Chrome Cache Entry: 110

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:downloaded
                                            Size (bytes):1358
                                            Entropy (8bit):4.717392968695026
                                            Encrypted:false
                                            SSDEEP:24:SNWd8mpIpM8YuQI8cx8Iwopl8HoWe8HohN8HouBh8HocQKHhKVaL1UbBkV59BLF4:SNWd8WcC+dpHW4hfupcQKcVi1UbBmzv4
                                            MD5:DA6AACC1CA8EAA4902D9FEE5C9C984B7
                                            SHA1:A06F41817583CE6182DD7121460C0BD16EA8B088
                                            SHA-256:989120D05B8F3D703FD6E63B49B94845D7E038D536DD27723619E1F00623683F
                                            SHA-512:F6DD131520E31356B9A722D091FBEDCDE35FC0978A05B505ACF132429DC689A56EF49CC93729F1220B034B6F24CE26BC47DE12237CCB03D64352C885B85DF4CF
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/js/main.js
                                            Preview:.. $(document).ready(function() {.. $("#chat-box").delay(1000).fadeIn(100);..});.... $(document).ready(function () {.. $("#mycanvas").click(function () {.. $("#welcomeDiv").show();.. });.. });......$(document).ready(function() {.. var audioElement = document.createElement('audio');.. audioElement.setAttribute('src', '_Fm7-alert.mp3');.. .. audioElement.addEventListener('ended', function() {.. this.play();.. }, false);.. .. .. $('.map').click(function() {.. audioElement.play();.. .. });.... $('.black').click(function() {.. audioElement.play();.. .. });.. .... $('#footer').click(function() {.. audioElement.play();.. .. });.... $('#poptxt').click(function() {.. audioElement.play();.. .. });.. .. .. .. .. ..});....$("#footer").fadeIn('slow')...css({top: '75%', position: 'absolute'})...animate({top: '92%'}, 80, function() {

                                            Chrome Cache Entry: 111

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:assembler source, ASCII text, with very long lines (1266)
                                            Category:downloaded
                                            Size (bytes):8998
                                            Entropy (8bit):5.073503499348402
                                            Encrypted:false
                                            SSDEEP:192:MsW6dQjSpBjOnVX/tDSIZG43JPxDgXhCvl3RQ29Pibt04gxNgS0IOLh:MQqjujSX/5SIZV3JPJnvRvdxaLF
                                            MD5:6EF2560453A7B6BFF8EA7EC4265A9816
                                            SHA1:1ED7044A0579BB751B10BA7353A36E9D208C659E
                                            SHA-256:A072681FF11D60E33EB625E1D75E828542F80C9362D905C3EB9626063E27B4CC
                                            SHA-512:9F5F4680B6B344291F675C0E164CE20BF1626CA5B6FB84681CACD439EA8FA1DC02C0E9D9DA1DE09090DF3346E29460FAA71BA5557639B1CAF0829C34BD99AD50
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/css/styles.css
                                            Preview:body {. background: #fff;. -webkit-user-select: none;.-ms-user-select: none;.user-select: none;. /*. background: url('bg.png');. background-repeat: no-repeat;. background-size: cover;. */.font-family: "Calibri", sans-serif;. overflow-y: hidden;. overflow-x: hidden;. }. .top {. padding-left: 10px;.. }..progress {.. width: 250px;..background: #d1d1d1;. height: 04px;..}...progress .progress__bar {. height: 100%;. width: 0%;. border-radius: 2px;. background-color: #3182be;. animation: fill-bar 6s 1;.}..@keyframes fill-bar {. from {width: 0%;}. to {width: 100%;}..}..textc {. color: grey;. font-size: 13px;.}..flex {. display: flex;.}..button {.background: #cccccc;.color: #000;.padding: 6px 32px;.text-align: center;.text-decoration: none;.display: inline-block;.font-size: 13px;.margin: 4px 2px;.cursor: pointer;.font-weight:350;..}.. .centerright img {. max-width: 100%;.}..centerright ul {. padding: 0;. list-style-type: none;.}..centerright ul {. columns: 3;.}..cente

                                            Chrome Cache Entry: 112

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (59765)
                                            Category:downloaded
                                            Size (bytes):60044
                                            Entropy (8bit):5.145139926823033
                                            Encrypted:false
                                            SSDEEP:768:wfAnnayQIk8HVheIE8Dg76TXQI4vPKMEK6viTlCDFm4n6xOp6Pxg3/wCVaAk2:wfUnTcWCw6xJxg7aAz
                                            MD5:02D223393E00C273EFDCB1ADE8F4F8B1
                                            SHA1:0CC93B8421D89C24A889642428B363CB831DE78A
                                            SHA-256:79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
                                            SHA-512:339296DF3B6E2080A65488634AA5DED35A15D9BA5EDB8F203B1AA695C62B13302FC2CECFC37CFA04AD2219BAF0BDDAD4414862DDE5E0B71A7923C3C3A3D61F8D
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/js/bootstrap.min.js
                                            Preview:/*!. * Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(){return(s=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&Objec

                                            Chrome Cache Entry: 113

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):1045
                                            Entropy (8bit):6.248239976068452
                                            Encrypted:false
                                            SSDEEP:24:A1h6A1aWwjx82lY2T3PQVvmdN2yJ3V5L75Gs5eq46col:e11LNn2bQpEbJ3fH5ThOol
                                            MD5:BF2B460590FBB9D8E9611A6E9006B816
                                            SHA1:561E1DAB259D61E798B3CE380527B71B61074FF3
                                            SHA-256:EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
                                            SHA-512:ACC9773B532BFF6A1284B78324D9BD51117A6EBFC0C549224BA4B703540DE8869AB1EFF1CCE8CC4FCA00C5B4F47D34FC27FAB27246873326CEE49D2DD5E877C0
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR.../..........{@.....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)" xmpMM:InstanceID="xmp.iid:2413D6EDFC2911EA865EEF9650A38354" xmpMM:DocumentID="xmp.did:2413D6EEFC2911EA865EEF9650A38354"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2413D6EBFC2911EA865EEF9650A38354" stRef:documentID="xmp.did:2413D6ECFC2911EA865EEF9650A38354"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0......b..".#............N$..B2.U..inw.8p.^g......i......e...x.......<x......J.........[.._....C..

