Report - c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool

Report Overview

Submitted URL
c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip
IP
185.245.143.7
ASN
#204516 Caplaser SA
Submitted
2024-04-23 17:09:00
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
c-dock.caplaser.fr	unknown	1996-04-17	2019-11-30	2024-03-12	531 B	17 MB	185.245.143.7

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip
IP
185.245.143.7
ASN
#204516 Caplaser SA

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
17 MB (16915878 bytes)
Hash
da1ba6e0d2787fbbdb0f1a0af45b54db
166dbd2489627efbc5f5fa6c9cadcdbb00c5faa9
73603e0906aeae3f2090b2f4ecbc8ce3f42b66470cc06195ed052596f798ad84

Archive (36)

Filename

Md5

File type

AuthenticationUtility.dll

333d7c671c9b4a2ef8e0f8ed3ccffc15

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CommonContract.dll

df9490f971d7bf36c3b2dc4d8ce60628

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CommonMicroKernel.dll

c336fefc9c9bd07bd16a245f5028ab99

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CommonUtility.dll

35d10f5553de058bfb6a64b704c8cf80

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MainLogo.png

32214a0cb2e7c17308e4b5da48686e73

PNG image data, 600 x 150, 8-bit/color RGBA, non-interlaced

MainLogo.png.old

b039d1a35a7b7442fec3ba23ce3cdcc3

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

Icon.ico

8bab3a1d6aef96d5aaa258ce2a0e2561

MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

Interop.ProfMan.dll

2fe830a0fa86be98861e9c14c851b496

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Interop.Redemption.dll

4639217aa370cf7365d8e130b143adc7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfileToolResource.resources.dll

617c9555130e6b7c554d7689e946b441

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Log4net.config

40a3a6a80c4152ea37358b57004fbce0

exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

log4net.dll

46319a38ce5d09020d2ac56b67829c6c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Exchange.WebServices.dll

78686e6aabcef6877185edecbfb546d8

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Identity.Client.dll

a47d49a3ab2996ec24786c501145cf20

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Abstractions.dll

bb30ad362e97061eaf63c42fa0046d59

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

081d9558bbb7adce142da153b2d5577a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfile_32.dll

48c7baeb87a6cc34f20e923d6c0ed793

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfile_64.dll

745e288e32ab3e917b8126340bac0145

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfileCommon.dll

0efaa8d9c692528dd0d4fc724d04a3e6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfileTool_32.exe

9fd3cf0f7cc5a3425239b2c156882305

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfileTool_32.exe.config

461286333487a9a20fc03f22bf7f85b6

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

OutlookProfileTool_64.exe

ed98bf59e050fb64d86465ab8782980a

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfileTool_64.exe.config

461286333487a9a20fc03f22bf7f85b6

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

OutlookProfileToolLogger.dll

dce1832497fe7cfb23cb5b01994408d4

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

OutlookProfileToolResource.dll

aa4488a0ca5fd34a0b996344d02f9aa1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ProfMan.dll

395ef1467b0f078025e5a8f853a2674a

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections

ProfMan64.dll

cff01fb825259368a72f3c76965a14a0

PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows, 11 sections

Redemption.dll

d9d08863c521b1b71d1c4a6ea1144369

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections

Redemption64.dll

8cc14cb355fb27a98f21d7ba549a1486

PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows, 11 sections

stdole.dll

22b22f524bb117786faea96d3907ac6d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Data.SQLite.dll

147328def2e79a86d7335a661eecc051

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Data.SQLite.EF6.dll

c4f999c91e9f5040b16a137ea7d89e82

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Data.SQLite.Linq.dll

59498a0f662dbc18d751a6af9d0e7173

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SQLite.Interop.dll

1288823e8e1fca09bb490ce46988188d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

SQLite.Interop.dll

9b68a8d0393fbce1976c19107422f097

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

OutlookProfileToolResource.resources.dll

8a940c0e206bb6d9b08810f06e7a23cc

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip	185.245.143.7	200 OK	17 MB
URL User Request GET HTTP/1.1 c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip IP 185.245.143.7:443 ASN #204516 Caplaser SA Certificate IssuerLet's Encrypt Subjectc-dock.caplaser.fr Fingerprint00:E7:00:FC:4E:77:BC:86:13:D9:25:F6:CD:FF:8F:32:65:AB:3A:69 ValidityTue, 12 Mar 2024 04:01:45 GMT - Mon, 10 Jun 2024 04:01:44 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 17 MB (16915878 bytes) Hash da1ba6e0d2787fbbdb0f1a0af45b54db 166dbd2489627efbc5f5fa6c9cadcdbb00c5faa9 73603e0906aeae3f2090b2f4ecbc8ce3f42b66470cc06195ed052596f798ad84 HTTP Headers GET /index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip HTTP/1.1 Host: c-dock.caplaser.fr User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 17:08:23 GMT Server: Apache X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Strict-Transport-Security: max-age=15552000; includeSubDomains Referrer-Policy: no-referrer X-Frame-Options: SAMEORIGIN Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Pragma: public Set-Cookie: ocxeipizjna6=vc4fdrfk3sv66ng8t979e8janq; path=/; secure; HttpOnly; SameSite=Lax oc_sessionPassphrase=FYHI0kYIOLmVGfrTB5Noe%2FEcHLWRxdLW%2BJ7XgWnp7UCulNw97EKduAyxempbCL8FPwHBgYJYGUhahc8LfvxZr%2Fvl0J8gnjGWeFgtyYp%2BRqZInwwRkcKLqIdCyussiUYf; path=/; secure; HttpOnly; SameSite=Lax ocxeipizjna6=ic77cqfpq6kl12ctaaca5mcj15; path=/; secure; HttpOnly; SameSite=Lax __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-RGg5WGZVNHY1Z2s2bEdZMU5YU0lPTEh5c296M25rV3cxcVJlZytmT05NYz06UUdveUtTQVowVEZWNURZZVVBRGZVdmpINHZiUHB6L1Zyc3M5MWJhR0JPdz0='; style-src 'self' 'unsafe-inline'; frame-src ; img-src data: blob:; font-src 'self' data:; media-src ; connect-src ; object-src 'none'; base-uri 'self'; Content-Disposition: attachment; filename*=UTF-8''AssistTool_VEOLOG.zip; filename="AssistTool_VEOLOG.zip" Content-Transfer-Encoding: binary Content-Length: 16915878 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/zip

c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip

185.245.143.7

200 OK

17 MB

URL User Request GET HTTP/1.1
c-dock.caplaser.fr/index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip
IP
185.245.143.7:443
ASN
#204516 Caplaser SA

Certificate
IssuerLet's Encrypt
Subjectc-dock.caplaser.fr
Fingerprint00:E7:00:FC:4E:77:BC:86:13:D9:25:F6:CD:FF:8F:32:65:AB:3A:69
ValidityTue, 12 Mar 2024 04:01:45 GMT - Mon, 10 Jun 2024 04:01:44 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
17 MB (16915878 bytes)
Hash
da1ba6e0d2787fbbdb0f1a0af45b54db
166dbd2489627efbc5f5fa6c9cadcdbb00c5faa9
73603e0906aeae3f2090b2f4ecbc8ce3f42b66470cc06195ed052596f798ad84

HTTP Headers

GET /index.php/s/dP7EPsKnPGZbbRs/download/AssistTool_VEOLOG.zip HTTP/1.1
Host: c-dock.caplaser.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 17:08:23 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Strict-Transport-Security: max-age=15552000; includeSubDomains
Referrer-Policy: no-referrer
X-Frame-Options: SAMEORIGIN
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Set-Cookie: ocxeipizjna6=vc4fdrfk3sv66ng8t979e8janq; path=/; secure; HttpOnly; SameSite=Lax
oc_sessionPassphrase=FYHI0kYIOLmVGfrTB5Noe%2FEcHLWRxdLW%2BJ7XgWnp7UCulNw97EKduAyxempbCL8FPwHBgYJYGUhahc8LfvxZr%2Fvl0J8gnjGWeFgtyYp%2BRqZInwwRkcKLqIdCyussiUYf; path=/; secure; HttpOnly; SameSite=Lax
ocxeipizjna6=ic77cqfpq6kl12ctaaca5mcj15; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-RGg5WGZVNHY1Z2s2bEdZMU5YU0lPTEh5c296M25rV3cxcVJlZytmT05NYz06UUdveUtTQVowVEZWNURZZVVBRGZVdmpINHZiUHB6L1Zyc3M5MWJhR0JPdz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Content-Disposition: attachment; filename*=UTF-8''AssistTool_VEOLOG.zip; filename="AssistTool_VEOLOG.zip"
Content-Transfer-Encoding: binary
Content-Length: 16915878
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (36)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers