Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://wwre.lanzoup.com/iUb312qvvxyd

Overview

General Information

Sample URL:https://wwre.lanzoup.com/iUb312qvvxyd
Analysis ID:1641690
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Yara detected ZipBomb
Drops password protected ZIP file
Creates files inside the system directory
Deletes files inside the Windows folder
HTML page contains hidden javascript code
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 1304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wwre.lanzoup.com/iUb312qvvxyd" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 4912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?> MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?> MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?> MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmpJoeSecurity_ZipBombYara detected ZipBombJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • Phishing
    • Networking
    • System Summary
    • Malware Analysis System Evasion
    • Anti Debugging

    Click to jump to signature section

    Show All Signature Results
    Source: https://wwre.lanzoup.com/iUb312qvvxydHTTP Parser: Base64 decoded: `;13Qn;:[30gQaWhPe\8[b3p&P9V1P1Q1RaS;8m>6[n
    Source: https://wwre.lanzoup.com/iUb312qvvxydHTTP Parser: No favicon
    Source: https://wwre.lanzoup.com/iUb312qvvxydHTTP Parser: No favicon
    Source: https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3EHTTP Parser: No favicon
    Source: https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3EHTTP Parser: No favicon
    Source: https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==HTTP Parser: No favicon
    Source: https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==HTTP Parser: No favicon
    Source: https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==HTTP Parser: No favicon
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/favicon.ico
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/images/type/zip_max.gif
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/img/qrcode.min.js
    Source: chromecache_73.1.dr, chromecache_84.1.dr, chromecache_83.1.dr, chromecache_71.1.drString found in binary or memory: https://assets.woozooo.com/assets/includes/js/jquery.js
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/share/pc1.css
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/share/pc2.js
    Source: chromecache_73.1.dr, chromecache_84.1.dr, chromecache_71.1.drString found in binary or memory: https://down-load.lanrar.com/file/kdns.js
    Source: chromecache_88.1.drString found in binary or memory: https://hm.baidu.com/hm.js?fb7e760e987871d56396999d288238a4
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://statics.woozooo.com/img/bd.js

    System Summary

    barindex
    Source: MM7.zip.crdownload.0.drZip Entry: encrypted
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5156_393080954Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5156_393080954Jump to behavior
    Source: classification engineClassification label: mal52.evad.win@33/50@0/20
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmpJump to behavior
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wwre.lanzoup.com/iUb312qvvxyd"
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?>
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?>
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Malware Analysis System Evasion

    barindex
    Source: Yara matchFile source: C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmp, type: DROPPED
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: MM7.zip.crdownload.0.drBinary or memory string: AiQeMU
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
    Process Injection    		11
    Masquerading    		OS Credential Dumping1
    Security Software Discovery    		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    File Deletion    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1641690 URL: https://wwre.lanzoup.com/iU... Startdate: 18/03/2025 Architecture: WINDOWS Score: 52 29 Yara detected ZipBomb 2->29 31 Drops password protected ZIP file 2->31 6 chrome.exe 12 2->6         started        10 chrome.exe 2->10         started        12 chrome.exe 2->12         started        14 2 other processes 2->14 process3 dnsIp4 27 192.168.2.17 unknown unknown 6->27 19 59cc686e-6707-4769-b945-a38bdc979048.tmp, Zip 6->19 dropped 16 chrome.exe 6->16         started        file5 process6 dnsIp7 21 163.181.131.211 TAOBAOZhejiangTaobaoNetworkCoLtdCN United States 16->21 23 142.250.181.238 GOOGLEUS United States 16->23 25 17 other IPs or domains 16->25

    Screenshots

    Download Video

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://wwre.lanzoup.com/iUb312qvvxyd0%Avira URL Cloudsafe

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://wwre.lanzoup.com/iUb312qvvxydfalse
      		unknown
      https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3Efalse
        		unknown
        https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==false
          		unknown
          NameSourceMaliciousAntivirus DetectionReputation
          https://assets.woozooo.com/assets/img/qrcode.min.jschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
            		high
            https://assets.woozooo.com/assets/share/pc1.csschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
              		high
              https://statics.woozooo.com/img/bd.jschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                		high
                https://assets.woozooo.com/assets/includes/js/jquery.jschromecache_73.1.dr, chromecache_84.1.dr, chromecache_83.1.dr, chromecache_71.1.drfalse
                  		high
                  https://assets.woozooo.com/assets/share/pc2.jschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                    		high
                    https://down-load.lanrar.com/file/kdns.jschromecache_73.1.dr, chromecache_84.1.dr, chromecache_71.1.drfalse
                      		high
                      https://assets.woozooo.com/assets/images/type/zip_max.gifchromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                        		high
                        https://assets.woozooo.com/assets/favicon.icochromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                          		high
                          https://hm.baidu.com/hm.js?fb7e760e987871d56396999d288238a4chromecache_88.1.drfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.184.195
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.186.46
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.184.196
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.186.78
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            1.1.1.1
                            		unknownAustralia
                            		13335CLOUDFLARENETUSfalse
                            180.163.148.213
                            		unknownChina
                            		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                            74.125.133.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            111.45.3.198
                            		unknownChina
                            		56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
                            221.229.162.62
                            		unknownChina
                            		23650CHINANET-JS-AS-APASNumberforCHINANETjiangsuprovincebafalse
                            218.12.77.90
                            		unknownChina
                            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                            218.92.227.227
                            		unknownChina
                            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            216.58.206.35
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.181.238
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            61.170.77.226
                            		unknownChina
                            		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                            172.217.23.99
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            183.240.98.228
                            		unknownChina
                            		56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
                            61.170.81.225
                            		unknownChina
                            		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                            163.181.131.211
                            		unknownUnited States
                            		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                            47.98.88.99
                            		unknownChina
                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

