Edit tour

Windows Analysis Report
https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO

Overview

General Information

Sample URL:	https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO
Analysis ID:	1539234

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

Performs DNS queries to domains with low reputation

Phishing site or detected (based on various text indicators)

Detected non-DNS traffic on DNS port

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,4379032815843203591,9889024542853382235,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 4.17

OCR Text: Verifying... CLOUDFLARE Ten-rs Microsoft

Source: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28Quick%20Notes.one%7Ce0a43d9b-cadb-4bbd-a27e-e6a5c940e907%2FElektro%20Lichtenwagner%20GmbH%20%20Co%20KG%7C840bf973-02b6-41dc-9bce-abcf50e7c7f0%2F%29&wdorigin=NavigationUrl

HTTP Parser: Total embedded image size: 55170

Source: https://onedrive.live.com/edit?id=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&cid=14c2aef4e2cd9199&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&migratedtospo=true&wdo=2

HTTP Parser: Base64 decoded: {"typ":"JWT","alg":"RS256","x5t":"uXehQJPleVjNCbakUhGD6IyFQQk"}

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:55989 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: elektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: elektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: elektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: elektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz

Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55987 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: 1drv.ms
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: p.sfx.ms
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api-badgerp.svc.ms
Source: global traffic	DNS traffic detected: DNS query: my.microsoftpersonalcontent.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: euc-common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: elektro-lichtenwagner.powerappsportalsecurefiles.xyz
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: westeurope-pd03.augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 56171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56159
Source: unknown	Network traffic detected: HTTP traffic on port 56159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56285
Source: unknown	Network traffic detected: HTTP traffic on port 56319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 56091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 56204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56297
Source: unknown	Network traffic detected: HTTP traffic on port 56182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56053
Source: unknown	Network traffic detected: HTTP traffic on port 56377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56296
Source: unknown	Network traffic detected: HTTP traffic on port 56331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56292
Source: unknown	Network traffic detected: HTTP traffic on port 56423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 56400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56181
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 56238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 56297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 56421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 56020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56364
Source: unknown	Network traffic detected: HTTP traffic on port 56181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56366
Source: unknown	Network traffic detected: HTTP traffic on port 56261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 56367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56010
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56019
Source: unknown	Network traffic detected: HTTP traffic on port 56366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56018
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56024
Source: unknown	Network traffic detected: HTTP traffic on port 56410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56021
Source: unknown	Network traffic detected: HTTP traffic on port 56019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 56344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56149
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56396
Source: unknown	Network traffic detected: HTTP traffic on port 56217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56395
Source: unknown	Network traffic detected: HTTP traffic on port 56092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 56333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 56345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 56323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56084
Source: unknown	Network traffic detected: HTTP traffic on port 56393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56083
Source: unknown	Network traffic detected: HTTP traffic on port 56370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56099
Source: unknown	Network traffic detected: HTTP traffic on port 56324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56097
Source: unknown	Network traffic detected: HTTP traffic on port 56000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56092
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55989
Source: unknown	Network traffic detected: HTTP traffic on port 56027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55994
Source: unknown	Network traffic detected: HTTP traffic on port 56416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55996
Source: unknown	Network traffic detected: HTTP traffic on port 56004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56313
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56320
Source: unknown	Network traffic detected: HTTP traffic on port 56374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56329
Source: unknown	Network traffic detected: HTTP traffic on port 56197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56324
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56333
Source: unknown	Network traffic detected: HTTP traffic on port 56260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56339
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56219
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56340
Source: unknown	Network traffic detected: HTTP traffic on port 56317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56345
Source: unknown	Network traffic detected: HTTP traffic on port 56309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56350
Source: unknown	Network traffic detected: HTTP traffic on port 56111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56230
Source: unknown	Network traffic detected: HTTP traffic on port 55994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56351
Source: unknown	Network traffic detected: HTTP traffic on port 56272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56409
Source: unknown	Network traffic detected: HTTP traffic on port 55993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56407
Source: unknown	Network traffic detected: HTTP traffic on port 56412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56403
Source: unknown	Network traffic detected: HTTP traffic on port 56398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56410
Source: unknown	Network traffic detected: HTTP traffic on port 56318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56419
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56417
Source: unknown	Network traffic detected: HTTP traffic on port 56154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56411
Source: unknown	Network traffic detected: HTTP traffic on port 56083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56421
Source: unknown	Network traffic detected: HTTP traffic on port 56038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56311
Source: unknown	Network traffic detected: HTTP traffic on port 56375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56259 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:55989 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.troj.win@29/110@112/427

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,4379032815843203591,9889024542853382235,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,4379032815843203591,9889024542853382235,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://onedrive.live.com/edit?id=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&cid=14c2aef4e2cd9199&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&migratedtospo=true&wdo=2	LLM: Page contains button: 'DOKUMENT ANSEHEN' Source: '1.4.pages.csv'
Source: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28Quick%20Notes.one%7Ce0a43d9b-cadb-4bbd-a27e-e6a5c940e907%2FElektro%20Lichtenwagner%20GmbH%20%20Co%20KG%7C840bf973-02b6-41dc-9bce-abcf50e7c7f0%2F%29&wdorigin=NavigationUrl	LLM: Page contains button: 'DOKUMENT ANSEHEN' Source: '2.11.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	unknown
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	unknown
angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz	172.67.141.135	true	true	unknown
wac-0003.wac-dc-msedge.net	52.108.11.12	true	false	unknown
s-part-0039.t-0009.fb-t-msedge.net	13.107.253.67	true	false	unknown
1drv.ms	13.107.42.12	true	false	unknown
dual-spov-0006.spov-msedge.net	13.107.139.11	true	false	unknown
wac-0003.wac-msedge.net	52.108.8.12	true	false	unknown
code.jquery.com	151.101.194.137	true	false	unknown
challenges.cloudflare.com	104.18.95.41	true	false	unknown
www.google.com	142.250.181.228	true	false	unknown
elektro-lichtenwagner.powerappsportalsecurefiles.xyz	104.21.79.34	true	true	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
sni1gl.wpc.sigmacdn.net	152.199.21.175	true	false	unknown
js.monitor.azure.com	unknown	unknown	false	unknown
my.microsoftpersonalcontent.com	unknown	unknown	false	unknown
api-badgerp.svc.ms	unknown	unknown	false	unknown
augloop.office.com	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	unknown
spo.nel.measure.office.net	unknown	unknown	false	unknown
fa000000110.resources.office.net	unknown	unknown	false	unknown
onenoteonline.nel.measure.office.net	unknown	unknown	false	unknown
fa000000138.resources.office.net	unknown	unknown	false	unknown
onedrive.live.com	unknown	unknown	false	unknown
p.sfx.ms	unknown	unknown	false	unknown
amcdn.msftauth.net	unknown	unknown	false	unknown
www.onenote.com	unknown	unknown	false	unknown
messaging.engagement.office.com	unknown	unknown	false	unknown
fa000000096.resources.office.net	unknown	unknown	false	unknown
fa000000012.resources.office.net	unknown	unknown	false	unknown
euc-common.online.office.com	unknown	unknown	false	unknown
fa000000111.resources.office.net	unknown	unknown	false	unknown
fa000000128.resources.office.net	unknown	unknown	false	unknown
storage.live.com	unknown	unknown	false	unknown
common.online.office.com	unknown	unknown	false	unknown
westeurope-pd03.augloop.office.com	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	unknown
spoprod-a.akamaihd.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz/	false	unknown
https://onedrive.live.com/edit?id=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&cid=14c2aef4e2cd9199&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&migratedtospo=true&wdo=2	true	unknown
https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28Quick%20Notes.one%7Ce0a43d9b-cadb-4bbd-a27e-e6a5c940e907%2FElektro%20Lichtenwagner%20GmbH%20%20Co%20KG%7C840bf973-02b6-41dc-9bce-abcf50e7c7f0%2F%29&wdorigin=NavigationUrl	true	unknown
https://elektro-lichtenwagner.powerappsportalsecurefiles.xyz/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.6.156	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.2	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.9.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.126.200	unknown	European Union	16625	AKAMAI-ASUS	false
52.108.10.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.190.160.14	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.79.34	elektro-lichtenwagner.powerappsportalsecurefiles.xyz	United States	13335	CLOUDFLARENETUS	true
52.109.136.6	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.89.117	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false
23.38.98.96	unknown	United States	16625	AKAMAI-ASUS	false
23.38.98.98	unknown	United States	16625	AKAMAI-ASUS	false
13.107.139.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
13.107.253.67	s-part-0039.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.141.135	angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz	United States	13335	CLOUDFLARENETUS	true
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
142.250.186.106	unknown	United States	15169	GOOGLEUS	false
13.107.42.12	1drv.ms	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.253.72	s-part-0044.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.126.31.73	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.sigmacdn.net	United States	15133	EDGECASTUS	false
104.124.11.200	unknown	United States	20940	AKAMAI-ASN1EU	false
23.38.98.67	unknown	United States	16625	AKAMAI-ASUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.19.160	unknown	United States	15133	EDGECASTUS	false
13.104.158.180	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.38.98.103	unknown	United States	16625	AKAMAI-ASUS	false
23.38.98.102	unknown	United States	16625	AKAMAI-ASUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
52.111.243.4	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.42.72.131	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.42.73.26	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.89.178.26	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.102.55.235	unknown	United States	16625	AKAMAI-ASUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
13.69.239.74	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.69.239.73	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.38.98.76	unknown	United States	16625	AKAMAI-ASUS	false
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.101.246.164	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.38.98.84	unknown	United States	16625	AKAMAI-ASUS	false
23.38.98.83	unknown	United States	16625	AKAMAI-ASUS	false
13.107.253.45	s-part-0017.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.16.3	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.16.241.15	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.108.8.12	wac-0003.wac-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
52.108.11.12	wac-0003.wac-dc-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.102.20.97	unknown	United States	16625	AKAMAI-ASUS	false
184.28.89.164	unknown	United States	16625	AKAMAI-ASUS	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
2.16.164.19	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.111.243.77	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.126.32.136	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1539234
Start date and time:	2024-10-22 12:56:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.troj.win@29/110@112/427

