Edit tour

Windows Analysis Report
https://v.douyin.com/iLTjJWsj/

Overview

General Information

Sample URL:	https://v.douyin.com/iLTjJWsj/
Analysis ID:	1480557

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://v.douyin.com/iLTjJWsj/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1800,i,18322113500312506924,3654286355985266566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.douyin.com/user/MS4wLjABAAAAlhhSPXuKOw0-bX-8D9M_YdN4SbunF2HBHObHa2kFPRI?previous_page=web_code_link	HTTP Parser: No favicon
Source: https://www.douyin.com/user/MS4wLjABAAAAlhhSPXuKOw0-bX-8D9M_YdN4SbunF2HBHObHa2kFPRI?previous_page=web_code_link	HTTP Parser: No favicon
Source: https://rmc.bytedance.com/verifycenter/captcha/v2?from=iframe&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&env=%7B%22screen%22%3A%7B%22w%22%3A1280%2C%22h%22%3A1024%7D%2C%22browser%22%3A%7B%22w%22%3A1280%2C%22h%22%3A984%7D%2C%22page%22%3A%7B%22w%22%3A1280%2C%22h%22%3A907%7D%2C%22document%22%3A%7B%22width%22%3A1280%7D%2C%22product_host%22%3A%22www.douyin.com%22%2C%22vc_version%22%3A%221.0.0.64%22%2C%22maskTime%22%3A1721845748624%2C%22h5_check_version%22%3A%223.5.2%22%7D&aid=6383&scene_level=p2&host=https%3A%2F%2Fverify.snssdk.com&hideCloseBtn=true&verify_data=%7B%22code%22%3A%2210000%22%2C%22from%22%3A%22%22%2C%22type%22%3A%22verify%22%2C%22version%22%3A%22%22%2C%22region%22%3A%22cn%22%2C%22subtype%22%3A%22slide%22%2C%22ui_type%22%3A%22%22%2C%22detail%22%3A%228vMaPxt2LLW4weFijO9fqZCpCeGi58tC7U0tZ-XDwgyr5v0a6w-iPUJt2sC7orkyRdlrgKIyME8lVH65diKCR5Fxo7qd-sDExobvqshZNFUCJS4Klb32CIFXNeaqDNcEzxfWgMYuC2DPaePhdANJ0hHhUe2A1XVNX1jGA3mHBLF8TbClJZEfrBTP6hRNIA6biUnSEeEVgILOg2u4wKyyTDaipkP3Kryyfl1CquJSqm-NJ5L7P...	HTTP Parser: No favicon
Source: https://rmc.bytedance.com/verifycenter/captcha/v2?from=iframe&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&env=%7B%22screen%22%3A%7B%22w%22%3A1280%2C%22h%22%3A1024%7D%2C%22browser%22%3A%7B%22w%22%3A1280%2C%22h%22%3A984%7D%2C%22page%22%3A%7B%22w%22%3A1280%2C%22h%22%3A907%7D%2C%22document%22%3A%7B%22width%22%3A1280%7D%2C%22product_host%22%3A%22www.douyin.com%22%2C%22vc_version%22%3A%221.0.0.64%22%2C%22maskTime%22%3A1721845748624%2C%22h5_check_version%22%3A%223.5.2%22%7D&aid=6383&scene_level=p2&host=https%3A%2F%2Fverify.snssdk.com&hideCloseBtn=true&verify_data=%7B%22code%22%3A%2210000%22%2C%22from%22%3A%22%22%2C%22type%22%3A%22verify%22%2C%22version%22%3A%22%22%2C%22region%22%3A%22cn%22%2C%22subtype%22%3A%22slide%22%2C%22ui_type%22%3A%22%22%2C%22detail%22%3A%228vMaPxt2LLW4weFijO9fqZCpCeGi58tC7U0tZ-XDwgyr5v0a6w-iPUJt2sC7orkyRdlrgKIyME8lVH65diKCR5Fxo7qd-sDExobvqshZNFUCJS4Klb32CIFXNeaqDNcEzxfWgMYuC2DPaePhdANJ0hHhUe2A1XVNX1jGA3mHBLF8TbClJZEfrBTP6hRNIA6biUnSEeEVgILOg2u4wKyyTDaipkP3Kryyfl1CquJSqm-NJ5L7P...	HTTP Parser: No favicon
Source: https://www.douyin.com/user/MS4wLjABAAAAlhhSPXuKOw0-bX-8D9M_YdN4SbunF2HBHObHa2kFPRI?previous_page=web_code_link	HTTP Parser: No favicon
Source: https://www.douyin.com/user/MS4wLjABAAAAlhhSPXuKOw0-bX-8D9M_YdN4SbunF2HBHObHa2kFPRI?previous_page=web_code_link	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:65264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:65266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:65327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:65331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:65335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:65337 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 30MB

Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:65249 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: v.douyin.com
Source: global traffic	DNS traffic detected: DNS query: www.iesdouyin.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.douyin.com
Source: global traffic	DNS traffic detected: DNS query: lf-cdn-tos.bytescm.com
Source: global traffic	DNS traffic detected: DNS query: verify.snssdk.com
Source: global traffic	DNS traffic detected: DNS query: vcs.snssdk.com
Source: global traffic	DNS traffic detected: DNS query: lf1-cdn-tos.bytegoofy.com
Source: global traffic	DNS traffic detected: DNS query: lf-rc1.yhgfb-cn-static.com
Source: global traffic	DNS traffic detected: DNS query: rmc.bytedance.com
Source: global traffic	DNS traffic detected: DNS query: lf-c-flwb.bytetos.com
Source: global traffic	DNS traffic detected: DNS query: mcs.zijieapi.com
Source: global traffic	DNS traffic detected: DNS query: lf3-short.ibytedapm.com
Source: global traffic	DNS traffic detected: DNS query: mon.zijieapi.com
Source: global traffic	DNS traffic detected: DNS query: p9-catpcha.byteimg.com
Source: global traffic	DNS traffic detected: DNS query: mssdk.bytedance.com
Source: global traffic	DNS traffic detected: DNS query: translate.google.com
Source: global traffic	DNS traffic detected: DNS query: p6-catpcha.byteimg.com
Source: global traffic	DNS traffic detected: DNS query: lf6-captcha-sign.bytetos.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65309
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65300
Source: unknown	Network traffic detected: HTTP traffic on port 65381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65303
Source: unknown	Network traffic detected: HTTP traffic on port 65272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65304
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65320
Source: unknown	Network traffic detected: HTTP traffic on port 65335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65319
Source: unknown	Network traffic detected: HTTP traffic on port 65289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65311
Source: unknown	Network traffic detected: HTTP traffic on port 65346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 65363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65331
Source: unknown	Network traffic detected: HTTP traffic on port 65267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65329
Source: unknown	Network traffic detected: HTTP traffic on port 65305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65321
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65327
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65342
Source: unknown	Network traffic detected: HTTP traffic on port 65316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 65369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 65290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 65256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65337
Source: unknown	Network traffic detected: HTTP traffic on port 65365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65275
Source: unknown	Network traffic detected: HTTP traffic on port 65361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65274
Source: unknown	Network traffic detected: HTTP traffic on port 65355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65267
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65285
Source: unknown	Network traffic detected: HTTP traffic on port 65314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 65292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65279
Source: unknown	Network traffic detected: HTTP traffic on port 65275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65278
Source: unknown	Network traffic detected: HTTP traffic on port 65258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65291
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65296
Source: unknown	Network traffic detected: HTTP traffic on port 65321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65290
Source: unknown	Network traffic detected: HTTP traffic on port 65264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65288
Source: unknown	Network traffic detected: HTTP traffic on port 65383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65289
Source: unknown	Network traffic detected: HTTP traffic on port 65366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65353
Source: unknown	Network traffic detected: HTTP traffic on port 65313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65351
Source: unknown	Network traffic detected: HTTP traffic on port 65262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65346
Source: unknown	Network traffic detected: HTTP traffic on port 65368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65349
Source: unknown	Network traffic detected: HTTP traffic on port 65385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65363
Source: unknown	Network traffic detected: HTTP traffic on port 65318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65362
Source: unknown	Network traffic detected: HTTP traffic on port 65356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65354
Source: unknown	Network traffic detected: HTTP traffic on port 65296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65355
Source: unknown	Network traffic detected: HTTP traffic on port 65380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65375
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65373
Source: unknown	Network traffic detected: HTTP traffic on port 65357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65365
Source: unknown	Network traffic detected: HTTP traffic on port 65297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65366
Source: unknown	Network traffic detected: HTTP traffic on port 65257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65382
Source: unknown	Network traffic detected: HTTP traffic on port 65362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65380
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65264
Source: unknown	Network traffic detected: HTTP traffic on port 65312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65384
Source: unknown	Network traffic detected: HTTP traffic on port 65263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65379
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65377
Source: unknown	Network traffic detected: HTTP traffic on port 65252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65259

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:65264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:65266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:65327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:65331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:65335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:65337 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/39@78/296

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://v.douyin.com/iLTjJWsj/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1800,i,18322113500312506924,3654286355985266566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1800,i,18322113500312506924,3654286355985266566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://v.douyin.com/iLTjJWsj/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.iesdouyin.com.queniuum.com	163.181.92.223	true	false	unknown
k5-toutiao-ipv6-ml.gslb.ksyuncdn.com	129.227.133.135	true	false	unknown
lf-c-flwb.bytetos.com.queniuuf.com	163.181.92.223	true	false	unknown
www.douyin.com.queniuyk.com	163.181.92.243	true	false	unknown
v.douyin.com.queniuiq.com	163.181.92.223	true	false	unknown
l7-online-self-max.s.dsa.cdnbuild.net	130.44.212.65	true	false	unknown
lf-cdn-tos.bytescm.com.queniuuf.com	47.246.46.225	true	false	unknown
uz91.v.bsgslb.com	154.85.69.11	true	false	unknown
lf-rc1.yhgfb-cn-static.com.230b2a2545cfa773.queniubg.com	163.181.92.223	true	false	unknown
mcs.zijieapi.com.queniurc.com	163.181.92.239	true	false	unknown
www3.l.google.com	142.250.186.78	true	false	unknown
www.google.com	172.217.18.100	true	false	unknown
vcs.snssdk.com.queniuiq.com	163.181.92.246	true	false	unknown
hcdndyn.zjv6.c.cdnhwc2.com	112.90.95.60	true	false	unknown
mssdk.bytedance.com.queniukw.com	163.181.92.223	true	false	unknown
verify.snssdk.com.queniuyk.com	163.181.92.239	true	false	unknown
lf1-cdn-tos.bytegoofy.com.230b2a2545cfa773.queniubg.com	47.246.46.229	true	false	unknown
lf3-short.ibytedapm.com.w.cdngslb.com	163.181.92.246	true	false	unknown
jtypkz2w.sched.d2-dk.tdnsdp1.cn	221.204.209.125	true	false	unknown
rmc.bytedance.com.230b2a2545cfa773.queniuck.com	163.181.92.239	true	false	unknown
lf-cdn-tos.bytescm.com	unknown	unknown	false	unknown
lf6-captcha-sign.bytetos.com	unknown	unknown	false	unknown
lf-rc1.yhgfb-cn-static.com	unknown	unknown	false	unknown
mcs.zijieapi.com	unknown	unknown	false	unknown
p6-catpcha.byteimg.com	unknown	unknown	false	unknown
rmc.bytedance.com	unknown	unknown	false	unknown
www.douyin.com	unknown	unknown	false	unknown
verify.snssdk.com	unknown	unknown	false	unknown
lf3-short.ibytedapm.com	unknown	unknown	false	unknown
mon.zijieapi.com	unknown	unknown	false	unknown
www.iesdouyin.com	unknown	unknown	false	unknown
mssdk.bytedance.com	unknown	unknown	false	unknown
p9-catpcha.byteimg.com	unknown	unknown	false	unknown
translate.google.com	unknown	unknown	false	unknown
vcs.snssdk.com	unknown	unknown	false	unknown
lf1-cdn-tos.bytegoofy.com	unknown	unknown	false	unknown
v.douyin.com	unknown	unknown	false	unknown
lf-c-flwb.bytetos.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://rmc.bytedance.com/verifycenter/captcha/v2?from=iframe&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&env=%7B%22screen%22%3A%7B%22w%22%3A1280%2C%22h%22%3A1024%7D%2C%22browser%22%3A%7B%22w%22%3A1280%2C%22h%22%3A984%7D%2C%22page%22%3A%7B%22w%22%3A1280%2C%22h%22%3A907%7D%2C%22document%22%3A%7B%22width%22%3A1280%7D%2C%22product_host%22%3A%22www.douyin.com%22%2C%22vc_version%22%3A%221.0.0.64%22%2C%22maskTime%22%3A1721845748624%2C%22h5_check_version%22%3A%223.5.2%22%7D&aid=6383&scene_level=p2&host=https%3A%2F%2Fverify.snssdk.com&hideCloseBtn=true&verify_data=%7B%22code%22%3A%2210000%22%2C%22from%22%3A%22%22%2C%22type%22%3A%22verify%22%2C%22version%22%3A%22%22%2C%22region%22%3A%22cn%22%2C%22subtype%22%3A%22slide%22%2C%22ui_type%22%3A%22%22%2C%22detail%22%3A%228vMaPxt2LLW4weFijO9fqZCpCeGi58tC7U0tZ-XDwgyr5v0a6w-iPUJt2sC7orkyRdlrgKIyME8lVH65diKCR5Fxo7qd-sDExobvqshZNFUCJS4Klb32CIFXNeaqDNcEzxfWgMYuC2DPaePhdANJ0hHhUe2A1XVNX1jGA3mHBLF8TbClJZEfrBTP6hRNIA6biUnSEeEVgILOg2u4wKyyTDaipkP3Kryyfl1CquJSqm-NJ5L7PFZjarKRoAl9w9UB7sxLkx4HntsY8up6USbhsaDz1N0O6MDd-4VWH00TBdEBkzKYUCRP8P8qeaR7nER3j4bh6RS-6kmhlm3am-haLdbLE4JDq2liT5lHGwphnzbnnQxvSk3enuuRfCtn5t0Quh9jhteQr-1KOJFavsjwNvE9DtIRRPruusX9LKYOEVdLHodOoUowL51xkCFoayY0I6VZHs45e6omc0W8C0Mx8AxfPamFkUyIC2dyKMxHrSYHujjz8M93EUV9CkQOGa0.%22%2C%22verify_event%22%3A%2215699%22%2C%22fp%22%3A%22verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS%22%2C%22server_sdk_env%22%3A%22%7B%5C%22idc%5C%22%3A%5C%22lf%5C%22%2C%5C%22region%5C%22%3A%5C%22CN%5C%22%2C%5C%22server_type%5C%22%3A%5C%22whale%5C%22%7D%22%2C%22log_id%22%3A%222024072502290418A67346CF1E4B2CDCAA%22%2C%22is_assist_mobile%22%3Afalse%2C%22is_complex_sms%22%3Afalse%2C%22identity_action%22%3A%22%22%2C%22identity_scene%22%3A%22%22%2C%22login_status%22%3A0%2C%22aid%22%3A0%2C%22mfa_decision%22%3A%22%22%7D	false		unknown
https://www.douyin.com/user/MS4wLjABAAAAlhhSPXuKOw0-bX-8D9M_YdN4SbunF2HBHObHa2kFPRI?previous_page=web_code_link	false		unknown
about:blank	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
221.204.209.228	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
47.246.46.225	lf-cdn-tos.bytescm.com.queniuuf.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
163.181.92.249	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
163.181.92.243	www.douyin.com.queniuyk.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
142.250.185.106	unknown	United States	15169	GOOGLEUS	false
163.181.92.223	www.iesdouyin.com.queniuum.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
163.181.92.245	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
163.181.92.246	vcs.snssdk.com.queniuiq.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
47.246.46.229	lf1-cdn-tos.bytegoofy.com.230b2a2545cfa773.queniubg.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
103.198.200.50	unknown	China	55720	GIGABIT-MYGigabitHostingSdnBhdMY	false
154.85.69.11	uz91.v.bsgslb.com	Seychelles	35916	MULTA-ASN1US	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
129.227.133.135	k5-toutiao-ipv6-ml.gslb.ksyuncdn.com	Singapore	21859	ZNETUS	false
221.204.209.125	jtypkz2w.sched.d2-dk.tdnsdp1.cn	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
172.217.16.142	unknown	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	www3.l.google.com	United States	15169	GOOGLEUS	false
130.44.212.65	l7-online-self-max.s.dsa.cdnbuild.net	United States	396986	BYTEDANCEUS	false
112.90.95.60	hcdndyn.zjv6.c.cdnhwc2.com	China	134543	UNICOM-DONGGUAN-IDCChinaUnicomGuangdongIPnetworkCN	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.71.84	unknown	United States	15169	GOOGLEUS	false
163.181.92.239	mcs.zijieapi.com.queniurc.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
153.99.77.6	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
47.246.46.230	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
142.250.186.106	unknown	United States	15169	GOOGLEUS	false
163.181.92.241	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
154.85.69.3	unknown	Seychelles	35916	MULTA-ASN1US	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
172.217.18.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1480557
Start date and time:	2024-07-24 20:28:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://v.douyin.com/iLTjJWsj/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/39@78/296

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 74.125.71.84, 172.217.16.142, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://v.douyin.com/iLTjJWsj/

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 17:28:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992720937327792
Encrypted:	false
SSDEEP:
MD5:	54FF35671BC0A9D6BAA32D9FBB36B4B4
SHA1:	0E0E596E19753F2111B540A3C2FC30058151B29F
SHA-256:	A5A11D7BD3035E975682966227619D8996DFC954DB9D955022D4085F661457DC
SHA-512:	F101148B3D3CF3FC2A5823BC2907883744F63B9DC916AC407FA70A7C5858DC4EE01CBA8AF2095D58A121A1A0323BA697DF4701BE955820FA2AE74BB8BD36FA08
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....jO.X........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 17:28:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.009191496178547
Encrypted:	false
SSDEEP:
MD5:	D6FC06C2602B91CCE7BA2828AE094276
SHA1:	6552D979963F79854249EFF93EFF10CA2EC93BC6
SHA-256:	F43E24C215AEE34ECC0278BE8B069192D5813D021CBBC9A21EC935208A36B2A8
SHA-512:	DB596EF0FC2680A40FF7D75D2C92F33277904D4112299A766AC13C9F2311D3CFE33A58411D25E93BF861EA294E29306D785A2288D2C8A2E3AD8645F85FE011AD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....%u.X........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.018303244628732
Encrypted:	false
SSDEEP:
MD5:	3C9CEF2B14BCBD59CBD268C71E83C25F
SHA1:	B463B4CFB302E6FCD359C01F51838AAA8DD3EA20
SHA-256:	04084E6309D643E99A2EE8E6CF61B05B1C2BE49040BDD9778554C08F6C39761F
SHA-512:	FB8BE09F69D7E5B30D1216C5A8D2E1EDACE8720D0B6E9E81EA597E63886419846D2D714E83DA575FFA199F8E2541089E1CB75A8A8F61C7E5F1186447741FDF90
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 17:28:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.009304142007179
Encrypted:	false
SSDEEP:
MD5:	76429559CC322107E8E9F5DB8DB74FE0
SHA1:	59F054793846B38C84D52CA09DB34D3C0BC89F46
SHA-256:	9756F39610A914B3300D39E605C6C0107831B897EE79FDDBE4242A382F31747B
SHA-512:	38ED856D17BC02018DC143F40FA2DE8197F2673D53BBCDBEF9D0C720D995EFD59B0B0D582CB07AD4872AD36F6BD3ECD61D3EE31097B9845A08BAEFF245007070
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......W........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 17:28:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99936037610449
Encrypted:	false
SSDEEP:
MD5:	19528827106DE0F9EF2FB354A9DDB24B
SHA1:	BF359FBAE49B855FBDED1F01DC55F6807E5B1027
SHA-256:	2BA86D537B8FC9DCB2B7795D94580728FAA58FF038DD6A08E91F2B728544F160
SHA-512:	8B885AD6928791E231DB34C9BFB3473E128E9ECE85CE8960A7ABB3966F17E9BBD989BE456427C08026E07A5EA19C511E218F085AEC732796B9A99EA34DCBF1E7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....9.X........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 17:28:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.00849122583624
Encrypted:	false
SSDEEP:
MD5:	DABA4270EDA0E37B54D5CDAE5DA0A9EA
SHA1:	D403E31E8FC2EC616BF173E8603EB2934B8224C5
SHA-256:	B8BF0C021CF9D289CB07CCDF6C2B77253B3DF40E0B7C5E0191EE258C98C0A938
SHA-512:	8EFCA14CAA72723037C9BF2F783847F916E400D086DF806C1581F02376C18495D721352867F82432A1E6C7A43D465D1F98E9095909564419CDFFB886C6A43779
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....d6.W........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.26528556833822
Encrypted:	false
SSDEEP:
MD5:	759DC214F80F595FB87143F94E566976
SHA1:	D2E4DDC605F0940EB29C7FE75D4CD1B5C16EF7DF
SHA-256:	0A54C258E5E733362C909E29C614170E912238F2E22EBB9251D5997776344754
SHA-512:	61297510730E6B20C691A62C804967167134EE101F8929746EA8D56788A74B23AF82C6A1D8AB44A900E10E0AF62E32125D9E3CE96D922BCB43E2BF10FC4DB7BB
Malicious:	false
Reputation:	unknown
Preview:	{"e":-1,"msg":"not found app_key and not found app_id"}