                            Private

                            IP
                            192.168.2.17

                            General Information

                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1641690
                            Start date and time:2025-03-18 12:15:17 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 59s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://wwre.lanzoup.com/iUb312qvvxyd
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:17
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal52.evad.win@33/50@0/20
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtCreateFile calls found.
                            • Report size getting too big, too many NtOpenFile calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.
                            • Skipping network analysis since amount of network traffic is too extensive
                            • VT rate limit hit for: https://wwre.lanzoup.com/iUb312qvvxyd

                            Simulations

                            Behavior and APIs

                            No simulations

                            QR Codes

                            SourceURL
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?>
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?>
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
                            Category:dropped
                            Size (bytes):15958
                            Entropy (8bit):7.9877078519155065
                            Encrypted:false
                            SSDEEP:384:Lxkw1K16uKvMDCZ0Z2wdRfVfR7M3HiHug:Sw1q6uKvMuZ34pRgSOg
                            MD5:3868A345CEF0D1C3EC4E75E3867B2FE6
                            SHA1:25D8CCDEB5C31BF2D6206FFD780F37FC9AAA651F
                            SHA-256:FA54CFD0197FEC360C4DA2B6B66B7F7B6E47BC47BA54CBB9A12B17086657CB62
                            SHA-512:71C150E7EFC82DAEB8FC42AE7F927A6773FA973C82B9B593DFA12819731EC3BFEA061F0A9407A102D244C30BDA1F1E2A9BFAB1E54FA3B5331F952F6EAC73FE1A
                            Malicious:true
                            Yara Hits:
                            • Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmp, Author: Joe Security
                            Reputation:low
                            Preview:PK..3...c.ShnZ....8.\...].....VT1/VT1.msi......AE...B...y{.27OEIt./a..C.v@.@.!:.....!0..p..<;.p.._.vR...vR.L..N.|.5..:{;..>^....a...+..c.....Z..........#.F.../....[...Z..;{..J.X.C...eB...YiB..T.....5V...0.-}.P....9LL=.q..... .v9...oKq......{.\Y........w.C?.|&:tG.>.........4.......M...hR.^.....n...3.b..z....O...}...6.LQ..1q]&!.Ps-..P..f...E......d.v...._..5.~.@.2:..f. 2........x.-!.w...s.....,..^.R.m.q'Y.m.sBU......}).X.... ...s..<,.".T.=.+T..L.[P.>.V...ku:~p.d..B.-.:.B.;...J.Rk.i........'.....$.{.oX.0~..v.n.}...JB.T.s.{..."U7..?xH{.../.5..IS..H..Y...7.;-c|dA.......U[-.Q.o.?.Hj[.V.1......w._~.."Q..u.......W.U..QiAk.2....%....E.Q....yw.2.v...A.1..H.A.Ni...q8.:F.Z.........|.XP........S..l..G......):2.*o4...z..A.N...A..,..#.X.F...1.OR.o.*ij=t..`..q...$I3..9.7>...l....O..K...&..:G..;..Z...t.^$?.3.....Q..`I.Ic......T...`C/_0.)X.=z.wx........F.l.sL. ...W..ji...+...W...L.5..W./48.M...O..=...E.:.h%.?.z..%.[...$......P..^.-s7.p.7hD...6......[fhYf^....Z..M.

                            C:\Users\user\Downloads\MM7.zip.crdownload

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
                            Category:dropped
                            Size (bytes):106755426
                            Entropy (8bit):7.9999981907478315
                            Encrypted:true
                            SSDEEP:
                            MD5:A76CF51968423C2F448B3009F2AE6932
                            SHA1:38100EEC32B1825899085EF3109894E8873CB5FB
                            SHA-256:9905B9FAED22CF233EB5FDC91A5DBB16BDE000B1C3BD18F827BBFA08EB2C43CB
                            SHA-512:0AAA7BF04818DBC2EDFC20D87A0C8280D512DDEDD55E8FFC8E527A57315D4B471620ABE2A893CC13158B2D0F84CC4F67471BE3E5039D0A4797759CA69E700642
                            Malicious:false
                            Reputation:low
                            Preview:PK..3...c.ShnZ....8.\...].....VT1/VT1.msi......AE...B...y{.27OEIt./a..C.v@.@.!:.....!0..p..<;.p.._.vR...vR.L..N.|.5..:{;..>^....a...+..c.....Z..........#.F.../....[...Z..;{..J.X.C...eB...YiB..T.....5V...0.-}.P....9LL=.q..... .v9...oKq......{.\Y........w.C?.|&:tG.>.........4.......M...hR.^.....n...3.b..z....O...}...6.LQ..1q]&!.Ps-..P..f...E......d.v...._..5.~.@.2:..f. 2........x.-!.w...s.....,..^.R.m.q'Y.m.sBU......}).X.... ...s..<,.".T.=.+T..L.[P.>.V...ku:~p.d..B.-.:.B.;...J.Rk.i........'.....$.{.oX.0~..v.n.}...JB.T.s.{..."U7..?xH{.../.5..IS..H..Y...7.;-c|dA.......U[-.Q.o.?.Hj[.V.1......w._~.."Q..u.......W.U..QiAk.2....%....E.Q....yw.2.v...A.1..H.A.Ni...q8.:F.Z.........|.XP........S..l..G......):2.*o4...z..A.N...A..,..#.X.F...1.OR.o.*ij=t..`..q...$I3..9.7>...l....O..K...&..:G..;..Z...t.^$?.3.....Q..`I.Ic......T...`C/_0.)X.=z.wx........F.l.sL. ...W..ji...+...W...L.5..W./48.M...O..=...E.:.h%.?.z..%.[...$......P..^.-s7.p.7hD...6......[fhYf^....Z..M.

                            Chrome Cache Entry: 66

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.402482594438341
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684lvz1BWq8M/4QR6vPdVNVS:+p33QhSEYSsQ3vKFpIbP4lrSq87VVYLl
                            MD5:AFBE8AE3E390E3F122B0D5E96F1D91EC
                            SHA1:122DF35B770628FB1C4FFDB233CB37EAFD2BAC7D
                            SHA-256:FAA0809F252057A933F8820B7380164A4024948224C8B6D158F4782F7B36ABCC
                            SHA-512:57C8FE9B9CB5F85CC251B8B479352766E330BB1A6A973DB86ECB4437FA74671286962015686F5FEB36704D2D73609E0E18B72E13B669317975B8F08349A19BA1
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di

                            Chrome Cache Entry: 67

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (19927), with no line terminators
                            Category:downloaded
                            Size (bytes):19927
                            Entropy (8bit):5.680495692183685
                            Encrypted:false
                            SSDEEP:384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ
                            MD5:517B55D3688CE9EF1085A3D9632BCB97
                            SHA1:2D06C1F823F34C19981C6AE0B0EB0F5861C5E14B
                            SHA-256:C541EF06327885A8415BCA8DF6071E14189B4855336DEF4F36DB54BDE8484F36
                            SHA-512:08D80845E706A3B9E985B799D3849CD7791AD3BA5AA9D793BB4591D4833890D7299810144874905F416C94D8530DA74BE0EE520066A91ADE05A1DA8BF0CCB498
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/img/qrcode.min.js
                            Preview:var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this.parsedData=[];for(var b=[],d=0,e=this.data.length;e>d;d++){var f=this.data.charCodeAt(d);f>65536?(b[0]=240|(1835008&f)>>>18,b[1]=128|(258048&f)>>>12,b[2]=128|(4032&f)>>>6,b[3]=128|63&f):f>2048?(b[0]=224|(61440&f)>>>12,b[1]=128|(4032&f)>>>6,b[2]=128|63&f):f>128?(b[0]=192|(1984&f)>>>6,b[1]=128|63&f):b[0]=f,this.parsedData=this.parsedData.concat(b)}this.parsedData.length!=this.data.length&&(this.parsedData.unshift(191),this.parsedData.unshift(187),this.parsedData.unshift(239))}function b(a,b){this.typeNumber=a,this.errorCorrectLevel=b,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}function i(a,b){if(void 0==a.length)throw new Error(a.length+"/"+b);for(var c=0;c<a.length&&0==a[c];)c++;this.num=new Array(a.length-c+b);for(var d=0;d<a.length-c;d++)this.num[d]=a[d+c]}function j(a,b){this.totalCount=a,this.dataCount=b}function k(){this.buffer=[],this.length=0}function m(){return"undefine

                            Chrome Cache Entry: 68

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):58
                            Entropy (8bit):4.301417634136299
                            Encrypted:false
                            SSDEEP:3:YfJjhKIHfAJ0Pq8g9VgQhUe4n:Yhw6fFzS4
                            MD5:017DE4000C608CB6840F52411B5C3A42
                            SHA1:0B51EF5EC9E3D40C2A301DE0E482B245F67E05BF
                            SHA-256:9F03F03A7485E9D8E04003C70330313E0E18DD79DBF409F498077F03C230F7A5
                            SHA-512:3ABA3D9936C4682A434E7777A9DC743C2068DC139DFB4C74F21C7BAEACF4949D775940E23F6CC8338DD420D7DEC88E813BABEF79082ED5D1119212EAC4F3B518
                            Malicious:false
                            Reputation:low
                            Preview:{"zt":0,"dom":null,"url":"\u9a8c\u8bc1\u7801\u9519\u8bef"}

                            Chrome Cache Entry: 69

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:downloaded
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            URL:https://hm.baidu.com/hm.gif?hca=5E0E0D8A742D4EE8&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=897&ep=650%2C0&et=3&ja=0&ln=en-us&lo=0&lt=1742296565&rnd=1607160054&si=fb7e760e987871d56396999d288238a4&v=1.3.2&lv=2&sn=48599&r=0&ww=1280&u=https%3A%2F%2Fwwre.lanzoup.com%2FiUb312qvvxyd%3F%253C%3F%3D%24codepost%3F%253E%3F%253C%3F%3D%24codepost%3F%253E
                            Preview:GIF89a.............!.......,...........L..;

                            Chrome Cache Entry: 70

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:dropped
                            Size (bytes):280
                            Entropy (8bit):5.026276662458781
                            Encrypted:false
                            SSDEEP:6:hxuJLzLO6QcjWR0NNEXW0YBwrVfAbplGMETQ1jJTpAj7cEdx2BYdYsN4Qb:hYw6QclfheC2/8J9A3c4xqsyQb
                            MD5:643A8B386CC59C2B219F34D60CCE4E88
                            SHA1:68356681249AF2356E90E8597AF02E10ABB9834A
                            SHA-256:A187282EC54A1BF0A139C595C3F92278B3164F3BF9939171305591826DDF26B9
                            SHA-512:4E792AF8D5B112A24F0E3983C88E92CF25CB5AC1448148E37391E99193B38F976A9A446C83A3A091BD10FD2D6A2F7969B851D6C3644C0A571C047CFD30E4ECF5
                            Malicious:false
                            Reputation:low
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>Error 404</title>.</head>.<body id="bd">.error:404;.</body>.</html>