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 216.58.206.78, 108.177.15.84, 34.104.35.123
Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, fs.microsoft.com, clients2.google.com, accounts.google.com, odc-web-geo.onedrive.akadns.net, edgedl.me.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO

LLM Input / Output

Input	Output
URL: https://onedrive.live.com/edit?id=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&cid=14c2aef4e2cd9199&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "DOKUMENT ANSEHEN", "prominent_button_name": "DOKUMENT ANSEHEN", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit?id=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&cid=14c2aef4e2cd9199&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE Model: claude-3-haiku-20240307	```json { "brands": [ "Elektro Lichtenwagner GmbH & Co KG" ] }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "DOKUMENT ANSEHEN", "prominent_button_name": "unknown", "text_input_field_labels": [ "Mit freundlichen Gren", "Roland Lichtenwagner", "Geschftsfhrer" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [ "Elektro Lichtenwagner GmbH & Co KG" ] }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "We've highlighted conflicting changes in red. You can copy these changes to the main page. Click here for more options.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [ "Elektro Lichtenwagner GmbH & Co KG" ] }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [ "Elektro Lichtenwagner GmbH & Co KG" ] }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [] }
	```json { "brands": [] }
URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "We've highlighted conflicting changes in red. You can copy these changes to the main page. Click here for more options.", "prominent_button_name": "unknown", "text_input_field_labels": [ "Quick Notes", "Elektro Lichtenwagner", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page", "Untitled Page" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [] }
	```json { "brands": [] }
URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "DOKUMENT ANSEHEN", "prominent_button_name": "DOKUMENT ANSEHEN", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "It looks like this page was added from another device over a week ago and hasn't synced yet. Click here to learn more.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [ "Elektro Lichtenwagner GmbH & Co KG" ] }

URL: https://onedrive.live.com/edit.aspx?resid=14C2AEF4E2CD9199!s29a48c627d0443bab34e0cb9976f6ba2&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy8xNGMyYWVmNGUyY2Q5MTk5L0VtS01wQ2tFZmJwRHMwNE11WmR2YTZJQmlsQ3FielFZWnRmaUxiZGFpb05MMHc_ZT1FMmdZU08&wd=target%28 Model: claude-3-haiku-20240307	```json { "brands": [ "Elektro Lichtenwagner" ] }
	```json { "brands": [ "Elektro Lichtenwagner" ] }
URL: https://angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying...", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://angebotelektro-lichtenwagner.powerappsportalsecurefiles.xyz/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare", "Microsoft" ] }
	```json { "brands": [ "Cloudflare", "Microsoft" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 09:57:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9811225916859168
Encrypted:	false
SSDEEP:
MD5:	BFC3536362289D5E0E534A2E417DF0E4
SHA1:	7DDECDE66C9AA23D4C7A90282E6D3EE0DA899BA6
SHA-256:	A3C81D396836980866920A56008AEAB0740E9AD9C09F3732EE451145EB4FFED2
SHA-512:	B5DC37EB71DC47FE8F7632013FAD1B209C32E39B73D92DA9B4461E62CEA579B9E93515476261FB3398F6E158192069F1B5F98C412144DA0E075D920D14AC6939
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......-q$..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IVY.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY,W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VVY,W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VVY,W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VVY-W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65476)
Category:	dropped
Size (bytes):	131576
Entropy (8bit):	5.3336550696173
Encrypted:	false
SSDEEP:
MD5:	3B09284824C13B8CDC6961C0E67F3882
SHA1:	D3E3DA90328D47BB43887CE0FA6176C936082B43
SHA-256:	6D3D61BC8A71041247CFB1C1CB8A7072CC3030B020B9F43845662EF1A05FA161
SHA-512:	DC7CF432825E9B99DDC25E432DB1DB6A13DCB98AB4C1F844ADF478307783D76E06173D64E960972FE7967DD8F013D913AB5F829C0CF38450D1F685195667EA97
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see 13.js.LICENSE.txt /."use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp\|\|[]).push([[13],{223:(e,t,n)=>{n.r(t),n.d(t,{_InMemoryPropertyStorage:()=>ss,_OneDSLogger:()=>os,_SanitizerIds:()=>Fo.a,_getDefaultScrubberConfig:()=>ns.a});var a=n(0),i="function",r="object",o="undefined",s=Object,c=s.prototype,d=s.assign,l=s.create,u=s.defineProperty,f=c.hasOwnProperty,p=null;function m(e){void 0===e&&(e=!0);var t=!1===e?null:p;return t\|\|(typeof globalThis!==o&&(t=globalThis),t\|\|typeof self===o\|\|(t=self),t\|\|typeof window===o\|\|(t=window),t\|\|typeof n.g===o\|\|(t=n.g),p=t),t}function _(e){throw new TypeError(e)}function h(e){if(l)return l(e);if(null==e)return{};var t=typeof e;function n(){}return t!==r&&t!==i&&_("Object prototype may only be an Object:"+e),n.prototype=e,new n}(m()\|\|{}).Symbol,(m()\|\|{}).Reflect;var b,g=function(e,t){return g=s.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var n in t)

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2936)
Category:	downloaded
Size (bytes):	2985
Entropy (8bit):	5.438579298430545
Encrypted:	false
SSDEEP:
MD5:	3B3F01164EB4DEA18FF8D2BAAFCE77D2
SHA1:	EBB99B8AEADBC1B2621E534AEEC1D83E29F3399C
SHA-256:	3711A23BF3F3F3F1B6A6F121CB372E67CDFED9F2396B571D6DA0802BD2C9F518
SHA-512:	FE75579D45909B5E6F1FD5755E0EC9F0CD6B6E2994CD311E4E0810D9031F40FD97ADA1B319F98C064A5FA510CCC77AA5B40C93E94A24E44419F35A8BF3C61843
Malicious:	false
Reputation:	unknown
URL:	https://c1-onenote-15.cdn.office.net/o/s/161820141003_App_Scripts/wp5/oreonotebookpane.min.js
Preview:	(globalThis.onenoteOnlineChunks=globalThis.onenoteOnlineChunks\|\|[]).push([[977],{27141:function(e,t,n){var o=n(27113),a=n(7954)(o);a.push([e.id,".wacCanvasOverlay__overlay___DpHwX {\n bottom: 0;\n left: -50px;\n position: absolute;\n right: 0;\n top: 0;\n z-index: 90;\n background: rgba(0, 0, 0, 0);\n -ms-high-contrast-adjust: none;\n}\n",""]),a.locals={overlay:"wacCanvasOverlay__overlay___DpHwX"},e.exports=a},4739:function(e,t,n){"use strict";var o=n(19857),a=n(21598),s=n(80700);const l=n(72919),r=(0,o.connect)((e=>({showOverlay:e.isVisible,navSelection:e.navSelection})))((e=>{const t=e.showOverlay&&!e.navSelection[s.C.SHOW_ALL]?a.createElement("div",{className:l.overlay}):null;return a.createElement("div",null,t)}));var c=n(49681),i=n(11289),d=n(11834),m=n(14435),u=n(4600),A=n(61358);let y=(0,i.I)();const S=(e,t)=>{let n={};return n[t]=!0,e((0,m.QI)(n)),c.Ay.ActionResponse.Succeeded};var v=n(49884),g=n(34632),h=n(63365),p=n(84768);const C=n(340);if(b=A.A.dispatch,c.Ay.Registe

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 268

Chrome Cache Entry: 269

Chrome Cache Entry: 270

Chrome Cache Entry: 272

Chrome Cache Entry: 273

Chrome Cache Entry: 274

Chrome Cache Entry: 277

Chrome Cache Entry: 278

Chrome Cache Entry: 279

Chrome Cache Entry: 280

Chrome Cache Entry: 282

Chrome Cache Entry: 283

Chrome Cache Entry: 284

Chrome Cache Entry: 285

Chrome Cache Entry: 286

Chrome Cache Entry: 288

Chrome Cache Entry: 289

Chrome Cache Entry: 290

Chrome Cache Entry: 291

Chrome Cache Entry: 292

Chrome Cache Entry: 293

Chrome Cache Entry: 294

Chrome Cache Entry: 295

Chrome Cache Entry: 296

Chrome Cache Entry: 299

Chrome Cache Entry: 300

Chrome Cache Entry: 304

Chrome Cache Entry: 305

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 308

Windows Analysis Report
https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSO