IOC Report
https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 60
ASCII text, with very long lines (65476)
dropped
Chrome Cache Entry: 61
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 62
ASCII text, with very long lines (513), with no line terminators
downloaded
Chrome Cache Entry: 63
ASCII text, with very long lines (351)
dropped
Chrome Cache Entry: 64
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 65
ASCII text, with very long lines (513), with no line terminators
dropped
Chrome Cache Entry: 66
ASCII text, with very long lines (41651)
dropped
Chrome Cache Entry: 67
HTML document, ASCII text, with very long lines (955), with CRLF line terminators
downloaded
Chrome Cache Entry: 68
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 69
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (40671), with no line terminators
downloaded
Chrome Cache Entry: 71
JSON data
dropped
Chrome Cache Entry: 72
ASCII text, with very long lines (49535)
dropped
Chrome Cache Entry: 73
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 74
ASCII text, with very long lines (32089)
dropped
Chrome Cache Entry: 75
ASCII text, with very long lines (49535)
downloaded
Chrome Cache Entry: 76
ASCII text, with very long lines (351)
downloaded
Chrome Cache Entry: 77
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 78
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 79
JSON data
dropped
Chrome Cache Entry: 80
ASCII text, with very long lines (41651)
downloaded
Chrome Cache Entry: 81
ASCII text, with very long lines (65476)
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (40671), with no line terminators
dropped
Chrome Cache Entry: 83
ASCII text, with very long lines (32089)
downloaded
Chrome Cache Entry: 84
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
downloaded
Chrome Cache Entry: 85
Web Open Font Format, TrueType, length 26288, version 0.0
downloaded
Chrome Cache Entry: 86
Unicode text, UTF-8 text, with very long lines (64241)
downloaded
There are 18 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2016,i,5069373808085024677,3499890254720357829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9"

URLs

Name
IP
Malicious
https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9
malicious
https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9
13.107.42.12
 malicious
https://onedrive.live.com/about/en-us/
unknown
https://outlook.live.com/owa/
unknown
https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams
unknown
https://www.onenote.com/
unknown
https://my.microsoftpersonalcontent.com
unknown
https://onedrive.live.com/error.html
https://www.skype.com/en/
unknown
https://my.microsoftpersonalcontent.com/_api/v2.0/drives/06196B45DC4479E7/items/06196B45DC4479E7!474?action=edit&$select=id,openWith,officebundle,currentUserRole,eTag,name,size,content.downloadUrl,file,sharepointIds,sensitivityLabel,webUrl,webDavUrl,parentReference,vault
13.107.137.11
https://onedrive.live.com/favicon.ico
13.107.137.11
https://products.office.com/en-us/home
unknown
https://my.microsoftpersonalcontent.com/_api/v2.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL28vcyFCT2Q1Uk54RmF4a0dnMXI1YmMzMGJnUVdta05jP2U9SjY3cXhLLUtmRXVycXBNazBkYXNUdyZhdD05/driveItem?action=Edit&$select=id,openWith,officebundle,currentUserRole,eTag,name,size,content.downloadUrl,file,sharepointIds,sensitivityLabel,webUrl,webDavUrl,parentReference,vault
13.107.137.11
https://onedrive.live.com/redir?resid=06196B45DC4479E7!474&ithint=onenote&e=J67qxK-KfEurqpMk0dasTw&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vcyFCT2Q1Uk54RmF4a0dnMXI1YmMzMGJnUVdta05jP2U9SjY3cXhLLUtmRXVycXBNazBkYXNUdyZhdD05
13.107.137.11
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
unknown
https://www.xbox.com/
unknown
https://logincdn.msftauth.net/16.000/content/js/Logout_Core_BN_5ext0CSrr58V8ZQYCVw2.js
152.199.21.175
https://onedrive.live.com/edit?id=06196B45DC4479E7!474&resid=06196B45DC4479E7!474&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vcyFCT2Q1Uk54RmF4a0dnMXI1YmMzMGJnUVdta05jP2U9SjY3cXhLLUtmRXVycXBNazBkYXNUdyZhdD05&migratedtospo=true&wdo=2&cid=06196b45dc4479e7
https://api-badgerp.svc.ms/v1.0/token
13.107.136.10
http://schema.org/Organization
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://github.com/requirejs/almond/LICENSE
unknown
https://onedrive.live.com/?lc=1033
13.107.137.11
https://reactjs.org/link/react-polyfills
unknown
There are 13 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dual-spov-0006.spov-msedge.net
13.107.137.11
dual-spo-0005.spo-msedge.net
13.107.136.10
sni1gl.wpc.alphacdn.net
152.199.21.175
s-part-0036.t-0009.t-msedge.net
13.107.246.64
s-part-0017.t-0009.t-msedge.net
13.107.246.45
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
www.google.com
142.250.186.36
fp2e7a.wpc.phicdn.net
192.229.221.95
1drv.ms
13.107.42.12
my.microsoftpersonalcontent.com
unknown
c.s-microsoft.com
unknown
onedrive.live.com
unknown
api-badgerp.svc.ms
unknown
p.sfx.ms
unknown
logincdn.msftauth.net
unknown
assets.onestore.ms
unknown
ajax.aspnetcdn.com
unknown
acctcdn.msftauth.net
unknown
spo.nel.measure.office.net
unknown
There are 9 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.136.10
dual-spo-0005.spo-msedge.net
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
192.168.2.17
unknown
unknown
192.168.2.4
unknown
unknown
192.168.2.23
unknown
unknown
13.107.139.11
unknown
United States
13.107.137.11
dual-spov-0006.spov-msedge.net
United States
142.250.186.36
www.google.com
United States
13.107.42.12
1drv.ms
United States
239.255.255.250
unknown
Reserved
152.199.21.175
sni1gl.wpc.alphacdn.net
United States
There are 1 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://onedrive.live.com/edit?id=06196B45DC4479E7!474&resid=06196B45DC4479E7!474&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vcyFCT2Q1Uk54RmF4a0dnMXI1YmMzMGJnUVdta05jP2U9SjY3cXhLLUtmRXVycXBNazBkYXNUdyZhdD05&migratedtospo=true&wdo=2&cid=06196b45dc4479e7
https://onedrive.live.com/edit?id=06196B45DC4479E7!474&resid=06196B45DC4479E7!474&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vcyFCT2Q1Uk54RmF4a0dnMXI1YmMzMGJnUVdta05jP2U9SjY3cXhLLUtmRXVycXBNazBkYXNUdyZhdD05&migratedtospo=true&wdo=2&cid=06196b45dc4479e7
https://onedrive.live.com/error.html
https://login.live.com/logout.srf?id=250206
https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage
https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage