Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Non-Disclosure Agreement Contract.docx

Overview

General Information

Sample name:Non-Disclosure Agreement Contract.docx
Analysis ID:1635311
MD5:2a6ace4b9061198e66eaecddf455fd89
SHA1:d3258c08007254495b5afbb9d3573ca90bfefccf
SHA256:0e1fe67a8f8385717590e8cb74315cd944c327ae28bf0870bb7d7551a4cf9616
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
Suspicious office document detected (based on various text indicators)
Writes to foreign memory regions
Detected non-DNS traffic on DNS port
Sigma detected: Suspicious Office Outbound Connections

Classification

Process Tree

  • System is w11x64_office
  • WINWORD.EXE (PID: 1644 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\Non-Disclosure Agreement Contract.docx" /o "" MD5: A9F0EC89897AC6C878D217DFB64CA752)
  • chrome.exe (PID: 3420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 290DF23002E9B52249B5549F0C668A86)
    • chrome.exe (PID: 3672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1840,i,14588777340965528039,9093886458572346763,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=2144 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 53974, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 1644, Protocol: tcp, SourceIp: 2.16.164.59, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://documents.onmembersonln.com/HSHEWNSAvira URL Cloud: Label: phishing
Source: https://documents.onmembersonln.com/favicon.icoAvira URL Cloud: Label: phishing

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: Office documentJoe Sandbox AI: Page contains button: 'REVIEW DOCUMENT' Source: 'Office document'
Source: Office documentJoe Sandbox AI: Office document contains prominent button: 'review document'
Suspicious office document detected (based on various text indicators)
Source: WordOCR Text: docusign You Received a Document to Review and Sign. REVIEW DOCUMENT DocuSign ContractsDocuSign@docusign.com All parties have completed Contract ID: 27163 - . Non-Disclosure Agreement Contract qocne!au Powered by Do Not Share This Email This email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit Docusign.com, click 'Access Documents', and enter the security code: FD17EC2D67C04F69B6DBC783C04926907 About Docusign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go or even across the globe Docusign provides a professional trusted solution for Digital Transaction Management TM Questions about the Document? If you need to modify the document or have questions about the details in the document, please
Source: unknownHTTPS traffic detected: 2.16.164.59:443 -> 192.168.2.24:53974 version: TLS 1.2
Source: winword.exeMemory has grown: Private usage: 8MB later: 37MB
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:57360 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: global trafficHTTP traffic detected: GET /olive/images/2.62.0/global-assets/email-templates/email-logo.png HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: docucdn-a.akamaihd.net
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIk6HLAQiKo8sBCIWgzQEI/aXOAQjCwM4BCKHUzgEI7NXOAQj5184BCPnYzgEI/dnOAQjD284BCNfbzgEIg93OAQjw3s4BGPTJzQEY7drOARju3M4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIk6HLAQiKo8sBCIWgzQEI/aXOAQjCwM4BCKHUzgEI7NXOAQj5184BCPnYzgEI/dnOAQjD284BCNfbzgEIg93OAQjw3s4BGPTJzQEY7drOARju3M4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /.well-known/acme-challenge/coo/ HTTP/1.1Host: tara-land.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tara-land.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tara-land.com/.well-known/acme-challenge/coo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /I0/0110019503787854-66c0415b-6b5f-40a0-9143-cd05d9ba25cd-000000/MQdioE4EzFrar1aHyZSqbm29C_I=198 HTTP/1.1Host: jczhtgnq.r.eu-north-1.awstrack.meConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bakirkoysurucukursum.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /HSHEWNS HTTP/1.1Host: documents.onmembersonln.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.bakirkoysurucukursum.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: documents.onmembersonln.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://documents.onmembersonln.com/HSHEWNSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: audio.voxnest.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: tara-land.com
Source: global trafficDNS traffic detected: DNS query: www.bakirkoysurucukursum.com
Source: global trafficDNS traffic detected: DNS query: jczhtgnq.r.eu-north-1.awstrack.me
Source: global trafficDNS traffic detected: DNS query: documents.onmembersonln.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 908sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIk6HLAQiKo8sBCIWgzQEI+dfOAQjD284BCNfbzgEY9MnNAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Tue, 11 Mar 2025 14:29:32 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91ebbe9f1a1ceeee-EWR
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Tue, 11 Mar 2025 14:29:33 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91ebbea21b5fe608-IAD
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57409
Source: unknownNetwork traffic detected: HTTP traffic on port 57414 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54282 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57418 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57406
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57408
Source: unknownNetwork traffic detected: HTTP traffic on port 57420 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57377
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57378
Source: unknownNetwork traffic detected: HTTP traffic on port 54277 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57408 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57377 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54283 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57413 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57417 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57417
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57418
Source: unknownNetwork traffic detected: HTTP traffic on port 57421 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57419
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57379
Source: unknownNetwork traffic detected: HTTP traffic on port 53962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57400 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57413
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57414
Source: unknownNetwork traffic detected: HTTP traffic on port 57385 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57386
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57387
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57420
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57421
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57384
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57385
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57380
Source: unknownNetwork traffic detected: HTTP traffic on port 57378 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57395 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54284 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54280 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57380 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57394
Source: unknownNetwork traffic detected: HTTP traffic on port 57406 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57395
Source: unknownNetwork traffic detected: HTTP traffic on port 57379 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54285 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54281 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57419 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57409 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57400
Source: unknownHTTPS traffic detected: 2.16.164.59:443 -> 192.168.2.24:53974 version: TLS 1.2
Source: classification engineClassification label: mal60.phis.winDOCX@30/13@17/132
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$n-Disclosure Agreement Contract.docx
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{9C9EEC9F-7528-454B-8077-8162196AECFF} - OProcSessId.dat
Source: Non-Disclosure Agreement Contract.docxOLE indicator, Word Document stream: true
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\Non-Disclosure Agreement Contract.docx" /o ""
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1840,i,14588777340965528039,9093886458572346763,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=2144 /prefetch:11
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1840,i,14588777340965528039,9093886458572346763,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=2144 /prefetch:11
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CE74DE4-53D3-4D74-8B83-431B3828BA53}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: Non-Disclosure Agreement Contract.docxInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformation

HIPS / PFW / Operating System Protection Evasion

barindex
Writes to foreign memory regions
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEMemory written: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe base: 238C65F0000
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEMemory written: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe base: B7BF4DE2D8

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		11
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		11
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection		Security Account Manager1
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Non-Disclosure Agreement Contract.docx0%VirustotalBrowse
Non-Disclosure Agreement Contract.docx0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png0%Avira URL Cloudsafe
https://tara-land.com/.well-known/acme-challenge/coo/0%Avira URL Cloudsafe
https://tara-land.com/favicon.ico0%Avira URL Cloudsafe
https://documents.onmembersonln.com/HSHEWNS100%Avira URL Cloudphishing
https://documents.onmembersonln.com/favicon.ico100%Avira URL Cloudphishing
https://jczhtgnq.r.eu-north-1.awstrack.me/I0/0110019503787854-66c0415b-6b5f-40a0-9143-cd05d9ba25cd-000000/MQdioE4EzFrar1aHyZSqbm29C_I=1980%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a1737.b.akamai.net
2.16.164.59
truefalse
    		high
    bakirkoysurucukursum.com
    		185.33.233.152
    		truefalse
      		unknown
      plus.l.google.com
      		172.217.16.142
      		truefalse
        		high
        play.google.com
        		216.58.206.78
        		truefalse
          		high
          a726.dscd.akamai.net
          		2.19.11.111
          		truefalse
            		high
            tara-land.com
            		91.219.60.108
            		truefalse
              		unknown
              d1pgig4vf21s03.cloudfront.net
              		3.161.82.119
              		truefalse
                		unknown
                www.google.com
                		142.250.184.228
                		truefalse
                  		high
                  documents.onmembersonln.com
                  		188.114.97.3
                  		truefalse
                    		unknown
                    s-0005.dual-s-msedge.net
                    		52.123.129.14
                    		truefalse
                      		high
                      baconredirects-elb-1qpbgztabxykt-1402387626.eu-north-1.elb.amazonaws.com
                      		13.48.119.120
                      		truefalse
                        		unknown
                        audio.voxnest.com
                        		unknown
                        		unknownfalse
                          		unknown
                          docucdn-a.akamaihd.net
                          		unknown
                          		unknownfalse
                            		high
                            jczhtgnq.r.eu-north-1.awstrack.me
                            		unknown
                            		unknownfalse
                              		unknown
                              apis.google.com
                              		unknown
                              		unknownfalse
                                		high
                                www.bakirkoysurucukursum.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.pngfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/async/ddljson?async=ntp:2false
                                    		high
                                    https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalse
                                      		high
                                      https://play.google.com/log?format=json&hasfast=truefalse
                                        		high
                                        https://tara-land.com/.well-known/acme-challenge/coo/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://documents.onmembersonln.com/favicon.icotrue
                                        • Avira URL Cloud: phishing
                                        		unknown
                                        https://www.google.com/async/newtab_promosfalse
                                          		high
                                          https://tara-land.com/favicon.icofalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://documents.onmembersonln.com/HSHEWNStrue
                                          • Avira URL Cloud: phishing
                                          		unknown
                                          https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                            		high
                                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                              		high
                                              https://jczhtgnq.r.eu-north-1.awstrack.me/I0/0110019503787854-66c0415b-6b5f-40a0-9143-cd05d9ba25cd-000000/MQdioE4EzFrar1aHyZSqbm29C_I=198false
                                              • Avira URL Cloud: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              216.58.206.74
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              216.58.206.78
                                              		play.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              52.123.129.14
                                              		s-0005.dual-s-msedge.netUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              52.111.236.34
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              2.19.11.111
                                              		a726.dscd.akamai.netEuropean Union
                                              		719ELISA-ASHelsinkiFinlandEUfalse
                                              64.233.166.84
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              3.161.82.119
                                              		d1pgig4vf21s03.cloudfront.netUnited States
                                              		16509AMAZON-02USfalse
                                              52.109.32.97
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              52.109.89.19
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              142.250.184.228
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              2.22.242.131
                                              		unknownEuropean Union
                                              		20940AKAMAI-ASN1EUfalse
                                              172.217.16.142
                                              		plus.l.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              52.182.143.208
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              1.1.1.1
                                              		unknownAustralia
                                              		13335CLOUDFLARENETUSfalse
                                              2.22.242.89
                                              		unknownEuropean Union
                                              		20940AKAMAI-ASN1EUfalse
                                              13.48.119.120
                                              		baconredirects-elb-1qpbgztabxykt-1402387626.eu-north-1.elb.amazonaws.comUnited States
                                              		16509AMAZON-02USfalse
                                              142.250.185.170
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              2.16.164.59
                                              		a1737.b.akamai.netEuropean Union
                                              		20940AKAMAI-ASN1EUfalse
                                              52.109.28.48
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              142.250.185.174
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              188.114.97.3
                                              		documents.onmembersonln.comEuropean Union
                                              		13335CLOUDFLARENETUSfalse
                                              142.250.185.195
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              91.219.60.108
                                              		tara-land.comUkraine
                                              		205172YANINA-ASUAfalse
                                              142.250.184.238
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.16.195
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              185.33.233.152
                                              		bakirkoysurucukursum.comTurkey
                                              		51557TR-FBSTRfalse

                                              Private

                                              IP
                                              192.168.2.24

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1635311
                                              Start date and time:2025-03-11 15:27:08 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                              Run name:Potential for more IOCs and behavior
                                              Number of analysed new started processes analysed:18
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Sample name:Non-Disclosure Agreement Contract.docx
                                              Detection:MAL
                                              Classification:mal60.phis.winDOCX@30/13@17/132
                                              Cookbook Comments:
                                              • Found application associated with file extension: .docx

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                              • Excluded IPs from analysis (whitelisted): 172.64.149.23, 104.18.38.233, 52.109.32.97
                                              • Excluded domains from analysis (whitelisted): crt.comodoca.com.cdn.cloudflare.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net, crt.comodoca.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtOpenFile calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • Report size getting too big, too many NtSetValueKey calls found.
                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • VT rate limit hit for: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\~DF9985DE342569D5D7.TMP

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                              File Type:Composite Document File V2 Document, Cannot read section info
                                              Category:dropped
                                              Size (bytes):16384
                                              Entropy (8bit):0.5502294041146059
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:39EE3560343D34FEBF733847EFAAB02A
                                              SHA1:67156CE8E608A515D0CF5E03DC9DF64CCEC2FD54
                                              SHA-256:81B313A27599926BFF6FA83D24AE8358568A431D14D371C8741E28699D472FBC
                                              SHA-512:5A270B388A61D63252B898FF4F2FDD184EDB956E745E2EA4CF94936CA23AD1412CE2146F5E557E9557D6354DC0F763E86158712D7481711EDBB9336A4D39A2A2
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\Desktop\~$n-Disclosure Agreement Contract.docx

