Edit tour

Windows Analysis Report
Incidents - Microsoft 365 security.html

Overview

General Information

Sample Name:	Incidents - Microsoft 365 security.html
Analysis ID:	830608
MD5:	2731ea4d0c0f44ea2f483a7ada18aa03
SHA1:	9b37a9cdb290133953a3286909619819da3490fe
SHA256:	637f190d9dc5022c84bc9dc9b38697b9aabc07d82387a9622e2e02adb3a43aca
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1068 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 3108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1832,i,16372556724267644611,8237450068972592900,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5744 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Incidents - Microsoft 365 security.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_183.1.dr	String found in binary or memory: http://angular-ui.github.com
Source: chromecache_269.1.dr	String found in binary or memory: http://angular-ui.github.io/bootstrap/
Source: chromecache_243.1.dr, chromecache_234.1.dr, chromecache_188.1.dr, chromecache_253.1.dr, chromecache_207.1.dr, chromecache_220.1.dr, chromecache_189.1.dr, chromecache_262.1.dr, chromecache_205.1.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_243.1.dr, chromecache_253.1.dr	String found in binary or memory: http://errors.angularjs.org/1.8.3/
Source: chromecache_184.1.dr, chromecache_169.1.dr	String found in binary or memory: http://github.com/angular-ui/ui-select
Source: chromecache_169.1.dr	String found in binary or memory: http://gridster.net
Source: chromecache_152.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_161.1.dr	String found in binary or memory: http://luisfarzati.github.io/angulartics
Source: chromecache_270.1.dr	String found in binary or memory: http://manifestwebdesign.github.io/angular-gridster
Source: chromecache_193.1.dr	String found in binary or memory: http://microsoftvolumelicensing.com/
Source: chromecache_237.1.dr	String found in binary or memory: http://purl.eligrey.com/github/FileSaver.js/blob/master/FileSaver.js
Source: chromecache_255.1.dr	String found in binary or memory: http://stackoverflow.com/questions/16824853/way-to-ng-repeat-defined-number-of-times-instead-of-repe
Source: chromecache_195.1.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_245.1.dr, chromecache_183.1.dr, chromecache_150.1.dr	String found in binary or memory: http://www.opensource.org/licenses/MIT
Source: chromecache_222.1.dr	String found in binary or memory: https://chieffancypants.github.io/angular-loading-bar
Source: chromecache_203.1.dr	String found in binary or memory: https://d3js.org
Source: chromecache_166.1.dr	String found in binary or memory: https://export.highcharts.com/
Source: chromecache_246.1.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_255.1.dr	String found in binary or memory: https://github.com/amitava82/angular-multiselect
Source: chromecache_230.1.dr, chromecache_169.1.dr	String found in binary or memory: https://github.com/angular-slider/angularjs-slider
Source: chromecache_222.1.dr	String found in binary or memory: https://github.com/chieffancypants/angular-loading-bar/pull/50
Source: chromecache_255.1.dr	String found in binary or memory: https://github.com/isteven)
Source: chromecache_255.1.dr	String found in binary or memory: https://github.com/isteven/angular-multi-select/issues/8
Source: chromecache_255.1.dr	String found in binary or memory: https://github.com/isteven/angular-multi-select/pull/16
Source: chromecache_255.1.dr	String found in binary or memory: https://github.com/isteven/angular-multi-select/pull/19
Source: chromecache_157.1.dr	String found in binary or memory: https://github.com/markedjs/marked
Source: chromecache_261.1.dr	String found in binary or memory: https://github.com/ocombe/ocLazyLoad
Source: chromecache_150.1.dr	String found in binary or memory: https://github.com/pablojim/highcharts-ng
Source: chromecache_201.1.dr	String found in binary or memory: https://github.com/requirejs/requirejs/blob/master/LICENSE
Source: chromecache_195.1.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_195.1.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_195.1.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_195.1.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_233.1.dr, chromecache_246.1.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: Incidents - Microsoft 365 security.html	String found in binary or memory: https://res.cdn.office.net/scc-resources/resources/ww/scc/static/requirejs/2.3.5/require.js
Source: Incidents - Microsoft 365 security.html	String found in binary or memory: https://res.cdn.office.net/scc/ww/scc/v17.00.9877.000/boot.js
Source: chromecache_245.1.dr	String found in binary or memory: https://ui-router.github.io
Source: chromecache_245.1.dr	String found in binary or memory: https://ui-router.github.io/blog/uirouter-for-angularjs-umd-bundles
Source: chromecache_206.1.dr	String found in binary or memory: https://www.highcharts.com?credits

