IOC Report
https://bmypage.kuronekoyamato.co.jp/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 03:39:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 03:39:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 03:39:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 03:39:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 03:39:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 101
ASCII text
downloaded
Chrome Cache Entry: 102
Unicode text, UTF-8 text, with very long lines (9165)
downloaded
Chrome Cache Entry: 103
Unicode text, UTF-8 text, with very long lines (65441), with CRLF line terminators
downloaded
Chrome Cache Entry: 104
HTML document, ASCII text, with very long lines (32765)
dropped
Chrome Cache Entry: 105
HTML document, ASCII text
downloaded
Chrome Cache Entry: 106
HTML document, ASCII text, with very long lines (32765)
downloaded
Chrome Cache Entry: 107
Unicode text, UTF-8 text, with very long lines (1243), with CRLF line terminators
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (32510), with no line terminators
dropped
Chrome Cache Entry: 109
JSON data
dropped
Chrome Cache Entry: 110
Unicode text, UTF-8 text, with very long lines (65441), with CRLF line terminators
dropped
Chrome Cache Entry: 111
HTML document, Non-ISO extended-ASCII text, with very long lines (385), with LF, NEL line terminators
downloaded
Chrome Cache Entry: 112
PNG image data, 268 x 46, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (4143)
dropped
Chrome Cache Entry: 114
Web Open Font Format, CFF, length 559596, version 1.0
downloaded
Chrome Cache Entry: 115
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 116
Unicode text, UTF-8 text, with very long lines (51384), with no line terminators
downloaded
Chrome Cache Entry: 117
ASCII text, with very long lines (2343)
dropped
Chrome Cache Entry: 118
PNG image data, 268 x 46, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 119
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 120
ASCII text, with very long lines (723)
downloaded
Chrome Cache Entry: 121
ASCII text
dropped
Chrome Cache Entry: 122
ASCII text, with very long lines (4935), with no line terminators
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 124
PNG image data, 339 x 25, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (4143)
downloaded
Chrome Cache Entry: 126
PNG image data, 339 x 25, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 127
JSON data
downloaded
Chrome Cache Entry: 128
ASCII text, with very long lines (2306)
dropped
Chrome Cache Entry: 129
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 130
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 131
ASCII text
dropped
Chrome Cache Entry: 132
Unicode text, UTF-8 text, with very long lines (9165)
dropped
Chrome Cache Entry: 133
ASCII text, with very long lines (32023)
dropped
Chrome Cache Entry: 134
ASCII text
downloaded
Chrome Cache Entry: 135
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 136
Unicode text, UTF-8 text, with very long lines (51384), with no line terminators
dropped
Chrome Cache Entry: 137
Non-ISO extended-ASCII text
downloaded
Chrome Cache Entry: 138
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (32023)
downloaded
Chrome Cache Entry: 140
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 141
ASCII text, with very long lines (4953), with no line terminators
dropped
Chrome Cache Entry: 142
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 143
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 144
ASCII text, with very long lines (32510), with no line terminators
downloaded
Chrome Cache Entry: 145
Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196
downloaded
Chrome Cache Entry: 146
ASCII text, with very long lines (3835)
dropped
Chrome Cache Entry: 147
ASCII text, with very long lines (2306)
downloaded
Chrome Cache Entry: 148
Web Open Font Format (Version 2), TrueType, length 13224, version 331.-31196
downloaded
Chrome Cache Entry: 149
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 150
HTML document, Non-ISO extended-ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (3835)
downloaded
Chrome Cache Entry: 152
Non-ISO extended-ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 96
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 97
HTML document, ASCII text, with very long lines (815)
downloaded
Chrome Cache Entry: 98
Non-ISO extended-ASCII text
dropped
Chrome Cache Entry: 99
ASCII text
downloaded
There are 54 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2916 --field-trial-handle=1964,i,6959456803870479823,1038205936054327422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bmypage.kuronekoyamato.co.jp/"

URLs

Name
IP
Malicious
https://bmypage.kuronekoyamato.co.jp/
http://internet.e-mail
unknown
https://stats.g.doubleclick.net/g/collect
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/assets/js/jquery.placeholder.min.js
unknown
http://jquery.org/license
unknown
https://bmypage.kuronekoyamato.co.jp/favicon.ico
218.40.14.55
https://b-faq.kuronekoyamato.co.jp/app/ask?sa_parameter=login&utm_source=ybm&utm_medium=referral&utm
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/script/images/logo.png
unknown
http://sizzlejs.com/
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/assets/js/maintenanceNotice.js?
unknown
https://www.clarity.ms/tag/uet/
unknown
https://www.clarity.ms/s/0.7.49/clarity.js
13.107.246.67
https://business.kuronekoyamato.co.jp/service/lineup/business_members/contract/
unknown
https://www.kuronekoyamato.co.jp/ytc/customer/
unknown
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://bmypage.kuronekoyamato.co.jp/bmypage/
https://img-inter.kuronekoyamato.co.jp/bmypage/script/common/js/jquery.min.js
unknown
https://fontawesome.com/license/free
unknown
https://fontawesome.com
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/assets/js/ybmCommon.js
unknown
https://www.google.com
unknown
https://www.youtube.com/iframe_api
unknown
http://www.bleedingego.co.uk/webdev.php
unknown
https://bmypage.kuronekoyamato.co.jp/bmypage/assets/fontawesome-free-5.15.4-web/css/all.css
218.40.14.55
https://business.kuronekoyamato.co.jp/service/lineup/business_members/
unknown
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLGI0010JspServlet
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLG
unknown
https://www.kuronekoyamato.co.jp/ytc/privacy/
unknown
https://b-faq.kuronekoyamato.co.jp/app/answers/detail/a_id/8327?utm_source=ybm&utm_medium=referral&u
unknown
https://github.com/krux/postscribe/blob/master/LICENSE.
unknown
https://www.kuronekoyamato.co.jp/ytc/gdpr/
unknown
https://b-faq.kuronekoyamato.co.jp/app/answers/detail/a_id/8326?utm_source=ybm&utm_medium=referral&u
unknown
https://stats.g.doubleclick.net/j/collect
unknown
https://bmypage.kuronekoyamato.co.jp/bmypage/assets/fontawesome-free-5.15.4-web/webfonts/fa-regular-400.woff2
218.40.14.55
https://img-inter.kuronekoyamato.co.jp/bmypage/script/common/js/rollover.js
unknown
https://b-faq.kuronekoyamato.co.jp/app/answers/detail/a_id/282?utm_source=ybm&utm_medium=referral&ut
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/assets/css/important.css?20240313
unknown
https://github.com/microsoft/clarity
unknown
https://s.yimg.jp/images/listing/tool/cv/ytag.js
182.22.31.124
https://www.yamato-hd.co.jp/important.json?prm=
unknown
https://bmypageapi.kuronekoyamato.co.jp/bmypageapi/login
unknown
https://www.kuronekoyamato.co.jp/ytc/corp/
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/script/images/img-footer-logo.png
unknown
https://www.kuronekoyamato.co.jp/ytc/agreement/
unknown
https://bmypageapi.kuronekoyamato.co.jp/bmypageapi/sendToSpecified?sendTo=3&loginBeforeFlg=true
unknown
https://www.kuronekoyamato.co.jp/
unknown
https://googleads.g.doubleclick.net
unknown
https://tagassistant.google.com/
unknown
https://b99.yahoo.co.jp/pagead/conversion_async.js
183.79.255.28
https://img-inter.kuronekoyamato.co.jp/bmypage/assets/css/newStyle.css?20240415
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/script/common/js/popup.js
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/pdf/20240617_LoginCaution.pdf
unknown
https://b-faq.kuronekoyamato.co.jp/app/answers/list/c/77
unknown
https://bmypageapi.kuronekoyamato.co.jp/bmypageapi/sendToSpecified?sendTo=20&loginBeforeFlg=true
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/script/common/js/jquery.flatheights.js
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/assets/js/jquery-2.0.3.min.js
unknown
https://cct.google/taggy/agent.js
unknown
https://bmypage.kuronekoyamato.co.jp/
218.40.14.55
https://business.kuronekoyamato.co.jp/sitepolicy/
unknown
https://www.clarity.ms/tag/uet/343072681
13.107.246.67
https://www.kuronekoyamato.co.jp/ytc/sitemap/
unknown
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
unknown
https://www.google.com/pagead/1p-user-list/347314927/?random
unknown
https://www.kuronekoyamato.co.jp/ytc/membership_agreement/
unknown
https://www.google.com/ads/ga-audiences
unknown
https://www.google.%/ads/ga-audiences
unknown
https://td.doubleclick.net
unknown
https://business.kuronekoyamato.co.jp/
unknown
https://www.merchant-center-analytics.goog
unknown
https://img-inter.kuronekoyamato.co.jp/bmypage/script/common/js/jquery.flatheights.option.js
unknown
https://bmypage.kuronekoyamato.co.jp/bmypage/assets/fontawesome-free-5.15.4-web/webfonts/fa-solid-900.woff2
218.40.14.55
https://google.com
unknown
https://b-faq.kuronekoyamato.co.jp/
unknown
http://jquery.com/
unknown
https://adservice.google.com/pagead/regclk?
unknown
https://www.yamato-hd.co.jp/
unknown
There are 65 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0016.t-0009.t-msedge.net
13.107.246.44
googleads.g.doubleclick.net
142.250.185.162
bmypage.kuronekoyamato.co.jp
218.40.14.55
www.google.com
142.250.186.164
edge12.g.yimg.jp
182.22.31.124
mscedge.g.yimg.jp
183.79.255.28
td.doubleclick.net
172.217.18.2
s-part-0039.t-0009.t-msedge.net
13.107.246.67
ax-0001.ax-msedge.net
150.171.28.10
s-part-0032.t-0009.t-msedge.net
13.107.246.60
fp2e7a.wpc.phicdn.net
192.229.221.95
www.yamato-hd.co.jp
unknown
b99.yahoo.co.jp
unknown
x.clarity.ms
unknown
img-inter.kuronekoyamato.co.jp
unknown
www.clarity.ms
unknown
c.clarity.ms
unknown
s.yimg.jp
unknown
There are 8 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.67
s-part-0039.t-0009.t-msedge.net
United States
182.22.24.252
unknown
Japan
13.107.246.44
s-part-0016.t-0009.t-msedge.net
United States
218.40.14.55
bmypage.kuronekoyamato.co.jp
Japan
142.250.185.100
unknown
United States
192.168.2.5
unknown
unknown
183.79.255.28
mscedge.g.yimg.jp
Japan
150.171.28.10
ax-0001.ax-msedge.net
United States
142.250.185.162
googleads.g.doubleclick.net
United States
182.22.31.124
edge12.g.yimg.jp
Japan
172.217.18.2
td.doubleclick.net
United States
239.255.255.250
unknown
Reserved
142.250.185.196
unknown
United States
142.250.186.164
www.google.com
United States
142.250.186.66
unknown
United States
There are 5 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://bmypage.kuronekoyamato.co.jp/bmypage/
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLGI0010JspServlet
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLGI0010JspServlet
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLGI0010JspServlet
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLGI0010JspServlet
https://bmypage.kuronekoyamato.co.jp/bmypage/servlet/jp.co.kuronekoyamato.wur.hmp.servlet.user.HMPLGI0010JspServlet