Edit tour
Windows
Analysis Report
https://unilever.sharepoint.com/sites/VelocityVendorRequestTool/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents%2FSupport%2Epdf&parent=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents&p=true
Overview
General Information
| Sample URL: | https://unilever.sharepoint.com/sites/VelocityVendorRequestTool/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents%2FSupport%2Epdf&parent=%2Fsites%2FVe |
| Analysis ID: | 1541400 |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
chrome.exe (PID: 3968 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6876 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2212 --fi eld-trial- handle=184 8,i,477327 6988688618 027,129122 8973346991 4969,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6360 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://unile ver.sharep oint.com/s ites/Veloc ityVendorR equestTool /Shared%20 Documents/ Forms/AllI tems.aspx? id=%2Fsite s%2FVeloci tyVendorRe questTool% 2FShared%2 0Documents %2FSupport %2Epdf&par ent=%2Fsit es%2FVeloc ityVendorR equestTool %2FShared% 20Document s&p=true" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Memory has grown: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Window detected: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Drive-by Compromise | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| dual-spo-0005.spo-msedge.net | 13.107.136.10 | true | false | unknown | |
| s-part-0036.t-0009.t-msedge.net | 13.107.246.64 | true | false | unknown | |
| sni1gl.wpc.upsiloncdn.net | 152.199.21.175 | true | false | unknown | |
| sni1gl.wpc.alphacdn.net | 152.199.21.175 | true | false | unknown | |
| sni1gl.wpc.omegacdn.net | 152.199.21.175 | true | false | unknown | |
| s-part-0017.t-0009.t-msedge.net | 13.107.246.45 | true | false | unknown | |
| www.google.com | 142.250.185.164 | true | false | unknown | |
| s-part-0039.t-0009.t-msedge.net | 13.107.246.67 | true | false | unknown | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | unknown | |
| aadcdn.msauthimages.net | unknown | unknown | false | unknown | |
| unilever.sharepoint.com | unknown | unknown | false | unknown | |
| identity.nel.measure.office.net | unknown | unknown | false | unknown | |
| aadcdn.msftauth.net | unknown | unknown | false | unknown | |
| logincdn.msftauth.net | unknown | unknown | false | unknown | |
| login.microsoftonline.com | unknown | unknown | false | unknown | |
| fpt.live.com | unknown | unknown | false | unknown | |
| acctcdn.msftauth.net | unknown | unknown | false | unknown | |
| aadcdn.msftauthimages.net | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.185.99 | unknown | United States | 15169 | GOOGLEUS | false | |
| 13.107.246.64 | s-part-0036.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 13.107.136.10 | dual-spo-0005.spo-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 13.107.246.45 | s-part-0017.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 13.107.246.67 | s-part-0039.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 52.167.30.171 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 20.190.160.14 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 20.190.159.23 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 40.126.32.74 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 142.250.185.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.110 | unknown | United States | 15169 | GOOGLEUS | false | |
| 104.208.16.95 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 142.250.186.138 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.67 | unknown | United States | 15169 | GOOGLEUS | false | |
| 1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
| 142.250.185.234 | unknown | United States | 15169 | GOOGLEUS | false | |
| 20.190.159.75 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 2.16.168.7 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
| 152.199.21.175 | sni1gl.wpc.upsiloncdn.net | United States | 15133 | EDGECASTUS | false | |
| 64.233.184.84 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.184.238 | unknown | United States | 15169 | GOOGLEUS | false | |
| 2.16.238.149 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
| 172.217.16.196 | unknown | United States | 15169 | GOOGLEUS | false | |
| 40.126.32.136 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 142.250.186.42 | unknown | United States | 15169 | GOOGLEUS | false | |
| 40.126.32.138 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 20.44.10.122 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| IP |
|---|
| 192.168.2.17 |
| 192.168.2.16 |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1541400 |
| Start date and time: | 2024-10-24 19:31:26 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Sample URL: | https://unilever.sharepoint.com/sites/VelocityVendorRequestTool/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents%2FSupport%2Epdf&parent=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents&p=true |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | stream |
| Analysis stop reason: | Timeout |
| Detection: | CLEAN |
| Classification: | clean2.win@21/6@36/245 |
- Exclude process from analysis (whitelisted): svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.184.238, 64.233.184.84, 34.104.35.123, 40.126.32.136, 40.126.32.138, 20.190.160.17, 20.190.160.14, 40.126.32.72, 40.126.32.134, 40.126.32.140, 20.190.160.22
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, www.tm.ak.prd.aadg.akadns.net, clientservices.googleapis.com, login.mso.msidentity.com, clients.l.google.com, 188851-ipv4v6e.farm.dprodmgd104.sharepointonline.com.akadns.net, ak.privatelink.msidentity.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://unilever.sharepoint.com/sites/VelocityVendorRequestTool/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents%2FSupport%2Epdf&parent=%2Fsites%2FVelocityVendorRequestTool%2FShared%20Documents&p=true
| Input | Output |
|---|---|
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Can't access your account?",
"prominent_button_name": "Next",
"text_input_field_labels": [
"User name@unilever.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Unilever Authentication"
]
} |
| |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Unilever"
]
} |
| |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Enter password",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: gpt-4o | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is associated with Microsoft's services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of a 'Password' input field is typical for a login page, which aligns with the URL 'login.live.com'." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: Password | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Enter password",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Enter password",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Enter password",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"spam@yahoo.com",
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/ppsecure/post.srf?username=spam%40yahoo.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=FF809D80DB11F47B&opid=70CC9BCAE116F14A&bk=1729791185&uaid=2a1c5da1e032a0004b374be231 Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Sign-in is blocked",
"prominent_button_name": "Reset your password",
"text_input_field_labels": ["spam@yahoo.com"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/ppsecure/post.srf?username=spam%40yahoo.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=FF809D80DB11F47B&opid=70CC9BCAE116F14A&bk=1729791185&uaid=2a1c5da1e032a0004b374be231 Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Sign-in is blocked",
"prominent_button_name": "Reset your password",
"text_input_field_labels": ["spam@yahoo.com"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/ppsecure/post.srf?username=spam%40yahoo.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=FF809D80DB11F47B&opid=70CC9BCAE116F14A&bk=1729791185&uaid=2a1c5da1e032a0004b374be231 Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/ppsecure/post.srf?username=spam%40yahoo.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=FF809D80DB11F47B&opid=70CC9BCAE116F14A&bk=1729791185&uaid=2a1c5da1e032a0004b374be231 Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: gpt-4o | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is associated with Microsoft's services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input field 'Enter password' is typical for a login page, which aligns with the purpose of 'login.live.com'." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: Enter password | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: gpt-4o | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain associated with Microsoft services.", "Microsoft is a well-known brand, and 'live.com' is commonly used for Microsoft account services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input fields 'spam@yahoo.com' and 'Enter password' are typical for a login page, which aligns with the purpose of 'login.live.com'." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: spam@yahoo.com, Enter password | |
| URL: https://login.live.com/ppsecure/post.srf?username=spam%40yahoo.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=FF809D80DB11F47B&opid=70CC9BCAE116F14A&bk=1729791185&uaid=2a1c5da1e032a0004b374be231 Model: gpt-4o | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain associated with Microsoft services.", "Microsoft is a well-known brand, and 'live.com' is commonly used for Microsoft account services.", "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.", "The domain 'live.com' fully matches the legitimate domain name associated with Microsoft." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: spam@yahoo.com | |
| URL: https://login.live.com/ppsecure/post.srf?username=spam%40yahoo.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=FF809D80DB11F47B&opid=70CC9BCAE116F14A&bk=1729791185&uaid=2a1c5da1e032a0004b374be231 Model: gpt-4o | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is associated with Microsoft's services, such as Outlook and OneDrive.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The domain 'live.com' fully matches the legitimate domain associated with Microsoft services." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: spam@yahoo.com | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Enter password",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Microsoft"
]
} |
| |
| URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2fo Model: gpt-4o | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft's services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of a 'Password' input field is typical for a login page, which aligns with the URL 'login.live.com'." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: Password | |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "If you have a Unilever email address firstname.lastname@unilever.com
If you are a trusted partner, please use registered email address.",
"prominent_button_name": "Sign-in options",
"text_input_field_labels": [
"Username@unilever.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Spam@ya"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false
} |
 | |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Unilever"
]
} |
| |
| URL: https://login.microsoftonline.com/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307 | ```json
{
"brands": [
"Unilever",
"Lipton"
]
} |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2673 |
| Entropy (8bit): | 3.984381539251932 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6A3816A424B09A6D28EB7EF96D3CF5F1 |
| SHA1: | 520D3429B07A670BA0463797A7FEE0D46338328E |
| SHA-256: | 61423DB53522FD1F211AA8689097F6AAF3C9945262F20328E6136B31D337B2C8 |
| SHA-512: | 5578C64A1FEBA7B519521420A200814ED2841CDD3497BDE74E1E4A8CC78F44FD7B500E5D8CD5719DB5892BE13443DCB9C1EC27DEBC358B39CB93916DBAEAA9AB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2675 |
| Entropy (8bit): | 3.9987607877358315 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 769E5976D074A33BEDC7A280C8F372A8 |
| SHA1: | 2FFA34D2111F07C9C7ED231CC87B9C6BF4F9117C |
| SHA-256: | 1B9DD994C2F6C11EF87B291D208F04BE1EC2CDF67810008FA9DCB1827EED70DE |
| SHA-512: | 5DCE8103A545265FE9A41DC46BB30AB413736E301C9F54691509989F7CF70E535392173BB51B2D34C9CA192DB629CAD21A4BD0D71E3D62C8796AC06EF7366B3C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2689 |
| Entropy (8bit): | 4.007539423975079 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F31C72A292A1F67FA27D4C94E460CB5E |
| SHA1: | CA19019B85E1BFBC0E3ECA8AABB43254B51960F9 |
| SHA-256: | EBFA3DEEDDBAB9E739BA5FEE8DE39CEBAC0F4E8B1957AD2C9DB2BFC2208B5386 |
| SHA-512: | 91C426F15BD665178E7ADD9EF02BEB8AA7DB8BC76D951C9765F5443858D1F7761C9900AD6A0CDAF1F173FDB4C59797D3982C44460A04648B3D2FD3C1FD718A75 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.997760929629584 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 27F32828C32C62AB97E84981BFEEC57B |
| SHA1: | A841AE0045B961CD5D2E4ED4D709FDA2EA433E50 |
| SHA-256: | 2CCEFDC82FF37D384C357D72B839203EB21291D4C48A237463F744B89ED31B42 |
| SHA-512: | C5620AA45943966001EA799B4BCCB80349FC9C2DB639112FBF82532D973036451B64573AEEFEFE656ABBE31DFB39E207DFD8A2B1739AF853A6B650E2F908AE8B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9853353854192863 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 97EA11F386066B2AD1E9B8AB643F9C1E |
| SHA1: | E1C2FA414FA293C8395471309516B36ED03F7385 |
| SHA-256: | 6DCB1DB822D683A4F7520101102835CA842F9D686D280930CE03107A7C4DBA7D |
| SHA-512: | 5AF32FA3C1003A6745888438DA4D26FD3787BF7A8718F3721DE47262B9B13504FEFEACB94B8421122F80153CB6603F1E5201954B6407824A1C6FBBD62D975F6C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 3.996515747912061 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0F26906EA2FB046CCCCFE378535A4442 |
| SHA1: | 83AADD4AF1713222D548555E3ECBEF449DFA254E |
| SHA-256: | 856FF3E275DF6454D5FF8CF0382620F4D655A38A21CDCA919AC52B63DCE880A6 |
| SHA-512: | 5CE287C19D8421D2C1577C19BCBE6782E7F1766656E7994E9084630453CEC9215D52818F8CCF332E63EF0DA1F1D2E08EF27D77252EE0C1BDE44EFDE3DAC7DC39 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
⊘No static file info
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node