Edit tour

Windows Analysis Report
https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf

Overview

General Information

Sample URL:	https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf
Analysis ID:	1541962

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 1864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,17485728752003867175,6128383347816120878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	HTTP Parser: No favicon
Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	HTTP Parser: No favicon
Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49811 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: ljptn9jl729v.jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: accounts-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: login-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lf-scm-jp.larksuitecdn.com
Source: global traffic	DNS traffic detected: DNS query: mcs-bd-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: internal-api-lark-api-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: sf16-scmcdn2-va.larksuitecdn.com
Source: global traffic	DNS traffic detected: DNS query: internal-api-security-jp.larksuite.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49811 version: TLS 1.2

Source: classification engine

Classification label: sus20.win@17/26@30/171

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,17485728752003867175,6128383347816120878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,17485728752003867175,6128383347816120878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf

LLM: Page contains button: 'Submit' Source: '2.1.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.164	true	false	unknown
internal-api-lark-api-jp.larksuite.com	unknown	unknown	false	unknown
internal-api-security-jp.larksuite.com	unknown	unknown	false	unknown
ljptn9jl729v.jp.larksuite.com	unknown	unknown	false	unknown
accounts-jp.larksuite.com	unknown	unknown	false	unknown
lf-scm-jp.larksuitecdn.com	unknown	unknown	false	unknown
sf16-scmcdn2-va.larksuitecdn.com	unknown	unknown	false	unknown
mcs-bd-jp.larksuite.com	unknown	unknown	false	unknown
login-jp.larksuite.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
2.18.64.5	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
2.16.168.8	unknown	European Union	20940	AKAMAI-ASN1EU	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
2.18.64.20	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
2.18.64.12	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
2.18.64.22	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
2.16.168.5	unknown	European Union	20940	AKAMAI-ASN1EU	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
2.16.238.149	unknown	European Union	20940	AKAMAI-ASN1EU	false
95.101.54.145	unknown	European Union	34164	AKAMAI-LONGB	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541962
Start date and time:	2024-10-25 11:27:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@17/26@30/171

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 216.58.206.46, 142.250.110.84, 2.18.64.12, 2.18.64.5, 34.104.35.123, 2.18.64.22, 2.18.64.20
Excluded domains from analysis (whitelisted): accounts-jp.larksuite.com.edgekey.net, clients2.google.com, accounts.google.com, wildcard.jp.larksuite.com.edgekey.net, edgedl.me.gvt1.com, e163554.a.akamaiedge.net, clientservices.googleapis.com, e31084.a.akamaiedge.net, clients.l.google.com, login-jp.larksuite.com.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf

LLM Input / Output

Input	Output
URL: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "See below", "prominent_button_name": "Submit", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf Model: claude-3-haiku-20240307	```json { "brands": [ "Pertemps Network Group" ] }
	```json { "brands": [ "Pertemps Network Group" ] }
URL: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Copy or Click to Continue the process", "prominent_button_name": "Submit", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9908103661221848
Encrypted:	false
SSDEEP:
MD5:	F2351D13EF34B15CA434441A7DF8D89F
SHA1:	376B02EF209B06E4E56EEAEA77CC4FE9CF7AA371
SHA-256:	7F1A16CE1B6CC9C069EF7B11E94312C5F8A881878EF71D0709B9E12C01C342CA
SHA-512:	E6DA018785391CC87EEBE196689D8445681296A5A068B7063933E52E82D574171562225EF3C106DB99AE0091470B5F368189B7A1B37FA2401C863D96AEDD6573
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....;..&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IYYrK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYzK....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VYYzK....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VYYzK...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VYY{K...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.006054060483916