                                            Chrome Cache Entry: 114

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
                                            Category:dropped
                                            Size (bytes):17173
                                            Entropy (8bit):6.662336090490458
                                            Encrypted:false
                                            SSDEEP:192:ZjA6YNMtKwZPJrQy4luZBYNMtKwZPvRknP1tRQpw5v:ZdYNg7517i6YNg75vqnPzzN
                                            MD5:4BF52EB9B3EFCE840ADD1A90D83A40E5
                                            SHA1:6348A7617DFCE3165E07AF53A48DF7892D62FFE1
                                            SHA-256:A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
                                            SHA-512:5EA12290BA3A6F3EFC59B91A594E8C5C652FE21E035AF851BF81ED40FE1C7D226A1DCD4A159E0D8207881AF3F65F4E20DE76E623BFDD5F4A663F479E414EE977
                                            Malicious:false
                                            Reputation:low
                                            Preview:......Exif..II*...........................'...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2023:02:24 11:53:28.............0221................................'...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

                                            Chrome Cache Entry: 75

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 63 x 70, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):607
                                            Entropy (8bit):7.447485705839306
                                            Encrypted:false
                                            SSDEEP:12:6v/7O/RS6RqdZ2m7OCYi3XSB2/pduLOIQBhusIDnzBhY8fFNkc:k/ByCYinSA/6yIQvusIn7Y8vkc
                                            MD5:2CD03A547F00CAD010F9038619DF45DE
                                            SHA1:912F919836A77A514C76B990ACEAF5E930A24024
                                            SHA-256:C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
                                            SHA-512:51363C08843984803C8C4A6D638A551E8FC83F32E3470B4DC260290263910968A2BFD54E044CB1AD8411524F6FDC4DA81B80EC1B1082E68F8688A0D827A28EFA
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...?...F.....L.......sRGB.........gAMA......a.....PLTE..........................................|...o..o..o.|b..b.pV..V..W.fJ..T.c=..1..=.N9.K$..).<.....3..0.~..x...$.|...#..~..i.."..A..5..!..........gIDATx...r.0.@..Zi@l..(..@/....\ga....:}...B..dCfv.......8..eV.(.{..x.=}Q.......av...'...2.;..._y.;.s.....g.9C..C.>.G..\J}MD........_$......'..1p.W..V.......7....P}^...E.}.R..>.}*....)...->.T...8 .@.m...48...:{.V..5...........o."...1[.)..M...T.4o...~.W.....7T...p....H..p........,\..9..\Ws..../......G.G........i...MRyf.....?H...<.ETi`M.....X..t.......IEND.B`.

                                            Chrome Cache Entry: 76

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text
                                            Category:downloaded
                                            Size (bytes):464
                                            Entropy (8bit):4.860420190181752
                                            Encrypted:false
                                            SSDEEP:12:8IDRR1Y5iLvnE5sR5GDRR1Y5i+h2DRRM5iLvsRGAUDRRu1Bm:8cRR14ibnEMwRR14igORRkibsRGAIRR3
                                            MD5:2856B9008B89D67BE19D586E43AE8521
                                            SHA1:D47AC3F1328FB58B19584D77D2E3ACC93663FB10
                                            SHA-256:19E9AAA12F8478366B3707FF49B0E3CFC4818F9343B48F5D43890C943D1B1A3D
                                            SHA-512:EDB79A20D1E279D96F637B23A0D769F7F98A5468BF6E01260E761F746CC3664D8515DD7C15C621EAF661122466B72486F6BE547DCAEB83734819E7C229B743F9
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/js/scripts.js
                                            Preview:setTimeout(function () {. document.getElementById("box").style.display = "block";.. // 100%//. }, 8);. setTimeout(function () {. startScan();.}, 10);. function startScan() {. document.getElementById("box").style.display = "none";. document.getElementById("scan").style.display = "block";.. $(".alert_popup").delay(10).fadeIn(5);. $(".lst").delay(15).fadeIn(5);.. }.. function playSound() {. document.getElementById("beep").play();. }..

                                            Chrome Cache Entry: 77

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
                                            Category:dropped
                                            Size (bytes):5377
                                            Entropy (8bit):7.9053255966673515
                                            Encrypted:false
                                            SSDEEP:96:aLE4XxbDpcNPI1PtiJxmgX4XsRDKUiAS7zZfD61iGsr1UO2SpAdz:ao4XxegiJ/RWUIH8wbr1UO2x
                                            MD5:51147EB9734C3C0CAF22AA77A80D96F0
                                            SHA1:DC33807CD0C0C35BB98D8E23EFE2D625137A43F5
                                            SHA-256:92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
                                            SHA-512:4DBF85245CF6A9EC4274E58A872DA91E8EBA3966A48950981D3D5C85C4E2CDA00FC918C1214ED7EB70AF37E13227BDD495B22E723FEF7EC53FEA4C5BB37F830A
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...*.................sRGB.........IDATx..=v.X..c..Bb..-....%...1....F..I....T.%.......').5?...;F<Hx ..fz.>E.:Y.,....E....(..U........fP..P...@....A...a `0......`JU...@.... .!i.I.D..S(I.0.....0..#@PM.fP3..4DM....d..`...I...Z.@.B..:..J.4..F3.O@.j.....d.0...B..@...3......~.V7.)..T..T..E6.6j..~..$.@...$.....&e.....(._.%....>F.ui.O1.RA.F%j..w.&.5..TU...U......$...l......a......0..T3.jTU.....9.O..#..J.5../..k......TP.0X.K.......$...h$H.(.._0l../..d.G...=..Y.|..`.F}..4B..5`P.../.....%.6.=4.?....6....l....o...T#.3....w...n7......v.gU.B...J....Y...b....xm..s....)HEC....Z.FZ...}....T@.L..J@H#..@.....j.a.hCmH.L.2H.j.A.v.......*.....a.|..fT.....T.Y.j..m..m..i.$(..H..d....`h<.a...b...k(.....c_UU..T.xH.L.>S.."..^!.......a.G.t(.....1..d.x&..P.1;......^5x)..>.e...7.#.P5...6q..U........Ii`.........RD.O......P.&..0`.x.2.B.......,.G.3H.nah..[B.3..4I.U......^nI..h....k..K...S.5..36 j.l.UbaW.....&..gy.-..u....d..-hS..%6j@CE...1.......phe.QA.A.q.T..x%FX..

                                            Chrome Cache Entry: 78

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 42 x 702, 8-bit grayscale, non-interlaced
                                            Category:downloaded
                                            Size (bytes):5377
                                            Entropy (8bit):7.9053255966673515
                                            Encrypted:false
                                            SSDEEP:96:aLE4XxbDpcNPI1PtiJxmgX4XsRDKUiAS7zZfD61iGsr1UO2SpAdz:ao4XxegiJ/RWUIH8wbr1UO2x
                                            MD5:51147EB9734C3C0CAF22AA77A80D96F0
                                            SHA1:DC33807CD0C0C35BB98D8E23EFE2D625137A43F5
                                            SHA-256:92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
                                            SHA-512:4DBF85245CF6A9EC4274E58A872DA91E8EBA3966A48950981D3D5C85C4E2CDA00FC918C1214ED7EB70AF37E13227BDD495B22E723FEF7EC53FEA4C5BB37F830A
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/uZbx-si.png
                                            Preview:.PNG........IHDR...*.................sRGB.........IDATx..=v.X..c..Bb..-....%...1....F..I....T.%.......').5?...;F<Hx ..fz.>E.:Y.,....E....(..U........fP..P...@....A...a `0......`JU...@.... .!i.I.D..S(I.0.....0..#@PM.fP3..4DM....d..`...I...Z.@.B..:..J.4..F3.O@.j.....d.0...B..@...3......~.V7.)..T..T..E6.6j..~..$.@...$.....&e.....(._.%....>F.ui.O1.RA.F%j..w.&.5..TU...U......$...l......a......0..T3.jTU.....9.O..#..J.5../..k......TP.0X.K.......$...h$H.(.._0l../..d.G...=..Y.|..`.F}..4B..5`P.../.....%.6.=4.?....6....l....o...T#.3....w...n7......v.gU.B...J....Y...b....xm..s....)HEC....Z.FZ...}....T@.L..J@H#..@.....j.a.hCmH.L.2H.j.A.v.......*.....a.|..fT.....T.Y.j..m..m..i.$(..H..d....`h<.a...b...k(.....c_UU..T.xH.L.>S.."..^!.......a.G.t(.....1..d.x&..P.1;......^5x)..>.e...7.#.P5...6q..U........Ii`.........RD.O......P.&..0`.x.2.B.......,.G.3H.nah..[B.3..4I.U......^nI..h....k..K...S.5..36 j.l.UbaW.....&..gy.-..u....d..-hS..%6j@CE...1.......phe.QA.A.q.T..x%FX..

                                            Chrome Cache Entry: 79

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (27265)
                                            Category:downloaded
                                            Size (bytes):27428
                                            Entropy (8bit):4.747313933055305
                                            Encrypted:false
                                            SSDEEP:384:ci5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8c:3lr+Klk3YlKfwYUf8l8yQ/T
                                            MD5:FD1609EB97E739683ACF23120FD6F6C9
                                            SHA1:19B2E83FE8DF09B85E74835C398AEFEE816BDFCB
                                            SHA-256:CE26D1B76DAE2F3B5D0CCC8D0ECD88D2EDB411101B8A4C5EDC4D9AA7008C9B04
                                            SHA-512:2183FDCC8AEF88B15048E735EB2D588868AE4CAAD624B4C369F276402188CABA9C962065699798AA27BC4C18AE97E16BF8FCF219D762B73726AFB1A924BABCD2
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/css/font-awesome.min.css
                                            Preview:/*!. * Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont_1.eot#iefix&v=4.5.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../images/fontawesome-webfont.svg#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{pa

                                            Chrome Cache Entry: 80

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):462770
                                            Entropy (8bit):7.96289736720607
                                            Encrypted:false
                                            SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                            MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                            SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                            SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                            SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/bg1.jpg
                                            Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                            Chrome Cache Entry: 81

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 77 x 63, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):920
                                            Entropy (8bit):7.724066066811572
                                            Encrypted:false
                                            SSDEEP:12:6v/7mB/l0/J6RqecpVWT8b+KOKdshUh+fawoZ0fIJJXTSpB9rXMnhiXy1wps22h:RLO5XWT8ahKdshUhgpuZTuB9rgiICw
                                            MD5:B0495EDE4C875843FEC037C794E9FF9A
                                            SHA1:C813AEFBA255A5CC53AEA7811F987CCB551C3128
                                            SHA-256:52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
                                            SHA-512:41C4F6A27BA85162C03B80AFB29CCE78F4F6BCED74D1249D4E8DECD53E9D9B52230CBC8321F7B579ED30C0285F75B9EECB14724D55DC2F4D4906BFDB2C2B75C3
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...M...?......=.H....sRGB.........gAMA......a.....PLTE..........................................|......o..o.|b..b.pV..W.fJ..T.c=..D..1..=.N9.K$..(..).<........3..0.~..x..z...$.|...7..i..U..6..!....<......IDATx..m..@...*I.R.Ff..;......p...?....:{...o....7.......(..k.B..`BdCZ..cp.Tz..E.....q.6.\._)Q....._.)..q....}....r.B.|.q<.ZR,...v....:K.....e#.A/.o....p..]...j-..mu.p8....h\...>.....7!. u...JR.....V.N..Y..^a0..K5..... ......;p'!..'.R....Rx.L>....t-.......)....&%X.8.I......}.VZ....4..2`.=.n..6(.6..cpl.l.82..H[X.=..VH.e.c..r..Eom.Lm.+..F.r=..h..jn\l.-..../?e-.g.&..c...........9kB...].4..U....AK..::%3h........}..Tsw....P..+.M.vZ....d.....*..q'w.,t..a.~.<..:i;..$.O.O..4.Phig.F..=.......,.._..]....O~...+l.../y........I..,..........,..m.<9k/w...~..g:../.@...n.m#;...b..k..zD.....+.4..[..i"ma.pg.J...;..h^....2...y.lF7.(...C.W.V.nAor.......c.....IEND.B`.

                                            Chrome Cache Entry: 82

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 193 x 71
                                            Category:downloaded
                                            Size (bytes):14751
                                            Entropy (8bit):7.927919850442063
                                            Encrypted:false
                                            SSDEEP:384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
                                            MD5:6FCB78E0CD7933A70EEA2CF071F82118
                                            SHA1:70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
                                            SHA-256:4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
                                            SHA-512:AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/re.gif
                                            Preview:GIF89a..G............d....;.........z..|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../...*..!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i*..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....|..!.n....H[.8L:.P...Z.

                                            Chrome Cache Entry: 83

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 77 x 72, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):813
                                            Entropy (8bit):7.634265238983043
                                            Encrypted:false
                                            SSDEEP:24:h00pTjSMySX+80rKccuDFg9QaHIUv6NtSMRNCYtcaW:h00+e/8K/2eQaHIDzTW5
                                            MD5:D648C1837D01495ECCD63E053491F72A
                                            SHA1:991D8F6C72777239472410D6129FD5F25ED9D134
                                            SHA-256:9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
                                            SHA-512:522F6CC26722C7335CF574716FF3EF4C9040FEFD6F8F065F49F05D235D077B1980858824A6FF1C98710DB35511525D37FD350822FF412F38420317E82BD305A2
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...M...H........1....sRGB.........gAMA......a.....PLTE............................................|...o..o.|b..e..b.pV..W.fJ..T.c=..1..=.N5..9.K$..).<.....3..0.~..x..z...$.|..}..~...i..B..U..5..!....._..../IDATx..mW.0.....RCr.+Q.....[.....p.N..o......>)B'.tR.Mb.8..j..f..R...+...V2...r.z.`...NX.\.c....e........Fev.8|<..1..A..v.E..!.&..|........n.T..(....q.<.b.[U[......MmAjq.S.........>.g..l2.q..H.wZ-..#...O..3!.E.r...wg.C./wS......O...O.k=....u`=}.J.B[..z.......,cI..h*../.(5.{ ....i...LB.k.W.4....fr.....,..G+...#.na.H.F..m.0t...1c.^.........q?@.?... K...q...!4n..b..FZ...!L..AC.(v...+X&K....[w.&L..0...b]..`b...x...D....H=.....>..i..[...wK.R..g.....r..R....6.p...1}.j.6......\.G..p..i$.........h...L..v.A.....#2JI...,!...b..osk.....q....IEND.B`.

                                            Chrome Cache Entry: 84

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
                                            Category:downloaded
                                            Size (bytes):200832
                                            Entropy (8bit):7.695958183565904
                                            Encrypted:false
                                            SSDEEP:6144:4lsFCVxSmdxiWKwHtlYMKrXFTNRp+TSAU1M:4lHVx5ihwHvYrDRhAU2
                                            MD5:0116152611DD51432E852781F8CC7E82
                                            SHA1:2408D3D281B25649894F78A4E19F7F8A8AC735F9
                                            SHA-256:FC59BBB18F923747B9CD3F3B23537FF09C5AD2FDFC1505A4800A3F269A234E65
                                            SHA-512:4378F49A8E77BA6F34DC8B0F738B1FDBFA1E686CFB60C07E83B9D76F4EAB1CCF444785FEE5B9932DA77E42FA189BB14FFCAFAC3D9C9965CBF276C2D06AA94CB0
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/media/_Fm7-alert.mp3:2f75894aafb43d:0
                                            Preview:ID3.....I*TPE1...&...IVONA Reader - Microsoft Zira DesktopTIT2.......Important SecurityTALB.......WarningCOMM...........License: UnknownTRCK.......1APIC.......image/png..IVONA Reader..PNG........IHDR...d...d.....p.T...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1....

                                            Chrome Cache Entry: 85

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 33 x 31, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):463
                                            Entropy (8bit):7.179067065082675
                                            Encrypted:false
                                            SSDEEP:12:6v/7Kk/ZULAVExM3OCHtL5bCRyqYJkz6Ziu/SAF5p9UCNb:dDEO+3VHt95tEWiu/SAF5p2ob
                                            MD5:905D91C276116928FA306EA732723FA9
                                            SHA1:092604F6A8786E46A7DEE06065D29D2896FCF568
                                            SHA-256:9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
                                            SHA-512:701EF9AF42666AA12CE68726C8BE76F093A6C22999E0869B05462163372ACD3A6E7B728815035B7C29423C3E74EFB3F8CD36806F709C6C3BFA744F036F67FE97
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/nOxp-sett.png
                                            Preview:.PNG........IHDR...!.........^JT.....sRGB.........gAMA......a....~PLTE.................................................W.fT.c...=.Nzzz9.K5.G).<iii..39xD.."WWW/n:...GGG.t..b..].444.?.###.............IDATx....6.0.....%.:=.F..]D....-.Io.5...'.LZ...j....<d.Pg..g.s..-v....&.....&o#....q.H.........@L).].T.@....d..%.1....o...P..B..y.%;.k.a]fG.....g..3..'.....d.O.{...J.Y.N..z...tus:?.%...(]rv8J..w.ty8J.K...$.$........_..k~......nt.O....IEND.B`.

                                            Chrome Cache Entry: 86

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (604)
                                            Category:downloaded
                                            Size (bytes):22662
                                            Entropy (8bit):5.339292002589775
                                            Encrypted:false
                                            SSDEEP:192:ClIazFsyvfAW0lPV17BEg8abRF8OtN1SZnzoMuGrB1c14peGQArua4bJEPFLMqQu:0rcV2tg8XZnnuGr/cCpVQwJLMqSQzT
                                            MD5:36C44CB1BB045EFB5BFD59C5C6E81AF8
                                            SHA1:C032C9B570BC6673D63A43BC08B4084869E0BC20
                                            SHA-256:EF5668DD2847185F07E71993125F5A3E90EAFC9E994798C895FC1A746B3F9DEF
                                            SHA-512:4BEED4EE697575749830E014A312BA8F2A3A89186F0A3D9ACD46A79CDE66F0912C070194FBE064D3DC8FACA41E0F17D053BCEF4388B9E98A75B3CFB613A9087F
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
                                            Preview:<!DOCTYPE html><html>.<head>.. <script>. function jkdhasjkhdgwqhgehkqgweyuodq(name). {. name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");. var regexS = "[\\?&]"+name+"=([^&#]*)";. var regex = new RegExp( regexS );. var results = regex.exec( window.location.href );. if( results == null ). return "";. else. return results[1];. }. var bcda = jkdhasjkhdgwqhgehkqgweyuodq('bcda');. </script>..<meta name="robots" content="noindex, nofollow">. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title></title>. <link rel="stylesheet" href="css/styles.css">.<link rel="shortcut icon" href="images/microsoft.png" type="image/png">.<link rel="stylesheet" href="css/font-awesome.min.css">.<style>. @font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url

                                            Chrome Cache Entry: 87

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 77 x 63, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):920
                                            Entropy (8bit):7.724066066811572
                                            Encrypted:false
                                            SSDEEP:12:6v/7mB/l0/J6RqecpVWT8b+KOKdshUh+fawoZ0fIJJXTSpB9rXMnhiXy1wps22h:RLO5XWT8ahKdshUhgpuZTuB9rgiICw
                                            MD5:B0495EDE4C875843FEC037C794E9FF9A
                                            SHA1:C813AEFBA255A5CC53AEA7811F987CCB551C3128
                                            SHA-256:52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
                                            SHA-512:41C4F6A27BA85162C03B80AFB29CCE78F4F6BCED74D1249D4E8DECD53E9D9B52230CBC8321F7B579ED30C0285F75B9EECB14724D55DC2F4D4906BFDB2C2B75C3
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/qsbs-firewall.png
                                            Preview:.PNG........IHDR...M...?......=.H....sRGB.........gAMA......a.....PLTE..........................................|......o..o.|b..b.pV..W.fJ..T.c=..D..1..=.N9.K$..(..).<........3..0.~..x..z...$.|...7..i..U..6..!....<......IDATx..m..@...*I.R.Ff..;......p...?....:{...o....7.......(..k.B..`BdCZ..cp.Tz..E.....q.6.\._)Q....._.)..q....}....r.B.|.q<.ZR,...v....:K.....e#.A/.o....p..]...j-..mu.p8....h\...>.....7!. u...JR.....V.N..Y..^a0..K5..... ......;p'!..'.R....Rx.L>....t-.......)....&%X.8.I......}.VZ....4..2`.=.n..6(.6..cpl.l.82..H[X.=..VH.e.c..r..Eom.Lm.+..F.r=..h..jn\l.-..../?e-.g.&..c...........9kB...].4..U....AK..::%3h........}..Tsw....P..+.M.vZ....d.....*..q'w.,t..a.~.<..:i;..$.O.O..4.Phig.F..=.......,.._..]....O~...+l.../y........I..,..........,..m.<9k/w...~..g:../.@...n.m#;...b..k..zD.....+.4..[..i"ma.pg.J...;..h^....2...y.lF7.(...C.W.V.nAor.......c.....IEND.B`.

                                            Chrome Cache Entry: 88

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):1045
                                            Entropy (8bit):6.248239976068452
                                            Encrypted:false
                                            SSDEEP:24:A1h6A1aWwjx82lY2T3PQVvmdN2yJ3V5L75Gs5eq46col:e11LNn2bQpEbJ3fH5ThOol
                                            MD5:BF2B460590FBB9D8E9611A6E9006B816
                                            SHA1:561E1DAB259D61E798B3CE380527B71B61074FF3
                                            SHA-256:EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
                                            SHA-512:ACC9773B532BFF6A1284B78324D9BD51117A6EBFC0C549224BA4B703540DE8869AB1EFF1CCE8CC4FCA00C5B4F47D34FC27FAB27246873326CEE49D2DD5E877C0
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/microsoft.png
                                            Preview:.PNG........IHDR.../..........{@.....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)" xmpMM:InstanceID="xmp.iid:2413D6EDFC2911EA865EEF9650A38354" xmpMM:DocumentID="xmp.did:2413D6EEFC2911EA865EEF9650A38354"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2413D6EBFC2911EA865EEF9650A38354" stRef:documentID="xmp.did:2413D6ECFC2911EA865EEF9650A38354"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0......b..".#............N$..B2.U..inw.8p.^g......i......e...x.......<x......J.........[.._....C..

                                            Chrome Cache Entry: 89

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 66 x 68, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):542
                                            Entropy (8bit):7.418889610906542
                                            Encrypted:false
                                            SSDEEP:12:6v/7mWM/pflYMfu+trSAY6azsD0I3PIeIexo841+kSfLI5Hn+EJnx:eMGOuAYHsD/3PIeIexo/okXeEb
                                            MD5:0E9558D2D6E8000CE5C6C749C8FC67C2
                                            SHA1:F7BA9490807EF70BB6195150D6287CD54B7FEFD0
                                            SHA-256:91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
                                            SHA-512:C9EAA2F8FCADC41379CB22A7DFD3CDBE2AF35C14E38E6F328A78A38746BEF3902832E0DBB89E7A918F026A9768B520CDB1764113D130443C373ED97F2638FFC2
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...B...D.............sRGB.........gAMA......a....3PLTE................|..o..b..V..J..=..1..$......~..x..x......IDATx.... .E.E.y....Y.h[..vM.b..S..!i....u.Q}.P. ........}.eN...&.(.w...L..`.>.......e\:.. ...Z.Y../.....&...Q.O..'W.Q}.mQ...e..S..S.{...&r.p..0..6C$o..:...E..t...x...O....b..*.o .../U...Z=...D.t...$'.....E.<...@.'.+..@.c.|b..|.8.A........)?./.A...XdXA;V.3.N..b-...v.<g*......oS...?......8.:.I....0.P.E.%....Az.t(...|".l...}I...>......Y..fEe..U...T..!&.p.Uz...Wr..4M......5['.}..D....IEND.B`.

                                            Chrome Cache Entry: 90

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:downloaded
                                            Size (bytes):133
                                            Entropy (8bit):5.102751486482574
                                            Encrypted:false
                                            SSDEEP:3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
                                            MD5:FEA7FBF2C619FD4B7716FCAA64070C6C
                                            SHA1:F192732937981A26F526B7C1293A2AE13BC59A22
                                            SHA-256:DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
                                            SHA-512:145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
                                            Malicious:false
                                            Reputation:low
                                            URL:https://userstatics.com/get/script.js?referrer=https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052
                                            Preview:document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

                                            Chrome Cache Entry: 91

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 193 x 71
                                            Category:dropped
                                            Size (bytes):14751
                                            Entropy (8bit):7.927919850442063
                                            Encrypted:false
                                            SSDEEP:384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
                                            MD5:6FCB78E0CD7933A70EEA2CF071F82118
                                            SHA1:70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
                                            SHA-256:4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
                                            SHA-512:AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
                                            Malicious:false
                                            Reputation:low
                                            Preview:GIF89a..G............d....;.........z..|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../...*..!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i*..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....|..!.n....H[.8L:.P...Z.

                                            Chrome Cache Entry: 92

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 77 x 72, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):813
                                            Entropy (8bit):7.634265238983043
                                            Encrypted:false
                                            SSDEEP:24:h00pTjSMySX+80rKccuDFg9QaHIUv6NtSMRNCYtcaW:h00+e/8K/2eQaHIDzTW5
                                            MD5:D648C1837D01495ECCD63E053491F72A
                                            SHA1:991D8F6C72777239472410D6129FD5F25ED9D134
                                            SHA-256:9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
                                            SHA-512:522F6CC26722C7335CF574716FF3EF4C9040FEFD6F8F065F49F05D235D077B1980858824A6FF1C98710DB35511525D37FD350822FF412F38420317E82BD305A2
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/s-S4-acc.png
                                            Preview:.PNG........IHDR...M...H........1....sRGB.........gAMA......a.....PLTE............................................|...o..o.|b..e..b.pV..W.fJ..T.c=..1..=.N5..9.K$..).<.....3..0.~..x..z...$.|..}..~...i..B..U..5..!....._..../IDATx..mW.0.....RCr.+Q.....[.....p.N..o......>)B'.tR.Mb.8..j..f..R...+...V2...r.z.`...NX.\.c....e........Fev.8|<..1..A..v.E..!.&..|........n.T..(....q.<.b.[U[......MmAjq.S.........>.g..l2.q..H.wZ-..#...O..3!.E.r...wg.C./wS......O...O.k=....u`=}.J.B[..z.......,cI..h*../.(5.{ ....i...LB.k.W.4....fr.....,..G+...#.na.H.F..m.0t...1c.^.........q?@.?... K...q...!4n..b..FZ...!L..AC.(v...+X&K....[w.&L..0...b]..`b...x...D....H=.....>..i..[...wK.R..g.....r..R....6.p...1}.j.6......\.G..p..i$.........h...L..v.A.....#2JI...,!...b..osk.....q....IEND.B`.

                                            Chrome Cache Entry: 93

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):386359
                                            Entropy (8bit):7.918825986924844
                                            Encrypted:false
                                            SSDEEP:6144:NA4ofIJI3N5DUXeDZyvPUeNf4N7CPKGfMZM2ZIc6zN3Nl6aF9YfUtuQ/iKgQbN:NDCx3jguDZynO7CPKGkZM2n6Dl6yYG7J
                                            MD5:BE42AD7752720327D28BF52DBDBB64C2
                                            SHA1:F4CCE31B9236319AA9C87FEE038638D1DE12C07D
                                            SHA-256:C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
                                            SHA-512:AFD543CC2D26243B5AC4EECCB90BAD2149A18713F7F904265337203B9D67D9E47ADAD554AE2A049C2D80D48D095048F091C40AE974621062F786B81821783AE0
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR... ... ......V......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                            Chrome Cache Entry: 94

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 27 x 28, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):1162
                                            Entropy (8bit):7.723808800061788
                                            Encrypted:false
                                            SSDEEP:24:dpNeMBuYZOmwwtJweyghnv6TxsJhbNyLLiSQ7Dcx8kiffy:dXJQHmwe6TxsncuSyjkiffy
                                            MD5:35629CC2ADC804353A548305F1217206
                                            SHA1:CDA6E89C5F6A644683AEA6999A5D11E00DC64275
                                            SHA-256:C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
                                            SHA-512:EF05981D640985C67612B881F3EE426818589499EFB8B7F695A57D4C53634B22A097B47311673C105EF414A6062086761967EBFC638FE6131046D767689DEE03
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR...............4.....sRGB.........gAMA......a.....PLTE.........................................................................................................................................................................................................................................................................................}....|.............r.~...............k.w...d.r...`.o`.n......[.j......N.^...E.VD.U...A.R...@.Q|||_.f9.K8.Jyyy6.H7.Httt<.Jrrrpppooo*.=mmm&.98.Fkkkjjj#.7!.5".5=.Ihhh..2gggfff<.Heee../..1../..+..*..*```..&..$]]]..#\\\@nH.. ..,ZZZ......YYYXXXWWW..................UUU......AZFPPPMMMLLLEOGIII@HBCCCBBBAAA???777666555444333111---+++***(((%'%&&&....................'9....IDATx.c`.( m.W..X.b/..#b].5y.C.t..".....M.?%....,....(!F...&[.c3.y!<....~"0..+.Wj..J.....A9.7..1dg`.6...eS....&w.zO..4.h.y............MK.u...o(@L..n..S....q.A.10..G.#...4T9.....P....rB!W#.X8......d..1..]NRv...=...SJ...3......_.a....= rr9..A.v.=.R;'9@.O