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	935
Entropy (8bit):	5.197613232107061
Encrypted:	false
SSDEEP:
MD5:	80CFAE8A2F6605128F01CDEFF8F3F11A
SHA1:	CF699306998A37E1F6EE45E6F1CC270605A44D52
SHA-256:	DEC24ECD3634E3AD2E3FB68A1DCF5C4CB1DAF1F454F4A62528721626A7D102EF
SHA-512:	28F4EDFEF2946D61A1E445C0D61F7EC46A99F9E1EBEC1EBD032B470B3D2F6AA5E6FA96509119FA0A16A1B38692844B68193CF629AF2865CE6912BFE942F10A90
Malicious:	false
Reputation:	unknown
URL:	"https://verify.snssdk.com/captcha/get?aid=6383&lang=zh&subtype=slide&detail=8vMaPxt2LLW4weFijO9fqZCpCeGi58tC7U0tZ-XDwgyr5v0a6w-iPUJt2sC7orkyRdlrgKIyME8lVH65diKCR5Fxo7qd-sDExobvqshZNFUCJS4Klb32CIFXNeaqDNcEzxfWgMYuC2DPaePhdANJ0hHhUe2A1XVNX1jGA3mHBLF8TbClJZEfrBTP6hRNIA6biUnSEeEVgILOg2u4wKyyTDaipkP3Kryyfl1CquJSqm-NJ5L7PFZjarKRoAl9w9UB7sxLkx4HntsY8up6USbhsaDz1N0O6MDd-4VWH00TBdEBkzKYUCRP8P8qeaR7nER3j4bh6RS-6kmhlm3am-haLdbLE4JDq2liT5lHGwphnzbnnQxvSk3enuuRfCtn5t0Quh9jhteQr-1KOJFavsjwNvE9DtIRRPruusX9LKYOEVdLHodOoUowL51xkCFoayY0I6VZHs45e6omc0W8C0Mx8AxfPamFkUyIC2dyKMxHrSYHujjz8M93EUV9CkQOGa0.&server_sdk_env={%22idc%22:%22lf%22,%22region%22:%22CN%22,%22server_type%22:%22whale%22}&mode=slide&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&h5_check_version=3.5.2&os_name=windows&platform=pc&os_type=2&h5_sdk_version=3.5.62&webdriver=false&tmp=1721845832404"
Preview:	{"code":200,"data":{"challenge_code":99999,"codifica":"true","cyfreso":39,"host":"","id":"001e480f4c9e956f43bc0abd35fba2c480c44e45","mode":"slide","question":{"url1":"https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a2836e6b6bca4bd58e8df7cd034f3807~tplv-188rlo5p4y-2.jpeg","url2":"https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/e50a15abeb7e4adebf3ed4afc14a6096~tplv-188rlo5p4y-1.png","backup_url1":["https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a2836e6b6bca4bd58e8df7cd034f3807~tplv-188rlo5p4y-2.jpeg","https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a2836e6b6bca4bd58e8df7cd034f3807~tplv-188rlo5p4y-2.jpeg"],"backup_url2":["https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/e50a15abeb7e4adebf3ed4afc14a6096~tplv-188rlo5p4y-1.png","https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/e50a15abeb7e4adebf3ed4afc14a6096~tplv-188rlo5p4y-1.png"],"tip_y":64,"obfuscation":""},"region":"","version":2},"message":"...."}

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (45641), with no line terminators
Category:	dropped
Size (bytes):	45729
Entropy (8bit):	5.356075623437954
Encrypted:	false
SSDEEP:
MD5:	6BC713E66F9C8F30FFCD16BB8DE43233
SHA1:	3BF2F5EEF5D61B8A2CC56B78263BB98719337462
SHA-256:	1D959FF4744406334AB603872D7CC765BDD881572371FE09F91F0AA554F796A6
SHA-512:	E1797A6962E581FDE2388755409AF2DA01D857345AD9E011E1212E71807503D36A949A33C28886416F4280A79D72B04F1B9CE6E2465B11B9A6CAD573523C799D
Malicious:	false
Reputation:	unknown
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).verifyCenter={})}(this,(function(e){"use strict";var t="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};var n={exports:{}};!function(e,n){e.exports=function(){function e(e){var t=typeof e;return null!==e&&("object"===t\|\|"function"===t)}function n(e){return"function"==typeof e}var o=Array.isArray?Array.isArray:function(e){return"[object Array]"===Object.prototype.toString.call(e)},r=0,i=void 0,s=void 0,c=function(e,t){_[r]=e,_[r+1]=t,2===(r+=2)&&(s?s(w):O())};function a(e){s=e}function l(e){c=e}var u="undefined"!=typeof window?window:void 0,d=u\|\|{},p=d.MutationObserver\|\|d.WebKitMutationObserver,f="undefined"==typeof self&&"undefined"!=typeof process&&"[object process]"==={}.toString.call(process),h="und

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (997)
Category:	downloaded
Size (bytes):	6475
Entropy (8bit):	5.069087333370586
Encrypted:	false
SSDEEP:
MD5:	39A6FEC645E84191744D526AB77CBE1B
SHA1:	FD22DD2281EB9F3D15FB277F82A68571D74C81DB
SHA-256:	824C4FF7FE85DC8F42BA8B66EC6E5D94F9F0CCE3814913F0FE5D6B65934C920D
SHA-512:	B0E4B32410511614F0CC28CB4F59278834422A7906FFA4640A81593B9A48C67F9D254BCFBE54F9644C3FB0809BB0A950D91D52A381DCA5C680ECC8A471014E14
Malicious:	false
Reputation:	unknown
URL:	https://www.douyin.com/user/MS4wLjABAAAAlhhSPXuKOw0-bX-8D9M_YdN4SbunF2HBHObHa2kFPRI?previous_page=web_code_link
Preview:	<html>.<head>.<meta charset="utf-8">.<meta. name="viewport". content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no">.<title>......</title>.<script charset="utf-8" nonce="argus-csp-token" src="https://lf-cdn-tos.bytescm.com/obj/static/sec_sdk_build/3.5.2/captcha/index.js"></script>.<style>. .middle_page_loading{. width: 150px;. height: 15px;. margin: 0 auto;. position: absolute;. top: 45%;. left: 50%;. transform: translate(-50%, -50%);. }. .middle_page_loading span{. display: inline-block;. width: 15px;. height: 100%;. margin-right: 5px;. background: #323332;. -webkit-transform-origin: right bottom;. -moz-transform-origin: right bottom;. -ms-transform-origin: right bottom;. -o-transform-origin: right bottom;. transform-origin: right bottom;. -webkit-animation: load 1s ease infinite;. -moz-animation: load 1s ease infinite;. -ms-animat

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42597)
Category:	downloaded
Size (bytes):	42598
Entropy (8bit):	5.177304949256629
Encrypted:	false
SSDEEP:
MD5:	80EBDE2407DE96851F7A1BFF9E52B93C
SHA1:	3AD6CDE9D09E7CA962482B46BC67E04D9213A6FE
SHA-256:	2F763D70C082FB5586CEBEE3C0C68EC2B16A880952BB8B1B725625BF5505BEDF
SHA-512:	5F87239EC14FD70FB8FAC980E2499FEF509E0EB347E8A962F87D99AF7E1960140B8506A3486D6228B6E20707149A2E566A372E8AF1506C5EC189E0138D426364
Malicious:	false
Reputation:	unknown
URL:	https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/browser.cn.js?bid=rmc_verifycenter&globalName=bdCaptcha_slardar
Preview:	!function(){"use strict";var m=function(){return(m=Object.assign\|\|function(n){for(var t,e=1,r=arguments.length;e<r;e++)for(var o in t=arguments[e])Object.prototype.hasOwnProperty.call(t,o)&&(n[o]=t[o]);return n}).apply(this,arguments)};function k(n,t){var e="function"==typeof Symbol&&n[Symbol.iterator];if(!e)return n;var r,o,i=e.call(n),u=[];try{for(;(void 0===t\|\|0<t--)&&!(r=i.next()).done;)u.push(r.value)}catch(n){o={error:n}}finally{try{r&&!r.done&&(e=i.return)&&e.call(i)}finally{if(o)throw o.error}}return u}function b(n,t,e){if(e\|\|2===arguments.length)for(var r,o=0,i=t.length;o<i;o++)!r&&o in t\|\|((r=r\|\|Array.prototype.slice.call(t,0,o))[o]=t[o]);return n.concat(r\|\|Array.prototype.slice.call(t))}function p(n){return JSON.stringify({ev_type:"batch",list:n})}var _=["init","start","config","beforeDestroy","provide","beforeReport","report","beforeBuild","build","beforeSend","send","beforeConfig"],y=function(){return{}};function x(n){return n}function E(n){return"object"==typeof n&&null!=