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.660270650742117
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:395CA4564D92C10DA5AB366EF5F9F0E8
                                              SHA1:A6D9DBF2A978DCEFE71E2EAABB9D7F72923D92C6
                                              SHA-256:2378FB480A32767AA9AE75FF4876B888DE91A7C93CDD7A7658968DCEC4412341
                                              SHA-512:9AA5A7B6D89301A3557C97B79BB93FA414827AD5AC56FE6615F36980C525556035B3F23B61ECE6715ABD914E28E263E0B170E815817A8D7A84CDF6143BFBC450
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:................................................................'.....@.:.....\.<.\...\.<.\...[P......................[P.......qL........d..T;~............6..

                                              Chrome Cache Entry: 71

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (5162), with no line terminators
                                              Category:downloaded
                                              Size (bytes):5162
                                              Entropy (8bit):5.349865760247148
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:70A8F21806E7F1B739937970EBE49A0C
                                              SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                              SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                              SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                              Malicious:false
                                              Reputation:unknown
                                              URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTucClwlLUqaQmlTybxGncrc_XS2Pg"
                                              Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                              Chrome Cache Entry: 72

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:data
                                              Category:downloaded
                                              Size (bytes):277
                                              Entropy (8bit):7.283588725559875
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6A6D1707B84A3923CC529F2FE651FAED
                                              SHA1:1505F334C01CCA362846FAE719F5605985D0B027
                                              SHA-256:471CDC109D39A4E03393BCAA7DC468CB92F2BBE1B8F8838DED9ABC957D09BEBF
                                              SHA-512:0E3BDBF2BABD3504663F682C5FA2565FDAC3FBC7F358E294BA1D9E55BC590155475DC2DC8C62A3BA64C9BAF428F6EC1AD5D46765A26370EA049FF6B9FB176F96
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.bakirkoysurucukursum.com/%77%70%2D%69%6E%63%6C%75%64%65%73%2F%54%65%78%74%2F%44%69%66%66%2F%45%6E%67%69%6E%65%2F%67%68%6A%2F%64%69%72%65%63%74%69%6E%67.%68%74%6D%6C
                                              Preview:"4.........f>U....s6....tQ.f...:..m._.QX9..t.%..B.I...V[~...UJ@............G...Uk9..a..6.^..N..k ...w..E.W?...I......&..u,G.G.U.....%.,.......n.`....P.!.....8....P. .....]l.d@.e..(.q*...3i..4.2......)OQ..SH.hF*.|2#J.v..d!.n'..w.>`|.w\...,.n..+.C.A%+.o...X.#..=..2Q)

                                              Chrome Cache Entry: 73

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text
                                              Category:downloaded
                                              Size (bytes):29
                                              Entropy (8bit):3.9353986674667634
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6FED308183D5DFC421602548615204AF
                                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.google.com/async/newtab_promos
                                              Preview:)]}'.{"update":{"promos":{}}}

                                              Chrome Cache Entry: 74

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:GIF image data, version 89a, 1 x 1
                                              Category:downloaded
                                              Size (bytes):43
                                              Entropy (8bit):3.0314906788435274
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:325472601571F31E1BF00674C368D335
                                              SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                                              SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                                              SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://jczhtgnq.r.eu-north-1.awstrack.me/I0/0110019503787854-66c0415b-6b5f-40a0-9143-cd05d9ba25cd-000000/MQdioE4EzFrar1aHyZSqbm29C_I=198
                                              Preview:GIF89a.............!.......,...........D..;

                                              Chrome Cache Entry: 75

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (1437)
                                              Category:downloaded
                                              Size (bytes):117390
                                              Entropy (8bit):5.490758436358278
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B52266FAD5115039E3806FF8DCD71F86
                                              SHA1:8007278E322C8EA9F3CB5B62008E3E3599E9F659
                                              SHA-256:E390D05D78F6E51B03F7C3D1D0C3B7C3E79B3D53C4F83685CFAD83D2E863456E
                                              SHA-512:58293A89F48926A7059F6C91AA79EBD941072D3BC31AA571342ABA76F007981750620F960CCB59E9E3C828FC8E1748B500E3138381D82EF8A171AD7C60F5C5FC
                                              Malicious:false
                                              Reputation:unknown
                                              URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0"
                                              Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);oa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.oa("Symbol",function(a){if(a)return a;var b

                                              Chrome Cache Entry: 76

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65531)
                                              Category:downloaded
                                              Size (bytes):131658
                                              Entropy (8bit):5.437564357401127
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4A41135DB8FFFBD4F38B211CA70F4744
                                              SHA1:5F873C8A972C849624615505999D15A73BB484A9
                                              SHA-256:5A2AAE54D394B1A566C6796FC59B4B412F137649BE1C5A5E3EA2FC9BE064E099
                                              SHA-512:126CFA919F385CB35346CE9208D4AF62D0ECCA00B02D38EAE6B42B0F8107EC990CF57DECD1F8286861D59FA3FD7A1B1C6BECF6AC37B4E632C59D02C3AA7D8583
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                              Chrome Cache Entry: 77

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (2412)
                                              Category:downloaded
                                              Size (bytes):173494
                                              Entropy (8bit):5.555398746302217
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4B41432CA29BA7B366890C3211D319DD
                                              SHA1:C60F89E8ACCE6E93A14BE7E09C8A719BAC3AAF46
                                              SHA-256:9E09A8F1471D9E076C80D0E6D9D4A888E34D63EA93EF10740811E82FA9E1BD94
                                              SHA-512:BA762DAE90D37D25E8BA33F7FC43A58C6C758D842912288110923F798245A3A1408AFC13AAC7124A8CDE2D3E6D9AB50BDD626D0558421945785139E0EDA15C38
                                              Malicious:false
                                              Reputation:unknown
                                              URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv9PWxAWOkNMB0THY2YxYWamdWWtA"
                                              Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Oi=function(a){if(4&a)return 2048&a?2048:4096&a?4096:0};_.Pi=class extends _.P{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Qi,Ti,Ui,Wi,Xi,aj;Qi=function(){return typeof BigInt==="function"};Ti=function(a){const b=a>>>0;_.Ri=b;_.Si=(a-b)/4294967296>>>0};Ui=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Vi=function(a){if(a<0){Ti(-a);const [b,c]=Ui(_.Ri,_.Si);_.Ri=b>>>0;_.Si=c>>>0}else Ti(a)};Wi=function(a){a=String(a);return"0000000".slice(a.length)+a};.Xi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296*b+a);else Qi()?c=""+(BigInt(b)<<BigInt(32)|BigInt(a)):(c=(a>>>24|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c*6777216+b*6710656,c+=b*8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Wi(c)+Wi(a));return c};_.Yi=function(a,b){if(b&2147483648)if(Qi())a=""+(BigInt(b|0)<<BigInt(32)|BigInt(a>>>0));else{const [c,d]=Ui(a,b);a="-"+Xi(c,d)}else a=Xi(a,b);return a};._.Zi

                                              Chrome Cache Entry: 79

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1660
                                              Entropy (8bit):4.301517070642596
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:554640F465EB3ED903B543DAE0A1BCAC
                                              SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                              SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                              SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                              Chrome Cache Entry: 80

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (528), with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):17503
                                              Entropy (8bit):4.897813431668027
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:28AFBB065043420D4D98FB6553985770
                                              SHA1:0CF258D4E9458CE0D69A5EBBB1F7C8A311264AA4
                                              SHA-256:92CF29BD2835B9184848C3C6316D1BC5BBCC91B6AA110714CF2122F6F459439F
                                              SHA-512:41E0A24D5A7BADCB42E7128FDB816A01E1C4C45C1060260F87CB73CF4B10BE496FFB0D5A8B2259A375B5475BEE8B137B5E2ED2ED3B83F1D8E8D88CEB819D346F
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://tara-land.com/.well-known/acme-challenge/coo/
                                              Preview:<html><head><style type="text/css">.. ...rps_d0c2 *...{margin-top:0px;...margin-bottom:0px;...padding:0px;...border:none;...outline:none}...rps_d0c2 > div...{margin:0!important;...padding:0!important;...width:100%!important}...rps_d0c2 img...{border:0!important;...display:block!important;...outline:none!important}...rps_d0c2 table...{border-collapse:collapse}...rps_d0c2 td...{border-collapse:collapse}...rps_d0c2 a...{text-decoration:none}...rps_d0c2 .x_ExternalClass...{width:100%;...line-height:100%}...rps_d0c2 a[x-apple-data-detectors]...{color:inherit!important;...text-decoration:none!important;...font-size:inherit!important;...font-family:inherit!important;...font-weight:inherit!important;...line-height:inherit!important}..@font-face...{font-family:'avenir';...font-style:normal;...font-weight:400}..@font-face...{font-family:'avenir';...font-style:normal;...font-weight:500}..@font-face...{font-family:'avenir';...font-style:normal;...font-weight:600}..@font-face...{font-family:'ave

                                              Chrome Cache Entry: 81

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (893)
                                              Category:downloaded
                                              Size (bytes):898
                                              Entropy (8bit):5.161731614404364
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:757FE5AE81AACD3F99249216A7E0130B
                                              SHA1:35110E3968202DC6288507BC94223661788B1C77
                                              SHA-256:366750F3EDA413693AA8870706FB8238B7AB5479281B8B851C60AC3F6DBAA7FA
                                              SHA-512:E2338D909D7B6E338BCDE9D82267E51C1F0B52188BC394EB00E32F2953E75EF0150D1E54268A63E9541E3708FCEDE3C94899AD021A7F7FC8E0E9CA7AE9DDB7E7
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                              Preview:)]}'.["",["ny jets brandon stephens","air india flight clogged toilets","spongebob squarepants mtg secret lair","social security overpayments","google chromecast audio","fc barcelona vs benfica prediction","ringo starr ryman concert","big lots stores reopening"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"8317027579059322130","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                              Chrome Cache Entry: 82

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):553
                                              Entropy (8bit):4.662821081936326
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0127426BF3BA07FF7211399DDF5186C4
                                              SHA1:221D89F3261F545AC58848EBA300E0134C76FF9A
                                              SHA-256:982B986BB578E137F062099427A8CAEC3C501C84A9E4B22369EBD2BADEC42FE7
                                              SHA-512:6CEA4AB7D43A518A316120BF7AE340583E989A21FC3E142DDD71742D53A7AE6CFA276F232ACD6B6794444B28AA9A666C40171EE44341A7B9A3CA8453B61A371A
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://documents.onmembersonln.com/HSHEWNS
                                              Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>cloudflare</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

                                              Static File Info

                                              General

                                              File type:Microsoft Word 2007+
                                              Entropy (8bit):7.486700950559629
                                              TrID:
                                              • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                                              • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                                              • ZIP compressed archive (8000/1) 9.41%
                                              File name:Non-Disclosure Agreement Contract.docx
                                              File size:20'571 bytes
                                              MD5:2a6ace4b9061198e66eaecddf455fd89
                                              SHA1:d3258c08007254495b5afbb9d3573ca90bfefccf
                                              SHA256:0e1fe67a8f8385717590e8cb74315cd944c327ae28bf0870bb7d7551a4cf9616
                                              SHA512:0aa3bd5f080e5d337749c9266a5b4ef4dd733ac7e548e8a032123e83c247bb1b9cac66edf747ccc9f175f3b6e4ec0cbf8757416ec55e307436d03b2f3cc30163
                                              SSDEEP:384:3/YiiqPeZc2FP4VPqfWZ333WJoWYPsaJsH2S1U:3wjc2yiq333HPsaJsK
                                              TLSH:AC92C03D6B73B8B2D312857D508E51D8F4690D03D65428CAD41CB6CCB6B58DB17E069F
                                              File Content Preview:PK..........!.....e...R.......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                              File Icon

                                              Icon Hash:35e5c48caa8a8599

                                              Static OLE Info

                                              General

                                              Document Type:OpenXML
                                              Number of OLE Files:1

                                              OLE File "Non-Disclosure Agreement Contract.docx"

                                              Indicators
                                              Has Summary Info:
                                              Application Name:
                                              Encrypted Document:False
                                              Contains Word Document Stream:True
                                              Contains Workbook/Book Stream:False
                                              Contains PowerPoint Document Stream:False
                                              Contains Visio Document Stream:False
                                              Contains ObjectPool Stream:False
                                              Flash Objects Count:0
                                              Contains VBA Macros:False