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: classification engine

Classification label: clean0.winHTML@25/112@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1832,i,16372556724267644611,8237450068972592900,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Incidents - Microsoft 365 security.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1832,i,16372556724267644611,8237450068972592900,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: chromecache_159.1.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_159.1.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version

Source	Detection	Scanner	Label	Link
http://angular-ui.github.io/bootstrap/	0%	URL Reputation	safe
http://angular-ui.github.io/bootstrap/	0%	URL Reputation	safe
https://openjsf.org/	0%	URL Reputation	safe
http://jedwatson.github.io/classnames	0%	URL Reputation	safe
https://chieffancypants.github.io/angular-loading-bar	0%	Virustotal		Browse
http://gridster.net	0%	Virustotal		Browse
https://ui-router.github.io	0%	Avira URL Cloud	safe
http://gridster.net	0%	Avira URL Cloud	safe
https://chieffancypants.github.io/angular-loading-bar	0%	Avira URL Cloud	safe
http://manifestwebdesign.github.io/angular-gridster	0%	Avira URL Cloud	safe
https://ui-router.github.io/blog/uirouter-for-angularjs-umd-bundles	0%	Avira URL Cloud	safe
http://luisfarzati.github.io/angulartics	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.180.173	true	false	high
www.google.com	142.251.209.36	true	false	high
clients.l.google.com	142.250.184.78	true	false	high
clients2.google.com	unknown	unknown	false	high
dc.services.visualstudio.com	unknown	unknown	false	high
portal.office.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
file:///C:/Users/user/Desktop/Incidents%20-%20Microsoft%20365%20security.html	false	low
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
file:///C:/Users/user/Desktop/Incidents%20-%20Microsoft%20365%20security.html?tid=59ec147a-a915-41b8-b363-f5137ac841f0	false	low
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/angular-ui/ui-select	chromecache_184.1.dr, chromecache_169.1.dr	false		high
https://npms.io/search?q=ponyfill.	chromecache_195.1.dr	false		high
http://angular-ui.github.io/bootstrap/	chromecache_269.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://github.com/isteven/angular-multi-select/pull/16	chromecache_255.1.dr	false		high
http://stackoverflow.com/questions/16824853/way-to-ng-repeat-defined-number-of-times-instead-of-repe	chromecache_255.1.dr	false		high
https://github.com/isteven/angular-multi-select/pull/19	chromecache_255.1.dr	false		high
http://purl.eligrey.com/github/FileSaver.js/blob/master/FileSaver.js	chromecache_237.1.dr	false		high
https://lodash.com/	chromecache_195.1.dr	false		high
https://reactjs.org/docs/error-decoder.html?invariant=	chromecache_233.1.dr, chromecache_246.1.dr	false		high
https://chieffancypants.github.io/angular-loading-bar	chromecache_222.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/markedjs/marked	chromecache_157.1.dr	false		high
https://github.com/amitava82/angular-multiselect	chromecache_255.1.dr	false		high
http://angular-ui.github.com	chromecache_183.1.dr	false		high
https://github.com/requirejs/requirejs/blob/master/LICENSE	chromecache_201.1.dr	false		high
https://d3js.org	chromecache_203.1.dr	false		high
https://github.com/chieffancypants/angular-loading-bar/pull/50	chromecache_222.1.dr	false		high
https://ui-router.github.io/blog/uirouter-for-angularjs-umd-bundles	chromecache_245.1.dr	false	Avira URL Cloud: safe	unknown
http://underscorejs.org/LICENSE	chromecache_195.1.dr	false		high
http://gridster.net	chromecache_169.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/angular-slider/angularjs-slider	chromecache_230.1.dr, chromecache_169.1.dr	false		high
http://manifestwebdesign.github.io/angular-gridster	chromecache_270.1.dr	false	Avira URL Cloud: safe	unknown
https://www.highcharts.com?credits	chromecache_206.1.dr	false		high
http://www.opensource.org/licenses/MIT	chromecache_245.1.dr, chromecache_183.1.dr, chromecache_150.1.dr	false		high
https://github.com/isteven)	chromecache_255.1.dr	false		high
http://errors.angularjs.org/1.8.3/	chromecache_243.1.dr, chromecache_253.1.dr	false		high
https://lodash.com/license	chromecache_195.1.dr	false		high
http://angularjs.org	chromecache_243.1.dr, chromecache_234.1.dr, chromecache_188.1.dr, chromecache_253.1.dr, chromecache_207.1.dr, chromecache_220.1.dr, chromecache_189.1.dr, chromecache_262.1.dr, chromecache_205.1.dr	false		high
https://fb.me/react-polyfills	chromecache_246.1.dr	false		high
https://github.com/isteven/angular-multi-select/issues/8	chromecache_255.1.dr	false		high
https://github.com/ocombe/ocLazyLoad	chromecache_261.1.dr	false		high
https://openjsf.org/	chromecache_195.1.dr	false	URL Reputation: safe	unknown
https://ui-router.github.io	chromecache_245.1.dr	false	Avira URL Cloud: safe	unknown
http://luisfarzati.github.io/angulartics	chromecache_161.1.dr	false	Avira URL Cloud: safe	unknown
http://microsoftvolumelicensing.com/	chromecache_193.1.dr	false		high
http://jedwatson.github.io/classnames	chromecache_152.1.dr	false	URL Reputation: safe	unknown
https://github.com/pablojim/highcharts-ng	chromecache_150.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.78	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.209.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.180.173	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.4
192.168.2.30
127.0.0.1

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	830608
Start date and time:	2023-03-20 14:35:16 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	Incidents - Microsoft 365 security.html
Detection:	CLEAN
Classification:	clean0.winHTML@25/112@10/8
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.209.35, 104.109.250.170, 104.109.250.179, 104.109.250.149, 104.109.250.189, 104.109.250.180, 104.109.250.194, 34.104.35.123, 52.236.186.218, 142.250.184.67, 52.236.186.217, 152.199.19.161, 104.109.250.196, 104.109.250.148, 104.109.250.186, 104.109.250.147, 104.109.250.195, 104.109.250.203, 13.69.106.211, 13.107.6.156
Excluded domains from analysis (whitelisted): e40491.dscg.akamaiedge.net, fs.microsoft.com, spoppe-b.ec.azureedge.net, portal-office365-com.b-0004.b-msedge.net, b-0004.b-msedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, weu014-breeziest-in.cloudapp.net, res-prod.trafficmanager.net, owamail.public.cdn.office.net.edgekey.net, edgedl.me.gvt1.com, weu08-breeziest-in.cloudapp.net, spoppe-b.azureedge.net, dc.trafficmanager.net, update.googleapis.com, owamail.public.cdn.office.net.edgekey.net.globalredir.akadns.net, dc.applicationinsights.microsoft.com, res.cdn.office.net, res-1-tls.cdn.office.net, weu013-breeziest-in.cloudapp.net, cs9.wpc.v0cdn.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://s3.us-east-005.backblazeb2.com/wmc7fj6n4p/index.html	Get hash	malicious	Unknown	Browse
	http://mmcoptical.dk	Get hash	malicious	Unknown	Browse
	Play_Now #U23ee#Ufe0f #U25b6#Ufe0f #U23ed#Ufe0f 06min25secs__3pm.htm	Get hash	malicious	HTMLPhisher	Browse
	http://nmc8mtiogk64110a85b8911.sawamis.ru	Get hash	malicious	HTMLPhisher	Browse
	Leeds_V10185807.html	Get hash	malicious	HTMLPhisher	Browse
	https://cutt.ly/Poste--King	Get hash	malicious	Unknown	Browse
	https://cdn.discordapp.com/attachments/1085538228158857307/1086891029459902515/Full_Setup_Downloaded_Here.zip	Get hash	malicious	Unknown	Browse
	https://masstamilandownload.com/	Get hash	malicious	Unknown	Browse
	https://rebrand.ly/1c050f	Get hash	malicious	GRQ Scam	Browse
	The Royal Marsden Contract 22-23 Final Particulars v2.docx	Get hash	malicious	Unknown	Browse
	Usco245 Due Account Friday fdp.html	Get hash	malicious	HTMLPhisher	Browse
	https://url.avanan.click/v2/___https://www.newsbreakmail.com/redirect/aHR0cHM6Ly9yb3Q0bWFuLXR5by50b3AvI1pHRnVhV1ZzTG5OMFlXeHNiMjVsUUd0aWNtRXVZMjl0___.YXAzOmticmE6YTpvOjM3ZGNkM2I2NDAyYWZmYzM5OWFjNTVmZGU2YjMwOTM1OjY6ODBiYjoxNzNiY2YxNTlhNmZjMDRmOTRkMGExNjU2MjQwNDExZGNmYjNhYjk5MDY4YmE3ZDA4ODA4YzkwY2Q3MWVkM2ZkOmg6VA	Get hash	malicious	Captcha Phish	Browse
	The Royal Marsden Contract 22-23 Final Particulars v2.docx	Get hash	malicious	Unknown	Browse
	https://octopus-app-c6o8t.ondigitalocean.app	Get hash	malicious	Unknown	Browse
	INV-8001420.htm	Get hash	malicious	HTMLPhisher	Browse
	http://rt3-t.customer.goindigo.in/r/?id=h1c4055e,46be324,1b7c&cid=indRT7DM108&bid=29623646&p1=https://tsfacasrusticas.com.br/new/auth/Arcadiasolutions/john.doe@arcadiasolutions.com&p2=2019-3-1-Hyderabad-1	Get hash	malicious	HTMLPhisher	Browse
	https://octopus-app-c6o8t.ondigitalocean.app	Get hash	malicious	Unknown	Browse
	http://application.meinebwkontakt.com/f/a/AYBMN5UFS03RMb2UshII9g~~/AAUYggA~/RgRl-sAyP0QkaHR0cHM6Ly93d3cuYncta2FydGUuZGUvcHJpdmF0a3VuZGVuVwNzcGNCCmQKQzsYZC2uXmZSGGluZm9AbGFib3JiYXUtc3lzdGVtZS5kZVgEAAAAAA~~	Get hash	malicious	Unknown	Browse
	Weekly CashFlow WC 20 Mar 2023.html	Get hash	malicious	HTMLPhisher	Browse
	https://tx.gl/r/9Q5uQ/	Get hash	malicious	Unknown	Browse

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5971)
Category:	downloaded
Size (bytes):	6175
Entropy (8bit):	5.285570046481039
Encrypted:	false
SSDEEP:	192:djiHC7igQpcCbW1VYTVef2woM2QWo29wLseB:djiHC7iNpHS12Veuwoo0oB
MD5:	A71238FA1EEC94ABFA5025D3D60BB9FA
SHA1:	DCA1A44F8D57B3E80DB9FF732C05FD78F7A50ECB
SHA-256:	428E07969B43FABE83C1B4A50470F62A13E9A07BF5A96D7E076012EEBAC1A658
SHA-512:	2C0179EFA00526D8DFC5DC4EA2E3CB7A25858AF355B86D6C2BE7C0A323DEC0C167DBA22FFAF97E74013B71DB9C9AD0A72D025830F607BD11341FAC9771D5EE1A
Malicious:	false
Reputation:	low
URL:	https://res.cdn.office.net/scc-resources/resources/ww/scc/static/highcharts-ng/0.0.10/highcharts-ng.js
Preview:	/*. highcharts-ng. * @version v0.0.10 - 2015-09-02. * @link https://github.com/pablojim/highcharts-ng. * @author Barry Fitzgerald <>. * @license MIT License, http://www.opensource.org/licenses/MIT. */."undefined"!=typeof module&&"undefined"!=typeof exports&&module.exports===exports&&(module.exports="highcharts-ng"),function(){"use strict";function a(){var a=[],c=!1,d=!1;return{HIGHCHART:"highcharts.js",HIGHSTOCK:"stock/highstock.js",basePath:function(a){c=a},lazyLoad:function(b){a=void 0===b?[this.HIGHCHART]:b,d=!0},$get:["$window","$rootScope",function(e,f){return c\|\|(c=("https:"===window.location.protocol?"https":"http")+"://code.highcharts.com/"),b(e,f,d,c,a)}]}}function b(a,b,c,d,e){var f=[],g=!1;return{lazyLoad:c,ready:function(d,h){if("undefined"==typeof a.Highcharts&&c){if(f.push([d,h]),g)return;g=!0;var i=this;"undefined"==typeof jQuery&&e.unshift("adapters/standalone-framework.js");var j=function(){if(0===e.length)g=!1,b.$apply(function(){angular.forEach(f,function(a){a[0].

Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

File type:	HTML document, ASCII text, with very long lines (65127), with CRLF line terminators
Entropy (8bit):	5.090443036140985
TrID:	HyperText Markup Language (13003/1) 100.00%
File name:	Incidents - Microsoft 365 security.html
File size:	306934
MD5:	2731ea4d0c0f44ea2f483a7ada18aa03
SHA1:	9b37a9cdb290133953a3286909619819da3490fe
SHA256:	637f190d9dc5022c84bc9dc9b38697b9aabc07d82387a9622e2e02adb3a43aca
SHA512:	7c189a7c812b08a0f636d058725a8fde2e7931e8b5f75a988b2dc8b3d72ccb2f30b11b388fbe8d4cd2d79f5af7e8fb2aab66c83d1c2e83266396a15a5c2aca5b
SSDEEP:	1536:BIqkZKagM7ea7aBODZD+/oq+MdRi5uL8dAQgApHp0ub9nHQcu/3zwUUkUu1Q2rjF:B6f7GBs+SAJ3BU+BY2ek8OF1eNBaZv
TLSH:	51649763A03D6D7BCB7300FFDCB21E1C21E904A3D9B5482DAE55CF1842E8AD8965B25D
File Content Preview:	..<!DOCTYPE html>..<html lang="en" dir="ltr">..<head>.. <meta charset="utf-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <title>Security & Compliance</title>.. <meta name="description">.. <meta name="viewport" content="w

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2023 14:36:28.301258087 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.301335096 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.301445007 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.302613020 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.302673101 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.302752018 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.313065052 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.313102961 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.313958883 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.314013958 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.402041912 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.415674925 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.516130924 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.516155958 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.518435955 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.518461943 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.519088030 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.519107103 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.521897078 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.521945953 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.522017002 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.522479057 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.522506952 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.522579908 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.523813963 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.523897886 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.523921013 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.625663996 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.626863003 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.787575960 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.787630081 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.787780046 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.788372993 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.788398027 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.789120913 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.789170980 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.789640903 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.789660931 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.790967941 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.830569029 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.830682039 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.830718040 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.830847979 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.830910921 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.833107948 CET	49702	443	192.168.2.7	142.250.184.78
Mar 20, 2023 14:36:28.833133936 CET	443	49702	142.250.184.78	192.168.2.7
Mar 20, 2023 14:36:28.855941057 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.856096983 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.856143951 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.856456995 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:28.856574059 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.876853943 CET	49701	443	192.168.2.7	142.250.180.173
Mar 20, 2023 14:36:28.876889944 CET	443	49701	142.250.180.173	192.168.2.7
Mar 20, 2023 14:36:32.287590981 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.287633896 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.287709951 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.289247990 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.289264917 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.385504007 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.388268948 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.388303041 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.389884949 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.389985085 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.398789883 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.398808956 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.399049997 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.489902973 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:32.489927053 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:32.590764046 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:42.344400883 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:42.344558001 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:36:42.344672918 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:42.874439001 CET	49710	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:36:42.874496937 CET	443	49710	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.533869028 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:37:30.533941031 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.534506083 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:37:30.538748980 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:37:30.538821936 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.608158112 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.633259058 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:37:30.633301973 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.634280920 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.635061026 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:37:30.635116100 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.635247946 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:30.694752932 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:37:40.591182947 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:40.591299057 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:37:40.591430902 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:25.599831104 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:25.599884033 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.633425951 CET	49812	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:30.633481979 CET	443	49812	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.633817911 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:30.633862972 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.633969069 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:30.634438038 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:30.634459972 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.702012062 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.702518940 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:30.702550888 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.703280926 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.703772068 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:30.703798056 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.703928947 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:30.800219059 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:40.706108093 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:40.706238985 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:38:40.706327915 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:40.931364059 CET	49816	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:38:40.931406021 CET	443	49816	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.425173044 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:33.425245047 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.425338030 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:33.425760031 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:33.425775051 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.506079912 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.614521980 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:33.614583969 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.615468025 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.728234053 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:33.728319883 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.728573084 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:33.829261065 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:43.489948034 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:43.490051985 CET	443	49846	142.251.209.36	192.168.2.7
Mar 20, 2023 14:39:43.490127087 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:43.761888981 CET	49846	443	192.168.2.7	142.251.209.36
Mar 20, 2023 14:39:43.761945963 CET	443	49846	142.251.209.36	192.168.2.7

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2023 14:36:28.128750086 CET	60326	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:36:28.133683920 CET	50835	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:36:28.151421070 CET	53	50835	8.8.8.8	192.168.2.7
Mar 20, 2023 14:36:28.169110060 CET	53	60326	8.8.8.8	192.168.2.7
Mar 20, 2023 14:36:31.467998981 CET	51007	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:36:31.496465921 CET	53	51007	8.8.8.8	192.168.2.7
Mar 20, 2023 14:36:49.580004930 CET	59006	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:38:30.609848022 CET	52750	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:38:30.627187014 CET	53	52750	8.8.8.8	192.168.2.7
Mar 20, 2023 14:38:31.962723970 CET	50231	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:39:33.084618092 CET	56003	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:39:33.104207039 CET	53	56003	8.8.8.8	192.168.2.7
Mar 20, 2023 14:39:42.656446934 CET	60079	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:39:43.681257963 CET	60079	53	192.168.2.7	8.8.8.8
Mar 20, 2023 14:39:46.826740026 CET	61172	53	192.168.2.7	8.8.8.8

Timestamp	kBytes transferred	Direction	Data
2023-03-20 13:36:28 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-03-20 13:36:28 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-C2oHpf7NWaAyIxyCtOkClw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 20 Mar 2023 13:36:28 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5922 X-Daystart: 23788 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-03-20 13:36:28 UTC	1	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 32 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 33 37 38 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5922" elapsed_seconds="23788"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-03-20 13:36:28 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-03-20 13:36:28 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-03-20 13:36:28 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-03-20 13:36:28 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-03-20 13:36:28 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 20 Mar 2023 13:36:28 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp" Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-_JkPgc-sdjTNB4DwFkM_LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version= Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-03-20 13:36:28 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-03-20 13:36:28 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	14:36:23
Start date:	20/03/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff7c2920000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Target ID:	1
Start time:	14:36:25
Start date:	20/03/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1832,i,16372556724267644611,8237450068972592900,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7c2920000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Target ID:	2
Start time:	14:36:26
Start date:	20/03/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Incidents - Microsoft 365 security.html
Imagebase:	0x7ff7c2920000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (30166)
Category:	downloaded
Size (bytes):	56529
Entropy (8bit):	5.229368940719104
Encrypted:	false
SSDEEP:	768:GvYgdeeS4uCAHUrTL11bYrtN8plh1wG9RNzjgI9GVa46zF47sop4W:rAM4uCAHjZNw9LjgIS5sopT
MD5:	9C47EF0C97FA4A892C85ED7207873150
SHA1:	AF238C3D0ABEF7E19D32CF4458AFBFDE1C405D78
SHA-256:	3DC532A6EA4832384DED926B1BAED4C77A4207299FAC4540D0BCEEDAB2163940
SHA-512:	1F8C3891C619DAA329F130CFC65078BBB71D3E0E4DAA2C428356E556759E2FF1959E56BD1C28C6A78743C5CBE07FC85509A76DF778FCC30462F98FC7A5CE679C
Malicious:	false
URL:	https://res.cdn.office.net/scc-resources/resources/ww/scc/static/react-slick/0.22.3/react-slick.js
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("react"),require("react-dom")):"function"==typeof define&&define.amd?define(["react","react-dom"],t):"object"==typeof exports?exports.Slider=t(require("react"),require("react-dom")):e.Slider=t(e.React,e.ReactDOM)}(this,function(e,t){return function(e){function t(r){if(n[r])return n[r].exports;var i=n[r]={exports:{},id:r,loaded:!1};return e[r].call(i.exports,i,i.exports,t),i.loaded=!0,i.exports}var n={};return t.m=e,t.c=n,t.p="",t(0)}([function(e,t,n){"use strict";function r(e){return e&&e.__esModule?e:{default:e}}t.__esModule=!0;var i=n(1),o=r(i);t.default=o.default},function(e,t,n){"use strict";function r(e){return e&&e.__esModule?e:{default:e}}function i(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function o(e,t){if(!e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!t\|\|"object"!=typeof t&&"function"!=typeof t?e:t

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65521), with no line terminators
Category:	downloaded
Size (bytes):	514764
Entropy (8bit):	4.929749900719585
Encrypted:	false
SSDEEP:	6144:yOzZoArBSylX/iEDttnAXF58zxEko8/ljldlF2lS:y14/iEDttnAgzxEsljfyS
MD5:	AAE130F9FC0E3925F60F95AADEA0303A
SHA1:	42F566F4FCED0BEA4ACACDB62D1BC9C0CDA7FADA
SHA-256:	DF566D5854A1F12F3F09EC330BA2646AB2C4AE46958E5F0247B18027006E2686
SHA-512:	9816764338853623D2FAD468EBCF3FB7ED3764E7718FB86087EF351015FB1D0E28A4B100CA13DC0940C3DFFAAF35DA660CBA571C9255B2846781BDF49A537256
Malicious:	false
URL:	https://res.cdn.office.net/scc/ww/scc/v17.00.9877.000/Strings.en.js
Preview:	;(function(g,m){g.Strings=m;if(typeof define === 'function' && define.amd){define({default: m,__esModule:true});}})(window,{"Alias":"Alias","Count":"Count","ApplicationTitle":"{0} - Security & Compliance","CoreEDApplicationTitle":"eDiscovery - {0}'s CoreED page","ApplicationName":"Security & Compliance","BrandName":"Office 365","BrandAndApplicationName":"Office 365 Security & Compliance","NoData":"No data available","NoDataWithRange":"No data available for this time range. Choose a different time range from the report filtering option.","NoDataAvailableReport":"No data available for selected date range. You can choose another time range from the filter options. If you are looking for data older than 7 days, use the Request a report option.","NoAlert":"No alerts","Loading":"Loading...","Saving":"Saving...","InProgressWithEllipsis":"In Progress...","InProgress":"In progress","Completed":"Completed","Error":"Error","CompletedWithErrors":"Completed with errors","Logs":"Logs","Results":"Res

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2486), with no line terminators
Category:	downloaded
Size (bytes):	2486
Entropy (8bit):	5.255136393383608
Encrypted:	false
SSDEEP:	48:GSHCr38O2e7A1aJF4ZnRXWNk2kXUnLSfYgmA0YC994M1Btbo+AL4BCFSSnZiSUGf:GVR4bnRGNk2kjfYvGM42cf0IFBM6
MD5:	EE45FC1DC996FC2033BC24C058F95FE4
SHA1:	95EECE4152F3EDA1AA5F626897F5DD8C790BFA2E
SHA-256:	D18CC34894B4A87FB0A6FBA0F889B570C07D097F75F4D32D1E3D1DD955473E9E
SHA-512:	FEEC5EABA55C27E768F8FB4681667044BFD9EB7AF9DDC2BAC9E937373BD0C1C7BA6827A178A443E7D22E46C105B8D53C6F407F959E9F531D5F9DC7F4C0C226E5
Malicious:	false
URL:	https://res.cdn.office.net/scc-resources/resources/ww/scc/static/ngstorage/0.3.11/ngStorage.js
Preview:	/! ngstorage 0.3.10 \| Copyright (c) 2016 Gias Kay Lee \| MIT License /!function(a,b){"use strict";"function"==typeof define&&define.amd?define(["angular"],b):a.hasOwnProperty("angular")?b(a.angular):"object"==typeof exports&&(module.exports=b(require("angular")))}(this,function(a){"use strict";function b(a,b){var c;try{c=a[b]}catch(d){c=!1}if(c){var e="__"+Math.round(1e7*Math.random());try{a[b].setItem(e,e),a[b].removeItem(e,e)}catch(d){c=!1}}return c}function c(c){var d=b(window,c);return function(){var e="ngStorage-";this.setKeyPrefix=function(a){if("string"!=typeof a)throw new TypeError("[ngStorage] - "+c+"Provider.setKeyPrefix() expects a String.");e=a};var f=a.toJson,g=a.fromJson;this.setSerializer=function(a){if("function"!=typeof a)throw new TypeError("[ngStorage] - "+c+"Provider.setSerializer expects a function.");f=a},this.setDeserializer=function(a){if("function"!=typeof a)throw new TypeError("[ngStorage] - "+c+"Provider.setDeserializer expects a function.");g=a},this.suppor

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, Unicode text, UTF-8 text, with very long lines (23964)
Category:	downloaded
Size (bytes):	24118
Entropy (8bit):	5.433602111576838
Encrypted:	false
SSDEEP:	384:+lQKpqx7q8yqIcYTbK3ctHVoHoWseFbCRaE78FEBWvOe+0TVkn/qMwAZ+MoSQjDn:+lQx7xScYgc5JeFb6aEIgWNXLhF
MD5:	F08E3BB0330DF4CFD31C20E4BF22FE84
SHA1:	FB02FDB57E3F767A021C7B1C64B74C70594D2BEB
SHA-256:	23FF153CEA016C127EFF3B298F431CBE6FD8A1E904A5D057C588194648E26679
SHA-512:	361F452F18B8C958F51BA7F394EFFC45CE0F3ABB52CA9F95CB9E177486D1B39FF7F8E3982457AB2C81B3F73B475021DE8CE472351BBB9312DADC5D35E086118E
Malicious:	false
URL:	https://res.cdn.office.net/scc-resources/resources/ww/scc/static/marked/0.7.0/marked.js
Preview:	/*. marked - a markdown parser. * Copyright (c) 2011-2018, Christopher Jeffrey. (MIT Licensed). * https://github.com/markedjs/marked. /.!function(e){"use strict";var x={newline:/^\n+/,code:/^( {4}[^\n]+\n)+/,fences:/^ {0,3}(`{3,}\|~{3,})([^`~\n])\n(?:\|([\s\S]?)\n)(?: {0,3}\1[~`]* (?:\n+\|$)\|$)/,hr:/^ {0,3}((?:- ){3,}\|(?:_ ){3,}\|(?:\ ){3,})(?:\n+\|$)/,heading:/^ {0,3}(#{1,6}) +([^\n]?)(?: +#+)? (?:\n+\|$)/,blockquote:/^( {0,3}> ?(paragraph\|[^\n])(?:\n\|$))+/,list:/^( {0,3})(bull) [\s\S]+?(?:hr\|def\|\n{2,}(?! )(?!\1bull )\n\|\s$)/,html:"^ {0,3}(?:<(script\|pre\|style)[\\s>][\\s\\S]?(?:</\\1>[^\\n]\\n+\|$)\|comment[^\\n](\\n+\|$)\|<\\?[\\s\\S]?\\?>\\n\|<![A-Z][\\s\\S]?>\\n\|<!\\[CDATA\\[[\\s\\S]?\\]\\]>\\n\|</?(tag)(?: +\|\\n\|/?>)[\\s\\S]?(?:\\n{2,}\|$)\|<(?!script\|pre\|style)([a-z][\\w-])(?:attribute)? /?>(?=[ \\t](?:\\n\|$))[\\s\\S]?(?:\\n{2,}\|$)\|</(?!script\|pre\|style)[a-z][\\w-]\\s>(?=[ \\t](?:\\n\|$))[\\s\\S]?(?:\\n{2,}\|$))",def:/^ {0,3}\[(label)\]: \n? *<?([^\s>]+)>?(?

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Incidents - Microsoft 365 security.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 177

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Windows Analysis Report
Incidents - Microsoft 365 security.html