Encrypted:	false
SSDEEP:
MD5:	EACE58FEBAE9EAB0A1F542D04C44454F
SHA1:	81F01FC7D4425E07D3F4185D363083DBE8112EB1
SHA-256:	A9D1922EC863790CA05EA536DD071CD3A9032B7CF1F867EACE30CBC0CE5A6A2E
SHA-512:	BD6DFCD73464CE1C28EAEF0289ED27AC10725064AEF0E89ED388A5897DB267DA12A66458B4E297737476B1AD52C4DA61F69F6838C5650A5DB66FA4324930D37A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y..&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IYYrK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYzK....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VYYzK....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VYYzK...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VYY{K...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.014505514994239
Encrypted:	false
SSDEEP:
MD5:	FAB60F1B7DEE9A4A97860D32AFDEEE5B
SHA1:	FE228ABDEF019A06F08E4A56178F4FF491B79329
SHA-256:	6CD337A94EFDD81370B0C8A4160492581D2B5CADD77816ACB85D7E525B78BDAA
SHA-512:	C27C63DC573244E806282899FC6FD89B16281789E4153616DB7A0505FA722ACF1BD51E9B1EFB024B638B564EE1138FE904241BADA47DC1F6667D64DFC0E89B70
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IYYrK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYzK....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VYYzK....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VYYzK...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.003881522062172
Encrypted:	false
SSDEEP:
MD5:	24BEFEB5E684480F622DFAA256C04944
SHA1:	9E3620CCC29E6622CEB0A04AF8586870209D187C
SHA-256:	CA1F752EB88BFF38D6BDE29EDE60CF337D9EEF65AA5721F482E6E88C0CCE271E
SHA-512:	5F59586D615A9BEB3FEC797E17CFA3DB91533221AA73862790FBE2E0EA78579B4FDFA0E7B0E5774D2A4C8BA6A407696926EA185100AFD3FB99DE1BCBFF99E63C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IYYrK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYzK....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VYYzK....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VYYzK...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VYY{K...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9949203233372477
Encrypted:	false
SSDEEP:
MD5:	ADCEC248C18C64B60673E1412C3BEF4F
SHA1:	74058B63CAE3312045F6CF01C6FE8B5CE613515C
SHA-256:	8B7867355C071F42492F089FF476A4FED9A30F52018B0F422C67B6AD4EBE90F4
SHA-512:	35780D186D53E8524C923C975CA854C373BECCBE294B199E89D67BEB30FC3EA335652AC4072C7D7938283640CCAC3A4CFB180D82F8700176D2179EE0346C06C3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....&...&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IYYrK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYzK....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VYYzK....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VYYzK...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VYY{K...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.002133812390201
Encrypted:	false
SSDEEP:
MD5:	563CB56BC76162328A6720073E4B25D2
SHA1:	C16E5A574BC02C408E2FC71DD79ADE2083B9C661
SHA-256:	3594B28ED136C242856D1F6A958FA10FC6DBBA5DE0289C2CBD706E303A47BF8D
SHA-512:	BA2A8524A9D58B4DF7A1E7A2F654CDEBF4AB1408FAF0173973DCCDD7BD53CF3ED2254F2E9E0A1F5CE3161D8581F6D5BD022AFDCE5F5A78B2B4CDABCFD4DE30D4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....J..&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IYYrK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYzK....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VYYzK....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VYYzK...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VYY{K...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6411), with no line terminators
Category:	dropped
Size (bytes):	6411
Entropy (8bit):	5.330891364939937
Encrypted:	false
SSDEEP:
MD5:	FA1A1E28E9BC963CC0004ED2D639806C
SHA1:	EA8F97527919761B56FEA9AC07B87AA7F12E3EB1
SHA-256:	4F1262046569D4C259ED81D97B9AA467D00E7AACD75F46B1B180E08BBB8FA5E3
SHA-512:	C4D5AFCE6E30E3299E403D07D6ECCC0AED590E6C6E7449C5A6946A310B7ECECA6FCA31B1599D021A561653727CB7BEF437E305506E915DA1BFE085EFBA2EB7F2
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[2282],{60118:function(e,t,n){n.r(t),n.d(t,{default:function(){return T}});var r=n(19264),i=n(4175),a=n(73455),o=n(12064),s=n(22462),c=n(3020),l=n(95975),u=n(28957),d=n(65235),f=n(97361);function p(e){return d.createElement("svg",(0,u.Z)({width:"1em",height:"1em",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg"},e),d.createElement("path",{d:"m20.385 16.914.707-.707a1 1 0 0 0 0-1.414l-7.778-7.778a2 2 0 0 0-2.829 0l-7.778 7.778a1 1 0 0 0 0 1.414l.707.707a1 1 0 0 0 1.414 0l7.071-7.07 7.071 7.07a1 1 0 0 0 1.415 0Z",fill:"currentColor"}))}var m=d.forwardRef((function(e,t){return d.createElement(f.Z,(0,u.Z)({icon:p},e,{ref:t,svgProps:{"data-icon":"UpBoldOutlined"}}))})),h=n(89747),v=n(84875),E=n.n(v),x=n(87425),b=n(64471),y=n(25413),g=n(61456),k=n(28146);function N(e){var t=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3632), with no line terminators