                                            Chrome Cache Entry: 95

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):462770
                                            Entropy (8bit):7.96289736720607
                                            Encrypted:false
                                            SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                            MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                            SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                            SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                            SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/bg2.jpg
                                            Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                            Chrome Cache Entry: 96

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                            Category:downloaded
                                            Size (bytes):321
                                            Entropy (8bit):5.085486884460532
                                            Encrypted:false
                                            SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOv+ArEthR2p0bsU2lw5E:hax0rKRHkhzRH/Un2i2GprK5YWOGArEO
                                            MD5:A941459773B308E51F1D50CB4E32B4E7
                                            SHA1:77315B54B6CE8B7915ED17C0EDC4D581ECC61466
                                            SHA-256:1F98272E5A2AFC058F7BE96356B2F19A4DCF0973431584DE92B72262DD347E8C
                                            SHA-512:6A973FE12B4E2623D236E0DBDE78AFCFA719B03FCC600F030A35D2E397BE25ACE505C3CC7DF0F0C66CD1EE4C816A85A845107944F9E23974C4C5B749A03CB5E1
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/_Fm7-alert.mp3
                                            Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : f4bc6bad-901e-003a-425c-975089000000</li><li>TimeStamp : 2024-04-25T22:07:12.7007227Z</li></ul></p></body></html>

                                            Chrome Cache Entry: 97

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3
                                            Category:downloaded
                                            Size (bytes):17173
                                            Entropy (8bit):6.662336090490458
                                            Encrypted:false
                                            SSDEEP:192:ZjA6YNMtKwZPJrQy4luZBYNMtKwZPvRknP1tRQpw5v:ZdYNg7517i6YNg75vqnPzzN
                                            MD5:4BF52EB9B3EFCE840ADD1A90D83A40E5
                                            SHA1:6348A7617DFCE3165E07AF53A48DF7892D62FFE1
                                            SHA-256:A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
                                            SHA-512:5EA12290BA3A6F3EFC59B91A594E8C5C652FE21E035AF851BF81ED40FE1C7D226A1DCD4A159E0D8207881AF3F65F4E20DE76E623BFDD5F4A663F479E414EE977
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/minimize.jpg
                                            Preview:......Exif..II*...........................'...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2023:02:24 11:53:28.............0221................................'...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

                                            Chrome Cache Entry: 98

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 27 x 28, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):1162
                                            Entropy (8bit):7.723808800061788
                                            Encrypted:false
                                            SSDEEP:24:dpNeMBuYZOmwwtJweyghnv6TxsJhbNyLLiSQ7Dcx8kiffy:dXJQHmwe6TxsncuSyjkiffy
                                            MD5:35629CC2ADC804353A548305F1217206
                                            SHA1:CDA6E89C5F6A644683AEA6999A5D11E00DC64275
                                            SHA-256:C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
                                            SHA-512:EF05981D640985C67612B881F3EE426818589499EFB8B7F695A57D4C53634B22A097B47311673C105EF414A6062086761967EBFC638FE6131046D767689DEE03
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/-EBq-current.png
                                            Preview:.PNG........IHDR...............4.....sRGB.........gAMA......a.....PLTE.........................................................................................................................................................................................................................................................................................}....|.............r.~...............k.w...d.r...`.o`.n......[.j......N.^...E.VD.U...A.R...@.Q|||_.f9.K8.Jyyy6.H7.Httt<.Jrrrpppooo*.=mmm&.98.Fkkkjjj#.7!.5".5=.Ihhh..2gggfff<.Heee../..1../..+..*..*```..&..$]]]..#\\\@nH.. ..,ZZZ......YYYXXXWWW..................UUU......AZFPPPMMMLLLEOGIII@HBCCCBBBAAA???777666555444333111---+++***(((%'%&&&....................'9....IDATx.c`.( m.W..X.b/..#b].5y.C.t..".....M.?%....,....(!F...&[.c3.y!<....~"0..+.Wj..J.....A9.7..1dg`.6...eS....&w.zO..4.h.y............MK.u...o(@L..n..S....q.A.10..G.#...4T9.....P....rB!W#.X8......d..1..]NRv...=...SJ...3......_.a....= rr9..A.v.=.R;'9@.O

                                            Chrome Cache Entry: 99

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 63 x 70, 8-bit colormap, non-interlaced
                                            Category:downloaded
                                            Size (bytes):607
                                            Entropy (8bit):7.447485705839306
                                            Encrypted:false
                                            SSDEEP:12:6v/7O/RS6RqdZ2m7OCYi3XSB2/pduLOIQBhusIDnzBhY8fFNkc:k/ByCYinSA/6yIQvusIn7Y8vkc
                                            MD5:2CD03A547F00CAD010F9038619DF45DE
                                            SHA1:912F919836A77A514C76B990ACEAF5E930A24024
                                            SHA-256:C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
                                            SHA-512:51363C08843984803C8C4A6D638A551E8FC83F32E3470B4DC260290263910968A2BFD54E044CB1AD8411524F6FDC4DA81B80EC1B1082E68F8688A0D827A28EFA
                                            Malicious:false
                                            Reputation:low
                                            URL:https://iij110.z27.web.core.windows.net/werrx01USAHTML/images/Z5BR-network.png
                                            Preview:.PNG........IHDR...?...F.....L.......sRGB.........gAMA......a.....PLTE..........................................|...o..o..o.|b..b.pV..V..W.fJ..T.c=..1..=.N9.K$..).<.....3..0.~..x...$.|...#..~..i.."..A..5..!..........gIDATx...r.0.@..Zi@l..(..@/....\ga....:}...B..dCfv.......8..eV.(.{..x.=}Q.......av...'...2.;..._y.;.s.....g.9C..C.>.G..\J}MD........_$......'..1p.W..V.......7....P}^...E.}.R..>.}*....)...->.T...8 .@.m...48...:{.V..5...........o."...1[.)..M...T.4o...~.W.....7T...p....H..p........,\..9..\Ws..../......G.G........i...MRyf.....?H...<.ETi`M.....X..t.......IEND.B`.

                                            Static File Info

                                            No static file info

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Apr 26, 2024 00:06:56.578651905 CEST49674443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:06:56.578685045 CEST49675443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:06:56.672418118 CEST49673443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:05.872215033 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:05.872258902 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:05.872348070 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:05.872534990 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:05.872551918 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:06.181011915 CEST49675443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:06.199948072 CEST49674443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:06.209956884 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:06.210573912 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:06.210603952 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:06.212321997 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:06.212405920 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:06.213699102 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:06.213871956 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:06.276259899 CEST49673443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:06.401849985 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:06.401902914 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:06.590579033 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:07.305635929 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.305700064 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.305775881 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.305948973 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.305994987 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.645262957 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:07.645301104 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:07.645374060 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:07.647681952 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:07.647691965 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:07.744527102 CEST4434970323.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:07.744600058 CEST49703443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:07.790790081 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.791071892 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.791129112 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.792841911 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.792937040 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.793906927 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.794003010 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.794053078 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.840118885 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.840126038 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.840182066 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.885962963 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.914947987 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:07.915020943 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:07.949582100 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.949757099 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:07.949839115 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.996354103 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:07.996377945 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:07.997374058 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:07.997858047 CEST49722443192.168.2.5207.244.126.81
                                            Apr 26, 2024 00:07:07.997900963 CEST44349722207.244.126.81192.168.2.5
                                            Apr 26, 2024 00:07:08.043977022 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.085231066 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.128127098 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:08.214649916 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:08.214821100 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:08.214878082 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.240583897 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.240598917 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:08.240611076 CEST49723443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.240614891 CEST4434972323.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:08.929724932 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.929760933 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:08.929838896 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.930531979 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:08.930550098 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.186794996 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.186876059 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:09.225500107 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:09.225518942 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.225857019 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.227461100 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:09.272120953 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.440593958 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.440680981 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.440736055 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:09.441546917 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:09.441555977 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:09.441571951 CEST49736443192.168.2.523.202.106.101
                                            Apr 26, 2024 00:07:09.441579103 CEST4434973623.202.106.101192.168.2.5
                                            Apr 26, 2024 00:07:10.012608051 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.012656927 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.012859106 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.015875101 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.015889883 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.283212900 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.337516069 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.412806034 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.412820101 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.413995028 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.414007902 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.414043903 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.421957970 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.422029972 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.422564983 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.422570944 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.464518070 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:10.848798037 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.848903894 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:10.849005938 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:11.012154102 CEST49746443192.168.2.5104.21.53.38
                                            Apr 26, 2024 00:07:11.012188911 CEST44349746104.21.53.38192.168.2.5
                                            Apr 26, 2024 00:07:16.183918953 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:16.183960915 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:16.184088945 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:17.722737074 CEST49712443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:07:17.722767115 CEST44349712142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:07:20.268810034 CEST49703443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.268997908 CEST49703443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.270862103 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.270911932 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.271085978 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.272011042 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.272038937 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.455013990 CEST4434970323.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.455141068 CEST4434970323.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.660921097 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.661005020 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.717453003 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.717487097 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.717900038 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.718080997 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.719491959 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.719527960 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:20.719738007 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:20.719749928 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:21.073961020 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:21.074068069 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:21.074646950 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:21.074702978 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:21.074768066 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:21.195590973 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:21.195590973 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:07:21.195628881 CEST4434976823.1.237.91192.168.2.5
                                            Apr 26, 2024 00:07:21.199415922 CEST49768443192.168.2.523.1.237.91
                                            Apr 26, 2024 00:08:05.797830105 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:05.797867060 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:05.798063993 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:05.798293114 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:05.798300982 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:06.125181913 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:06.125534058 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:06.125554085 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:06.126013041 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:06.126668930 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:06.126754999 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:06.168993950 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:16.125303984 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:16.125371933 CEST44349773142.250.217.228192.168.2.5
                                            Apr 26, 2024 00:08:16.125504971 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:17.114648104 CEST49773443192.168.2.5142.250.217.228
                                            Apr 26, 2024 00:08:17.114682913 CEST44349773142.250.217.228192.168.2.5

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Apr 26, 2024 00:07:02.251640081 CEST53532591.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:02.258222103 CEST53547341.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:03.240487099 CEST53582091.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:05.744879961 CEST5206953192.168.2.51.1.1.1
                                            Apr 26, 2024 00:07:05.745091915 CEST4947653192.168.2.51.1.1.1
                                            Apr 26, 2024 00:07:05.870444059 CEST53494761.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:05.870697975 CEST53520691.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:07.177488089 CEST5278853192.168.2.51.1.1.1
                                            Apr 26, 2024 00:07:07.177632093 CEST5312253192.168.2.51.1.1.1
                                            Apr 26, 2024 00:07:07.301731110 CEST53645071.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:07.303425074 CEST53531221.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:07.305207014 CEST53527881.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:09.583738089 CEST53533611.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:09.820619106 CEST5505853192.168.2.51.1.1.1
                                            Apr 26, 2024 00:07:09.820817947 CEST5514453192.168.2.51.1.1.1
                                            Apr 26, 2024 00:07:09.948868990 CEST53550581.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:09.949963093 CEST53551441.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:15.723088026 CEST53495041.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:21.057816982 CEST53584571.1.1.1192.168.2.5
                                            Apr 26, 2024 00:07:39.952250004 CEST53512301.1.1.1192.168.2.5
                                            Apr 26, 2024 00:08:01.770648003 CEST53647371.1.1.1192.168.2.5
                                            Apr 26, 2024 00:08:02.852164984 CEST53585731.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Apr 26, 2024 00:07:05.744879961 CEST192.168.2.51.1.1.10xae9fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:05.745091915 CEST192.168.2.51.1.1.10xfcd6Standard query (0)www.google.com65IN (0x0001)false
                                            Apr 26, 2024 00:07:07.177488089 CEST192.168.2.51.1.1.10x5647Standard query (0)m03lm.rdtk.ioA (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:07.177632093 CEST192.168.2.51.1.1.10xee75Standard query (0)m03lm.rdtk.io65IN (0x0001)false
                                            Apr 26, 2024 00:07:09.820619106 CEST192.168.2.51.1.1.10xf2ecStandard query (0)userstatics.comA (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:09.820817947 CEST192.168.2.51.1.1.10xc33aStandard query (0)userstatics.com65IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Apr 26, 2024 00:07:05.870444059 CEST1.1.1.1192.168.2.50xfcd6No error (0)www.google.com65IN (0x0001)false
                                            Apr 26, 2024 00:07:05.870697975 CEST1.1.1.1192.168.2.50xae9fNo error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:07.303425074 CEST1.1.1.1192.168.2.50xee75No error (0)m03lm.rdtk.iowdc.rdtk.ioCNAME (Canonical name)IN (0x0001)false
                                            Apr 26, 2024 00:07:07.305207014 CEST1.1.1.1192.168.2.50x5647No error (0)m03lm.rdtk.iowdc.rdtk.ioCNAME (Canonical name)IN (0x0001)false
                                            Apr 26, 2024 00:07:07.305207014 CEST1.1.1.1192.168.2.50x5647No error (0)wdc.rdtk.io207.244.126.81A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:09.948868990 CEST1.1.1.1192.168.2.50xf2ecNo error (0)userstatics.com104.21.53.38A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:09.948868990 CEST1.1.1.1192.168.2.50xf2ecNo error (0)userstatics.com172.67.208.186A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:09.949963093 CEST1.1.1.1192.168.2.50xc33aNo error (0)userstatics.com65IN (0x0001)false
                                            Apr 26, 2024 00:07:19.961708069 CEST1.1.1.1192.168.2.50x5770No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 26, 2024 00:07:19.961708069 CEST1.1.1.1192.168.2.50x5770No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:33.632145882 CEST1.1.1.1192.168.2.50xfdf8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 26, 2024 00:07:33.632145882 CEST1.1.1.1192.168.2.50xfdf8No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:07:55.070770979 CEST1.1.1.1192.168.2.50x39ffNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 26, 2024 00:07:55.070770979 CEST1.1.1.1192.168.2.50x39ffNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                            Apr 26, 2024 00:08:15.484747887 CEST1.1.1.1192.168.2.50xa749No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 26, 2024 00:08:15.484747887 CEST1.1.1.1192.168.2.50xa749No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • https:
                                              • m03lm.rdtk.io
                                              • userstatics.com
                                              • www.bing.com
                                            • fs.microsoft.com

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.549722207.244.126.814431476C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2024-04-25 22:07:07 UTC621OUTGET /postback?format=img&sum={replace} HTTP/1.1
                                            Host: m03lm.rdtk.io
                                            Connection: keep-alive
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://iij110.z27.web.core.windows.net/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2024-04-25 22:07:07 UTC158INHTTP/1.1 400 Bad Request
                                            Server: nginx/1.20.2
                                            Date: Thu, 25 Apr 2024 22:07:07 GMT
                                            Content-Type: application/json
                                            Content-Length: 73
                                            Connection: close
                                            2024-04-25 22:07:07 UTC73INData Raw: 7b 22 73 74 61 74 75 73 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 69 6e 76 61 6c 69 64 20 61 74 74 72 69 62 75 74 69 6f 6e 20 70 61 72 61 6d 65 74 65 72 73 3a 20 76 61 6c 69 64 61 74 69 6f 6e 20 65 72 72 6f 72 22 7d
                                            Data Ascii: {"status":0,"message":"invalid attribution parameters: validation error"}


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.54972323.202.106.101443
                                            TimestampBytes transferredDirectionData
                                            2024-04-25 22:07:08 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            User-Agent: Microsoft BITS/7.8
                                            Host: fs.microsoft.com
                                            2024-04-25 22:07:08 UTC467INHTTP/1.1 200 OK
                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                            Content-Type: application/octet-stream
                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                            Server: ECAcc (chd/0712)
                                            X-CID: 11
                                            X-Ms-ApiVersion: Distribute 1.2
                                            X-Ms-Region: prod-eus-z1
                                            Cache-Control: public, max-age=118636
                                            Date: Thu, 25 Apr 2024 22:07:08 GMT
                                            Connection: close
                                            X-CID: 2


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.54973623.202.106.101443
                                            TimestampBytes transferredDirectionData
                                            2024-04-25 22:07:09 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            Accept-Encoding: identity
                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                            Range: bytes=0-2147483646
                                            User-Agent: Microsoft BITS/7.8
                                            Host: fs.microsoft.com
                                            2024-04-25 22:07:09 UTC487INHTTP/1.1 200 OK
                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                            Content-Type: application/octet-stream
                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                            Server: ECAcc (dce/26AC)
                                            X-CID: 11
                                            X-Ms-ApiVersion: Distribute 1.2
                                            X-Ms-Region: prod-eus-z1
                                            Cache-Control: public, max-age=118669
                                            Date: Thu, 25 Apr 2024 22:07:09 GMT
                                            Content-Length: 55
                                            Connection: close
                                            X-CID: 2
                                            2024-04-25 22:07:09 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.549746104.21.53.384431476C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2024-04-25 22:07:10 UTC628OUTGET /get/script.js?referrer=https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052 HTTP/1.1
                                            Host: userstatics.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://iij110.z27.web.core.windows.net/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2024-04-25 22:07:10 UTC811INHTTP/1.1 200 OK
                                            Date: Thu, 25 Apr 2024 22:07:10 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            X-Powered-By: PHP/8.2.1
                                            Access-Control-Allow-Origin: https://iij110.z27.web.core.windows.net
                                            Access-Control-Allow-Methods: GET, POST
                                            Access-Control-Allow-Headers: X-Requested-With,content-type
                                            Access-Control-Allow-Credentials: true
                                            CF-Cache-Status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ig3NwYnO7%2FUq%2BxT3YRZJxKEzvN61LHy4Oe1wrWxSRqOMjmwz3efERxcjtJo3Ufd4pGhtPYulTIWrphGClJYpbpZZhmvNl8sgEy%2BtoYio4MRu9teusAZgF2tmoBy66GCXpSU%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 87a1a4faae44748d-MIA
                                            alt-svc: h3=":443"; ma=86400
                                            2024-04-25 22:07:10 UTC139INData Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a
                                            Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
                                            2024-04-25 22:07:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination Port
                                            4192.168.2.54976823.1.237.91443
                                            TimestampBytes transferredDirectionData
                                            2024-04-25 22:07:20 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                                            Origin: https://www.bing.com
                                            Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                            Accept: */*
                                            Accept-Language: en-CH
                                            Content-type: text/xml
                                            X-Agent-DeviceId: 01000A410900D492
                                            X-BM-CBT: 1696428841
                                            X-BM-DateFormat: dd/MM/yyyy
                                            X-BM-DeviceDimensions: 784x984
                                            X-BM-DeviceDimensionsLogical: 784x984
                                            X-BM-DeviceScale: 100
                                            X-BM-DTZ: 120
                                            X-BM-Market: CH
                                            X-BM-Theme: 000000;0078d7
                                            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                            X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                                            X-Device-isOptin: false
                                            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                            X-Device-OSSKU: 48
                                            X-Device-Touch: false
                                            X-DeviceID: 01000A410900D492
                                            X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                                            X-MSEdge-ExternalExpType: JointCoord
                                            X-PositionerType: Desktop
                                            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                            X-Search-CortanaAvailableCapabilities: None
                                            X-Search-SafeSearch: Moderate
                                            X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                            X-UserAgeClass: Unknown
                                            Accept-Encoding: gzip, deflate, br
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                            Host: www.bing.com
                                            Content-Length: 2484
                                            Connection: Keep-Alive
                                            Cache-Control: no-cache
                                            Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714082806004&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                                            2024-04-25 22:07:20 UTC1OUTData Raw: 3c
                                            Data Ascii: <
                                            2024-04-25 22:07:20 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                            Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                            2024-04-25 22:07:21 UTC479INHTTP/1.1 204 No Content
                                            Access-Control-Allow-Origin: *
                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                            X-MSEdge-Ref: Ref A: CB8514861B1E463F9C9A645F5D632942 Ref B: LAX311000108031 Ref C: 2024-04-25T22:07:20Z
                                            Date: Thu, 25 Apr 2024 22:07:20 GMT
                                            Connection: close
                                            Alt-Svc: h3=":443"; ma=93600
                                            X-CDN-TraceID: 0.57ed0117.1714082840.d6287f4


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:00:06:56
                                            Start date:26/04/2024
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                            Imagebase:0x7ff715980000
                                            File size:3'242'272 bytes
                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:2
                                            Start time:00:06:59
                                            Start date:26/04/2024
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                            Imagebase:0x7ff715980000
                                            File size:3'242'272 bytes
                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:3
                                            Start time:00:07:01
                                            Start date:26/04/2024
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052"
                                            Imagebase:0x7ff715980000
                                            File size:3'242'272 bytes
                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:6
                                            Start time:00:07:19
                                            Start date:26/04/2024
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4556 --field-trial-handle=2220,i,18089944170792560258,15948041730878250228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                            Imagebase:0x7ff715980000
                                            File size:3'242'272 bytes
                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            Disassembly

                                            No disassembly