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 552x344, components 3
Category:	downloaded
Size (bytes):	33375
Entropy (8bit):	7.897353833423529
Encrypted:	false
SSDEEP:
MD5:	482BE19DCC87525A77E28DAEA075B327
SHA1:	63663466509D5EECA40A9C1C763D6A4F701E1700
SHA-256:	22282D4D2E537F0C0615C18D4B2CF444617E04D274F9F58772347A58B30E2B53
SHA-512:	E52642F471CBC783EB1EA6E96E52E4AEDB93791330D2A3B0419CBF323939DD30A7ABEEA53545F97391B34C0F6B78826A49066C233B68108D365BF8C5827693A2
Malicious:	false
Reputation:	unknown
URL:	https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a8c13f468f684a28b2b480ce520dabed~tplv-188rlo5p4y-2.jpeg
Preview:	......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......X.(.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....).Q..S..7...m.....N..(..b.~(....R.1@....b.Qp..1N.....S.F9...S.F(.....Q..f(.;..@\n(.;....q1F)qF(.\n(.;.b...b...Rb...qF)..Xw..LS.F)X.7...b.Qa.n3G..Q.,...J1N.%......b.R.\n(.;.b....S.F(.\e..Rb.....S.I.V...S.F(.\n(.;.c.........i...Xw..1O....q.....Q.,...6.IE.\0.!>..1@.I4..b....1KI.,..(.......O..v.*.3H.h..).qK...".F...AQE..X.mK.M.\,G.6...\v#.F..b........h..E.j1R.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 110 x 110, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29022
Entropy (8bit):	7.987324797214262
Encrypted:	false
SSDEEP:
MD5:	40AC1DBE962A3254D0F760D070D44412
SHA1:	151C8F29BF1B0BB54345B3A2135AB0CE3032C818
SHA-256:	0A1C158B300A7E8B1EF7C5144F356D44FB15D2D6E84863A9553B1ECDECA4420A
SHA-512:	43B72A21611A97F1FDFBB56B7B47BF3204F809DE73D5FA6B61A5731E3FBA74421C1CE5A6BA14B1CC88564A60FBBA571F946C0AE0C77F2BFD2EF31911DFCFBD4C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...n...n......[&...q%IDATx..w..Wy...z..{Oo.FV.e..........HP.....CBBl0.M9.EN.C..%.......s.P.....Sl#[.V..2...{y.Z.?..g...~...\.ff.g.g..{.u.k?...1h.Zh..h4R.J....:.!....t.....h@k0.(.........}..W..t...Z..?....C..C..s.......j@.8p...\|P$.......h.#G.........u.....J.d..=........d.T.......A......{U..\|]o.bo?...d/..=.j.[..q._kd.Xht.I....%...x.u...RP.K..56.$z......9-@..&......C!......D.k.......2::...RbuuU...".....}...`._(..@.d..{.....e.,..@.......D..X....R...xo?..\|%.....].!{...1....d.D.D"6.6......<!...]n..!..K..c..O.K.........bhhH....b.(.....r..h.y..\....~a...R.....z..zjj~......?..k....I.......... ".(B .#....k.q...h%..D"."...@..._ww.0.S...'.}.K'...w.\|..b..].N...5..0.[.F%.....O\*Qr...?~..dB(.......Z.J)Ckm..+;.....t5...}..q.m.. ...PB......JJ.7.M..j?....i=33..<xP%..=..UOz....]....u/ 6.Po77.Rht.....p.....9T..7\|X_$..6.KDW...H8@..H&D....}..}.H...E...........;w..OK.....q...Z..d2..F..=.....`............m.f>.JM...K....GQ.....t....R..Z___<q...c.].

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 110 x 110, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	17904
Entropy (8bit):	7.976672210164158
Encrypted:	false
SSDEEP:
MD5:	107BA8F46A00F8E0F908B4EF9CF8E9C0
SHA1:	A5DC6544DA65F3B3BE3F41B7BBF5A5CA904F5B93
SHA-256:	75B38A58235DC838BA1CF0A65C1CB5350B573E75AAE79ACBB8670F61C51C9C05
SHA-512:	37F537AC5B8F68D67D5BC8CF246ABD4AE0588AF93353AEB0FC9C83717A22031023CBE9D8D5FC515A82BD51C27962DD192C8559F59A81CDBE58181E128A6F7BAA
Malicious:	false
Reputation:	unknown
URL:	https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/e50a15abeb7e4adebf3ed4afc14a6096~tplv-188rlo5p4y-1.png
Preview:	.PNG........IHDR...n...n......[&...E.IDATx..{.]Wu'.[..{.Je.JN......)w...LO.i3M.....r.........5...C@C'm.6.4.,.LO...L.W..w@@g.$F`.K.e.%..q..........o.WH...=w....~..;......98........?...+"..3..@@..&.GU{T\..(...%Ze..9.....\x.r ....oJDp.ZD.#.... ..........s.b.....6..g.._.[.^...{........G.ncjt.3...nz.......0D.%.."..N.m].W......LW_p.,....CW1...n.-.../t!E..P...#....5{..6D..7 "...i(=K\|N..w........G......@{...w`.i..<.g..6F..].w.59..9LT-\..!".(K..B.9H..>...q.D..4....d...).]7.HZ.m....3?.w.2J.'=R."5.Q2>.7.fG.Gh;.'.<...N_..F#.$.Gy.9.....r..`....K..!H.G.'..Q......\{...c..9s.O.5f6.a...h.Z.16.A.*....r.' !.....y.D._.X"..4.Aic.%3.D..N.....@C.s..h4...)....DO.3/\..]..].....Er..=..k...$.QvT...!'(.P......5....;...XC.V{.;....@..lC@<A.>O.^X....-..Ut...2...%.<..AD.I..m.WI......t=..J.n.7..\:....F..$..R.985..,Y..6...!L.\|Z....H..B...eYbzr....o<}..y.[...r...UM...X.BN<q.!.1.J...LbN^x..}...&...e....Dj.....f,..].4...4a7~.2.Z...<.cO.q...p.3.....\Xx..P8......%.I:

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65044), with no line terminators
Category:	downloaded
Size (bytes):	87091
Entropy (8bit):	5.483820127371755
Encrypted:	false
SSDEEP:
MD5:	6E3B38C849C8DBF4F43990D3E76D14DE
SHA1:	FC207E4EF41FBF67F7885D0F138B9AB58DC41C63
SHA-256:	47B974416A47084BED05F5800EEECA4F1E4E380308FF9D6E46FEC87CFF57003A
SHA-512:	B341140DB3C9947E3DACA516C8DB75821785F758A0D2555ACDD934BE3A711C3477EE9B802BFFA05BF8C401B39D7B455E85A6C053BFCA2F7F6A2ADD5E0C307EC9
Malicious:	false
Reputation:	unknown
URL:	https://lf-rc1.yhgfb-cn-static.com/obj/rc-verifycenter/verifycenter-collect/1.0.0.7-5.1.16/collect-base.js
Preview:	!function(e){"function"==typeof define&&define.amd?define(e):e()}((function(){"use strict";var e="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};var t={exports:{}};t.exports=function(){function t(e){var t=typeof e;return null!==e&&("object"===t\|\|"function"===t)}function i(e){return"function"==typeof e}var n=void 0;n=Array.isArray?Array.isArray:function(e){return"[object Array]"===Object.prototype.toString.call(e)};var o=n,r=0,s=void 0,a=void 0,c=function(e,t){y[r]=e,y[r+1]=t,2===(r+=2)&&(a?a(E):w())};function u(e){a=e}function l(e){c=e}var f="undefined"!=typeof window?window:void 0,h=f\|\|{},p=h.MutationObserver\|\|h.WebKitMutationObserver,d="undefined"==typeof self&&"undefined"!=typeof process&&"[object process]"==={}.toString.call(process),z="undefined"!=typeof Uint8ClampedArray&&"undefined"!=typeof importScripts&&"undefined"!=typeof MessageChannel;function g(){return function(){return process.

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	5.771676922765464
Encrypted:	false
SSDEEP:
MD5:	942D1AE7BBAB16EC08BED93B8C0AB849
SHA1:	E7F69DB47194F6B3828205FAB95E537E8EFD45DB
SHA-256:	B1A8D0B10EEB30FBF5A252CE6BDB256431B677337C379BA02FD3CD637E772CF0
SHA-512:	994FA59C28EB85DBC5415A57F42815DF0602A373BFA50156628B4C1664C6B852B530FEB718DEAA6D97646CBD72541D129585F674EE50CEAE035CAC19DEC323B1
Malicious:	false
Reputation:	unknown
URL:	https://verify.snssdk.com/captcha/get?aid=6383&lang=zh&subtype=3d&detail=8W1TqOzestvuP65Y7HkBAHazFjOhAP0Vnruvo4VawBfhUSgciM8bl3CYrPwMYclX9Nl6QF3L7R5Z9TvMBKjLh8En4CONIVTrpZIZ2l5GHOGrsL1ygmZf8YtVR7s5dUvSFE18uPX6-MolszNFlcsIcwn9dO-mNzualTdYXFKotnf5kC5bYOq2VP3hWiKjEXkkjRqoX8DZA7GUz6sH5yNSk6znAzmBL4gSxgguQWsGjm69cdH2gO49q-XZ7LUvrMEMJczqAF5eSajXC-xbjeTzEXddRz0qtKdawNUuovPiLYKmbEziEuNz51KiGCENThA2tGRohPf815qsnuMBSfr86qU-Ms4XHKYfuM8Af3ES1F8yMcJNlzVgijtfRaJ5dt4LSqfkKCdh4KeT6tiFk75IEoeVCjT0iHpWX0enCuawMXnT3dpqX6MwscrgbuvcBS-Q2l9TUfZGv6sDFhN7-w-sBDvOrNRcUdCcbn4DFlsebKySy8Cy6WjkMIkaHL1c8c7gynOtIYzaOeKybhUn2felJMj5aFzMqh7l-ughJfeiTLjluPrQd0sp2TjmTFt7KFEG9PtjQ-R8rli3TSMD0g7UuPYjhUQkhScKgMxnHN5qiVAiRQVcTrQGnHNfTbw*wBLIq-SWxDSVcRfl0zwa2cKoOPxqlueByICLA1ENtkL1POFw..&mode=3d&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&h5_check_version=3.5.2&os_name=windows&platform=pc&os_type=2&h5_sdk_version=3.5.62&webdriver=false&tmp=1721845843700&challenge_id=001e480f4c9e956f43bc0abd35fba2c480c44e45
Preview:	{"code":200,"data":{"challenge_code":99997,"codifica":"true","cyfreso":44,"host":"","id":"001e480f4c9e956f43bc0abd35fba2c480c44e45","mode":"3d","question":{"url1":"https://lf6-captcha-sign.bytetos.com/captcha-dl-chn/3d_2385_cfbad38046ebb1215b0790cd6ba0a856bf1813e5_1.jpg?lk3s=e1df38e3\u0026x-expires=1721846445\u0026x-signature=cpNAX4%2FPCU4cI%2BQ01T6RApa0FHs%3D","backup_url1":["https://lf3-captcha-sign.bytetos.com/captcha-dl-chn/3d_2385_cfbad38046ebb1215b0790cd6ba0a856bf1813e5_1.jpg?lk3s=e1df38e3\u0026x-expires=1721846445\u0026x-signature=XxCCFl%2FiLHfSJC3Az9StXZQTRuw%3D"],"ques":"..........."},"region":"","version":2},"message":"...."}

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (2460)
Category:	downloaded
Size (bytes):	8434
Entropy (8bit):	5.028008197725921
Encrypted:	false
SSDEEP:
MD5:	CDCEAA649CC36DF7F66AA03B1BCC393C
SHA1:	4FAEB3E33BCF0F35228DC2222675E23DE4BBAFE2
SHA-256:	CD625F1F3FC57D99A57E5B617C5483DFD874FA4BB6C6E33CBB9F726DE484638C
SHA-512:	AC3F9FFC583160046B5DF1EFD15AE16EAA5A110266A3042825FA4B027EF1DF8BFA41999F5E239DFCD85B9EC57601E7D24E59A500CFCCE4BC86E3ECF5F041F221
Malicious:	false
Reputation:	unknown
URL:	https://rmc.bytedance.com/verifycenter/captcha/v2?from=iframe&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&env=%7B%22screen%22%3A%7B%22w%22%3A1280%2C%22h%22%3A1024%7D%2C%22browser%22%3A%7B%22w%22%3A1280%2C%22h%22%3A984%7D%2C%22page%22%3A%7B%22w%22%3A1280%2C%22h%22%3A907%7D%2C%22document%22%3A%7B%22width%22%3A1280%7D%2C%22product_host%22%3A%22www.douyin.com%22%2C%22vc_version%22%3A%221.0.0.64%22%2C%22maskTime%22%3A1721845748624%2C%22h5_check_version%22%3A%223.5.2%22%7D&aid=6383&scene_level=p2&host=https%3A%2F%2Fverify.snssdk.com&hideCloseBtn=true&verify_data=%7B%22code%22%3A%2210000%22%2C%22from%22%3A%22%22%2C%22type%22%3A%22verify%22%2C%22version%22%3A%22%22%2C%22region%22%3A%22cn%22%2C%22subtype%22%3A%22slide%22%2C%22ui_type%22%3A%22%22%2C%22detail%22%3A%228vMaPxt2LLW4weFijO9fqZCpCeGi58tC7U0tZ-XDwgyr5v0a6w-iPUJt2sC7orkyRdlrgKIyME8lVH65diKCR5Fxo7qd-sDExobvqshZNFUCJS4Klb32CIFXNeaqDNcEzxfWgMYuC2DPaePhdANJ0hHhUe2A1XVNX1jGA3mHBLF8TbClJZEfrBTP6hRNIA6biUnSEeEVgILOg2u4wKyyTDaipkP3Kryyfl1CquJSqm-NJ5L7PFZjarKRoAl9w9UB7sxLkx4HntsY8up6USbhsaDz1N0O6MDd-4VWH00TBdEBkzKYUCRP8P8qeaR7nER3j4bh6RS-6kmhlm3am-haLdbLE4JDq2liT5lHGwphnzbnnQxvSk3enuuRfCtn5t0Quh9jhteQr-1KOJFavsjwNvE9DtIRRPruusX9LKYOEVdLHodOoUowL51xkCFoayY0I6VZHs45e6omc0W8C0Mx8AxfPamFkUyIC2dyKMxHrSYHujjz8M93EUV9CkQOGa0.%22%2C%22verify_event%22%3A%2215699%22%2C%22fp%22%3A%22verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS%22%2C%22server_sdk_env%22%3A%22%7B%5C%22idc%5C%22%3A%5C%22lf%5C%22%2C%5C%22region%5C%22%3A%5C%22CN%5C%22%2C%5C%22server_type%5C%22%3A%5C%22whale%5C%22%7D%22%2C%22log_id%22%3A%222024072502290418A67346CF1E4B2CDCAA%22%2C%22is_assist_mobile%22%3Afalse%2C%22is_complex_sms%22%3Afalse%2C%22identity_action%22%3A%22%22%2C%22identity_scene%22%3A%22%22%2C%22login_status%22%3A0%2C%22aid%22%3A0%2C%22mfa_decision%22%3A%22%22%7D
Preview:	<!DOCTYPE html>.<html lang="en">..<head>.<script> var e=function(e,t,a){if(Math.ceil(100Math.random())<=100t){var o="2385",d="27032",n={ev_type:"batch",list:[{ev_type:"custom",payload:{name:"sdk_glue_load",type:"event",metrics:{},categories:{sdk_glue_load_status:e,sdk_glue_load_err_src:a,payload_bdms_aid:o,payload_bdms_page_id:d}},common:{context:{ctx_bdms_aid:o,ctx_bdms_page_id:d},bid:"web_bdms_cn",pid:window.location.pathname,view_id:"/_1",user_id:"",session_id:"0-a-1-2-c",release:"",env:"production",url:window.location.href,timestamp:+new Date,sdk_version:"1.6.1",sdk_name:"SDK_SLARDAR_WEB"}}]},i=new XMLHttpRequest;i.open("POST","https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=web_bdms_cn",!0),i.setRequestHeader("Content-type","application/json"),i.send(JSON.stringify(n))}};e("before_load",.1,""),window.addEventListener("error",(function(t){var a=t.target\|\|t.srcElement;a instanceof HTMLElement&&"SCRIPT"==a.nodeName&&(-1!=(a.src\|\|"").indexOf("sdk-glue")&&e("load_erro

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (22367), with no line terminators
Category:	downloaded
Size (bytes):	22367
Entropy (8bit):	5.542626302580642
Encrypted:	false
SSDEEP:
MD5:	B0B46B807EEE39AF0AAD8F5FEFC9B3A2
SHA1:	0FB04F15599BC0844063A6AB776C86E73CB9FBFC
SHA-256:	71CA2652E2B3FFD3C0EC966958604714CE6C7AF01D961B44ADC438518EB58CB3
SHA-512:	4EEC49904A5480940124A1C1B9C9DAE764EBB115829CBCE4356E66A1D7F077DFD204A4634B0622FFB14CC6EBFF7062D7F30502BF0BC7D998A1A55FC8C876DA8E
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=Mhg/d=0/rs=AN8SPfpfwJpCj0xxnOJY2qJJ2Pj8_WXdug/m=el_main_css
Preview:	.VIpgJd-ZVi9od-ORHb-OEVmcd{left:0;top:0;height:39px;width:100%;z-index:10000001;position:fixed;border:none;border-bottom:1px solid #6B90DA;margin:0;box-shadow:0 0 8px 1px #999}.VIpgJd-ZVi9od-xl07Ob-OEVmcd{z-index:10000002;border:none;position:fixed;box-shadow:0 3px 8px 2px #999}.VIpgJd-ZVi9od-SmfZ-OEVmcd{z-index:10000000;border:none;margin:0}.goog-te-gadget{font-family:arial;font-size:11px;color:#666;white-space:nowrap}.goog-te-gadget img{vertical-align:middle;border:none}.goog-te-gadget-simple{background-color:#FFF;border-left:1px solid #D5D5D5;border-top:1px solid #9B9B9B;border-bottom:1px solid #E8E8E8;border-right:1px solid #D5D5D5;font-size:10pt;display:inline-block;padding-top:1px;padding-bottom:2px;cursor:pointer}.goog-te-gadget-icon{margin-left:2px;margin-right:2px;width:19px;height:19px;border:none;vertical-align:middle}.goog-te-combo{margin-left:4px;margin-right:4px;vertical-align:baseline}.goog-te-gadget .goog-te-combo{margin:4px 0}.VIpgJd-ZVi9od-l4eHX-hSRGPd,.VIpgJd-ZVi9od-

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (22387)
Category:	downloaded
Size (bytes):	22388
Entropy (8bit):	5.168901330587931
Encrypted:	false
SSDEEP:
MD5:	5AEDBC70F9FA86900A06D2040367965E
SHA1:	FD9044BC7AA6D4E5933F22B771F704E394CAE6B6
SHA-256:	9887727B6FCAEAFB4D9FB24655E107C1F2218A6FF837BB7CFC1F90E96A6915AA
SHA-512:	A411226EE6A7316112D1575B92D82BE8F37772914F4AC5DB411667B54D305D2630EC364319E7FCE1ECE7574A4324DFD0CFC2C7E80817788BC4BA9C9CE3B00FAB
Malicious:	false
Reputation:	unknown
URL:	https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/plugins/common-monitors.1.13.1.js
Preview:	!function(){"use strict";var d=function(){return(d=Object.assign\|\|function(n){for(var t,r=1,e=arguments.length;r<e;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(n[o]=t[o]);return n}).apply(this,arguments)};function _(n,t){var r="function"==typeof Symbol&&n[Symbol.iterator];if(!r)return n;var e,o,i=r.call(n),u=[];try{for(;(void 0===t\|\|0<t--)&&!(e=i.next()).done;)u.push(e.value)}catch(n){o={error:n}}finally{try{e&&!e.done&&(r=i.return)&&r.call(i)}finally{if(o)throw o.error}}return u}function s(n,t,r){if(r\|\|2===arguments.length)for(var e,o=0,i=t.length;o<i;o++)!e&&o in t\|\|((e=e\|\|Array.prototype.slice.call(t,0,o))[o]=t[o]);return n.concat(e\|\|Array.prototype.slice.call(t))}var h=function(){return{}};function l(n){return n}function e(n){return"object"==typeof n&&null!==n}var r=Object.prototype;function p(n){return"[object Array]"===r.toString.call(n)}function T(n){return"function"==typeof n}function v(n){return"string"==typeof n}function o(n){return"undefined"!=

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	6225
Entropy (8bit):	5.976934819783072
Encrypted:	false
SSDEEP:
MD5:	2BD5C073A88B83ED74DB88282A56DDFB
SHA1:	D0EBFC376F8C6A44A8D4CD216817DCD7D0C33650
SHA-256:	AB5C23A05E39DEED14D9D8262B0DCE9F024F86105A27196CAD37D14A3F516E09
SHA-512:	5C6C4A92E93FC0F6A675658CC84F6187FDEBD3EEE94EFD07E24658736CBA598F3BC7156B19834B13FB44C1D43FCB7DF9FCCA7F0A453037E30DA76BA8F4B23B89
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><defs><path d="M21.5 5h-9.17L11 1H2.5C1.68 1 1 1.68 1 2.5v15c0 .83.68 1.5 1.5 1.5h9.17L13 23h8.5c.82 0 1.5-.68 1.5-1.5v-15c0-.83-.68-1.5-1.5-1.5z" id="a"/></defs><clipPath id="b"><use overflow="visible" xlink:href="#a"/></clipPath><g clip-path="url(#b)"><image height="31" opacity=".2" overflow="visible" transform="translate(3 1)" width="29" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAfCAYAAAAbW8YEAAAACXBIWXMAAAsSAAALEgHS3X78AAAA GXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABQBJREFUeNq8V8tu20YUvXdm+LCk RKiMwI1TFEXhVZJd1gW66xekv9DPqPsvXdU/UaDroJskKy+CInCcGpKtFy2SM/f2DEXZia0odtKW AkFJ8zhzzn3S0Ycvps+79EMDbj3Yfgv4EM+XTN/fEOb3Zg3AXmq7j64D5/e/x/EfzZMnX5jx+LFZ LLyp6yNDOzskYb6RubFdpbdvKUl2Jc+d9PvP5dmzUyH6TVoYXQOq+H5g9vb+cONsO9maLpIyyZPU kZNAppmh9Vpg5kSXwCSVJ5/Vi/r8Tl73y2F9ePidJ3oaga+B4vkUgF+6EW1ndz11gvNdDdL1bDN

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	18
Entropy (8bit):	3.5724312513221195
Encrypted:	false
SSDEEP:
MD5:	53AF239EE5D3E261545DEDEDCB6FFD57
SHA1:	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190
SHA-256:	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
SHA-512:	C734E4A5FF5D335A91518DBF47861BDAF8012AF49371DCD2E3350E269C9A5A1CC094114D17C4F5B053F3757B4B07487EBD0D309C91EF97ACF4665CC5D5C9A2D3
Malicious:	false
Reputation:	unknown
Preview:	404 page not found

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 552x344, components 3
Category:	downloaded
Size (bytes):	16544
Entropy (8bit):	7.888387292886348
Encrypted:	false
SSDEEP:
MD5:	7EBC5C77A9BB4F20BA64F69223142540
SHA1:	8769217B22CD1DBF23F1020D4ACB74FEF2C7AB4A
SHA-256:	CE14FE32CF4B4D8092C789E9904245A2C61642E9F1D1394414647A8AD5BB331B
SHA-512:	0C8532FBEE34FA5002502E6054FDEE2E2ACEBE8588338D7D782CEC10E2C84D1001FE6D1B46BE11DFC6D99933DD7AF239A2D3C4F696D6B07ED0E744C00109DA2E
Malicious:	false
Reputation:	unknown
URL:	https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a2836e6b6bca4bd58e8df7cd034f3807~tplv-188rlo5p4y-2.jpeg
Preview:	......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......X.(.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E%-d{!E.P..IE....K@......(.P.V,......2j.>).'...S[.D.qinZ..H@d..........#y...ECj........QA8.....u4.9....'K4y...6.3..z...L.3.8.z..{v&..Vy.$..Ie.=..j..`.`...S8jK.L.v.fE.y$.9?.0.R@..;...Hv ....U...9.(. ..8'.fv5.1.M=.w..DI.'.....zVv.w......``.`G\..inw..t.(&.4..i(...J(4P0..J.ZJJ(.sFi(..4f...\.JP...8.@.%.P1h...AE.P.E...QE...J)(...(...(...(...(...(...Q@..RP.E...@.M.Q@.h..PH

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	5.211353346613943
Encrypted:	false
SSDEEP:
MD5:	2C482855ED93A6CE9BEE915EBA4B8DE1
SHA1:	E347AD524BEC9477FD50599E67D251D1F9E8D5C9
SHA-256:	89D760A94974E5D6168F4FD07BEEB4CD254E1A56757BAF8BD05E8A232A93F2EF
SHA-512:	A29D6D1A8BD6BD45D2F64AE410620FD161B89E0233172CC0DCD3751D69C1DE3C0D7C22F28E52B025A6B32DBD4BAB76F517BD7A74D6A898A258982F098FC0D9CD
Malicious:	false
Reputation:	unknown
Preview:	{"code":200,"data":{"challenge_code":99999,"codifica":"true","cyfreso":96,"host":"","id":"ee3febeb088dfa9a304b597a4057eb0bc146bf04","mode":"slide","question":{"url1":"https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/d5d3c1ff07ba4d809ed9fd0aa8dc5b21~tplv-188rlo5p4y-2.jpeg","url2":"https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/41590fc6f9224dd19a9573b423b9f8dd~tplv-188rlo5p4y-1.png","backup_url1":["https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/d5d3c1ff07ba4d809ed9fd0aa8dc5b21~tplv-188rlo5p4y-2.jpeg","https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/d5d3c1ff07ba4d809ed9fd0aa8dc5b21~tplv-188rlo5p4y-2.jpeg"],"backup_url2":["https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/41590fc6f9224dd19a9573b423b9f8dd~tplv-188rlo5p4y-1.png","https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/41590fc6f9224dd19a9573b423b9f8dd~tplv-188rlo5p4y-1.png"],"tip_y":53,"obfuscation":""},"region":"","version":2},"message":"...."}

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1251
Entropy (8bit):	4.619039642545764
Encrypted:	false
SSDEEP:
MD5:	EDDBB274C6A8661890C5940F9AADD4CD
SHA1:	FAB78744CED437E18B6416B59229C1D74E0693E5
SHA-256:	A9385B63C9620774F56F932094B78CA89BC9F482D5CC1E68CC591622E6652319
SHA-512:	9A6286C87BCB25629FDFCF136CFE1FE255B66EE803CD102052940B55C4A2AEAF136EDC09D5E897D15F07D63DF32C76892EB88AEB5BD17ADA9DF987F5047D504B
Malicious:	false
Reputation:	unknown
URL:	https://mon.zijieapi.com/monitor_web/settings/browser-settings?bid=rmc_verifycenter&store=1
Preview:	{"data":{"sample":{"sample_rate":1,"include_users":[],"sample_granularity":"session","rules":[{"name":"js_error","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"http","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"performance","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"resource_error","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"resource","enable":true,"sample_rate":0.1,"conditional_sample_rules":[]},{"name":"custom","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"performance_timing","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"performance_longtask","enable":true,"sample_rate":0.01,"conditional_sample_rules":[]},{"name":"pageview","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"action","enable":true,"sample_rate":0.01,"conditional_sample_rules":[]},{"name":"blank_screen","enable":true,"sample_rate":1,"conditional_sample_ru

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 552 x 344, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	78174
Entropy (8bit):	7.993510250372152
Encrypted:	true
SSDEEP:
MD5:	9B5B0EA1940713D82C8560E7E0756F7D
SHA1:	3EDEBA2398E2737B4CE88BEF6FC856195FBBCCF5
SHA-256:	37237D1B3111A5404511176275554B23E5CABB2A21F633A1608D457A9A581DE5
SHA-512:	A903536BC6012140075FCCEFE602E8B4D9A886CA08C38D34260E5FD898830B947F0F3A857E78D249D704291DCF00B21BCB1FFD77540760D577C35672B70954DB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...(...X.....N.......gAMA......a.....sRGB.........tEXtRenderTime.00:13.39..3x....tEXtScene.Scene.!].....tEXtCamera.Camerah.......tEXtFrame.001.Q."....tEXtTime.00:00:00:01..&.....tEXtDate.2020/10/10 00:20:36i.=<... tEXtFile.3dfam_data/base_scene.blend......pHYs................2PLTE............................................................................................................................................................................j....s.............\|...........................................X.........k.........u......}.}h...m....}.... .IDATx.LYm..8..y;..?r.n..o..<.3.Nl.VDQU..}2....z2z.C.dU.N.[.v.....cR?..k?.o`f.:S;..u...p...z....7..a...`\|.J.{.:]..q....Y...8..+i\|..O...U.;......@.&.<{..w!S.3X....k...m.Gg/....0.7.wj.......A^g..9.r8%.?..v5...c\|....wp.9..N...B:....Z.T.?#>.4.M...3x....M..mc.....^...7..k>.D..H`t...$n>......s8N....7.}N....8.....-.5q+B..a ..`\|....+a.5.k.#&......6a..=I@.x....IA.!.;..v.+...

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14787)
Category:	dropped
Size (bytes):	17167
Entropy (8bit):	5.335170083757228
Encrypted:	false
SSDEEP:
MD5:	0DA1F2454D866FECEFD94ABFE161E50E
SHA1:	5906570390E1F939F19F102C383D935F5912F698
SHA-256:	E852D52F6B8C0C4E9B8A3809CD5D1ED111377CDC69225FB01B31E14530A7E290
SHA-512:	793B86EFBFAFC7A88A3C971FCD0697C7D00748490D0FB246B0B4BEF6DEA539B922B8B2A50C1899A7F21C9067B59455EE814701A5C638D429A57F3D400D53489D
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).TTGCaptcha={})}(this,(function(t){"use strict";./! **************************************************************************.Copyright (c) Microsoft Corporation...Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH.REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY.AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,.INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM.LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR.OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR.PERFORMANCE OF THIS SOFTWARE..****************************

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	5.249530958699059
Encrypted:	false
SSDEEP:
MD5:	FBE36EB2EECF1B90451A3A72701E49D2
SHA1:	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
SHA-256:	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
SHA-512:	7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65513)
Category:	downloaded
Size (bytes):	240556
Entropy (8bit):	5.328948263670701
Encrypted:	false
SSDEEP:
MD5:	3F67C19EFFE65C53DF3873746351065F
SHA1:	0131B4FF1592C0E0FE56C7305574AD4687F5271F
SHA-256:	C9F6E24FAE431DA75AF79CC48C8809705F291460D173C44AE380A3164104EA02
SHA-512:	D785EB31F779595E5DEC894B6FD6F74E2A9361BCBA35CD28BE02C4EE8607324FE9406F9F2DA024A37111333723AB9D5037A84D3A3551B84B5EB461B92CAD3ED9
Malicious:	false
Reputation:	unknown
URL:	https://lf-c-flwb.bytetos.com/obj/rc-client-security/web/stable/1.0.0.46/bdms.js
Preview:	/* V 1.0.0.46 */.window.bdms\|\|function(){var e={312:function(e,r,t){var n=t(7235),a=t(2734),f=TypeError;e.exports=function(e){if(n(e))return e;throw f(a(e)+" is not a function")}},6160:function(e,r,t){var n=t(9106),a=t(2734),f=TypeError;e.exports=function(e){if(n(e))return e;throw f(a(e)+" is not a constructor")}},7725:function(e,r,t){var n=t(7235),a=String,f=TypeError;e.exports=function(e){if("object"==typeof e\|\|n(e))return e;throw f("Can't set "+a(e)+" as a prototype")}},4102:function(e,r,t){var n=t(3967),a=t(6101),f=t(9051).f,i=n("unscopables"),c=Array.prototype;null==c[i]&&f(c,i,{configurable:!0,value:a(null)}),e.exports=function(e){c[i][e]=!0}},1507:function(e,r,t){var n=t(6471),a=TypeError;e.exports=function(e,r){if(n(r,e))return e;throw a("Incorrect invocation")}},6347:function(e,r,t){var n=t(2951),a=String,f=TypeError;e.exports=function(e){if(n(e))return e;throw f(a(e)+" is not an object")}},5335:function(e,r,t){"use strict";var n=t(8495),a=t(1970),f=t(2296),i=t(6429),c=t(8861)

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65519)
Category:	downloaded
Size (bytes):	97965
Entropy (8bit):	5.343622656006845
Encrypted:	false
SSDEEP:
MD5:	9EE67F94F8AA7EF6F7D042898B049717
SHA1:	16DB69E02E477E881A2F1881E169BBAF0340CA9B
SHA-256:	8FB05F0A27BDF3F944FB285552B72F7F01B505920577D204DF7C5C841033D0D4
SHA-512:	5D13C8A31EDBAA7B16817AF4925558A5ED5D00E552881BF86CB931ECB5C8B295A6DDFF51AFAF0489BC75736E25D2D0C8B111960B7010F9FF1A4BB231E1D8AB94
Malicious:	false
Reputation:	unknown
URL:	https://lf-c-flwb.bytetos.com/obj/rc-client-security/web/glue/1.0.0.48/sdk-glue.js
Preview:	/* V 1.0.0.48 */.var U6I7dQDnPIbkh=!0;if(window._SdkGlueInit)try{U6I7dQDnPIbkh=function(t){for(var e="1.0.0.48".split(".").map((function(t){return~~t})),r=t.split(".").map((function(t){return~~t})),n=0;n<4;){if(e[n]!==r[n])return e[n]-r[n]>0;n++}return!1}(window._sdkGlueVersionMap&&window._sdkGlueVersionMap.sdkGlueVersion\|\|"0")}catch(t){}U6I7dQDnPIbkh&&function(){var t={3607:function(t,e,r){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),e.getBlockType=function(t,e){try{var r=new URL(e,window.location.href),i=r.hostname,a=r.pathname,c=n.NoBlock;return k.isCSRFBlock(t,i,a)&&(c\|=n.CSRFBlock),k.isBdmsBlock(a)&&(c\|=n.BdmsBlock),(k.isVerifyCenterBlock(a)\|\|x.isVerifyCenterBlock(a))&&(c\|=n.VerifyCenterBlock),c}catch(t){return(0,o.jsErrorReport)(t),n.NoBlock}},e.pendingMap=e.loadingMap=void 0;var n=r(360),o=r(1658);function i(t){return i="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.cons

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	935
Entropy (8bit):	5.154013272125973
Encrypted:	false
SSDEEP:
MD5:	A88A5469C7066588846698CF1147CB8E
SHA1:	567B8D95B2E56E3D4799AF77333C5E5907BEE37C
SHA-256:	BCC2D5131CE95865F3C975AE1E8BFEFBD78FAC6ED4A676D21B065535F5B00B02
SHA-512:	BFE8D5FBBA29ED9DABBFFF6E53BE4D700510E0DDEC8505CCE35A3E49F514AA8755BAB93985EE847BDACBB0D54DD0C91A1682A3BF5A6AD94CA87F72965274DA3D
Malicious:	false
Reputation:	unknown
URL:	"https://verify.snssdk.com/captcha/get?aid=6383&lang=zh&subtype=slide&detail=8vMaPxt2LLW4weFijO9fqZCpCeGi58tC7U0tZ-XDwgyr5v0a6w-iPUJt2sC7orkyRdlrgKIyME8lVH65diKCR5Fxo7qd-sDExobvqshZNFUCJS4Klb32CIFXNeaqDNcEzxfWgMYuC2DPaePhdANJ0hHhUe2A1XVNX1jGA3mHBLF8TbClJZEfrBTP6hRNIA6biUnSEeEVgILOg2u4wKyyTDaipkP3Kryyfl1CquJSqm-NJ5L7PFZjarKRoAl9w9UB7sxLkx4HntsY8up6USbhsaDz1N0O6MDd-4VWH00TBdEBkzKYUCRP8P8qeaR7nER3j4bh6RS-6kmhlm3am-haLdbLE4JDq2liT5lHGwphnzbnnQxvSk3enuuRfCtn5t0Quh9jhteQr-1KOJFavsjwNvE9DtIRRPruusX9LKYOEVdLHodOoUowL51xkCFoayY0I6VZHs45e6omc0W8C0Mx8AxfPamFkUyIC2dyKMxHrSYHujjz8M93EUV9CkQOGa0.&server_sdk_env={%22idc%22:%22lf%22,%22region%22:%22CN%22,%22server_type%22:%22whale%22}&mode=slide&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&h5_check_version=3.5.2&os_name=windows&platform=pc&os_type=2&h5_sdk_version=3.5.62&webdriver=false&tmp=1721845754621"
Preview:	{"code":200,"data":{"challenge_code":99999,"codifica":"true","cyfreso":44,"host":"","id":"51af9a71aeea92a3cdc04ced379ae77fb43e56bb","mode":"slide","question":{"url1":"https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a8c13f468f684a28b2b480ce520dabed~tplv-188rlo5p4y-2.jpeg","url2":"https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/b9ef38b8ace047a8a1acdebb4e0c8fe8~tplv-188rlo5p4y-1.png","backup_url1":["https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a8c13f468f684a28b2b480ce520dabed~tplv-188rlo5p4y-2.jpeg","https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a8c13f468f684a28b2b480ce520dabed~tplv-188rlo5p4y-2.jpeg"],"backup_url2":["https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/b9ef38b8ace047a8a1acdebb4e0c8fe8~tplv-188rlo5p4y-1.png","https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/b9ef38b8ace047a8a1acdebb4e0c8fe8~tplv-188rlo5p4y-1.png"],"tip_y":43,"obfuscation":""},"region":"","version":2},"message":"...."}

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	2.133982464837534
Encrypted:	false
SSDEEP:
MD5:	F8311DB859D25E29264E23DB6FEA5663
SHA1:	5E8172FC205457F01A291E044DC8A25C77ECE7EB
SHA-256:	E67348E3AB54FA207E1CE4BE78E8399D1B73A794D819A17D8656EA2B17A1109D
SHA-512:	2B2907D45FB96C3E312A1E074B7366FE671244E76E46D12493E2C35F6E31D1D8361360A154BE7B6BE046028CA949800E180E96B1E136FB7FB83C1F6662183BB5
Malicious:	false
Reputation:	unknown
URL:	https://lf1-cdn-tos.bytegoofy.com/goofy/ies/douyin_web/public/favicon.ico
Preview:	...... .... .........(... ...@..... ................................ ................................................................................................................... ....... ........................................................................................................................... ...................................................... ... ........................................................................................................... .2...F...P...P...P...K...-..... .........................................................................................9 p........................\|@..P...P...#.p........................................................................................................................f ..P...(.............................................................................@.............................................f ..P....._.................................................................im....................

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	5.199586041339684
Encrypted:	false
SSDEEP:
MD5:	6F2219FF0C8E27066F29C41FC0832674
SHA1:	AA6713DB21F5DF2A75E11C8AB24FEB0E092CF4BF
SHA-256:	AA9E92C804837EE9D0B6D3F1FC4452CC4CCEBDCF4582CC9A7AEEE4415E51ABB0
SHA-512:	DC79DAD2966C6925DBC408CCA89636C3F54139522D43050D21A1B13362AAF5249CC6DF49861D10C4FE33DBEF90745F6F135637BC261CDE7DA2ABC688185EE5DF
Malicious:	false
Reputation:	unknown
Preview:	{"code":200,"data":{"challenge_code":99999,"codifica":"true","cyfreso":52,"host":"","id":"5b7906defde2282f2cbf6c1d97c3148c1102b672","mode":"slide","question":{"url1":"https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/f124c9db011340c299dd91b16bbe8378~tplv-188rlo5p4y-2.jpeg","url2":"https://p6-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a6ce3c432b604163aa4a0bd3aa318d93~tplv-188rlo5p4y-1.png","backup_url1":["https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/f124c9db011340c299dd91b16bbe8378~tplv-188rlo5p4y-2.jpeg","https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/f124c9db011340c299dd91b16bbe8378~tplv-188rlo5p4y-2.jpeg"],"backup_url2":["https://p3-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a6ce3c432b604163aa4a0bd3aa318d93~tplv-188rlo5p4y-1.png","https://p9-catpcha.byteimg.com/tos-cn-i-188rlo5p4y/a6ce3c432b604163aa4a0bd3aa318d93~tplv-188rlo5p4y-1.png"],"tip_y":69,"obfuscation":""},"region":"","version":2},"message":"...."}

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.831093122497559
Encrypted:	false
SSDEEP:
MD5:	1E97BB505831BE54C2BFA55EA1E50BB4
SHA1:	A9AC1B7FB580C2FB532E475D43AD28BF346BFBB7
SHA-256:	3FFD235B446D365A917A805B3D7D1751756B5030DB513608B2937D9C8120768F
SHA-512:	4F1BB08780A3F9161D5BAAE8AB11F31A5EF0475A438F1FE8801014758BDA9575C5DF480206C72F52CC07B037B6B24ABB3861F86DD171AE2698209F33B9173ADF
Malicious:	false
Reputation:	unknown
Preview:	{"code":504,"data":null,"message":"....[5013]"}

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	669
Entropy (8bit):	5.747341906836942
Encrypted:	false
SSDEEP:
MD5:	42AEF12DEC617F58A2261FE196954BE8
SHA1:	6495481718AD1D00E28FA2D9EF9CF3CB970E7709
SHA-256:	A476054D8528034DE8F1539F60070A5CCE0871434DE217E4D94991F3CF518377
SHA-512:	8BF880484934E901B34069243E391B8B39A38F261AF667219EE4B0A6E844197E0E8472D6CF271BF9F553C2385C39132A8EEA9A8F5BBB4737AF8CCB30AC4CB58A
Malicious:	false
Reputation:	unknown
Preview:	{"code":200,"data":{"challenge_code":99997,"codifica":"true","cyfreso":65,"host":"","id":"001e480f4c9e956f43bc0abd35fba2c480c44e45","mode":"3d","question":{"url1":"https://lf6-captcha-sign.bytetos.com/captcha-dl-chn/3d_2385_032a2691b449b17be1fd1dce377723d3c06af51d_1.jpg?lk3s=e1df38e3\u0026x-expires=1721846447\u0026x-signature=FFG5LPxUi4zCcZXjC4okaOpz1co%3D","backup_url1":["https://lf3-captcha-sign.bytetos.com/captcha-dl-chn/3d_2385_032a2691b449b17be1fd1dce377723d3c06af51d_1.jpg?lk3s=e1df38e3\u0026x-expires=1721846447\u0026x-signature=ApRGx8FnK2vhMf5vydfTSj%2Bfu8w%3D"],"ques":"..........."},"region":"","version":2},"message":"...."}

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1251
Entropy (8bit):	4.621582038203329
Encrypted:	false
SSDEEP:
MD5:	91A40D3AF4ECC02A5EC86758F9D62AAA
SHA1:	EBF94941FA64E1B3B16E5C90D99D932531F8C0E6
SHA-256:	2F9D89ACBF403777FA3E54BC0430D14895CB3319D91A3D971DD4AA74416FC074
SHA-512:	E119431BD779F0802369F49430265CB3A5861DB2CB98B4F6AD4073267846FEFC8E60003A0B523E36944FFDF90B8057C38C0ACCE35E004CD7418B67906D759D19
Malicious:	false
Reputation:	unknown
Preview:	{"data":{"sample":{"sample_rate":1,"include_users":[],"sample_granularity":"session","rules":[{"name":"js_error","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"http","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"performance","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"resource_error","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"resource","enable":true,"sample_rate":0.1,"conditional_sample_rules":[]},{"name":"custom","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"performance_timing","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"performance_longtask","enable":true,"sample_rate":0.01,"conditional_sample_rules":[]},{"name":"pageview","enable":true,"sample_rate":1,"conditional_sample_rules":[]},{"name":"action","enable":true,"sample_rate":0.01,"conditional_sample_rules":[]},{"name":"blank_screen","enable":true,"sample_rate":1,"conditional_sample_ru

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2278)
Category:	downloaded
Size (bytes):	212006
Entropy (8bit):	5.567116560632287
Encrypted:	false
SSDEEP:
MD5:	5315C140F5D329D58DD6FE87A6CA58CE
SHA1:	822A1F5DF575B475247F83F2C754E2BF0EABEA07
SHA-256:	DD5E91A6286C429A4E7E6876A3EAA8A8C285177CA7C62B28AF6B010E45F5E561
SHA-512:	2442CBA610171F6026F575A3FF15D37E89669A973106FDF88365C015C042FE44460EE99E2E565E6326FA56C4BA9B7299DD2E642AAF56D313183FA00BD656B8FD
Malicious:	false
Reputation:	unknown
URL:	https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US._GGYkBQFFJA.O/am=AIA/d=1/exm=el_conf/ed=1/rs=AN8SPfq2fa0ciD1uiYXqbaEOZbIwOEcBnQ/m=el_main
Preview:	"use strict";this.default_tr=this.default_tr\|\|{};(function(_){var window=this;.try{.var Vh,Wh,Xh,ei,pi,qi,ri,si,wi,vi,ai;Vh=function(a){return _.Wa?_.Xa?_.Xa.brands.some(function(b){return(b=b.brand)&&b.indexOf(a)!=-1}):!1:!1};Wh=function(){return _.v("Firefox")\|\|_.v("FxiOS")};Xh=function(){return _.Ya()?Vh("Chromium"):(_.v("Chrome")\|\|_.v("CriOS"))&&!(_.Ya()?0:_.v("Edge"))\|\|_.v("Silk")};._.Yh=function(){return _.v("Safari")&&!(Xh()\|\|(_.Ya()?0:_.v("Coast"))\|\|_.Za()\|\|(_.Ya()?0:_.v("Edge"))\|\|(_.Ya()?Vh("Microsoft Edge"):_.v("Edg/"))\|\|(_.Ya()?Vh("Opera"):_.v("OPR"))\|\|Wh()\|\|_.v("Silk")\|\|_.v("Android"))};_.Zh=function(){return _.v("Android")&&!(Xh()\|\|Wh()\|\|_.Za()\|\|_.v("Silk"))};_.$h=function(a){if(a instanceof _.jc)return a.g;throw Error("C");};_.bi=function(a){if(ai.test(a))return a};_.ci=function(a){return a instanceof _.jc?_.$h(a):_.bi(a)};_.di=function(a){return Array.prototype.slice.call(a)};.ei=function(a){return typeof Symbol==="function"&&typeof Symbol()==="symbol"?Symbol():a};_.gi=f

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65521), with no line terminators
Category:	dropped
Size (bytes):	552856
Entropy (8bit):	5.812745286930468
Encrypted:	false
SSDEEP:
MD5:	E9A5704E1D4D059213A552C4EB662C86
SHA1:	5B0A84204A933B7EDE0E64876A656A2889D6FCEA
SHA-256:	F328F541E6CC44E6035CFA1DE4CE2B276C972E64E1F5B482C90D322BE0342871
SHA-512:	EE526D7639167234C9C70520A9ACCB85F7B0355FCC4060D1A91FDD2F871633FC46C175189C555A4313132C88DBC3E45C650D6E7006C939380CC45F9BCC972757
Malicious:	false
Reputation:	unknown
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).bdCaptcha={})}(this,(function(e){"use strict";function t(e,t){(null==t\|\|t>e.length)&&(t=e.length);for(var n=0,r=Array(t);n<t;n++){r[n]=e[n]}return r}function n(e){if(void 0===e){throw new ReferenceError("this hasn't been initialised - super() hasn't been called")}return e}function r(e,t){if(!(e instanceof t)){throw new TypeError("Cannot call a class as a function")}}function c(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,p(r.key),r)}}function a(e,t,n){return t&&c(e.prototype,t),n&&c(e,n),Object.defineProperty(e,"prototype",{writable:!1}),e}function i(e,t){var n="undefined"!=typeof Symbol&&e[Symbol.iterator]\|\|e["@@iterator"];if(!n){if(Array.isArray(e)\|\|(n=g(e))\|\|t&&e&&"number"==typeof e.length){n&

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	64
Entropy (8bit):	4.492897276113269
Encrypted:	false
SSDEEP:
MD5:	C0DDB93C144B94DA946DC9F727D05538
SHA1:	517BA8265D63543D2F4F2D3E2247A9A9CEE79E9D
SHA-256:	4760B35732ACF6B7C363E144C5FD126EAFEE7315885510FEAF23B0D53938D33F
SHA-512:	FE7BBEF81355A517C2124C01EBA6CB7460E36F0E608849E37721C23B53FE1C9349CBE949016BCD2CABF97629AAB127CC6318B5EC4F6ED87BDB2982580843AD73
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSLAn9uqUg1dGU6RIFDRVQj_4SBQ1a3e0uEgUNUopJoxIFDUC-9V0SBQ1AWQ9b?alt=proto
Preview:	Ci0KBw0VUI/+GgAKBw1a3e0uGgAKBw1SikmjGgAKBw1AvvVdGgAKBw1AWQ9bGgA=

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	646
Entropy (8bit):	5.901466150562437
Encrypted:	false
SSDEEP:
MD5:	97F5DA78699B1014AF8D057B98FCC514
SHA1:	6A9D7F644CDEE27D84F654A975DCBB1D7BE8BD5B
SHA-256:	C944A108550B5D2E05F0DD3C066AF89A2AB918F88F615ADFC49261E280E53575
SHA-512:	60A49DAD25B1BA1557FC40F7ECFF205938B92855E9AEB1D42AD1AA930146E4BE6FEA3CDFE775C1E820D7C26A6FB7595F3C34D70DF15657F5EED3629C9DF75CA9
Malicious:	false
Reputation:	unknown
URL:	https://verify.snssdk.com/captcha/i18n?aid=6383&lang=zh&fp=verify_lz06hz3e_P6M9ffbR_X810_4bVJ_9elx_mhCwprabz9aS&h5_check_version=3.5.2&os_name=windows&platform=pc&os_type=2&h5_sdk_version=3.5.62&webdriver=false&tmp=1721845754575
Preview:	{"code":200,"data":{"H5_VerifyTips_11":"...........","H5_VerifyTips_12":"............","H5_VerifyTips_13":"......","H5_VerifyTips_14":"......","confirm":"..","img_error":"............","loading":"...","net_error":"..........","refresh":"..","slide_prompt":"..............","slide_prompt_whirl":"...........\t","slide_tip":"..........","text_title_1":"......","text_title_whirl":".........\t"},"message":"...."}

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://v.douyin.com/iLTjJWsj/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 119

Chrome Cache Entry: 121

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 135

Chrome Cache Entry: 138

Chrome Cache Entry: 140

Chrome Cache Entry: 143

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Windows Analysis Report
https://v.douyin.com/iLTjJWsj/