Category:	dropped
Size (bytes):	3632
Entropy (8bit):	5.233753633364369
Encrypted:	false
SSDEEP:
MD5:	69ECCA6533A22616AA36FBB4AFB5B890
SHA1:	E1A2D8C56DC16F4F39894BE45DBD3DAC81E9255A
SHA-256:	E66998144EF10F086C31D57AE2C5A3863191E842F42D2242156CC906FF52E697
SHA-512:	77A3EEF70797810AC24140833EECE247A09ED5CEA3609F2B3E930D5C06CBF321FDAA315FB57A0F77E4027C66E4324199F44C0EA31060A170814AB28796C2D9E9
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[6839],{60938:function(n,t,r){var o=r(56511),e=r(52332);function i(n,t){this.__wrapped__=n,this.__actions__=[],this.__chain__=!!t,this.__index__=0,this.__values__=void 0}i.prototype=(0,o.Z)(e.Z.prototype),i.prototype.constructor=i,t.Z=i},27441:function(n,t,r){var o=r(91412),e=r(97463),i=r(30287),u=r(28019),_=r(5467),a=r(20465),c=Math.min;t.Z=function(n,t,r){for(var f=r?i.Z:e.Z,Z=n[0].length,v=n.length,p=v,s=Array(v),h=1/0,l=[];p--;){var d=n[p];p&&t&&(d=(0,u.Z)(d,(0,_.Z)(t))),h=c(d.length,h),s[p]=!r&&(t\|\|Z>=120&&d.length>=120)?new o.Z(p&&d):void 0}d=n[0];var y=-1,w=s[0];n:for(;++y<Z&&l.length<h;){var g=d[y],b=t?t(g):g;if(g=r\|\|0!==g?g:0,!(w?(0,a.Z)(w,b):f(l,b,r))){for(p=v;--p;){var m=s[p];if(!(m?(0,a.Z)(m,b):f(n[p],b,r)))continue n}w&&w.push(b),l.push(g)}}return l}},52332:function(n,t){t.Z=function(){}},51135:function(n,t,r){var o=r(31679),e=r(49634);t.Z=function(n,t){var r=-1,i=(0,e.Z)(n)?Ar

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (48791), with no line terminators
Category:	downloaded
Size (bytes):	49327
Entropy (8bit):	5.153543561660224
Encrypted:	false
SSDEEP:
MD5:	4651333CBA1A2E824551B1CDE4C2599F
SHA1:	38C4175058887537E8CC4D03A9DC16218B0ABADD
SHA-256:	57C6C1BF0F0958BD95CD47FFDE3CF2403D096C7EDC1E50DBEDD2FCB1B6C97471
SHA-512:	5D70330F0E081BD2F128603ED20287706E2CB3D3BD7D89FCA25B0146CBF3E3EC2A076B6EDF34C57DBFB1198C6B9A2BC4E0B90D3DBAFFB3D8992B1262CDE77231
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/editor_base.74b04518da805e6f784f.js
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[978],{8791:function(a,i,t){t.r(i),t.d(i,{default:function(){return O}});var e=t(67017),n=t.n(e),r=t(74561),o=t(35067),s=t(19264),x=t(4175),k=t(73455),c=t(12064),l=t(22462),m=t(54834),p=t(50279),d=t(15943),u=t(35357),h=t(65235),f=t(79616),y=t(17801),b=t(84875),v=t.n(b),E=t(95975),B=t(20938),V=t(66162),D=t(71180),A=t(8038),G=t(4185),_=t(25585),g=t(3020),S=t(28146),F={doc:S("common.unnamed_document"),sheet:S("common.unnamed_sheet"),slide:S("common.unnamed_slide"),wiki:S("common.unnamed_wiki"),bitable:S("common.unnamed_bitable"),mindnote:S("common.unnamed_mindnote"),bitable_ind:S("common.unnamed_bitable")};function w(a,i){return R.apply(this,arguments)}function R(){return(R=(0,o.Z)(n().mark((function a(i,t){var e,r,o,s,x,k,c,l,m,p;return n().wrap((function(a){for(;;)switch(a.prev=a.next){case 0:if(e=(0,A.YM)(i,!0)\|\|{},r=e.type,o=e.token,s=e.suiteTypeNum,x=e.mentionTypeNum,r&&o&&!(0,D.Z)(s)&&!(

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1159247
Entropy (8bit):	5.45919668114593
Encrypted:	false
SSDEEP:
MD5:	D9C7C87AFFB5236296623D19F199D236
SHA1:	83D40D47D56DB09CD3ABE00A2D0E1ABEA512F2F2
SHA-256:	029F43E935D0FBC632AD8226A4F01FFA57DA08F1EE87AFFBFE016E08C1EF61C6
SHA-512:	2FEDC23FE586D220DBAA897E64851A36104812BBDC0195A162F9E92ABDCA9A21A052A24E2108C6E9C39DB4EF793F3C2BE0F2FAB5344C6CDF33566DC990BD3553
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/css/form_share.a4d67b21d68ac47c0ec0.css
Preview:	@font-face{font-family:LarkEmojiFont;src:local("Apple Color Emoji"),local("Noto Color Emoji");unicode-range:U+1f21a,U+1f250,U+1f237}{text-rendering:optimizeLegibility}::-moz-selection{background:rgba(var(--primary-fill-default-raw),.34)}::selection{background:rgba(var(--primary-fill-default-raw),.34)}body,html{position:relative}body{font-family:LarkEmojiFont,-apple-system,BlinkMacSystemFont,Helvetica Neue,Tahoma,PingFang SC,Microsoft Yahei,Arial,Hiragino Sans GB,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;color:var(--text-title)!important}body#ja-JP{font-family:"\30D2\30E9\30AE\30CE\89D2\30B4 Pro W3",Hiragino Kaku Gothic Pro,"\6E38\30B4\30B7\30C3\30AF\4F53",Noto Sans Japanese,Hiragino Sans GB,Yu Gothic,Microsoft Jhenghei UI,Microsoft Yahei UI,"\FF2D\FF33 \FF30\30B4\30B7\30C3\30AF",Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body#ja-JP,body#ja-JP {text-rendering:auto}body#zh-CN{font-family:LarkEmojiFont,LarkCh

