Windows
Analysis Report
https://documentfilesofffices.lol/
Overview
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 6988 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// documentfi lesofffice s.lol/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6096 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2068 --fi eld-trial- handle=200 4,i,251177 8369337322 939,571777 0323508659 007,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlDropper_3 | Yara detected Html Dropper | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | File source: |
Source: | LLM: |
Source: | Matcher: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | File source: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a.nel.cloudflare.com | 35.190.80.1 | true | false | high | |
challenges.cloudflare.com | 104.17.3.184 | true | false | high | |
www.google.com | 142.251.215.228 | true | false | high | |
documentfilesofffices.lol | 172.67.129.249 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
false | high | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.217.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.215.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.217.99 | unknown | United States | 15169 | GOOGLEUS | false | |
74.125.142.84 | unknown | United States | 15169 | GOOGLEUS | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false | |
172.67.129.249 | documentfilesofffices.lol | United States | 13335 | CLOUDFLARENETUS | true | |
104.17.3.184 | challenges.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
142.251.215.234 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438251 |
Start date and time: | 2024-05-08 14:23:23 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://documentfilesofffices.lol/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.phis.troj.win@17/19@14/25 |
- Exclude process from analysis (whitelisted): svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.217.99, 142.250.217.110, 74.125.142.84, 34.104.35.123, 69.164.41.0
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
Input | Output |
---|---|
URL: https://documentfilesofffices.lol/6f5c738436d0a4edb215172e0bb1eabf663b6ee6c0a17LOG6f5c738436d0a4edb215172e0bb1eabf663b6ee6c0a18 | ```json { "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "blank": false, "reasons": "The URL 'https://documentfilesofffices.lol/6f5c738436d0a4edb215172e0bb1eabf663b6ee6c0a17LOG6f5c738436d0a4edb215172e0bb1eabf663b6ee6c0a18' is highly suspicious due to its irrelevant and misleading domain name that does not match Microsoft's legitimate domain. The image mimics a Microsoft login page, which is a common tactic in phishing to deceive users into providing sensitive information." } |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.98607553174117 |
Encrypted: | false |
SSDEEP: | |
MD5: | DFEA2F04AE1DB2528B1B768B78C3DEE0 |
SHA1: | 2AA7612FD58573C3B5CF822E7657C19DCD4F1012 |
SHA-256: | 59D8A97E2FC67CF75D4D8E0FFBAEB8152900B88D712E9B385AB9F02CBC0E8074 |
SHA-512: | 147853BA537A84982457BC4558A05D484C7E37889D3965C93ABEA7FBF0FEBD8D9B27C33C5620C8568844E34121CB17D70C4F261C950F3A79C0B842923EF05563 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.005614128188422 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5BC4DAE83E4E305BB18FA45A773E9F7D |
SHA1: | 0A282405FC3C8B68F924C372B5F28DB15DC0E9CB |
SHA-256: | 3C75A56A630AF2231D28C90850B881B114E2F45D0C84B63568131DA188CCCC02 |
SHA-512: | BB00B8B3633AAEBCCDD5783A493C643AD40FBE358D5F6231F614BB57B69A761300D9C3F48A20FC7ADADAC0A83D545A7D94204D3A1A05868B9B8B763AF6753EB4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.008499108816868 |
Encrypted: | false |
SSDEEP: | |
MD5: | 290F88FE3C5BC535DD2FE2877194CD97 |
SHA1: | 97FB92CA99C64C3127C8A97303BEAB6AE0C195B7 |
SHA-256: | 9694C946E16D92C7D2DBFB8D3CE390575EEFAF7324B9FEE2E0A8440D95021B01 |
SHA-512: | 923A74CDAC2535AA4F196FBD6448068F75BDBADCD1D4F65DDBD682D8C88B143B37FDA42B1C48CA0504BBEFF60DCB4B911A4E1CE64FB23A577EE08792E13BBD69 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9996432499729635 |
Encrypted: | false |
SSDEEP: | |
MD5: | 112245FE53D09DEEA397D17E7E156E4E |
SHA1: | 9C1E4A7038EF35B9F9AA8FE448BA9F3097CCCBB5 |
SHA-256: | 1865F5FE3A1F9F77D8820AE000AB54A2BD0C2525B65347F7E9FD3C7F7E3E4F1C |
SHA-512: | 24A602328B66FAE800CDC77EE6D3F4B668C275643B4176B550E3E364521DD728B8CC55AA6CAB36170C9971CF6A4C7DFE0F45FA12FA245AE10607501212B94ED3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9896369265309763 |
Encrypted: | false |
SSDEEP: | |
MD5: | D98C5B2E7CE953C75109618CC599D556 |
SHA1: | 93B7D6054E1C59F687964DA24B490663ADE5A3AD |
SHA-256: | 7615D48A1786F4EE3F876DC642E5AD7DE10D155A75B1B7D21E4AE8CCBB9C2CBC |
SHA-512: | 3E641BDB9372B1842ABD097B6AE29CC3D648A71B752ADE24073F0894A638424304DAB277C225B0AA85C8902D25D81052BEF3F02713AC51A984710CE579968471 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.0024448811213 |
Encrypted: | false |
SSDEEP: | |
MD5: | B9876A99902161DBACC6E8C7582D31AE |
SHA1: | 1C80773D4AEC406D523CBE8B3838C457617663A7 |
SHA-256: | 7D41E2C0100B226DCB1E550DE32E0030D45D794C61BCAB96CFFD5119EC6E30CD |
SHA-512: | B2188B57951A9E84D070426EFC0A5ACF79C32B80FA89DB9D6A6E45ECCBA8CF5EDF48024D1CCBEF21D01EB49791A31F4BA37B865B40CC5E2FE20C44413583FA8A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 85578 |
Entropy (8bit): | 5.366055229017455 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F6B11A7E914718E0290410E85366FE9 |
SHA1: | 69BB69E25CA7D5EF0935317584E6153F3FD9A88C |
SHA-256: | 05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E |
SHA-512: | 0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/jq/1996878e7b64f8f9d15119242522750f663b6ee7c10ff |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1592 |
Entropy (8bit): | 4.205005284721148 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4E48046CE74F4B89D45037C90576BFAC |
SHA1: | 4A41B3B51ED787F7B33294202DA72220C7CD2C32 |
SHA-256: | 8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93 |
SHA-512: | B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 42566 |
Entropy (8bit): | 5.373717288910203 |
Encrypted: | false |
SSDEEP: | |
MD5: | A5B92920E25651D2058F4982A108347B |
SHA1: | CAEEADD68D38FDB681C52006C68880ABC2E8A1A6 |
SHA-256: | 49A5ABEDF03EB8AD9A66ECA7C5CCB8E59A440E06958E1E7B71D078F494178DC5 |
SHA-512: | 94B23A3706A8E899E3F06B531B4F08D7924580EB7DB63954B3EC1A95F15ADD948F227D59D3AE05E111087EB8499798E710D08B74FF33D6F832BB5491CB7B21E9 |
Malicious: | false |
Reputation: | unknown |
URL: | https://challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3651 |
Entropy (8bit): | 4.094801914706141 |
Encrypted: | false |
SSDEEP: | |
MD5: | EE5C8D9FB6248C938FD0DC19370E90BD |
SHA1: | D01A22720918B781338B5BBF9202B241A5F99EE4 |
SHA-256: | 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A |
SHA-512: | C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7043 |
Entropy (8bit): | 5.2804407743048944 |
Encrypted: | false |
SSDEEP: | |
MD5: | B6C202188699B897BB727A68EDD24665 |
SHA1: | FF3B891E06C983DCA277C1D7D874C8EB8084EB96 |
SHA-256: | 184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419 |
SHA-512: | AD8D243B156841EC27CA057CF1E0F64B8802E0DF64F79000739605CDE2C9A9FA1E3E24D153AB34A7AA66F726FC701816CA116052F4129AF3FB78D8F4057EE9F8 |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/js/1996878e7b64f8f9d15119242522750f663b6ee7c1108 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61 |
Entropy (8bit): | 3.990210155325004 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9246CCA8FC3C00F50035F28E9F6B7F7D |
SHA1: | 3AA538440F70873B574F40CD793060F53EC17A5D |
SHA-256: | C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84 |
SHA-512: | A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 105369 |
Entropy (8bit): | 5.240719144154261 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8E6B0F88563F9C33F78BCE65CF287DF7 |
SHA1: | EF7765CD2A7D64ED27DD7344702597AFF6F8C397 |
SHA-256: | A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A |
SHA-512: | 7DCE31D45ACA40340490B9F437A22ADF212B049DE0D4DDEB908A50C1F5C6C7B5561323B3A93B6ED3E5A7C44D7170460BFF8D8722749191C0F5A8DBD83E093E7F |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/APP-1996878e7b64f8f9d15119242522750f663b6eea5eafc/1996878e7b64f8f9d15119242522750f663b6eea5eafd |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 61 |
Entropy (8bit): | 4.068159130770306 |
Encrypted: | false |
SSDEEP: | |
MD5: | 117490ACD1FCB165BA8A000677E57A04 |
SHA1: | C13D7EA83ED230F3F3C35581E5797C62AD5CEBCB |
SHA-256: | 074A7A55FE8CC69A157CF953CE09AD97AC787779B2CF3C1908674A3859D13CF6 |
SHA-512: | 1CEE35FCD42D2A9F5A373CBE4C0027C57923764A02EC0A23FBAEB16E3A40EF69C1743E57472499DE82A428C4082EE6D8AEC0C1391FB49CB5BBECD7DE0B5F8471 |
Malicious: | false |
Reputation: | unknown |
URL: | https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/88096c73e8ac30e1/1715171036338/2ar_zJeGO397-wZ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4464 |
Entropy (8bit): | 5.575707924389654 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8ABF4B60E7EB18DBD5BFD1E0B44AD9D7 |
SHA1: | FE8DB41FBB18212A4C7451E84A81E1F6E51CD6ED |
SHA-256: | 0D45AFB8C2D229CBA6BA5522C7CFB36467C1F2158A12C66D0A0C7A7473535B32 |
SHA-512: | D46EC0EF9CD53FEB599C824F8DAF7806F9F23FF3B3848368E567103DD7FA53E7627A6A516B8947AEE006C380C0CE14AB2D913131162B5749BD1D3F7C0D06F420 |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/6f5c738436d0a4edb215172e0bb1eabf663b6ee6c0a17LOG6f5c738436d0a4edb215172e0bb1eabf663b6ee6c0a18 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 51039 |
Entropy (8bit): | 5.247253437401007 |
Encrypted: | false |
SSDEEP: | |
MD5: | 67176C242E1BDC20603C878DEE836DF3 |
SHA1: | 27A71B00383D61EF3C489326B3564D698FC1227C |
SHA-256: | 56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4 |
SHA-512: | 9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/boot/1996878e7b64f8f9d15119242522750f663b6ee7c1106 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.875 |
Encrypted: | false |
SSDEEP: | |
MD5: | 011B17B116126E6E0C4A9B0DE9145805 |
SHA1: | DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC |
SHA-256: | 3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179 |
SHA-512: | BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnMclJieXWF4hIFDdFbUVI=?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1864 |
Entropy (8bit): | 5.222032823730197 |
Encrypted: | false |
SSDEEP: | |
MD5: | BC3D32A696895F78C19DF6C717586A5D |
SHA1: | 9191CB156A30A3ED79C44C0A16C95159E8FF689D |
SHA-256: | 0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68 |
SHA-512: | 8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64 |
Malicious: | false |
Reputation: | unknown |
URL: | https://documentfilesofffices.lol/x/1996878e7b64f8f9d15119242522750f663b6eea5eb02 |
Preview: |