Edit tour

Windows Analysis Report
https://wwre.lanzoup.com/iUb312qvvxyd

Overview

General Information

Sample URL:https://wwre.lanzoup.com/iUb312qvvxyd
Analysis ID:1641690
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Yara detected ZipBomb
Drops password protected ZIP file
Creates files inside the system directory
Deletes files inside the Windows folder
HTML page contains hidden javascript code
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 5156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 1304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wwre.lanzoup.com/iUb312qvvxyd" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 4912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?> MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?> MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?> MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmpJoeSecurity_ZipBombYara detected ZipBombJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results
    Source: https://wwre.lanzoup.com/iUb312qvvxydHTTP Parser: Base64 decoded: `;13Qn;:[30gQaWhPe\8[b3p&P9V1P1Q1RaS;8m>6[n
    Source: https://wwre.lanzoup.com/iUb312qvvxydHTTP Parser: No favicon
    Source: https://wwre.lanzoup.com/iUb312qvvxydHTTP Parser: No favicon
    Source: https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3EHTTP Parser: No favicon
    Source: https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3EHTTP Parser: No favicon
    Source: https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==HTTP Parser: No favicon
    Source: https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==HTTP Parser: No favicon
    Source: https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==HTTP Parser: No favicon
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/favicon.ico
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/images/type/zip_max.gif
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/img/qrcode.min.js
    Source: chromecache_73.1.dr, chromecache_84.1.dr, chromecache_83.1.dr, chromecache_71.1.drString found in binary or memory: https://assets.woozooo.com/assets/includes/js/jquery.js
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/share/pc1.css
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://assets.woozooo.com/assets/share/pc2.js
    Source: chromecache_73.1.dr, chromecache_84.1.dr, chromecache_71.1.drString found in binary or memory: https://down-load.lanrar.com/file/kdns.js
    Source: chromecache_88.1.drString found in binary or memory: https://hm.baidu.com/hm.js?fb7e760e987871d56396999d288238a4
    Source: chromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drString found in binary or memory: https://statics.woozooo.com/img/bd.js

    System Summary

    barindex
    Source: MM7.zip.crdownload.0.drZip Entry: encrypted
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5156_393080954Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5156_393080954Jump to behavior
    Source: classification engineClassification label: mal52.evad.win@33/50@0/20
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmpJump to behavior
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wwre.lanzoup.com/iUb312qvvxyd"
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?>
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?>
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Malware Analysis System Evasion

    barindex
    Source: Yara matchFile source: C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmp, type: DROPPED
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: MM7.zip.crdownload.0.drBinary or memory string: AiQeMU
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
    Process Injection
    11
    Masquerading
    OS Credential Dumping1
    Security Software Discovery
    Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    File Deletion
    Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1641690 URL: https://wwre.lanzoup.com/iU... Startdate: 18/03/2025 Architecture: WINDOWS Score: 52 29 Yara detected ZipBomb 2->29 31 Drops password protected ZIP file 2->31 6 chrome.exe 12 2->6         started        10 chrome.exe 2->10         started        12 chrome.exe 2->12         started        14 2 other processes 2->14 process3 dnsIp4 27 192.168.2.17 unknown unknown 6->27 19 59cc686e-6707-4769-b945-a38bdc979048.tmp, Zip 6->19 dropped 16 chrome.exe 6->16         started        file5 process6 dnsIp7 21 163.181.131.211 TAOBAOZhejiangTaobaoNetworkCoLtdCN United States 16->21 23 142.250.181.238 GOOGLEUS United States 16->23 25 17 other IPs or domains 16->25

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    https://wwre.lanzoup.com/iUb312qvvxyd0%Avira URL Cloudsafe
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No contacted domains info
    NameMaliciousAntivirus DetectionReputation
    https://wwre.lanzoup.com/iUb312qvvxydfalse
      unknown
      https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3Efalse
        unknown
        https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==false
          unknown
          NameSourceMaliciousAntivirus DetectionReputation
          https://assets.woozooo.com/assets/img/qrcode.min.jschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
            high
            https://assets.woozooo.com/assets/share/pc1.csschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
              high
              https://statics.woozooo.com/img/bd.jschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                high
                https://assets.woozooo.com/assets/includes/js/jquery.jschromecache_73.1.dr, chromecache_84.1.dr, chromecache_83.1.dr, chromecache_71.1.drfalse
                  high
                  https://assets.woozooo.com/assets/share/pc2.jschromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                    high
                    https://down-load.lanrar.com/file/kdns.jschromecache_73.1.dr, chromecache_84.1.dr, chromecache_71.1.drfalse
                      high
                      https://assets.woozooo.com/assets/images/type/zip_max.gifchromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                        high
                        https://assets.woozooo.com/assets/favicon.icochromecache_74.1.dr, chromecache_77.1.dr, chromecache_85.1.dr, chromecache_66.1.drfalse
                          high
                          https://hm.baidu.com/hm.js?fb7e760e987871d56396999d288238a4chromecache_88.1.drfalse
                            high
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.184.195
                            unknownUnited States
                            15169GOOGLEUSfalse
                            142.250.186.46
                            unknownUnited States
                            15169GOOGLEUSfalse
                            142.250.184.196
                            unknownUnited States
                            15169GOOGLEUSfalse
                            142.250.186.78
                            unknownUnited States
                            15169GOOGLEUSfalse
                            1.1.1.1
                            unknownAustralia
                            13335CLOUDFLARENETUSfalse
                            180.163.148.213
                            unknownChina
                            4812CHINANET-SH-APChinaTelecomGroupCNfalse
                            74.125.133.84
                            unknownUnited States
                            15169GOOGLEUSfalse
                            111.45.3.198
                            unknownChina
                            56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
                            221.229.162.62
                            unknownChina
                            23650CHINANET-JS-AS-APASNumberforCHINANETjiangsuprovincebafalse
                            218.12.77.90
                            unknownChina
                            4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                            218.92.227.227
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            216.58.206.35
                            unknownUnited States
                            15169GOOGLEUSfalse
                            142.250.181.238
                            unknownUnited States
                            15169GOOGLEUSfalse
                            61.170.77.226
                            unknownChina
                            4812CHINANET-SH-APChinaTelecomGroupCNfalse
                            172.217.23.99
                            unknownUnited States
                            15169GOOGLEUSfalse
                            183.240.98.228
                            unknownChina
                            56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
                            61.170.81.225
                            unknownChina
                            4812CHINANET-SH-APChinaTelecomGroupCNfalse
                            163.181.131.211
                            unknownUnited States
                            24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                            47.98.88.99
                            unknownChina
                            37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                            IP
                            192.168.2.17
                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1641690
                            Start date and time:2025-03-18 12:15:17 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 59s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://wwre.lanzoup.com/iUb312qvvxyd
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:17
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal52.evad.win@33/50@0/20
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtCreateFile calls found.
                            • Report size getting too big, too many NtOpenFile calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.
                            • Skipping network analysis since amount of network traffic is too extensive
                            • VT rate limit hit for: https://wwre.lanzoup.com/iUb312qvvxyd
                            No simulations
                            SourceURL
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?>
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?>
                            Screenshothttps://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
                            No context
                            No context
                            No context
                            No context
                            No context
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
                            Category:dropped
                            Size (bytes):15958
                            Entropy (8bit):7.9877078519155065
                            Encrypted:false
                            SSDEEP:384:Lxkw1K16uKvMDCZ0Z2wdRfVfR7M3HiHug:Sw1q6uKvMuZ34pRgSOg
                            MD5:3868A345CEF0D1C3EC4E75E3867B2FE6
                            SHA1:25D8CCDEB5C31BF2D6206FFD780F37FC9AAA651F
                            SHA-256:FA54CFD0197FEC360C4DA2B6B66B7F7B6E47BC47BA54CBB9A12B17086657CB62
                            SHA-512:71C150E7EFC82DAEB8FC42AE7F927A6773FA973C82B9B593DFA12819731EC3BFEA061F0A9407A102D244C30BDA1F1E2A9BFAB1E54FA3B5331F952F6EAC73FE1A
                            Malicious:true
                            Yara Hits:
                            • Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\59cc686e-6707-4769-b945-a38bdc979048.tmp, Author: Joe Security
                            Reputation:low
                            Preview:PK..3...c.ShnZ....8.\...].....VT1/VT1.msi......AE...B...y{.27OEIt./a..C.v@.@.!:.....!0..p..<;.p.._.vR...vR.L..N.|.5..:{;..>^....a...+..c.....Z..........#.F.../....[...Z..;{..J.X.C...eB...YiB..T.....5V...0.-}.P....9LL=.q..... .v9...oKq......{.\Y........w.C?.|&:tG.>.........4.......M...hR.^.....n...3.b..z....O...}...6.LQ..1q]&!.Ps-..P..f...E......d.v...._..5.~.@.2:..f. 2........x.-!.w...s.....,..^.R.m.q'Y.m.sBU......}).X.... ...s..<,.".T.=.+T..L.[P.>.V...ku:~p.d..B.-.:.B.;...J.Rk.i........'.....$.{.oX.0~..v.n.}...JB.T.s.{..."U7..?xH{.../.5..IS..H..Y...7.;-c|dA.......U[-.Q.o.?.Hj[.V.1......w._~.."Q..u.......W.U..QiAk.2....%....E.Q....yw.2.v...A.1..H.A.Ni...q8.:F.Z.........|.XP........S..l..G......):2.*o4...z..A.N...A..,..#.X.F...1.OR.o.*ij=t..`..q...$I3..9.7>...l....O..K...&..:G..;..Z...t.^$?.3.....Q..`I.Ic......T...`C/_0.)X.=z.wx........F.l.sL. ...W..ji...+...W...L.5..W./48.M...O..=...E.:.h%.?.z..%.[...$......P..^.-s7.p.7hD...6......[fhYf^....Z..M.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
                            Category:dropped
                            Size (bytes):106755426
                            Entropy (8bit):7.9999981907478315
                            Encrypted:true
                            SSDEEP:
                            MD5:A76CF51968423C2F448B3009F2AE6932
                            SHA1:38100EEC32B1825899085EF3109894E8873CB5FB
                            SHA-256:9905B9FAED22CF233EB5FDC91A5DBB16BDE000B1C3BD18F827BBFA08EB2C43CB
                            SHA-512:0AAA7BF04818DBC2EDFC20D87A0C8280D512DDEDD55E8FFC8E527A57315D4B471620ABE2A893CC13158B2D0F84CC4F67471BE3E5039D0A4797759CA69E700642
                            Malicious:false
                            Reputation:low
                            Preview:PK..3...c.ShnZ....8.\...].....VT1/VT1.msi......AE...B...y{.27OEIt./a..C.v@.@.!:.....!0..p..<;.p.._.vR...vR.L..N.|.5..:{;..>^....a...+..c.....Z..........#.F.../....[...Z..;{..J.X.C...eB...YiB..T.....5V...0.-}.P....9LL=.q..... .v9...oKq......{.\Y........w.C?.|&:tG.>.........4.......M...hR.^.....n...3.b..z....O...}...6.LQ..1q]&!.Ps-..P..f...E......d.v...._..5.~.@.2:..f. 2........x.-!.w...s.....,..^.R.m.q'Y.m.sBU......}).X.... ...s..<,.".T.=.+T..L.[P.>.V...ku:~p.d..B.-.:.B.;...J.Rk.i........'.....$.{.oX.0~..v.n.}...JB.T.s.{..."U7..?xH{.../.5..IS..H..Y...7.;-c|dA.......U[-.Q.o.?.Hj[.V.1......w._~.."Q..u.......W.U..QiAk.2....%....E.Q....yw.2.v...A.1..H.A.Ni...q8.:F.Z.........|.XP........S..l..G......):2.*o4...z..A.N...A..,..#.X.F...1.OR.o.*ij=t..`..q...$I3..9.7>...l....O..K...&..:G..;..Z...t.^$?.3.....Q..`I.Ic......T...`C/_0.)X.=z.wx........F.l.sL. ...W..ji...+...W...L.5..W./48.M...O..=...E.:.h%.?.z..%.[...$......P..^.-s7.p.7hD...6......[fhYf^....Z..M.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.402482594438341
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684lvz1BWq8M/4QR6vPdVNVS:+p33QhSEYSsQ3vKFpIbP4lrSq87VVYLl
                            MD5:AFBE8AE3E390E3F122B0D5E96F1D91EC
                            SHA1:122DF35B770628FB1C4FFDB233CB37EAFD2BAC7D
                            SHA-256:FAA0809F252057A933F8820B7380164A4024948224C8B6D158F4782F7B36ABCC
                            SHA-512:57C8FE9B9CB5F85CC251B8B479352766E330BB1A6A973DB86ECB4437FA74671286962015686F5FEB36704D2D73609E0E18B72E13B669317975B8F08349A19BA1
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (19927), with no line terminators
                            Category:downloaded
                            Size (bytes):19927
                            Entropy (8bit):5.680495692183685
                            Encrypted:false
                            SSDEEP:384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ
                            MD5:517B55D3688CE9EF1085A3D9632BCB97
                            SHA1:2D06C1F823F34C19981C6AE0B0EB0F5861C5E14B
                            SHA-256:C541EF06327885A8415BCA8DF6071E14189B4855336DEF4F36DB54BDE8484F36
                            SHA-512:08D80845E706A3B9E985B799D3849CD7791AD3BA5AA9D793BB4591D4833890D7299810144874905F416C94D8530DA74BE0EE520066A91ADE05A1DA8BF0CCB498
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/img/qrcode.min.js
                            Preview:var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this.parsedData=[];for(var b=[],d=0,e=this.data.length;e>d;d++){var f=this.data.charCodeAt(d);f>65536?(b[0]=240|(1835008&f)>>>18,b[1]=128|(258048&f)>>>12,b[2]=128|(4032&f)>>>6,b[3]=128|63&f):f>2048?(b[0]=224|(61440&f)>>>12,b[1]=128|(4032&f)>>>6,b[2]=128|63&f):f>128?(b[0]=192|(1984&f)>>>6,b[1]=128|63&f):b[0]=f,this.parsedData=this.parsedData.concat(b)}this.parsedData.length!=this.data.length&&(this.parsedData.unshift(191),this.parsedData.unshift(187),this.parsedData.unshift(239))}function b(a,b){this.typeNumber=a,this.errorCorrectLevel=b,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}function i(a,b){if(void 0==a.length)throw new Error(a.length+"/"+b);for(var c=0;c<a.length&&0==a[c];)c++;this.num=new Array(a.length-c+b);for(var d=0;d<a.length-c;d++)this.num[d]=a[d+c]}function j(a,b){this.totalCount=a,this.dataCount=b}function k(){this.buffer=[],this.length=0}function m(){return"undefine
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):58
                            Entropy (8bit):4.301417634136299
                            Encrypted:false
                            SSDEEP:3:YfJjhKIHfAJ0Pq8g9VgQhUe4n:Yhw6fFzS4
                            MD5:017DE4000C608CB6840F52411B5C3A42
                            SHA1:0B51EF5EC9E3D40C2A301DE0E482B245F67E05BF
                            SHA-256:9F03F03A7485E9D8E04003C70330313E0E18DD79DBF409F498077F03C230F7A5
                            SHA-512:3ABA3D9936C4682A434E7777A9DC743C2068DC139DFB4C74F21C7BAEACF4949D775940E23F6CC8338DD420D7DEC88E813BABEF79082ED5D1119212EAC4F3B518
                            Malicious:false
                            Reputation:low
                            Preview:{"zt":0,"dom":null,"url":"\u9a8c\u8bc1\u7801\u9519\u8bef"}
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:downloaded
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            URL:https://hm.baidu.com/hm.gif?hca=5E0E0D8A742D4EE8&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=897&ep=650%2C0&et=3&ja=0&ln=en-us&lo=0&lt=1742296565&rnd=1607160054&si=fb7e760e987871d56396999d288238a4&v=1.3.2&lv=2&sn=48599&r=0&ww=1280&u=https%3A%2F%2Fwwre.lanzoup.com%2FiUb312qvvxyd%3F%253C%3F%3D%24codepost%3F%253E%3F%253C%3F%3D%24codepost%3F%253E
                            Preview:GIF89a.............!.......,...........L..;
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:dropped
                            Size (bytes):280
                            Entropy (8bit):5.026276662458781
                            Encrypted:false
                            SSDEEP:6:hxuJLzLO6QcjWR0NNEXW0YBwrVfAbplGMETQ1jJTpAj7cEdx2BYdYsN4Qb:hYw6QclfheC2/8J9A3c4xqsyQb
                            MD5:643A8B386CC59C2B219F34D60CCE4E88
                            SHA1:68356681249AF2356E90E8597AF02E10ABB9834A
                            SHA-256:A187282EC54A1BF0A139C595C3F92278B3164F3BF9939171305591826DDF26B9
                            SHA-512:4E792AF8D5B112A24F0E3983C88E92CF25CB5AC1448148E37391E99193B38F976A9A446C83A3A091BD10FD2D6A2F7969B851D6C3644C0A571C047CFD30E4ECF5
                            Malicious:false
                            Reputation:low
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>Error 404</title>.</head>.<body id="bd">.error:404;.</body>.</html>
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text
                            Category:downloaded
                            Size (bytes):2268
                            Entropy (8bit):5.802785777924563
                            Encrypted:false
                            SSDEEP:48:ipEG1TmLbu8m3bVFefR8ZXSJ3sVTQw9sVw3KUjikbrI3s0g0D:dG1/BvKR8AJKczwQkvUsED
                            MD5:3F0F8FD2A7FD848299303255A7B03676
                            SHA1:20722226712CF567B2ADF36ECA912BCE20CF21C0
                            SHA-256:4DC35BE4F966E711D549A2AAF07A964305C3EAB92DBA9AD5ECD8DA198A5337FD
                            SHA-512:F8B1996A8A86F8C9633CB513D59D8BEDBB391CC0E0CDB0F2D434363DE542BAD57416A245B69F59AA405C5B5E606F1FE82ABC552C18FB22C6581A252812925D45
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/fn?VDIHbQFuVzECbAdjA28FNwdlUG1SPldzBXYDOAJvAzVXY1M2D2AHalY3A2RXNFxvUCwEd148BzQCIwd2ATgGZVQnBzkBO1dtAj8HNAMuBTkHHFAMUntXNw_c_c
                            Preview: file pages1 -->.<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.<style>.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: 0;padding: 0;}.#outime{display: none;text-align: center;background: rgba(255, 255, 255, 0.9);position: absolute;height: 30px;line-height: 30px;z-index: 9;width: 207px;}..load{text-align: center;height: 30px;line-height: 30px;}..load a{background: #0af;box-shadow: 0 1px 1px rgba(0,0,0,.15);color: #fff;text-decoration: none;display: block;width: 50px;text-align: center;border-radius: 50px;font-size: 14px;height: 30px;line-height: 30px;margin-left: 155px;margin-top: 1px;}..load a:hover{background: #569aff;}..load a:active{box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.25);}.</style>.</head>.<body>.<div id="outime">........</div>..<div class="load" id="tourl">..........</div>.<s
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 200 x 200
                            Category:dropped
                            Size (bytes):2168
                            Entropy (8bit):7.753818493533322
                            Encrypted:false
                            SSDEEP:48:RdkbWuo7fTLKVsKLqYa/7EcOJCkxEVB4NSSYy/8bZW8/JX2yDXfy2e:YbWuof3lK2v/ZhJQN0MeJGyDvU
                            MD5:01DE44CA77137A07524637C0B713AFF5
                            SHA1:6D72D9AF3A814950E64A86BC5DEE114C442AB987
                            SHA-256:4369FADC7549310291DC9DCED9B8CB151768C684981193967425245A62CCD910
                            SHA-512:5F6BB05087D5C117C7E24FAEC2C34F87CA3C7D0FD599381C0457F89BF6066EE5523CA637F1501F0CAD108B89E18E85787531361B42AB058508347963CA9D3A82
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a........................................t..{................................................................................2..3..3..4..6..7..8..9..<..=..>..?..@..A..C..E..G..G..I..K..L..M..M..O..O..P..Q..T..U..V..Y..Z..[..[..\..]..^.._..`..`..c..l..m..n..o..q..v..w..x..z..z..~.................................................................................................................!.....t.,............s.................................................................rlYH*'...........Ck.....kG.....*HYlr.o?.....K.......I....Jp._R..HpY<{.I.)...2..4... .zm.P.H.L.u.CJ.xq..."S2K......".L.?LtryS%..n....!.^.P...,..:...!..SU..$5+..2..E..d...g.E.........sC^...].y.V..[...p...Ivxc..te....#%.GJ..!.cI.=.s......%MA....y[XO.TA.7...n.....p.,a.8CHh.C.~.....!e...u=..!..~.........;."....i.....k...|w.....?......v......h.4.B....4...>#.q.V...e..2/p.....!.m$j..#.XaQ,....S...H.3.D..;.#.$?...2@....F....K...ORR.uAVi%.X..Rv..`..$.dRR^.....%.9S.8.i.tr..a..l.\..-X..
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text
                            Category:downloaded
                            Size (bytes):2268
                            Entropy (8bit):5.800602876925161
                            Encrypted:false
                            SSDEEP:48:ipEG1TmLbu8m3bVFefR8Z20J3sVTQw9sVw3KUjikbrI3s0g0D:dG1/BvKR8nJKczwQkvUsED
                            MD5:6E93A643B74FBEE5FBE99C89E7326CC8
                            SHA1:8168947244CD11C12C7C54160F86DFAC26E29C6C
                            SHA-256:24AF88601AC15474C32540E00D0C41904403658791D2DA7008BBC52C47AF6F01
                            SHA-512:A93D6B4D92495D726185793721714E891FEE6154A4F1D09E5C66F9598EECAC573CBE0BDBDC991A3282DD611F48D2AE754CF6CF6D6A3819ED9825E5AD3CBB2BD1
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/fn?UDZVPw5hVTNRPwpuVjpUZlIwUm8FaVRwAHNSaVE8BDIGMlA1DGMFaFIzBGMBYwIzAX1TIFU3VmUAIQZ3V25SMVAjVWsONFVvUWwKOVZ7VGhSSVIOBSxUNA_c_c
                            Preview: file pages1 -->.<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.<style>.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: 0;padding: 0;}.#outime{display: none;text-align: center;background: rgba(255, 255, 255, 0.9);position: absolute;height: 30px;line-height: 30px;z-index: 9;width: 207px;}..load{text-align: center;height: 30px;line-height: 30px;}..load a{background: #0af;box-shadow: 0 1px 1px rgba(0,0,0,.15);color: #fff;text-decoration: none;display: block;width: 50px;text-align: center;border-radius: 50px;font-size: 14px;height: 30px;line-height: 30px;margin-left: 155px;margin-top: 1px;}..load a:hover{background: #569aff;}..load a:active{box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.25);}.</style>.</head>.<body>.<div id="outime">........</div>..<div class="load" id="tourl">..........</div>.<s
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.3844163434638395
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684PVfVHP/4QR6vPdVNVsvLl:+p33QhSEYSsQ3vKFpIbP4PV90VVYLl
                            MD5:F1236017CF420F42BEEB3AF0041FE84B
                            SHA1:C0324D608282891528D7406CE6EBB240D4F9D09E
                            SHA-256:3111A4C7FA940A79FCA809C95D2F11B433E6F26225A271B74E44ACA015E3E846
                            SHA-512:66B84C02F0D4E9F6CFCDA4F079252DB23C68CF47061C5B2F69BF815C8DCB142481908D5EB47D1971C07457CC4F2BE7AB278CD6699EC83DD5D65FC5F3736512A9
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                            Category:downloaded
                            Size (bytes):770
                            Entropy (8bit):6.329126096983546
                            Encrypted:false
                            SSDEEP:24:GRR+U1KJRRovL7whRReUS6nRNRR60WKeSY4+wga+oi+VWR10o8O:GtKJMv3AP20pRga+l+VWR1H8O
                            MD5:AC314F7F704E54A295ADF6D9860E2F63
                            SHA1:E4E3A52877CED90D548B5EB8B0B64E72F1DC60CA
                            SHA-256:4FE4CF72FD68547B3592F21CE2DD05AE70CACBC22269C95372E908D2C5AF7362
                            SHA-512:9A9DD2DB4F2BB4C422B60C1035ADFE585A141F69C3CDC39449ADA2CCB85FF542BABA69841C56AAA22F98DEF9C1A549E9E37F401B5EEA9E144C0790646969DE1A
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/share/pc2.js
                            Preview:document.getElementById('jingshi').innerHTML='.........................................';..document.getElementById('pcode').innerHTML='.........';..document.getElementById('n_foot').innerHTML='<div class="n_copy">.............................<br>.......ta@lanzou.com</div>&copy; 2025 Lanzou';..document.getElementById('rpt').innerHTML='..';..var urls =window.location.href + '?<?=$codepost?>';..var qrcode = new QRCode('code', {.......text: urls,.......width: 190,.......height: 190,.......colorDark : '#3f3f3f',.......colorLight : '#ffffff',.......correctLevel : QRCode.CorrectLevel.H......});
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (30775), with CRLF line terminators
                            Category:downloaded
                            Size (bytes):31043
                            Entropy (8bit):5.82874168862654
                            Encrypted:false
                            SSDEEP:768:QKYMj8RfJebm/EZ/pgEUQTXUSeANfgLw62PXm:g3umsZhgETXlTgMrPXm
                            MD5:48EE178E3149E6218973A42F6C334E3B
                            SHA1:53C0DA9CB7D5CD77CC0AD91C1B756B484381AC73
                            SHA-256:6BC21E325F9E92C5571194FF99852960F3E85876F69AAF05579C1E83EA2A0422
                            SHA-512:DA4A944BE0C65971A39991A2F1F582ABD1369A9B02FE666B08F6B784E6AE907DF3A34577224ED61BABA457BF590603D01F2097111C62DD3FDDCD38B7A36A872A
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/includes/js/jquery.js
                            Preview:/*.. * jQuery 1.2.6 - New Wave Javascript.. *.. * Copyright (c) 2008 John Resig (jquery.com).. * Dual licensed under the MIT (MIT-LICENSE.txt).. * and GPL (GPL-LICENSE.txt) licenses... *.. * $Date: 2008-05-24 14:22:17 -0400 (Sat, 24 May 2008) $.. * $Rev: 5685 $.. */..eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,62=/^.[^:#\\[\\.]*$/,12;D.17=D.44={5j:H(d,b){d=d||S;G(d.16){7[0]=d;7.K=1;I 7}G(1j d=="23"){J c=u.2D(d);G(c&&(c[1]||!b)){G(c[1])d=D.4h([c[1]],b);N{J a=S.61(c[3]);G(a){G(a.2v!=c[3])I D().2q(d);I D(a)}d=[]}}N I D(b).2q(d)}N G(D.1D(d))I D(S)[D.17.27?"27":"43"](d);I 7.6Y(D.2d(d))},5w:"1.2.6",8G:H(){I 7.K
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.398938682681494
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684LPGVDjvYxW/4QR6vPdVNE:+p33QhSEYSsQ3vKFpIbP4LPGBjYVVYLl
                            MD5:A9BDF74D29D51F85B49550C164889ED0
                            SHA1:63D3D0A5C528795A8B87534782ADE373BDD6A5A2
                            SHA-256:DB2EA406E3D6E00676DE9416D7D44013892C8C094954E71B21BB4388E93E94DC
                            SHA-512:7315ABCFEC1539306941FFBA480F151D9684501CA71D3F07D65D00A343B49D7F92E44D6E88E98AF3C0C971BEF0915D4C2ABEA1B34218870BC85DF6DC28CBB314
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?%3C?=$codepost?%3E
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:dropped
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a.............!.......,...........L..;
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                            Category:downloaded
                            Size (bytes):1150
                            Entropy (8bit):2.5203594375780294
                            Encrypted:false
                            SSDEEP:12:XzA+O/m5bHaSQrCv3nO+/6reo+Q//8Sakt+1mCRqtzl7l/:XzlOu5bZNv3ftQ/0pu8m
                            MD5:E2A12D30813A67034ECEF52F8F5447D9
                            SHA1:87CBF0958C40D8C61C591020FAE3F5E2B5DFB6DE
                            SHA-256:22489AA1578915C922E7D16566A5B926A6C430961F3327E90F0B10DAD21F0781
                            SHA-512:F9743821B5F4A1253E600813A3FFC81EE37BDC0774379227F9B5DFB2FD7AAD3270B01246580FD73E8D42CC0611B6D4078EF09B4B53F2EDB2CC6CFA2C83D54C48
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/favicon.ico
                            Preview:............ .h.......(....... ..... ..........................................................................................................................................................................................................................................................................................r...............................................................b...i..j........................................................g...e...\...k...................................................f...g...f...j...................................................f...f...h..._..e................................................f...f...f...f...b..V...........Z...c............................f...f...f...f...g..._...b...e...\...m...........................f...f...f...f...f...h...f...f...i...`..C........................f...f...f...f...f...f...f...f...f...g...`..E....................f...f...f...f...f...f...f...f...g...f...g..._...q..q............f...f...f...f...f...f...f...f...f...f...f
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:downloaded
                            Size (bytes):2670
                            Entropy (8bit):5.132544815127191
                            Encrypted:false
                            SSDEEP:48:JLTm7oizn84pu01PZ32X2N2J0BQQveVCz8TGjE:JgzVpuc5a0Nky8h
                            MD5:C5E03122A6D64231622ECC1B9D588EC2
                            SHA1:A2AA978D239067D83F8D04807792BD0D52726A0A
                            SHA-256:3CD013A81A4B7F355FBF239294E1E463AF139F1117BB950312F26ACEAAA0F65F
                            SHA-512:776932611DC7E8B797A3EE898AF94F7128F78C2C5309FECBEA0D6C64EF666CFA71A1251F3EFFC8CB58E91C037AA1FA2403BF0AC8CC9A8C09184CAA37702EE64B
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/share/pc1.css
                            Preview:::-webkit-scrollbar{background:rgba(0,0,0,0.01);height: 6px;width:6px}::-webkit-scrollbar-thumb{background-color:rgba(0,0,0,0.1)}::-webkit-scrollbar-thumb:hover {background:rgba(0,0,0,0.5);}.::-webkit-scrollbar-track{background: #f0f0f0;border-radius: 10px;}.::-webkit-scrollbar-thumb{border-radius: 10px;background-color: #c5c5c5;}.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: auto;color: #333;}.a{text-decoration: none;color: #111;}.a:hover{color: #FF3311;}..n_hd{ height: 30px;padding: 10px;border-bottom: 1px solid #eee;position: fixed;background: rgba(255, 255, 255, .9);z-index: 8;right: 0;left: 0;}..n_hd a{-webkit-transition: 0.1s;float: right;border-radius: 3px;}..n_hd a:hover{opacity: .7;}..user-ico{float: left;min-width: 300px;text-align: left;line-height: 30px;}..user-name{color:#ff6740;margin-left: 10px;}..user-name-txt{margin-left: 10px;}..user-ico-img{width: 30px;height: 30px;border-radius: 50%;position: absolute;}..user-ico-div{background: #bbb;width: 30px;hei
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):19
                            Entropy (8bit):3.787143960698141
                            Encrypted:false
                            SSDEEP:3:q1H0mE:qVC
                            MD5:EAB60C53993077D0D8AAB74AE6DFB26A
                            SHA1:812C2604FF9C26777AAFB18D50C98DD50C3A06B8
                            SHA-256:712A934244D98E950389A431B41C1B0EA5119A606333A745F2C82F5B3224F0CB
                            SHA-512:D46986CC3346493DE84675DCB244AB775B224DBB375F2D2B79063020B40643E1DC8C6240F5DD9B29C815F1FC1BCA81C55AC8ADD1065D2716632AB5B76BFDA32B
                            Malicious:false
                            Reputation:low
                            URL:https://down-load.lanrar.com/file/kdns.js
                            Preview:var killdns = true;
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                            Category:dropped
                            Size (bytes):1150
                            Entropy (8bit):2.5203594375780294
                            Encrypted:false
                            SSDEEP:12:XzA+O/m5bHaSQrCv3nO+/6reo+Q//8Sakt+1mCRqtzl7l/:XzlOu5bZNv3ftQ/0pu8m
                            MD5:E2A12D30813A67034ECEF52F8F5447D9
                            SHA1:87CBF0958C40D8C61C591020FAE3F5E2B5DFB6DE
                            SHA-256:22489AA1578915C922E7D16566A5B926A6C430961F3327E90F0B10DAD21F0781
                            SHA-512:F9743821B5F4A1253E600813A3FFC81EE37BDC0774379227F9B5DFB2FD7AAD3270B01246580FD73E8D42CC0611B6D4078EF09B4B53F2EDB2CC6CFA2C83D54C48
                            Malicious:false
                            Reputation:low
                            Preview:............ .h.......(....... ..... ..........................................................................................................................................................................................................................................................................................r...............................................................b...i..j........................................................g...e...\...k...................................................f...g...f...j...................................................f...f...h..._..e................................................f...f...f...f...b..V...........Z...c............................f...f...f...f...g..._...b...e...\...m...........................f...f...f...f...f...h...f...f...i...`..C........................f...f...f...f...f...f...f...f...f...g...`..E....................f...f...f...f...f...f...f...f...g...f...g..._...q..q............f...f...f...f...f...f...f...f...f...f...f
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (622)
                            Category:downloaded
                            Size (bytes):4904
                            Entropy (8bit):5.92640887750072
                            Encrypted:false
                            SSDEEP:96:1Gy72GTJ7ku/ZwvwCsEncRTrWyktfyPGq+wJlSWF6zV56:QGT13K4CsicsyVVKM
                            MD5:DCFFB543A6BFC1945B87489427330B27
                            SHA1:C73B234964F5BA2C8AD828339BDFE58278BFA862
                            SHA-256:77BD15CA15578C6209DFFA6B04C3FFDF9F15E3630AF65FAC8F90117F0EE370CD
                            SHA-512:080739FDC7BA57E391E4B447D7F18BDFE9038CD20DF2B21B6F6287618DEB18204068277C8F9E9EC70EBD977783996D12238B587641D8A371A1BD0CFE69F00D9F
                            Malicious:false
                            Reputation:low
                            URL:https://developer-oss.lanrar.com/file/?BGIHOVprUGEBCFBoAjdTP1tkDzdWRFMcBDRUfFdxVT0EdAd2WmEDPgE7CjkAC1c/VGpUbAVoCzsAPwQwVDBUZgQ8B2haNFAiATFQdQJrU2NbMQ88Vj5TZAQ2VGZXOVViBCIHIFp3A2oBZQpsAGZXY1QhVGEFaQsmADYEOlQnVGYEMwdnWjNQZgEyUGMCNFNrWzQPO1ZoU2EEYVRlVz9VYwQ8BzJaYwM0AWUKOABmVzNUN1QzBWgLPgBmBGNUMFR7BH4HOVp3UCIBIlB1AjNTIFtoD25WNFNlBDFUa1c5VWAEMwdjWiEDIwE+CjEAMVcwVDNUYAVtCz0ANQQwVDFUYgQxB2daNVAqAXlQIAIwUz5bdg83VjhTZgQ3VGBXOVVtBDIHY1ozA2cBcQopACRXIVQzVGAFbQs9ADUEMFQ7VGcENAdjWjdQIgEiUG8CJlNvWzkPJFY9U2cELVRjVzlVZwQqB2FaPwNuAXkKegAwVzlUeVQ/BQULagBsBD9UOA==
                            Preview:<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.</head>.<body>.<style>.body{font-size: 16px;margin: 0;font-family: \5FAE\8F6F\96C5\9ED1;color: #333;background: #fff; border-color:transparent;-webkit-appearance: none;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-tap-highlight-color:rgba(0,0,0,0.0);}.a{text-decoration: inherit;color: #999;}..box{width:260px;margin:auto; text-align: center;}..box1{ margin-top: 35%;}..box3{ margin-top: 50px;}..box2_2{ padding: 25px;}..submit{ width: 90%;. margin: auto;. height: 42px;. line-height: 42px;. border: 1px solid #d5d5d5;. cursor: pointer;. box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);border-radius: 2px; color: #777;}..submit:hover{ opacity: .7;}.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text
                            Category:downloaded
                            Size (bytes):2268
                            Entropy (8bit):5.804138849304981
                            Encrypted:false
                            SSDEEP:48:ipEG1TmLbu8m3bVFefR8ZSwJ3sVTQw9sVw3KUjikbrI3s0g0D:dG1/BvKR8PJKczwQkvUsED
                            MD5:3A5DBDBE75CDECF3DB5C2E3EC89C9705
                            SHA1:EACC6E500ED19A256AD1EA074136D7E76D5341F8
                            SHA-256:D17F393244819A8042544829E807951DE454DE67B43C9050F5E8C88CB5901288
                            SHA-512:7BB5DC39675F4A499AD5812ED92678F0CA0701BF0652700E93B4C5EBAE8B7F8E8AF211D7A1E8AB653DF76CA661136DE71BC811A9E22C0EC68544B4C1E491EC45
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/fn?CG4BawhnAGZUOgdjBGhUZlo4DjNfM1F1CnlRal0wUWcCNgdiWjUHagVkCm0EZlZgUi4OfV48BDcFJAd2Bj8DYAh7AT8IMgA6VGkHNAQpVGhaQQ5SX3ZRMQ_c_c
                            Preview: file pages1 -->.<!DOCTYPE HTML>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/includes/js/jquery.js"></script>.<style>.body{font: 14px Arial,\5FAE\8F6F\96C5\9ED1,sans-serif;margin: 0;padding: 0;}.#outime{display: none;text-align: center;background: rgba(255, 255, 255, 0.9);position: absolute;height: 30px;line-height: 30px;z-index: 9;width: 207px;}..load{text-align: center;height: 30px;line-height: 30px;}..load a{background: #0af;box-shadow: 0 1px 1px rgba(0,0,0,.15);color: #fff;text-decoration: none;display: block;width: 50px;text-align: center;border-radius: 50px;font-size: 14px;height: 30px;line-height: 30px;margin-left: 155px;margin-top: 1px;}..load a:hover{background: #569aff;}..load a:active{box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.25);}.</style>.</head>.<body>.<div id="outime">........</div>..<div class="load" id="tourl">..........</div>.<s
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309)
                            Category:downloaded
                            Size (bytes):2030
                            Entropy (8bit):5.382971482078703
                            Encrypted:false
                            SSDEEP:24:hYwspeCz34dMNV+JScbJKP53woI6JQ3NB6H5FpIb684g0+QS8bD/4QR6vPdVNVs5:+p33QhSEYSsQ3vKFpIbP4SVVYLl
                            MD5:9AF6B388A6DDB49C936F8CB1495E693B
                            SHA1:A55CC1404DD022E87BC771F2A38654844AC0F43D
                            SHA-256:972C309FF7F3CCBE633C45B651587DE8753064D3C084CD6B313B7FEBB8CFCB23
                            SHA-512:7817AE423151DA777EEBE4E183CE1D46AAFF31F309C09FFBDC138117EC9CA88B02A25B766309E892C283F66E89ADC078F180AF12149F0E3E299E9A70C397A3B1
                            Malicious:false
                            Reputation:low
                            URL:https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E
                            Preview:<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0" />.<title>MM7.zip - ...</title>.<meta name="description" content=".....101.8 M" />.<script type="text/javascript" src="https://assets.woozooo.com/assets/img/qrcode.min.js"></script>.<link rel="shortcut icon" href="https://assets.woozooo.com/assets/favicon.ico">.</head>.<body>.<link href="https://assets.woozooo.com/assets/share/pc1.css" rel="stylesheet" type="text/css">.<div id="file" class="filter">.<div class="n_hd"><div class="user-ico"><div class="user-ico-div"><div class="user-ico-div-1"></div><div class="user-ico-div-2"></div></div> <span class="user-name">15**</span><span class="user-name-txt">.....</span></div><a href="/q/jb/?f=228283883&report=1" class="n_login"><font id="rpt"> </font></a></div>.<div class="n_box">.<div class="jingshi" id="jingshi"></di
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 200 x 200
                            Category:downloaded
                            Size (bytes):2168
                            Entropy (8bit):7.753818493533322
                            Encrypted:false
                            SSDEEP:48:RdkbWuo7fTLKVsKLqYa/7EcOJCkxEVB4NSSYy/8bZW8/JX2yDXfy2e:YbWuof3lK2v/ZhJQN0MeJGyDvU
                            MD5:01DE44CA77137A07524637C0B713AFF5
                            SHA1:6D72D9AF3A814950E64A86BC5DEE114C442AB987
                            SHA-256:4369FADC7549310291DC9DCED9B8CB151768C684981193967425245A62CCD910
                            SHA-512:5F6BB05087D5C117C7E24FAEC2C34F87CA3C7D0FD599381C0457F89BF6066EE5523CA637F1501F0CAD108B89E18E85787531361B42AB058508347963CA9D3A82
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/images/type/zip_max.gif
                            Preview:GIF89a........................................t..{................................................................................2..3..3..4..6..7..8..9..<..=..>..?..@..A..C..E..G..G..I..K..L..M..M..O..O..P..Q..T..U..V..Y..Z..[..[..\..]..^.._..`..`..c..l..m..n..o..q..v..w..x..z..z..~.................................................................................................................!.....t.,............s.................................................................rlYH*'...........Ck.....kG.....*HYlr.o?.....K.......I....Jp._R..HpY<{.I.)...2..4... .zm.P.H.L.u.CJ.xq..."S2K......".L.?LtryS%..n....!.^.P...,..:...!..SU..$5+..2..E..d...g.E.........sC^...].y.V..[...p...Ivxc..te....#%.GJ..!.cI.=.s......%MA....y[XO.TA.7...n.....p.,a.8CHh.C.~.....!e...u=..!..~.........;."....i.....k...|w.....?......v......h.4.B....4...>#.q.V...e..2/p.....!.m$j..#.XaQ,....S...H.3.D..;.#.$?...2@....F....K...ORR.uAVi%.X..Rv..`..$.dRR^.....%.9S.8.i.tr..a..l.\..-X..
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:downloaded
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            URL:https://hm.baidu.com/hm.gif?hca=5E0E0D8A742D4EE8&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=897&et=0&ja=0&ln=en-us&lo=0&rnd=1675329094&si=fb7e760e987871d56396999d288238a4&v=1.3.2&lv=1&sn=48590&r=0&ww=1280&u=https%3A%2F%2Fwwre.lanzoup.com%2FiUb312qvvxyd&tt=MM7.zip%20-%20%E8%93%9D%E5%A5%8F%E4%BA%91
                            Preview:GIF89a.............!.......,...........L..;
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:downloaded
                            Size (bytes):258
                            Entropy (8bit):5.247159030749482
                            Encrypted:false
                            SSDEEP:6:qoRFokyJ8mgO9lVhntBCYdoiIDcccBPf/t7JbDRWPWG3+Y29kJONe:hTyiuHnjCiopDczPDRWZ/29kJF
                            MD5:F6533028E6D965AECC218460ACBD4F21
                            SHA1:F8569A0E9D0672E9013D23B1574DB06A9B97CFD6
                            SHA-256:A57B4A9C1AAE1743D9953C45A31D008CFB3CA0B414C8BDD1FE854DD404280E72
                            SHA-512:41DE09DF9886DEC3B6D7C7BF098A235494980E244AEEED6A7F91431F9C553475B70216F128A64B63C3532801B4FBAF4216C3615D076B57EF72029DCF15E8F620
                            Malicious:false
                            Reputation:low
                            URL:https://statics.woozooo.com/img/bd.js
                            Preview:var _hmt = _hmt || [];..(function() {.. var hm = document.createElement("script");.. hm.src = "https://hm.baidu.com/hm.js?fb7e760e987871d56396999d288238a4";.. var s = document.getElementsByTagName("script")[0]; .. s.parentNode.insertBefore(hm, s);..})();
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:downloaded
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            URL:https://hm.baidu.com/hm.gif?hca=5E0E0D8A742D4EE8&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=897&et=0&ja=0&ln=en-us&lo=0&lt=1742296565&rnd=699943486&si=fb7e760e987871d56396999d288238a4&v=1.3.2&lv=2&sn=48594&r=0&ww=1280&u=https%3A%2F%2Fwwre.lanzoup.com%2FiUb312qvvxyd%3F%253C%3F%3D%24codepost%3F%253E&tt=MM7.zip%20-%20%E8%93%9D%E5%A5%8F%E4%BA%91
                            Preview:GIF89a.............!.......,...........L..;
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 1 x 1
                            Category:dropped
                            Size (bytes):43
                            Entropy (8bit):3.0950611313667666
                            Encrypted:false
                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a.............!.......,...........L..;
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                            Category:downloaded
                            Size (bytes):1150
                            Entropy (8bit):2.5203594375780294
                            Encrypted:false
                            SSDEEP:12:XzA+O/m5bHaSQrCv3nO+/6reo+Q//8Sakt+1mCRqtzl7l/:XzlOu5bZNv3ftQ/0pu8m
                            MD5:E2A12D30813A67034ECEF52F8F5447D9
                            SHA1:87CBF0958C40D8C61C591020FAE3F5E2B5DFB6DE
                            SHA-256:22489AA1578915C922E7D16566A5B926A6C430961F3327E90F0B10DAD21F0781
                            SHA-512:F9743821B5F4A1253E600813A3FFC81EE37BDC0774379227F9B5DFB2FD7AAD3270B01246580FD73E8D42CC0611B6D4078EF09B4B53F2EDB2CC6CFA2C83D54C48
                            Malicious:false
                            Reputation:low
                            URL:https://developer-oss.lanrar.com/favicon.ico
                            Preview:............ .h.......(....... ..... ..........................................................................................................................................................................................................................................................................................r...............................................................b...i..j........................................................g...e...\...k...................................................f...g...f...j...................................................f...f...h..._..e................................................f...f...f...f...b..V...........Z...c............................f...f...f...f...g..._...b...e...\...m...........................f...f...f...f...f...h...f...f...i...`..C........................f...f...f...f...f...f...f...f...f...g...`..E....................f...f...f...f...f...f...f...f...g...f...g..._...q..q............f...f...f...f...f...f...f...f...f...f...f
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (30775), with CRLF line terminators
                            Category:downloaded
                            Size (bytes):31043
                            Entropy (8bit):5.82874168862654
                            Encrypted:false
                            SSDEEP:768:QKYMj8RfJebm/EZ/pgEUQTXUSeANfgLw62PXm:g3umsZhgETXlTgMrPXm
                            MD5:48EE178E3149E6218973A42F6C334E3B
                            SHA1:53C0DA9CB7D5CD77CC0AD91C1B756B484381AC73
                            SHA-256:6BC21E325F9E92C5571194FF99852960F3E85876F69AAF05579C1E83EA2A0422
                            SHA-512:DA4A944BE0C65971A39991A2F1F582ABD1369A9B02FE666B08F6B784E6AE907DF3A34577224ED61BABA457BF590603D01F2097111C62DD3FDDCD38B7A36A872A
                            Malicious:false
                            Reputation:low
                            URL:https://assets.woozooo.com/assets/includes/js/jquery.js
                            Preview:/*.. * jQuery 1.2.6 - New Wave Javascript.. *.. * Copyright (c) 2008 John Resig (jquery.com).. * Dual licensed under the MIT (MIT-LICENSE.txt).. * and GPL (GPL-LICENSE.txt) licenses... *.. * $Date: 2008-05-24 14:22:17 -0400 (Sat, 24 May 2008) $.. * $Rev: 5685 $.. */..eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,62=/^.[^:#\\[\\.]*$/,12;D.17=D.44={5j:H(d,b){d=d||S;G(d.16){7[0]=d;7.K=1;I 7}G(1j d=="23"){J c=u.2D(d);G(c&&(c[1]||!b)){G(c[1])d=D.4h([c[1]],b);N{J a=S.61(c[3]);G(a){G(a.2v!=c[3])I D().2q(d);I D(a)}d=[]}}N I D(b).2q(d)}N G(D.1D(d))I D(S)[D.17.27?"27":"43"](d);I 7.6Y(D.2d(d))},5w:"1.2.6",8G:H(){I 7.K
                            No static file info
                            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.
                            Target ID:0
                            Start time:07:15:54
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Target ID:1
                            Start time:07:15:54
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,15924336372548008281,10514050828995436011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Target ID:2
                            Start time:07:15:56
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wwre.lanzoup.com/iUb312qvvxyd"
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            Target ID:7
                            Start time:07:16:04
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?<?=$codepost?>
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            Target ID:13
                            Start time:07:16:09
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?<?=$codepost?>
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            Target ID:14
                            Start time:07:16:12
                            Start date:18/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wwre.lanzoup.com/iUb312qvvxyd?%3C?=$codepost?%3E?%3C?=$codepost?%3E?<?=$codepost?>
                            Imagebase:0x7ff643280000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            No disassembly