                            Chrome Cache Entry: 71

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text
                            Category:downloaded
                            Size (bytes):2268
                            Entropy (8bit):5.802785777924563
                            Encrypted:false
                            SSDEEP:48:ipEG1TmLbu8m3bVFefR8ZXSJ3sVTQw9sVw3KUjikbrI3s0g0D:dG1/BvKR8AJKczwQkvUsED
                            MD5:3F0F8FD2A7FD848299303255A7B03676
                            SHA1:20722226712CF567B2ADF36ECA912BCE20CF21C0
                            SHA-256:4DC35BE4F966E711D549A2AAF07A964305C3EAB92DBA9AD5ECD8DA198A5337FD
                            SHA-512:F8B1996A8A86F8C9633CB513D59D8BEDBB391CC0E0CDB0F2D434363DE542BAD57416A245B69F59AA405C5B5E606F1FE82ABC552C18FB22C6581A252812925D45
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/fn?VDIHbQFuVzECbAdjA28FNwdlUG1SPldzBXYDOAJvAzVXY1M2D2AHalY3A2RXNFxvUCwEd148BzQCIwd2ATgGZVQnBzkBO1dtAj8HNAMuBTkHHFAMUntXNw_c_c
                            Preview: file pages1 -->.<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.<style>.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: 0;padding: 0;}.#outime{display: none;text-align: center;background: rgba(255, 255, 255, 0.9);position: absolute;height: 30px;line-height: 30px;z-index: 9;width: 207px;}..load{text-align: center;height: 30px;line-height: 30px;}..load a{background: #0af;box-shadow: 0 1px 1px rgba(0,0,0,.15);color: #fff;text-decoration: none;display: block;width: 50px;text-align: center;border-radius: 50px;font-size: 14px;height: 30px;line-height: 30px;margin-left: 155px;margin-top: 1px;}..load a:hover{background: #569aff;}..load a:active{box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.25);}.</style>.</head>.<body>.<div id="outime">........</div>..<div class="load" id="tourl">..........</div>.<s

                            Chrome Cache Entry: 72

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 200 x 200
                            Category:dropped
                            Size (bytes):2168
                            Entropy (8bit):7.753818493533322
                            Encrypted:false
                            SSDEEP:48:RdkbWuo7fTLKVsKLqYa/7EcOJCkxEVB4NSSYy/8bZW8/JX2yDXfy2e:YbWuof3lK2v/ZhJQN0MeJGyDvU
                            MD5:01DE44CA77137A07524637C0B713AFF5
                            SHA1:6D72D9AF3A814950E64A86BC5DEE114C442AB987
                            SHA-256:4369FADC7549310291DC9DCED9B8CB151768C684981193967425245A62CCD910
                            SHA-512:5F6BB05087D5C117C7E24FAEC2C34F87CA3C7D0FD599381C0457F89BF6066EE5523CA637F1501F0CAD108B89E18E85787531361B42AB058508347963CA9D3A82
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a........................................t..{................................................................................2..3..3..4..6..7..8..9..<..=..>..?..@..A..C..E..G..G..I..K..L..M..M..O..O..P..Q..T..U..V..Y..Z..[..[..\..]..^.._..`..`..c..l..m..n..o..q..v..w..x..z..z..~.................................................................................................................!.....t.,............s.................................................................rlYH*'...........Ck.....kG.....*HYlr.o?.....K.......I....Jp._R..HpY<{.I.)...2..4... .zm.P.H.L.u.CJ.xq..."S2K......".L.?LtryS%..n....!.^.P...,..:...!..SU..$5+..2..E..d...g.E.........sC^...].y.V..[...p...Ivxc..te....#%.GJ..!.cI.=.s......%MA....y[XO.TA.7...n.....p.,a.8CHh.C.~.....!e...u=..!..~.........;."....i.....k...|w.....?......v......h.4.B....4...>#.q.V...e..2/p.....!.m$j..#.XaQ,....S...H.3.D..;.#.$?...2@....F....K...ORR.uAVi%.X..Rv..`..$.dRR^.....%.9S.8.i.tr..a..l.\..-X..

                            Chrome Cache Entry: 73

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text
                            Category:downloaded
                            Size (bytes):2268
                            Entropy (8bit):5.800602876925161
                            Encrypted:false
                            SSDEEP:48:ipEG1TmLbu8m3bVFefR8Z20J3sVTQw9sVw3KUjikbrI3s0g0D:dG1/BvKR8nJKczwQkvUsED
                            MD5:6E93A643B74FBEE5FBE99C89E7326CC8
                            SHA1:8168947244CD11C12C7C54160F86DFAC26E29C6C
                            SHA-256:24AF88601AC15474C32540E00D0C41904403658791D2DA7008BBC52C47AF6F01
                            SHA-512:A93D6B4D92495D726185793721714E891FEE6154A4F1D09E5C66F9598EECAC573CBE0BDBDC991A3282DD611F48D2AE754CF6CF6D6A3819ED9825E5AD3CBB2BD1
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/fn?UDZVPw5hVTNRPwpuVjpUZlIwUm8FaVRwAHNSaVE8BDIGMlA1DGMFaFIzBGMBYwIzAX1TIFU3VmUAIQZ3V25SMVAjVWsONFVvUWwKOVZ7VGhSSVIOBSxUNA_c_c
                            Preview: file pages1 -->.<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.<style>.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: 0;padding: 0;}.#outime{display: none;text-align: center;background: rgba(255, 255, 255, 0.9);position: absolute;height: 30px;line-height: 30px;z-index: 9;width: 207px;}..load{text-align: center;height: 30px;line-height: 30px;}..load a{background: #0af;box-shadow: 0 1px 1px rgba(0,0,0,.15);color: #fff;text-decoration: none;display: block;width: 50px;text-align: center;border-radius: 50px;font-size: 14px;height: 30px;line-height: 30px;margin-left: 155px;margin-top: 1px;}..load a:hover{background: #569aff;}..load a:active{box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.25);}.</style>.</head>.<body>.<div id="outime">........</div>..<div class="load" id="tourl">..........</div>.<s

                            Chrome Cache Entry: 74

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.3844163434638395
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684PVfVHP/4QR6vPdVNVsvLl:+p33QhSEYSsQ3vKFpIbP4PV90VVYLl
                            MD5:F1236017CF420F42BEEB3AF0041FE84B
                            SHA1:C0324D608282891528D7406CE6EBB240D4F9D09E
                            SHA-256:3111A4C7FA940A79FCA809C95D2F11B433E6F26225A271B74E44ACA015E3E846
                            SHA-512:66B84C02F0D4E9F6CFCDA4F079252DB23C68CF47061C5B2F69BF815C8DCB142481908D5EB47D1971C07457CC4F2BE7AB278CD6699EC83DD5D65FC5F3736512A9
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di

                            Chrome Cache Entry: 75

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                            Category:downloaded
                            Size (bytes):770
                            Entropy (8bit):6.329126096983546
                            Encrypted:false
                            SSDEEP:24:GRR+U1KJRRovL7whRReUS6nRNRR60WKeSY4+wga+oi+VWR10o8O:GtKJMv3AP20pRga+l+VWR1H8O
                            MD5:AC314F7F704E54A295ADF6D9860E2F63
                            SHA1:E4E3A52877CED90D548B5EB8B0B64E72F1DC60CA
                            SHA-256:4FE4CF72FD68547B3592F21CE2DD05AE70CACBC22269C95372E908D2C5AF7362
                            SHA-512:9A9DD2DB4F2BB4C422B60C1035ADFE585A141F69C3CDC39449ADA2CCB85FF542BABA69841C56AAA22F98DEF9C1A549E9E37F401B5EEA9E144C0790646969DE1A
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/share/pc2.js
                            Preview:document.getElementById('jingshi').innerHTML='.........................................';..document.getElementById('pcode').innerHTML='.........';..document.getElementById('n_foot').innerHTML='<div class="n_copy">.............................<br>.......ta@lanzou.com</div>&copy; 2025 Lanzou';..document.getElementById('rpt').innerHTML='..';..var urls =window.location.href + '?<?=$codepost?>';..var qrcode = new QRCode('code', {.......text: urls,.......width: 190,.......height: 190,.......colorDark : '#3f3f3f',.......colorLight : '#ffffff',.......correctLevel : QRCode.CorrectLevel.H......});

                            Chrome Cache Entry: 76

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (30775), with CRLF line terminators
                            Category:downloaded
                            Size (bytes):31043
                            Entropy (8bit):5.82874168862654
                            Encrypted:false
                            SSDEEP:768:QKYMj8RfJebm/EZ/pgEUQTXUSeANfgLw62PXm:g3umsZhgETXlTgMrPXm
                            MD5:48EE178E3149E6218973A42F6C334E3B
                            SHA1:53C0DA9CB7D5CD77CC0AD91C1B756B484381AC73
                            SHA-256:6BC21E325F9E92C5571194FF99852960F3E85876F69AAF05579C1E83EA2A0422
                            SHA-512:DA4A944BE0C65971A39991A2F1F582ABD1369A9B02FE666B08F6B784E6AE907DF3A34577224ED61BABA457BF590603D01F2097111C62DD3FDDCD38B7A36A872A
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/includes/js/jquery.js
                            Preview:/*.. * jQuery 1.2.6 - New Wave Javascript.. *.. * Copyright (c) 2008 John Resig (jquery.com).. * Dual licensed under the MIT (MIT-LICENSE.txt).. * and GPL (GPL-LICENSE.txt) licenses... *.. * $Date: 2008-05-24 14:22:17 -0400 (Sat, 24 May 2008) $.. * $Rev: 5685 $.. */..eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,62=/^.[^:#\\[\\.]*$/,12;D.17=D.44={5j:H(d,b){d=d||S;G(d.16){7[0]=d;7.K=1;I 7}G(1j d=="23"){J c=u.2D(d);G(c&&(c[1]||!b)){G(c[1])d=D.4h([c[1]],b);N{J a=S.61(c[3]);G(a){G(a.2v!=c[3])I D().2q(d);I D(a)}d=[]}}N I D(b).2q(d)}N G(D.1D(d))I D(S)[D.17.27?"27":"43"](d);I 7.6Y(D.2d(d))},5w:"1.2.6",8G:H(){I 7.K

                            Chrome Cache Entry: 77

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.398938682681494
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684LPGVDjvYxW/4QR6vPdVNE:+p33QhSEYSsQ3vKFpIbP4LPGBjYVVYLl
                            MD5:A9BDF74D29D51F85B49550C164889ED0
                            SHA1:63D3D0A5C528795A8B87534782ADE373BDD6A5A2
                            SHA-256:DB2EA406E3D6E00676DE9416D7D44013892C8C094954E71B21BB4388E93E94DC
                            SHA-512:7315ABCFEC1539306941FFBA480F151D9684501CA71D3F07D65D00A343B49D7F92E44D6E88E98AF3C0C971BEF0915D4C2ABEA1B34218870BC85DF6DC28CBB314
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?%3C?=$codepost?%3E
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di

                            Chrome Cache Entry: 78

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:dropped
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a.............!.......,...........L..;

                            Chrome Cache Entry: 79

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                            Category:downloaded
                            Size (bytes):1150
                            Entropy (8bit):2.5203594375780294
                            Encrypted:false
                            SSDEEP:12:XzA+O/m5bHaSQrCv3nO+/6reo+Q//8Sakt+1mCRqtzl7l/:XzlOu5bZNv3ftQ/0pu8m
                            MD5:E2A12D30813A67034ECEF52F8F5447D9
                            SHA1:87CBF0958C40D8C61C591020FAE3F5E2B5DFB6DE
                            SHA-256:22489AA1578915C922E7D16566A5B926A6C430961F3327E90F0B10DAD21F0781
                            SHA-512:F9743821B5F4A1253E600813A3FFC81EE37BDC0774379227F9B5DFB2FD7AAD3270B01246580FD73E8D42CC0611B6D4078EF09B4B53F2EDB2CC6CFA2C83D54C48
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/favicon.ico
                            Preview:............ .h.......(....... ..... ..........................................................................................................................................................................................................................................................................................r...............................................................b...i..j........................................................g...e...\...k...................................................f...g...f...j...................................................f...f...h..._..e................................................f...f...f...f...b..V...........Z...c............................f...f...f...f...g..._...b...e...\...m...........................f...f...f...f...f...h...f...f...i...`..C........................f...f...f...f...f...f...f...f...f...g...`..E....................f...f...f...f...f...f...f...f...g...f...g..._...q..q............f...f...f...f...f...f...f...f...f...f...f

                            Chrome Cache Entry: 80

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:downloaded
                            Size (bytes):2670
                            Entropy (8bit):5.132544815127191
                            Encrypted:false
                            SSDEEP:48:JLTm7oizn84pu01PZ32X2N2J0BQQveVCz8TGjE:JgzVpuc5a0Nky8h
                            MD5:C5E03122A6D64231622ECC1B9D588EC2
                            SHA1:A2AA978D239067D83F8D04807792BD0D52726A0A
                            SHA-256:3CD013A81A4B7F355FBF239294E1E463AF139F1117BB950312F26ACEAAA0F65F
                            SHA-512:776932611DC7E8B797A3EE898AF94F7128F78C2C5309FECBEA0D6C64EF666CFA71A1251F3EFFC8CB58E91C037AA1FA2403BF0AC8CC9A8C09184CAA37702EE64B
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/share/pc1.css
                            Preview:::-webkit-scrollbar{background:rgba(0,0,0,0.01);height: 6px;width:6px}::-webkit-scrollbar-thumb{background-color:rgba(0,0,0,0.1)}::-webkit-scrollbar-thumb:hover {background:rgba(0,0,0,0.5);}.::-webkit-scrollbar-track{background: #f0f0f0;border-radius: 10px;}.::-webkit-scrollbar-thumb{border-radius: 10px;background-color: #c5c5c5;}.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: auto;color: #333;}.a{text-decoration: none;color: #111;}.a:hover{color: #FF3311;}..n_hd{ height: 30px;padding: 10px;border-bottom: 1px solid #eee;position: fixed;background: rgba(255, 255, 255, .9);z-index: 8;right: 0;left: 0;}..n_hd a{-webkit-transition: 0.1s;float: right;border-radius: 3px;}..n_hd a:hover{opacity: .7;}..user-ico{float: left;min-width: 300px;text-align: left;line-height: 30px;}..user-name{color:#ff6740;margin-left: 10px;}..user-name-txt{margin-left: 10px;}..user-ico-img{width: 30px;height: 30px;border-radius: 50%;position: absolute;}..user-ico-div{background: #bbb;width: 30px;hei

                            Chrome Cache Entry: 81

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):19
                            Entropy (8bit):3.787143960698141
                            Encrypted:false
                            SSDEEP:3:q1H0mE:qVC
                            MD5:EAB60C53993077D0D8AAB74AE6DFB26A
                            SHA1:812C2604FF9C26777AAFB18D50C98DD50C3A06B8
                            SHA-256:712A934244D98E950389A431B41C1B0EA5119A606333A745F2C82F5B3224F0CB
                            SHA-512:D46986CC3346493DE84675DCB244AB775B224DBB375F2D2B79063020B40643E1DC8C6240F5DD9B29C815F1FC1BCA81C55AC8ADD1065D2716632AB5B76BFDA32B
                            Malicious:false
                            Reputation:low
                            URL:https://down-load.lanrar.com/file/kdns.js
                            Preview:var killdns = true;

                            Chrome Cache Entry: 82

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                            Category:dropped
                            Size (bytes):1150
                            Entropy (8bit):2.5203594375780294
                            Encrypted:false
                            SSDEEP:12:XzA+O/m5bHaSQrCv3nO+/6reo+Q//8Sakt+1mCRqtzl7l/:XzlOu5bZNv3ftQ/0pu8m
                            MD5:E2A12D30813A67034ECEF52F8F5447D9
                            SHA1:87CBF0958C40D8C61C591020FAE3F5E2B5DFB6DE
                            SHA-256:22489AA1578915C922E7D16566A5B926A6C430961F3327E90F0B10DAD21F0781
                            SHA-512:F9743821B5F4A1253E600813A3FFC81EE37BDC0774379227F9B5DFB2FD7AAD3270B01246580FD73E8D42CC0611B6D4078EF09B4B53F2EDB2CC6CFA2C83D54C48
                            Malicious:false
                            Reputation:low
                            Preview:............ .h.......(....... ..... ..........................................................................................................................................................................................................................................................................................r...............................................................b...i..j........................................................g...e...\...k...................................................f...g...f...j...................................................f...f...h..._..e................................................f...f...f...f...b..V...........Z...c............................f...f...f...f...g..._...b...e...\...m...........................f...f...f...f...f...h...f...f...i...`..C........................f...f...f...f...f...f...f...f...f...g...`..E....................f...f...f...f...f...f...f...f...g...f...g..._...q..q............f...f...f...f...f...f...f...f...f...f...f

                            Chrome Cache Entry: 83

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (622)
                            Category:downloaded
                            Size (bytes):4904
                            Entropy (8bit):5.92640887750072
                            Encrypted:false
                            SSDEEP:96:1Gy72GTJ7ku/ZwvwCsEncRTrWyktfyPGq+wJlSWF6zV56:QGT13K4CsicsyVVKM
                            MD5:DCFFB543A6BFC1945B87489427330B27
                            SHA1:C73B234964F5BA2C8AD828339BDFE58278BFA862
                            SHA-256:77BD15CA15578C6209DFFA6B04C3FFDF9F15E3630AF65FAC8F90117F0EE370CD
                            SHA-512:080739FDC7BA57E391E4B447D7F18BDFE9038CD20DF2B21B6F6287618DEB18204068277C8F9E9EC70EBD977783996D12238B587641D8A371A1BD0CFE69F00D9F
                            Malicious:false
                            Reputation:low
                            URL:https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==
                            Preview:<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.</head>.<body>.<style>.body{font-size: 16px;margin: 0;font-family: \5FAE\8F6F\96C5\9ED1;color: #333;background: #fff; border-color:transparent;-webkit-appearance: none;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-tap-highlight-color:rgba(0,0,0,0.0);}.a{text-decoration: inherit;color: #999;}..box{width:260px;margin:auto; text-align: center;}..box1{ margin-top: 35%;}..box3{ margin-top: 50px;}..box2_2{ padding: 25px;}..submit{ width: 90%;. margin: auto;. height: 42px;. line-height: 42px;. border: 1px solid #d5d5d5;. cursor: pointer;. box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);border-radius: 2px; color: #777;}..submit:hover{ opacity: .7;}.

                            Chrome Cache Entry: 84

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text
                            Category:downloaded
                            Size (bytes):2268
                            Entropy (8bit):5.804138849304981
                            Encrypted:false
                            SSDEEP:48:ipEG1TmLbu8m3bVFefR8ZSwJ3sVTQw9sVw3KUjikbrI3s0g0D:dG1/BvKR8PJKczwQkvUsED
                            MD5:3A5DBDBE75CDECF3DB5C2E3EC89C9705
                            SHA1:EACC6E500ED19A256AD1EA074136D7E76D5341F8
                            SHA-256:D17F393244819A8042544829E807951DE454DE67B43C9050F5E8C88CB5901288
                            SHA-512:7BB5DC39675F4A499AD5812ED92678F0CA0701BF0652700E93B4C5EBAE8B7F8E8AF211D7A1E8AB653DF76CA661136DE71BC811A9E22C0EC68544B4C1E491EC45
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/fn?CG4BawhnAGZUOgdjBGhUZlo4DjNfM1F1CnlRal0wUWcCNgdiWjUHagVkCm0EZlZgUi4OfV48BDcFJAd2Bj8DYAh7AT8IMgA6VGkHNAQpVGhaQQ5SX3ZRMQ_c_c
                            Preview: file pages1 -->.<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.<style>.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: 0;padding: 0;}.#outime{display: none;text-align: center;background: rgba(255, 255, 255, 0.9);position: absolute;height: 30px;line-height: 30px;z-index: 9;width: 207px;}..load{text-align: center;height: 30px;line-height: 30px;}..load a{background: #0af;box-shadow: 0 1px 1px rgba(0,0,0,.15);color: #fff;text-decoration: none;display: block;width: 50px;text-align: center;border-radius: 50px;font-size: 14px;height: 30px;line-height: 30px;margin-left: 155px;margin-top: 1px;}..load a:hover{background: #569aff;}..load a:active{box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.25);}.</style>.</head>.<body>.<div id="outime">........</div>..<div class="load" id="tourl">..........</div>.<s

                            Chrome Cache Entry: 85

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.382971482078703
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684g0+QS8bD/4QR6vPdVNVs5:+p33QhSEYSsQ3vKFpIbP4SVVYLl
                            MD5:9AF6B388A6DDB49C936F8CB1495E693B
                            SHA1:A55CC1404DD022E87BC771F2A38654844AC0F43D
                            SHA-256:972C309FF7F3CCBE633C45B651587DE8753064D3C084CD6B313B7FEBB8CFCB23
                            SHA-512:7817AE423151DA777EEBE4E183CE1D46AAFF31F309C09FFBDC138117EC9CA88B02A25B766309E892C283F66E89ADC078F180AF12149F0E3E299E9A70C397A3B1
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di

                            Chrome Cache Entry: 86

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 200 x 200
                            Category:downloaded
                            Size (bytes):2168
                            Entropy (8bit):7.753818493533322
                            Encrypted:false
                            SSDEEP:48:RdkbWuo7fTLKVsKLqYa/7EcOJCkxEVB4NSSYy/8bZW8/JX2yDXfy2e:YbWuof3lK2v/ZhJQN0MeJGyDvU
                            MD5:01DE44CA77137A07524637C0B713AFF5
                            SHA1:6D72D9AF3A814950E64A86BC5DEE114C442AB987
                            SHA-256:4369FADC7549310291DC9DCED9B8CB151768C684981193967425245A62CCD910
                            SHA-512:5F6BB05087D5C117C7E24FAEC2C34F87CA3C7D0FD599381C0457F89BF6066EE5523CA637F1501F0CAD108B89E18E85787531361B42AB058508347963CA9D3A82
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/images/type/zip_max.gif
                            Preview:GIF89a........................................t..{................................................................................2..3..3..4..6..7..8..9..<..=..>..?..@..A..C..E..G..G..I..K..L..M..M..O..O..P..Q..T..U..V..Y..Z..[..[..\..]..^.._..`..`..c..l..m..n..o..q..v..w..x..z..z..~.................................................................................................................!.....t.,............s.................................................................rlYH*'...........Ck.....kG.....*HYlr.o?.....K.......I....Jp._R..HpY<{.I.)...2..4... .zm.P.H.L.u.CJ.xq..."S2K......".L.?LtryS%..n....!.^.P...,..:...!..SU..$5+..2..E..d...g.E.........sC^...].y.V..[...p...Ivxc..te....#%.GJ..!.cI.=.s......%MA....y[XO.TA.7...n.....p.,a.8CHh.C.~.....!e...u=..!..~.........;."....i.....k...|w.....?......v......h.4.B....4...>#.q.V...e..2/p.....!.m$j..#.XaQ,....S...H.3.D..;.#.$?...2@....F....K...ORR.uAVi%.X..Rv..`..$.dRR^.....%.9S.8.i.tr..a..l.\..-X..

                            Chrome Cache Entry: 87

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:downloaded
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            URL:https://hm.baidu.com/hm.gif?hca=5E0E0D8A742D4EE8&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=897&et=0&ja=0&ln=en-us&lo=0&rnd=1675329094&si=fb7e760e987871d56396999d288238a4&v=1.3.2&lv=1&sn=48590&r=0&ww=1280&u=https%3A%2F%2Fwwre.lanzoup.com%2FiUb312qvvxyd&tt=MM7.zip%20-%20%E8%93%9D%E5%A5%8F%E4%BA%91
                            Preview:GIF89a.............!.......,...........L..;

                            Chrome Cache Entry: 88

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:downloaded
                            Size (bytes):258
                            Entropy (8bit):5.247159030749482
                            Encrypted:false
                            SSDEEP:6:qoRFokyJ8mgO9lVhntBCYdoiIDcccBPf/t7JbDRWPWG3+Y29kJONe:hTyiuHnjCiopDczPDRWZ/29kJF
                            MD5:F6533028E6D965AECC218460ACBD4F21
                            SHA1:F8569A0E9D0672E9013D23B1574DB06A9B97CFD6
                            SHA-256:A57B4A9C1AAE1743D9953C45A31D008CFB3CA0B414C8BDD1FE854DD404280E72
                            SHA-512:41DE09DF9886DEC3B6D7C7BF098A235494980E244AEEED6A7F91431F9C553475B70216F128A64B63C3532801B4FBAF4216C3615D076B57EF72029DCF15E8F620
                            Malicious:false
                            Reputation:low
                            URL:https://statics.woozooo.com/img/bd.js
                            Preview:var _hmt = _hmt || [];..(function() {.. var hm = document.createElement("script");.. hm.src = "https://hm.baidu.com/hm.js?fb7e760e987871d56396999d288238a4";.. var s = document.getElementsByTagName("script")[0]; .. s.parentNode.insertBefore(hm, s);..})();

                            Chrome Cache Entry: 89

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:downloaded
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            URL:https://hm.baidu.com/hm.gif?hca=5E0E0D8A742D4EE8&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=897&et=0&ja=0&ln=en-us&lo=0&lt=1742296565&rnd=699943486&si=fb7e760e987871d56396999d288238a4&v=1.3.2&lv=2&sn=48594&r=0&ww=1280&u=https%3A%2F%2Fwwre.lanzoup.com%2FiUb312qvvxyd%3F%253C%3F%3D%24codepost%3F%253E&tt=MM7.zip%20-%20%E8%93%9D%E5%A5%8F%E4%BA%91
                            Preview:GIF89a.............!.......,...........L..;

                            Chrome Cache Entry: 90

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:dropped
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a.............!.......,...........L..;

                            Chrome Cache Entry: 91

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                            Category:downloaded
                            Size (bytes):1150
                            Entropy (8bit):2.5203594375780294
                            Encrypted:false
                            SSDEEP:12:XzA+O/m5bHaSQrCv3nO+/6reo+Q//8Sakt+1mCRqtzl7l/:XzlOu5bZNv3ftQ/0pu8m
                            MD5:E2A12D30813A67034ECEF52F8F5447D9
                            SHA1:87CBF0958C40D8C61C591020FAE3F5E2B5DFB6DE
                            SHA-256:22489AA1578915C922E7D16566A5B926A6C430961F3327E90F0B10DAD21F0781
                            SHA-512:F9743821B5F4A1253E600813A3FFC81EE37BDC0774379227F9B5DFB2FD7AAD3270B01246580FD73E8D42CC0611B6D4078EF09B4B53F2EDB2CC6CFA2C83D54C48
                            Malicious:false
                            Reputation:low
                            URL:https://developer-oss.lanrar.com/favicon.ico
                            Preview:............ .h.......(....... ..... ..........................................................................................................................................................................................................................................................................................r...............................................................b...i..j........................................................g...e...\...k...................................................f...g...f...j...................................................f...f...h..._..e................................................f...f...f...f...b..V...........Z...c............................f...f...f...f...g..._...b...e...\...m...........................f...f...f...f...f...h...f...f...i...`..C........................f...f...f...f...f...f...f...f...f...g...`..E....................f...f...f...f...f...f...f...f...g...f...g..._...q..q............f...f...f...f...f...f...f...f...f...f...f

                            Chrome Cache Entry: 93

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (30775), with CRLF line terminators
                            Category:downloaded
                            Size (bytes):31043
                            Entropy (8bit):5.82874168862654
                            Encrypted:false
                            SSDEEP:768:QKYMj8RfJebm/EZ/pgEUQTXUSeANfgLw62PXm:g3umsZhgETXlTgMrPXm
                            MD5:48EE178E3149E6218973A42F6C334E3B
                            SHA1:53C0DA9CB7D5CD77CC0AD91C1B756B484381AC73
                            SHA-256:6BC21E325F9E92C5571194FF99852960F3E85876F69AAF05579C1E83EA2A0422
                            SHA-512:DA4A944BE0C65971A39991A2F1F582ABD1369A9B02FE666B08F6B784E6AE907DF3A34577224ED61BABA457BF590603D01F2097111C62DD3FDDCD38B7A36A872A
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/includes/js/jquery.js
                            Preview:/*.. * jQuery 1.2.6 - New Wave Javascript.. *.. * Copyright (c) 2008 John Resig (jquery.com).. * Dual licensed under the MIT (MIT-LICENSE.txt).. * and GPL (GPL-LICENSE.txt) licenses... *.. * $Date: 2008-05-24 14:22:17 -0400 (Sat, 24 May 2008) $.. * $Rev: 5685 $.. */..eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,62=/^.[^:#\\[\\.]*$/,12;D.17=D.44={5j:H(d,b){d=d||S;G(d.16){7[0]=d;7.K=1;I 7}G(1j d=="23"){J c=u.2D(d);G(c&&(c[1]||!b)){G(c[1])d=D.4h([c[1]],b);N{J a=S.61(c[3]);G(a){G(a.2v!=c[3])I D().2q(d);I D(a)}d=[]}}N I D(b).2q(d)}N G(D.1D(d))I D(S)[D.17.27?"27":"43"](d);I 7.6Y(D.2d(d))},5w:"1.2.6",8G:H(){I 7.K

                            Static File Info

                            No static file info

                            Network Behavior

                            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:07:15:54
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false
                            Show Windows behavior

                            File Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            COM Activities

                            Show Windows behavior

                            Process Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Token Activities


                            General

                            Target ID:1
                            Start time:07:15:54
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false
                            Show Windows behavior

                            File Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:2
                            Start time:07:15:56
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wwre.lanzoup.com/iUb312qvvxyd"
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:7
                            Start time:07:16:04
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?>
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true
                            Show Windows behavior

                            File Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:13
                            Start time:07:16:09
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true
                            Show Windows behavior

                            File Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:14
                            Start time:07:16:12
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?>
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true
                            Show Windows behavior

                            File Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            Disassembly

                            No disassembly