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21009), with no line terminators
Category:	downloaded
Size (bytes):	21009
Entropy (8bit):	5.5587716617328535
Encrypted:	false
SSDEEP:
MD5:	A1F877E0AE6AE4DF75C3F46B66B648E2
SHA1:	CCEF075754E9BB6FEA9838275E8DC43B19E124A0
SHA-256:	98796AE57F58C58E56E73F44A6EED398348811A8C46967D419D5A531F2718772
SHA-512:	C12FBB7FCEE43C65DF5C937DF9B66921322695BC9BC288557EDC2BEE5EDBF8D48A65DB381F6DB7388D3A73E11C651C3673029CE2AF98026BA2F782C5155A8406
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/2455.bfb8411331674724fe32.js
Preview:	(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[2455],{31688:function(t,e,r){var n=r(45478);function o(t){this.mode=n.MODE_8BIT_BYTE,this.data=t}o.prototype={getLength:function(t){return this.data.length},write:function(t){for(var e=0;e<this.data.length;e++)t.put(this.data.charCodeAt(e),8)}},t.exports=o},77572:function(t){function e(){this.buffer=new Array,this.length=0}e.prototype={get:function(t){var e=Math.floor(t/8);return 1==(this.buffer[e]>>>7-t%8&1)},put:function(t,e){for(var r=0;r<e;r++)this.putBit(1==(t>>>e-r-1&1))},getLengthInBits:function(){return this.length},putBit:function(t){var e=Math.floor(this.length/8);this.buffer.length<=e&&this.buffer.push(0),t&&(this.buffer[e]\|=128>>>this.length%8),this.length++}},t.exports=e},12538:function(t){t.exports={L:1,M:0,Q:3,H:2}},14382:function(t,e,r){var n=r(4897);function o(t,e){if(null==t.length)throw new Error(t.length+"/"+e);for(var r=0;r<t.length&&0==t[r];)r++;this.num=new Array(t.length-r+e);fo

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65337), with no line terminators
Category:	downloaded
Size (bytes):	131135
Entropy (8bit):	5.409334722468996
Encrypted:	false
SSDEEP:
MD5:	746837165A403C547B2354F89B6F7CEB
SHA1:	F8B7AE13B03DF17FF9E04734CA21D22B3E71F657
SHA-256:	9F31F34A67AF7B7A8B56471C6E6E547273B16EEA9DD91E351D9F3C93FDE0E651
SHA-512:	86775F4D135DC306E5D9E07CAB1020482800CD69E015BBFE9B9BB3A35092F7834384C15F7A5B0B64ED41AD045CE4DA95388C440AF4AD0EA04301DD44123C4386
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/watermarkNew.0b198bce30f183655995.js
Preview:	(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[4844],{86177:function(t,e,n){"use strict";n.r(e),n.d(e,{CanvasWM:function(){return fr},ClearWatermark:function(){return gr},Env:function(){return Le},HiddenWatermark:function(){return yr},ImgSizeOption:function(){return mr},LarkClearWatermark:function(){return Ea},LarkHiddenWatermark:function(){return Ma},LocaleName:function(){return Ae},NewCanvasWM:function(){return pr},NewSvgWM:function(){return rr},SingleWatermarkCanvas:function(){return ma},WatermarkType:function(){return dr},bizConfig:function(){return ln},createWatermark:function(){return wa},formatWatermarkDate:function(){return nr},getClearWatermarkStyle:function(){return cr},getHiddenWatermarkStyle:function(){return ur},renderClearWatermark:function(){return ga},renderClearWatermarkOnly:function(){return Sa},renderHiddenWatermark:function(){return ya},renderPCWatermark:function(){return ba},renderWatermark:function(){return _a},service:functio

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7897), with no line terminators
Category:	downloaded
Size (bytes):	7897
Entropy (8bit):	4.945390727797836
Encrypted:	false
SSDEEP:
MD5:	96171CA3E8314E6DDD868C5F90E06825
SHA1:	34441D88583D2A57DEA46F34E0C39050AA0D2BD6
SHA-256:	4358CFA90FAEF2A791F7AE34A2CDA2C8AD4B4F33E261E1B0CB14EE0CC5D2D78A
SHA-512:	3C47D065835BB4BE7304F7BA0AB3209C08D2288A28F7DD56D4E628F40E24A8ACD57512B35A42F312BB7DDB3ED1DBB2700CEBECCFFC0874158239F9F3FBFE3DE2
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/css/form_share_panel.4beaccca4df4bb66eb97.css
Preview:	.base-form-mobile-action-panel{padding:0 16px}.base-form-mobile-action-panel-title{line-height:20px;padding:12px 16px 8px 0;color:var(--text-caption)}.base-form-mobile-action-panel-group{display:grid;grid-template-columns:repeat(auto-fill,52px);-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;gap:12px}.base-form-mobile-action-panel-item{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.base-form-mobile-action-panel-item-btn{width:52px;height:52px;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;border-radius:12px;background:var(--bg-float);border:1px solid var(--bg-float)}.base-form-mobile-action-panel-item-btn .universe-icon{font-size:24px}.base-form-mobile-action-panel-item-title{font-size:12px;margin-top:8px;text

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1354479
Entropy (8bit):	5.3788750713604045
Encrypted:	false
SSDEEP:
MD5:	4457546897C348974717EDB70D0EEF24
SHA1:	82994AE579393912BFD24518EB15BB929FCA7894
SHA-256:	A42AE9D159FADF566D8A2DAF88E73FA61D71B59B5CFC075B4E8CC671394B4B52
SHA-512:	88AD2E405A29EB7979C5BFDAAE2EB85457790C250656628DF2D40B35D30F2426D73F02669EB337EFD7769073FA4969E90B003E320B0C90DA0C16D1EB9892BD21
Malicious:	false
Reputation:	unknown
Preview:	(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[5357],{35357:function(e,t,n){"use strict";n.d(t,{uZ:function(){return bb},uN:function(){return lg},PG:function(){return sy},rp:function(){return ng},au:function(){return cg},Sy:function(){return hb},rQ:function(){return mb},If:function(){return sg}});var r=n(65235),i=n(29108),o=n(98341),a=n(28019),s=n(49084),l=n(90691),c=n(51135);var u=function(e,t){var n=e.length;for(e.sort(t);n--;)e[n]=e[n].value;return e},d=n(5467),f=n(98111);var h=function(e,t){if(e!==t){var n=void 0!==e,r=null===e,i=e==e,o=(0,f.Z)(e),a=void 0!==t,s=null===t,l=t==t,c=(0,f.Z)(t);if(!s&&!c&&!o&&e>t\|\|o&&a&&l&&!s&&!c\|\|r&&a&&l\|\|!n&&l\|\|!i)return 1;if(!r&&!o&&!c&&e<t\|\|c&&n&&i&&!r&&!o\|\|s&&n&&i\|\|!a&&i\|\|!l)return-1}return 0};var p=function(e,t,n){for(var r=-1,i=e.criteria,o=t.criteria,a=i.length,s=n.length;++r<a;){var l=h(i[r],o[r]);if(l)return r>=s?l:l*("desc"==n[r]?-1:1)}return e.index-t.index},g=n(76402),v=n(56052);var m=function(e,t,n){t

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11045), with no line terminators
Category:	downloaded
Size (bytes):	11151
Entropy (8bit):	5.7975714562778
Encrypted:	false
SSDEEP:
MD5:	913E965F9386FC3FF5EBF79D01ACC041
SHA1:	1C2A960279C3B6E4C68F0D848B4258BF95FEEE1F
SHA-256:	4AF7517F3E20C780713948EBB62C78CEDC3688DCE9B57D1204AB6C5032292D21
SHA-512:	A9831A65497B72A7BB018C1E7F4699D87F88937C570EE7DBFAF9695504337E116EECAEE3928F77CFF0A603803928D8B16D3AF44E3CE1250F5B1AF2178A22F2AB
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/8038.4fba5078f0cdfddbf381.js
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[8038],{10315:function(e,t,n){n.d(t,{r:function(){return c}});var i=n(71961),r=n(29400),o=n(54029);class s{constructor(e,t=!0){this.tracker=null,this.pendingEvents=[],this.initialized=!1,this.config=e,t&&this.initTeaSDK()}static getComponentBizTea(){const e=(0,i.Y)("tea"),t=(0,o.Z)(e,"config.appId.doc"),n=(0,o.Z)(e,"config.channel_domain"),r=null===window\|\|void 0===window?void 0:window.User;return t&&n&&(null==r?void 0:r.suid)&&(null==r?void 0:r.tenantId)?new s({instanceName:"gpf-component-biz",appId:t,channelDomain:n,userId:r.suid,tenantId:r.tenantId}):null}static async getCollector(){if(!s.Collector){const e=await Promise.resolve().then(n.bind(n,67629));s.Collector=e.Collector}return s.Collector}async initTeaSDK(){if(this.initialized)return;this.initialized=!0;const e=await s.getCollector();this.tracker=new e(this.config.instanceName),this.tracker.init({app_id:this.config.appId,channel_do

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12165), with no line terminators
Category:	downloaded
Size (bytes):	12165
Entropy (8bit):	5.337538304269897
Encrypted:	false
SSDEEP:
MD5:	E37D515A24572819DD37079F1B5AEDCC
SHA1:	CC3201B7498E711D0A5AA52610806680ED8DD57B
SHA-256:	58E0CA03E6CF86D4CDC4C79E5EDD950CBCD6E4E9421968F4C0292733985FA29A
SHA-512:	7F47D42ABF0C97DB899D2C8BE64D15DA5E9D8B4DBF92ADCD2C22C1A64136D8B5EECBB7FED3B000D54DB4F1534508827F7D17E6BB3C519B095750B9A444FD55EA
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/single_select.61a55cded1735fc4163f.js
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[8595],{13565:function(e,t,n){n.d(t,{S:function(){return B}});var i=n(26683),l=n(65235),a=n(84875),r=n.n(a),o=n(50121),c=n(94537),s=n(2318),u=n(29108),d=n(13238),m=n(3498);function h(e){return l.createElement("svg",(0,d.Z)({width:"1em",height:"1em",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg"},e),l.createElement("path",{d:"M9.9 11.76 7.226 9.117a.757.757 0 0 0-1.073 0L3 12.277V4.5h11.09l.282-.48.878-1.52H3c-1.1 0-2 .9-2 2v15c0 1.1.9 2 2 2h1.28l5.62-9.74Zm10.065-4.32c0 1.05-.848 1.9-1.896 1.9a1.898 1.898 0 0 1-1.897-1.9 1.898 1.898 0 1 1 3.793 0Z",fill:"currentColor"}),l.createElement("path",{d:"M18.33 2.5H21c1.1 0 2 .9 2 2v15c0 1.1-.9 2-2 2H7.35l4.51-7.81 2.795 2.87 3.257-3.263a.757.757 0 0 1 1.073 0l1.249 1.252.766.781V4.5h-3.83l.28-.48.88-1.52Z",fill:"currentColor"}))}var p=l.forwardRef((function(e,t){return l.createElement(m.Z,(0,d.Z)({icon:h},e,{ref:t,svgProps:{"da

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (30383)
Category:	downloaded
Size (bytes):	30384
Entropy (8bit):	5.374345027539558
Encrypted:	false
SSDEEP:
MD5:	18CB8ABB0FE0A5FED7BCA1E390888E08
SHA1:	DA52ED0044E7F3208831ACACA5B5E5330CFB8C0F
SHA-256:	8BA7C3FB6447929FA51F865E93CC743DDBE15A107115BEB914366ABC45EAAD83
SHA-512:	FA2CA801C6C532D92E7A8E1D8806085BF452BA09D58A756AEBBA9033FB0BC10DF26534BF55025424FE309894F04C1D5DE01B3D5B5785F70D14B10A4916F71367
Malicious:	false
Reputation:	unknown
URL:	https://sf16-scmcdn2-va.larksuitecdn.com/lmp/scs/sec-sdk/1.0.6.js
Preview:	!function(e,b){"object"==typeof exports&&"undefined"!=typeof module?b(exports):"function"==typeof define&&define.amd?define(["exports"],b):b((e="undefined"!=typeof globalThis?globalThis:e\|\|self).__lark_sec_sdk={})}(this,(function(e){"use strict";var b="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},a={exports:{}};var t,n={exports:{}};function f(){return t\|\|(t=1,function(e,a){var t;e.exports=(t=t\|\|function(e,a){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),"undefined"!=typeof self&&self.crypto&&(t=self.crypto),"undefined"!=typeof globalThis&&globalThis.crypto&&(t=globalThis.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&void 0!==b&&b.crypto&&(t=b.crypto),!t)try{t=a("crypto")}catch(e){}var n=function(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(e){}if("function"==typeof t.rando

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7929), with no line terminators
Category:	downloaded
Size (bytes):	7929
Entropy (8bit):	4.860542546783376
Encrypted:	false
SSDEEP:
MD5:	EBD0813C383A79FE3B831948374E3C65
SHA1:	B602206076302BA3CB3D13BA70ED1B294275B2DA
SHA-256:	F6CD862019A5A3DA819DDDCDF34C148C44539D46832C7A67B7440463D4391D9A
SHA-512:	5C900C9DCE2D4698D0557FED2A8168F28E15EED5DA366B2F2A9307D46101637C214803BC0621DD321D3ABEAE95B0B3E10D339B4C7915F78C99AA95495573F9BC
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/css/component-description-editor.900017b50ff1b4316ff5.css
Preview:	.mention-wrapper{cursor:pointer;color:var(--text-link-hover);padding:2px}.mention-wrapper:hover{border-radius:4px;background-color:rgba(var(--B500-BG-raw),.1)}.mention-wrapper .file-icon{display:inline-block;margin-right:2px}.mention-container{background-color:var(--bg-float);-webkit-box-shadow:0 6px 24px 0 var(--shadow-default-md);box-shadow:0 6px 24px 0 var(--shadow-default-md);border:1px solid var(--line-border-card);border-radius:6px;width:360px}.mention-container__loading{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;height:392px}.mention-container__empty{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18502), with no line terminators
Category:	dropped
Size (bytes):	18502
Entropy (8bit):	5.313339968934336
Encrypted:	false
SSDEEP:
MD5:	BD1D590522CB0C584623DF5DF65E1B6B
SHA1:	13A26F8065CE83BF7BC24A917DEB1FA7E0FE7DDC
SHA-256:	A847D7C4CF79A41A76D3A808DFD81C9CFB7E02EA354E1EC206F5763A46C64E26
SHA-512:	6190D93677F3FAC7FFFEB1FB1F04CE434C0D6A5C83A1F43E3BEBCD4111B6059E518EA5A105E83B43597A8FBC4A11835921810EBFA6C2CEF3B03A07B511E9D329
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[5413],{16104:function(e,t,n){n.d(t,{rY:function(){return a},ZL:function(){return s}});var o=n(74561),i=n(120),r=n(28146),a=function(e){var t;return(t={},(0,o.Z)(t,i.rz.DOC,r("common.unnamed_document")),(0,o.Z)(t,i.rz.DOCX,r("common.unnamed_document")),(0,o.Z)(t,i.rz.SHEET,r("common.unnamed_sheet")),(0,o.Z)(t,i.rz.BITABLE,r("common.unnamed_bitable")),(0,o.Z)(t,i.rz.MINDNOTE,r("common.unnamed_mindnote")),(0,o.Z)(t,i.rz.WIKI,r("common.unnamed_wiki")),t)[e]\|\|r("common.unnamed_document")},s=function(e){return e===i.dj.DOC?i.rz.DOC:e}},25413:function(e,t,n){n.d(t,{Q:function(){return we}});var o,i=n(19264),r=n(4175),a=n(93035),s=n(73455),l=n(12064),c=n(22462),u=n(40688),d=n(62727),p=n(74561),f=n(71180),m=n(46300),h=n(35357),v=n(95975),g=n(61748),y=n(66281),_=n(72995),k=n(84010),E=n(46501),b=n(56055),Z=n(55060),S=n(94498),w=n(42838),N=n(50121),C=n(60562),T=n(84875),x=n.n(T),D=n(65235),I=n(29108),

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	277233
Entropy (8bit):	5.262000100977791
Encrypted:	false
SSDEEP:
MD5:	16C47E12DF4F06A117BD1BD28767E122
SHA1:	5878DA007EA6DEBDA178F03050DA46277F6F85EE
SHA-256:	920914FB462C127FD3CF8C12DC1E7E410D61DCAC521056A4FA2249D3ADF1BA72
SHA-512:	06A9C9A8C05AEF67D61FEE62AB5CCD7A7AD26038C60FE842C5CE93A2F60E69B465686377415AA133E9B9C648B981906260F668FE0B3F79B1DCA62CEBC43175E7
Malicious:	false
Reputation:	unknown
Preview:	(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[6309],{95442:function(t,e,r){"use strict";var i=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var r=arguments[e];for(var i in r)Object.prototype.hasOwnProperty.call(r,i)&&(t[i]=r[i])}return t},s=function(){function t(t,e){for(var r=0;r<e.length;r++){var i=e[r];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}return function(e,r,i){return r&&t(e.prototype,r),i&&t(e,i),e}}(),a=h(r(65235)),n=h(r(40507)),o=h(r(39939));function h(t){return t&&t.__esModule?t:{default:t}}function l(t,e){if(!t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!e\|\|"object"!=typeof e&&"function"!=typeof e?t:e}var p=function(t){function e(){var t,r,i;!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,e);for(var s=arguments.length,a=Array(s),n=0;n<s;n++)a[n]=argume

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6231), with no line terminators
Category:	dropped
Size (bytes):	6231
Entropy (8bit):	5.474839793498646
Encrypted:	false
SSDEEP:
MD5:	AC53EB4BDDC652A8D277BA47632D7B23
SHA1:	361515FB45D11934CDA4E70FA2F1043D74D33C26
SHA-256:	B924D7917829E23CD6BDE2CEB4F5585A88A2AF22CEC4660ECF09E7CD827B4E5F
SHA-512:	94BD07E2A512C32BC0CCD557C286934B167160A684685A4C82471E616DE8B0EAE67E5756983F59E89B1E669233E41C2B7C75DE665072F93AF03181E05533BBB0
Malicious:	false
Reputation:	unknown
Preview:	(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[8602],{79616:function(t,e,n){"use strict";n.d(e,{RC:function(){return I},xS:function(){return d},q2:function(){return v},r4:function(){return x},tS:function(){return b},WH:function(){return k},Tt:function(){return C},iz:function(){return A}});var r=n(40688),i=n(11832),o=n(35357),c=n(36341),a=n(28380),u=n(14735),N=/url-/,s=/cellPosition/,E=0;function T(){return E++,"".concat((0,c.zs)(12),"-").concat(E)}var I,f={MENTION:"mention",HYPERLINK:"url",TEXT:"text",REFBLOCK:"REF_BLOCK",TAGBLOCK:"TAG_BLOCK"},O={MENTION_LINK:"mention-link",MENTION_TYPE:"mention-type",MENTION_TOKEN:"mention-token",MENTION_NOTIFY:"mention-notify",MENTION_ICON:"mention-icon",MENTION_CATEGORY:"mention-category",MENTION_NAME:"mention-name",MENTION_EN_NAME:"mention-en-name",MENTION_ID:"mention-mentionId"};!function(t){t.editType="editType"}(I\|\|(I={}));var l=[I.editType];function p(t){return t.attributes&&0===Object.keys(t.attributes).le

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (50336), with no line terminators
Category:	dropped
Size (bytes):	50358
Entropy (8bit):	5.00806664709899
Encrypted:	false
SSDEEP:
MD5:	74A1B1EBB20C4AA201812C6CFE51D2C4
SHA1:	A72A5572136D2E05CD2D0C78C2D8AF92C8AB307A
SHA-256:	E1BD4F29008E9EDACD0DD257FC9169730AAD5FFCB7B06CF99A47D50E4B87AE08
SHA-512:	C5520D862F3691EC96D860A0822FA2BEC68DDE3B7EC67A9600E3E948652160788EF75BABC11F33FCF8284B74E6D7D87B42B86FF36BA51D6A003EBB3C078636F8
Malicious:	false
Reputation:	unknown
Preview:	window.TTI18N={"space.in_future":"in %s","date.just":"Just now","space.time_before":" ago","space.a_moment":"a moment","space.ss_seconds":"%d seconds","space.a_minute":"1 minute","space.mm_minutes":"%d minutes","space.a_hour":"1 hour","space.hh_hours":"%d hours","space.date_format.today":"HH:mm [Today]","space.date_format.yesterday":"HH:mm [Yesterday]","space.date_format.before_yesterday":"HH:mm [The day before yesterday]","space.date_format.same_year":"h:mm A MMM D","space.date_format.before_year":"MMM D, YYYY","common.app_name_feishu":"Feishu","common.app_name_kalark":"Rwork","common.app_name_lark":"Lark","Bitable_Field_GetLocationViaMobileOnly":"Unable to edit. Please use your mobile device to get your current location.","Bitable_Field_GetCurrentLocation_Web":"Access current location","Bitable_Field_LocationUpdated_Web":"Location updated","Bitable_Field_GettingLocation_Web":"Accessing","Bitable_Form_AttachmentUploading_Title":"Uploading attachments","Bitable_Form_AttachmentUploading

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24399), with no line terminators
Category:	downloaded
Size (bytes):	24399
Entropy (8bit):	5.531724251090017
Encrypted:	false
SSDEEP:
MD5:	7589225A2406BE029512A3BC5421D8CE
SHA1:	2DC3D629D7BD7C19A5B563C05BC1862390FC3924
SHA-256:	2808EBAE8B931893CB06AFEEAE13D6AFC74BF0139CBC4543755E064EBA336619
SHA-512:	616CB691D26A473B5FBE4B4CA2A30B09077A77AAEB781B4AEB2863B7967AAFB1D9A086F44D6590404BE80610CC4BABD50AA48BF932D677AB0910DAEFD5FA43BE
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/form_share_panel.b2b12cff2ae00a6e4b77.js
Preview:	"use strict";(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[8331],{28222:function(e,t,n){n.d(t,{Z:function(){return l}});var r=n(28957),c=n(65235),a=n(97361);function o(e){return c.createElement("svg",(0,r.Z)({width:"1em",height:"1em",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg"},e),c.createElement("path",{d:"M5.636 5.636a1 1 0 0 0 0 1.414l4.95 4.95-4.95 4.95a1 1 0 1 0 1.414 1.414l4.95-4.95 4.95 4.95a1 1 0 0 0 1.414-1.414L13.414 12l4.95-4.95a1 1 0 0 0-1.415-1.414L12 10.586l-4.95-4.95a1 1 0 0 0-1.413 0Z",fill:"currentColor"}))}var l=c.forwardRef((function(e,t){return c.createElement(a.Z,(0,r.Z)({icon:o},e,{ref:t,svgProps:{"data-icon":"CloseSmallOutlined"}}))}))},86693:function(e,t,n){n.d(t,{Z:function(){return l}});var r=n(28957),c=n(65235),a=n(97361);function o(e){return c.createElement("svg",(0,r.Z)({width:"1em",height:"1em",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg"},e),c.createElement("path",{d:"M18.

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1394), with no line terminators
Category:	downloaded
Size (bytes):	1394
Entropy (8bit):	4.639952442696108
Encrypted:	false
SSDEEP:
MD5:	9A853B370DC419C67B9BF9518327420B
SHA1:	363D54F4C0EAB94530A91423E25CECB320505512
SHA-256:	D2FF1A2BDECB7DA17031F2AED184912694B642E9D7040DA4C988414467CF8EEC
SHA-512:	F2EE87256A995B6EB2C3723277DD468FDD2A88A56D3BDE29DE63760149348511C51CF422BEACD6F571B3A9CEDBDAECA75392EFDAA656185F8DB3E27FA29ECCC5
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/css/editor_base.fdec3e4d0f6753c15a8b.css
Preview:	.bitable-editor-base-wrapper{position:relative}.bitable-editor-base-wrapper .editor-base-text-editor{word-break:break-word}.bitable-editor-base-wrapper .editor-base-text-editor.editor-length-change .innerdocbody .ace-line{width:calc(100% - 34px)}.bitable-editor-base-wrapper .editor-base-text-editor.not-allow-input-edit .innerdocbody{background-color:var(--udtoken-input-bg-disabled);cursor:not-allowed;border-color:var(--line-border-component)}.bitable-editor-base-wrapper .editor-base-button-editor{width:100%;border:1px solid var(--line-border-card);border-radius:6px;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;padding:6px 0;font-size:16px;background-color:rgba(0,0,0,0);color:var(--text-title)}.bitable-editor-base-wrapper .editor-base-button-editor:active{border:1px solid var(--text-link-hover)}.bitable-editor-base-wrapper .editor-base-button-edito

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65492)
Category:	downloaded
Size (bytes):	4808226
Entropy (8bit):	5.613813053129928
Encrypted:	false
SSDEEP:
MD5:	6DF4C5D96F64FC48E69F0FA170810430
SHA1:	EEBF137759774C01C0931680D47CEB2A6B2E04D6
SHA-256:	AF32C5518E8A672F368507AD90A9F7CDFB700A78AF4A997435BCA995E3973433
SHA-512:	8065C3FC81FCA491889DE6E6DE3CE745A6587500C4A5B9561F801E1A667CFFD1F31403C568E41E6B842AD61C8DA2D2BCD895C0EE8706817BA8760EFF65DA8CF0
Malicious:	false
Reputation:	unknown
URL:	https://lf-scm-jp.larksuitecdn.com/ccm/bitable/share/resource/bear/js/form_share.1b0f4659e153022c5f3c.js
Preview:	/!. @ies/filter-xss v3.0.15.* (c) 2023.*/.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).xss={})}(this,(function(e){"use strict";var t=function(){return t=Object.assign\|\|function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arguments[n])Object.prototype.hasOwnProperty.call(t,i)&&(e[i]=t[i]);return e},t.apply(this,arguments)};function n(e,t,n){if(n\|\|2===arguments.length)for(var r,i=0,o=t.length;i<o;i++)!r&&i in t\|\|(r\|\|(r=Array.prototype.slice.call(t,0,i)),r[i]=t[i]);return e.concat(r\|\|Array.prototype.slice.call(t))}var r={exports:{}},i={},o={exports:{}},a={};function u(){return{"align-content":!1,"align-items":!1,"align-self":!1,"alignment-adjust":!1,"alignment-baseline":!1,all:!1,"anchor-point":!1,animation:!1,"animation-delay":!1,"animation-direction":!1,"animation-duration":!1,"animation-fill-mode":!1,"animation-iteration-

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	106502
Entropy (8bit):	5.86560607061845
Encrypted:	false
SSDEEP:
MD5:	DAA32B7B0CC9B8516F0FD07E2C8853AC
SHA1:	B9CD13EDE2E63C0D34EED3A7C01BBFAD7B532621
SHA-256:	919275F402E65CC71EC2F5D075E31BEC1CE8079798FAA6F4ED1D0E3EF0094A18
SHA-512:	143805B154C948FD2B86B848FFE1D46B99DD0E2CFDFB4AA9C5D437AB41FBF6067FF44C8A3FEF9E46E5FF1204DD80CB61A2F6B0C87D3CB0E386D1C548522D466E
Malicious:	false
Reputation:	unknown
Preview:	(self.webpackChunkbitable_form_share=self.webpackChunkbitable_form_share\|\|[]).push([[9999],{73842:function(e,t,r){e.exports=r(91914)},47713:function(e,t,r){e.exports=r(42734)},77607:function(e,t,r){e.exports=r(41873)},93090:function(e,t,r){e.exports=r(56101)},21866:function(e,t,r){e.exports=r(51377)},38245:function(e,t,r){e.exports=r(82821)},78997:function(e,t,r){e.exports=r(78069)},82762:function(e,t,r){e.exports=r(33584)},3104:function(e,t,r){e.exports=r(55326)},71011:function(e,t,r){e.exports=r(70666)},11103:function(e,t,r){e.exports=r(14743)},96354:function(e,t,r){e.exports=r(58949)},60520:function(e,t,r){e.exports=r(85821)},27991:function(e,t,r){"use strict";r.d(t,{Z:function(){return Qo}});var n=r(96354),a=r(3104),i=r(60520);function c(e,t){if(null==e)return{};var r,c,o=function(e,t){if(null==e)return{};var r,n,c={},o=i(e);for(n=0;n<o.length;n++)r=o[n],a(t).call(t,r)>=0\|\|(c[r]=e[r]);return c}(e,t);if(n){var l=n(e);for(c=0;c<l.length;c++)r=l[c],a(t).call(t,r)>=0\|\|Object.prototype.

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 120

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 133

Static File Info

Windows Analysis Report
https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf