Edit tour

Windows Analysis Report
https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D

Overview

General Information

Sample URL:	https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3
Analysis ID:	1522717
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML page contains hidden javascript code

Program does not show much activity (idle)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6040 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platform%2520%257C%2520Microsoft%2520Learn%2522%21%2520I%2527m%2520so%2520proud%2520to%2520be%2520celebrating%2520this%2520achievement%2520and%2520hope%2520this%2520inspires%2520you%2520to%2520start%2520your%2520own%2520%2540MicrosoftLearn%2520journey%21%250A%250D%250Ahttps%253A%252F%252Flearn.microsoft.com%252Fen-us%252Fpower-platform%252Fadmin%252Fautomatic-environment-cleanup%253FWT.mc_id%253Dppac_inproduct_email%2526WT.mc_id%253Dlinkedin

HTTP Parser: Iframe src: https://lnkd.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.linkedin.com

Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag

HTTP Parser: Base64 decoded: {"w":1280,"h":1024,"aw":1280,"ah":984,"c":24}

Source: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platform%2520%257C%2520Microsoft%2520Learn%2522%21%2520I%2527m%2520so%2520proud%2520to%2520be%2520celebrating%2520this%2520achievement%2520and%2520hope%2520this%2520inspires%2520you%2520to%2520start%2520your%2520own%2520%2540MicrosoftLearn%2520journey%21%250A%250D%250Ahttps%253A%252F%252Flearn.microsoft.com%252Fen-us%252Fpower-platform%252Fadmin%252Fautomatic-environment-cleanup%253FWT.mc_id%253Dppac_inproduct_email%2526WT.mc_id%253Dlinkedin	HTTP Parser: <input type="password" .../> found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: <input type="password" .../> found

Source: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#definition-of-user-activity	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#environments-in-a-tenant-with-an-expired-subscription	HTTP Parser: No favicon
Source: https://learn.microsoft.com/pdf?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Ftoc.json	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#view-the-status-of-your-environments	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#view-the-status-of-your-environments	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon

Source: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platform%2520%257C%2520Microsoft%2520Learn%2522%21%2520I%2527m%2520so%2520proud%2520to%2520be%2520celebrating%2520this%2520achievement%2520and%2520hope%2520this%2520inspires%2520you%2520to%2520start%2520your%2520own%2520%2540MicrosoftLearn%2520journey%21%250A%250D%250Ahttps%253A%252F%252Flearn.microsoft.com%252Fen-us%252Fpower-platform%252Fadmin%252Fautomatic-environment-cleanup%253FWT.mc_id%253Dppac_inproduct_email%2526WT.mc_id%253Dlinkedin	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platform%2520%257C%2520Microsoft%2520Learn%2522%21%2520I%2527m%2520so%2520proud%2520to%2520be%2520celebrating%2520this%2520achievement%2520and%2520hope%2520this%2520inspires%2520you%2520to%2520start%2520your%2520own%2520%2540MicrosoftLearn%2520journey%21%250A%250D%250Ahttps%253A%252F%252Flearn.microsoft.com%252Fen-us%252Fpower-platform%252Fadmin%252Fautomatic-environment-cleanup%253FWT.mc_id%253Dppac_inproduct_email%2526WT.mc_id%253Dlinkedin	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: No <meta name="author".. found

Source: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platform%2520%257C%2520Microsoft%2520Learn%2522%21%2520I%2527m%2520so%2520proud%2520to%2520be%2520celebrating%2520this%2520achievement%2520and%2520hope%2520this%2520inspires%2520you%2520to%2520start%2520your%2520own%2520%2540MicrosoftLearn%2520journey%21%250A%250D%250Ahttps%253A%252F%252Flearn.microsoft.com%252Fen-us%252Fpower-platform%252Fadmin%252Fautomatic-environment-cleanup%253FWT.mc_id%253Dppac_inproduct_email%2526WT.mc_id%253Dlinkedin	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platform%2520%257C%2520Microsoft%2520Learn%2522%21%2520I%2527m%2520so%2520proud%2520to%2520be%2520celebrating%2520this%2520achievement%2520and%2520hope%2520this%2520inspires%2520you%2520to%2520start%2520your%2520own%2520%2540MicrosoftLearn%2520journey%21%250A%250D%250Ahttps%253A%252F%252Flearn.microsoft.com%252Fen-us%252Fpower-platform%252Fadmin%252Fautomatic-environment-cleanup%253FWT.mc_id%253Dppac_inproduct_email%2526WT.mc_id%253Dlinkedin	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare&display&hashtag	HTTP Parser: No <meta name="copyright".. found

Source: chromecache_380.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_398.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_380.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_398.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_372.2.dr, chromecache_459.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_350.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_398.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_280.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: chromecache_461.2.dr	String found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^\|\.)facebook\.(com\|sg)$/.test(a);if(b)return"facebook";b=/(^\|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^\|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^\|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy and paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]),d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}g.start=a}),226); equals www.facebook.com (Facebook)

Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: http://admin.powerplatform.com/azurebilling)
Source: chromecache_392.2.dr, chromecache_282.2.dr, chromecache_551.2.dr, chromecache_422.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_414.2.dr	String found in binary or memory: http://git.io/TrdQbw
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: http://login.microsoftonline-p.com/)
Source: chromecache_414.2.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_375.2.dr	String found in binary or memory: https://accounts.google.com/gsi/
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/button
Source: chromecache_375.2.dr	String found in binary or memory: https://accounts.google.com/gsi/fedcm.json
Source: chromecache_375.2.dr	String found in binary or memory: https://accounts.google.com/gsi/fedcmcsp?client_id=
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/iframe/select
Source: chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/log
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/revoke
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/select
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/status
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/gsi/style
Source: chromecache_375.2.dr, chromecache_477.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_375.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/learn-pdf-feedback)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/platformlimits)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/powerappsidea)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/powerautomateideas)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/powerbiideas)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/powerpagesideas)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/powervirtualagentideas)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/ppac)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://aka.ms/stp)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://app.powerbi.com/)
Source: chromecache_267.2.dr, chromecache_440.2.dr	String found in binary or memory: https://appleid.apple.com
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://apps.powerapps.com/trial)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://auth.gfx.ms/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://blogs.windows.com/msedgedev/microsoft-edge-legacy-end-of-support)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://community.dynamics.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://community.dynamics.com/crm/b/dynamicscrmsupportblog/archive/2016/11/15/new-diagnostic-scenar
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://community.dynamics.com/forums/thread/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://contoso.crm.dynamics.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=2545289014)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=2565145421)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=2565151295)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=3422153451)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=3422153452)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=853428)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=8568700)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://crt.sh/?d=8656329)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.2)
Source: chromecache_375.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration
Source: chromecache_375.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)
Source: chromecache_375.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#display_moment
Source: chromecache_375.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://experience.dynamics.com/ideas/categories/?forum=1afbfe0a-5439-ea11-a813-000d3a579c35&forumNa
Source: chromecache_392.2.dr, chromecache_551.2.dr, chromecache_422.2.dr	String found in binary or memory: https://feross.org/opensource
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRxclc4NDdL5CqxoDKPh
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR-5Axi2KMXdNi_1eF9P36tZUN1FU
Source: chromecache_533.2.dr	String found in binary or memory: https://github.com/emn178/js-md5
Source: chromecache_533.2.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://github.com/microsoft/powerapps-tools/tree/master/Administration/AdminInADay)
Source: chromecache_463.2.dr, chromecache_484.2.dr	String found in binary or memory: https://help.x.com/rules-and-policies/twitter-cookies
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://home.dynamics.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://lcs.dynamics.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://lcs.dynamics.com/Logon/Index)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://login.live.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://make.powerapps.com/)
Source: chromecache_375.2.dr	String found in binary or memory: https://meet.google.com
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://mem.gfx.ms/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://ms.portal.azure.com/#create/Microsoft.Template)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://ms.portal.azure.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://my.visualstudio.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://nmap.org/)
Source: chromecache_375.2.dr	String found in binary or memory: https://oauth2.googleapis.com/revoke
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://office.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://office.com/apps)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://portal.azure.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://portal.microsoftonline.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://portal.office.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://portal.office.com/account/#subscriptions)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://powerapps.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://powerautomate.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://products.office.com/business/manage-office-365-admin-app)
Source: chromecache_412.2.dr, chromecache_332.2.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://status.office.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/About-the-Office-365-admin-center-758befc4-0888-4009-9f14-0d14740
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/Add-your-users-and-domain-to-Office-365-ffdb2216-330d-4d73-832b-3
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/Assign-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/Create-or-edit-users-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/Set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/Verify-your-domain-in-Office-365-6383f56d-3d09-4dcb-9b41-b5f5a5ef
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://support.office.com/article/What-is-PSTN-calling-3dc773b9-95e0-4448-b2f1-887c54022429)
Source: chromecache_303.2.dr, chromecache_488.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/bundle.NetworkInstrument
Source: chromecache_278.2.dr, chromecache_345.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/emoji-en.3afd1e4a.j
Source: chromecache_335.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/en.246d31ea.js.map
Source: chromecache_382.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AppModules.8e4960
Source: chromecache_552.2.dr, chromecache_476.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioDock.af72bcb
Source: chromecache_293.2.dr, chromecache_307.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioOnlyVideoPla
Source: chromecache_351.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.SideNav.e8d0899a.
Source: chromecache_333.2.dr, chromecache_516.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.richScribeAction.
Source: chromecache_533.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/main.8912eaaa.js.map
Source: chromecache_464.2.dr, chromecache_481.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.audio.8d83897a.j
Source: chromecache_425.2.dr, chromecache_385.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.common.0481c12a.
Source: chromecache_514.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.Dropdown.78a54e
Source: chromecache_313.2.dr, chromecache_480.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.IntentPrompt.6d
Source: chromecache_302.2.dr, chromecache_397.2.dr, chromecache_553.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AboutThisA
Source: chromecache_337.2.dr, chromecache_284.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AccountAna
Source: chromecache_445.2.dr, chromecache_529.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AudioSpace
Source: chromecache_547.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Birdwatch~
Source: chromecache_279.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Communitie
Source: chromecache_436.2.dr, chromecache_441.2.dr, chromecache_532.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Compose~bu
Source: chromecache_311.2.dr, chromecache_437.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Compose~lo
Source: chromecache_288.2.dr, chromecache_358.2.dr, chromecache_367.2.dr, chromecache_297.2.dr, chromecache_287.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Compose~on
Source: chromecache_329.2.dr, chromecache_538.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.LiveEvent~
Source: chromecache_315.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ReaderMode
Source: chromecache_534.2.dr, chromecache_522.2.dr, chromecache_409.2.dr, chromecache_517.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.TwitterArt
Source: chromecache_354.2.dr, chromecache_473.2.dr, chromecache_463.2.dr, chromecache_484.2.dr, chromecache_546.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AppModules
Source: chromecache_334.2.dr, chromecache_396.2.dr, chromecache_290.2.dr, chromecache_467.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AudioDock~
Source: chromecache_381.2.dr, chromecache_366.2.dr, chromecache_268.2.dr, chromecache_270.2.dr, chromecache_487.2.dr, chromecache_353.2.dr, chromecache_272.2.dr, chromecache_357.2.dr, chromecache_505.2.dr, chromecache_319.2.dr, chromecache_323.2.dr, chromecache_362.2.dr, chromecache_448.2.dr, chromecache_469.2.dr, chromecache_388.2.dr, chromecache_447.2.dr, chromecache_370.2.dr, chromecache_359.2.dr, chromecache_356.2.dr, chromecache_496.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DMDrawer~b
Source: chromecache_299.2.dr, chromecache_443.2.dr, chromecache_401.2.dr, chromecache_363.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DashMenu~l
Source: chromecache_390.2.dr, chromecache_407.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.SideNav~bu
Source: chromecache_383.2.dr, chromecache_550.2.dr, chromecache_331.2.dr, chromecache_281.2.dr, chromecache_474.2.dr, chromecache_322.2.dr, chromecache_439.2.dr, chromecache_402.2.dr, chromecache_392.2.dr, chromecache_265.2.dr, chromecache_266.2.dr, chromecache_349.2.dr, chromecache_429.2.dr, chromecache_386.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.Typeahead~
Source: chromecache_393.2.dr, chromecache_309.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.directMess
Source: chromecache_264.2.dr, chromecache_446.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~ondemand.InlinePl
Source: chromecache_414.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/vendor.62d18e4a.js.map
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://trials.dynamics.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://www.d365ccafpi.com/)
Source: chromecache_380.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://www.powershellgallery.com/)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://www.powershellgallery.com/packages/Microsoft.PowerApps.Administration.PowerShell/2.0.1)
Source: downloaded.pdf.crdownload.0.dr	String found in binary or memory: https://www.ssllabs.com/ssltest/analyze.html)
Source: chromecache_335.2.dr, chromecache_296.2.dr	String found in binary or memory: https://x.com/en/privacy

Source: classification engine

Classification label: clean2.win@32/450@0/54

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6040 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6040 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://underscorejs.org	0%	URL Reputation	safe
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment	0%	URL Reputation	safe
https://www.internalfb.com/intern/invariant/	0%	URL Reputation	safe
https://help.x.com/rules-and-policies/twitter-cookies	0%	URL Reputation	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/emoji-en.3afd1e4a.j	0%	URL Reputation	safe
https://developers.google.com/identity/gsi/web/guides/fedcm-migration	0%	URL Reputation	safe
https://meet.google.com	0%	URL Reputation	safe
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)	0%	URL Reputation	safe
https://feross.org/opensource	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Downloads/downloaded.pdf	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRxclc4NDdL5CqxoDKPh	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.audio.8d83897a.j	chromecache_464.2.dr, chromecache_481.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AboutThisA	chromecache_302.2.dr, chromecache_397.2.dr, chromecache_553.2.dr	false		unknown
https://blogs.windows.com/msedgedev/microsoft-edge-legacy-end-of-support)	downloaded.pdf.crdownload.0.dr	false		unknown
https://crt.sh/?d=8568700)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.directMess	chromecache_393.2.dr, chromecache_309.2.dr	false		unknown
http://underscorejs.org	chromecache_414.2.dr	false	URL Reputation: safe	unknown
https://app.powerbi.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/en.246d31ea.js.map	chromecache_335.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.common.0481c12a.	chromecache_425.2.dr, chromecache_385.2.dr	false		unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment	chromecache_375.2.dr	false	URL Reputation: safe	unknown
https://portal.azure.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://trials.dynamics.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://www.internalfb.com/intern/invariant/	chromecache_380.2.dr	false	URL Reputation: safe	unknown
https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE	chromecache_412.2.dr, chromecache_332.2.dr	false		unknown
https://auth.gfx.ms/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AccountAna	chromecache_337.2.dr, chromecache_284.2.dr	false		unknown
https://aka.ms/powerpagesideas)	downloaded.pdf.crdownload.0.dr	false		unknown
https://lcs.dynamics.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://community.dynamics.com/forums/thread/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://home.dynamics.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DMDrawer~b	chromecache_381.2.dr, chromecache_366.2.dr, chromecache_268.2.dr, chromecache_270.2.dr, chromecache_487.2.dr, chromecache_353.2.dr, chromecache_272.2.dr, chromecache_357.2.dr, chromecache_505.2.dr, chromecache_319.2.dr, chromecache_323.2.dr, chromecache_362.2.dr, chromecache_448.2.dr, chromecache_469.2.dr, chromecache_388.2.dr, chromecache_447.2.dr, chromecache_370.2.dr, chromecache_359.2.dr, chromecache_356.2.dr, chromecache_496.2.dr	false		unknown
https://aka.ms/powerappsidea)	downloaded.pdf.crdownload.0.dr	false		unknown
https://support.office.com/article/Assign-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e	downloaded.pdf.crdownload.0.dr	false		unknown
https://help.x.com/rules-and-policies/twitter-cookies	chromecache_463.2.dr, chromecache_484.2.dr	false	URL Reputation: safe	unknown
https://portal.microsoftonline.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ms.portal.azure.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://mem.gfx.ms/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://github.com/emn178/js-md5	chromecache_533.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AudioSpace	chromecache_445.2.dr, chromecache_529.2.dr	false		unknown
https://aka.ms/learn-pdf-feedback)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Compose~on	chromecache_288.2.dr, chromecache_358.2.dr, chromecache_367.2.dr, chromecache_297.2.dr, chromecache_287.2.dr	false		unknown
https://github.com/microsoft/powerapps-tools/tree/master/Administration/AdminInADay)	downloaded.pdf.crdownload.0.dr	false		unknown
https://community.dynamics.com/crm/b/dynamicscrmsupportblog/archive/2016/11/15/new-diagnostic-scenar	downloaded.pdf.crdownload.0.dr	false		unknown
https://my.visualstudio.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://crt.sh/?d=8656329)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AppModules.8e4960	chromecache_382.2.dr	false		unknown
https://crt.sh/?d=3422153451)	downloaded.pdf.crdownload.0.dr	false		unknown
https://community.dynamics.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://office.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.richScribeAction.	chromecache_333.2.dr, chromecache_516.2.dr	false		unknown
https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.2)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AudioDock~	chromecache_334.2.dr, chromecache_396.2.dr, chromecache_290.2.dr, chromecache_467.2.dr	false		unknown
https://contoso.crm.dynamics.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://support.office.com/article/About-the-Office-365-admin-center-758befc4-0888-4009-9f14-0d14740	downloaded.pdf.crdownload.0.dr	false		unknown
https://www.powershellgallery.com/packages/Microsoft.PowerApps.Administration.PowerShell/2.0.1)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ms.portal.azure.com/#create/Microsoft.Template)	downloaded.pdf.crdownload.0.dr	false		unknown
https://support.office.com/article/Create-or-edit-users-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc)	downloaded.pdf.crdownload.0.dr	false		unknown
https://crt.sh/?d=3422153452)	downloaded.pdf.crdownload.0.dr	false		unknown
https://aka.ms/powerautomateideas)	downloaded.pdf.crdownload.0.dr	false		unknown
https://crt.sh/?d=853428)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ReaderMode	chromecache_315.2.dr	false		unknown
https://www.powershellgallery.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://support.office.com/article/What-is-PSTN-calling-3dc773b9-95e0-4448-b2f1-887c54022429)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/emoji-en.3afd1e4a.j	chromecache_278.2.dr, chromecache_345.2.dr	false	URL Reputation: safe	unknown
http://login.microsoftonline-p.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioDock.af72bcb	chromecache_552.2.dr, chromecache_476.2.dr	false		unknown
https://x.com/en/privacy	chromecache_335.2.dr, chromecache_296.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AppModules	chromecache_354.2.dr, chromecache_473.2.dr, chromecache_463.2.dr, chromecache_484.2.dr, chromecache_546.2.dr	false		unknown
https://aka.ms/stp)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.SideNav.e8d0899a.	chromecache_351.2.dr	false		unknown
https://products.office.com/business/manage-office-365-admin-app)	downloaded.pdf.crdownload.0.dr	false		unknown
http://git.io/TrdQbw	chromecache_414.2.dr	false		unknown
https://github.com/focus-trap/tabbable/blob/master/LICENSE	chromecache_533.2.dr	false		unknown
https://crt.sh/?d=2545289014)	downloaded.pdf.crdownload.0.dr	false		unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration	chromecache_375.2.dr	false	URL Reputation: safe	unknown
https://meet.google.com	chromecache_375.2.dr	false	URL Reputation: safe	unknown
https://office.com/apps)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Birdwatch~	chromecache_547.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Communitie	chromecache_279.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~ondemand.InlinePl	chromecache_264.2.dr, chromecache_446.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioOnlyVideoPla	chromecache_293.2.dr, chromecache_307.2.dr	false		unknown
https://aka.ms/powervirtualagentideas)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/bundle.NetworkInstrument	chromecache_303.2.dr, chromecache_488.2.dr	false		unknown
https://aka.ms/powerbiideas)	downloaded.pdf.crdownload.0.dr	false		unknown
https://nmap.org/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://aka.ms/ppac)	downloaded.pdf.crdownload.0.dr	false		unknown
https://status.office.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.Typeahead~	chromecache_383.2.dr, chromecache_550.2.dr, chromecache_331.2.dr, chromecache_281.2.dr, chromecache_474.2.dr, chromecache_322.2.dr, chromecache_439.2.dr, chromecache_402.2.dr, chromecache_392.2.dr, chromecache_265.2.dr, chromecache_266.2.dr, chromecache_349.2.dr, chromecache_429.2.dr, chromecache_386.2.dr	false		unknown
https://apps.powerapps.com/trial)	downloaded.pdf.crdownload.0.dr	false		unknown
https://www.ssllabs.com/ssltest/analyze.html)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.TwitterArt	chromecache_534.2.dr, chromecache_522.2.dr, chromecache_409.2.dr, chromecache_517.2.dr	false		unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)	chromecache_375.2.dr	false	URL Reputation: safe	unknown
https://portal.office.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/vendor.62d18e4a.js.map	chromecache_414.2.dr	false		unknown
https://portal.office.com/account/#subscriptions)	downloaded.pdf.crdownload.0.dr	false		unknown
https://secure.aadcdn.microsoftonline-p.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Compose~bu	chromecache_436.2.dr, chromecache_441.2.dr, chromecache_532.2.dr	false		unknown
https://powerautomate.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://support.office.com/article/Add-your-users-and-domain-to-Office-365-ffdb2216-330d-4d73-832b-3	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.SideNav~bu	chromecache_390.2.dr, chromecache_407.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.Dropdown.78a54e	chromecache_514.2.dr	false		unknown
https://feross.org/opensource	chromecache_392.2.dr, chromecache_551.2.dr, chromecache_422.2.dr	false	URL Reputation: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DashMenu~l	chromecache_299.2.dr, chromecache_443.2.dr, chromecache_401.2.dr, chromecache_363.2.dr	false		unknown
https://make.powerapps.com/)	downloaded.pdf.crdownload.0.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.IntentPrompt.6d	chromecache_313.2.dr, chromecache_480.2.dr	false		unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.LiveEvent~	chromecache_329.2.dr, chromecache_538.2.dr	false		unknown
https://lcs.dynamics.com/Logon/Index)	downloaded.pdf.crdownload.0.dr	false		unknown
http://admin.powerplatform.com/azurebilling)	downloaded.pdf.crdownload.0.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.42	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.19.26.215	unknown	United States	16509	AMAZON-02US	false
20.189.173.9	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.21.118	unknown	United States	15133	EDGECASTUS	false
13.107.246.45	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
172.64.146.215	unknown	United States	13335	CLOUDFLARENETUS	false
104.244.43.131	unknown	United States	54113	FASTLYUS	false
142.250.184.226	unknown	United States	15169	GOOGLEUS	false
204.79.197.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
144.2.9.1	unknown	Netherlands	14413	LINKEDINUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
52.16.68.25	unknown	United States	16509	AMAZON-02US	false
2.19.126.156	unknown	European Union	16625	AKAMAI-ASUS	false
88.221.170.101	unknown	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
157.240.253.35	unknown	United States	32934	FACEBOOKUS	false
199.232.188.159	unknown	United States	54113	FASTLYUS	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
54.77.208.237	unknown	United States	16509	AMAZON-02US	false
13.107.246.60	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.17.201.122	unknown	United States	16509	AMAZON-02US	false
13.74.129.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.162	unknown	United States	15169	GOOGLEUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
151.101.120.158	unknown	United States	54113	FASTLYUS	false
172.217.18.10	unknown	United States	15169	GOOGLEUS	false
157.240.252.35	unknown	United States	32934	FACEBOOKUS	false
74.125.250.129	unknown	United States	15169	GOOGLEUS	false
66.102.1.84	unknown	United States	15169	GOOGLEUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false
104.244.42.66	unknown	United States	13414	TWITTERUS	false
104.244.42.65	unknown	United States	13414	TWITTERUS	false
104.18.41.41	unknown	United States	13335	CLOUDFLARENETUS	false
104.244.42.1	unknown	United States	13414	TWITTERUS	false
216.58.212.138	unknown	United States	15169	GOOGLEUS	false
104.244.42.2	unknown	United States	13414	TWITTERUS	false
54.229.152.53	unknown	United States	16509	AMAZON-02US	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
184.28.89.167	unknown	United States	16625	AKAMAI-ASUS	false
64.233.167.84	unknown	United States	15169	GOOGLEUS	false
152.199.22.144	unknown	United States	15133	EDGECASTUS	false
142.250.185.130	unknown	United States	15169	GOOGLEUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
34.248.147.230	unknown	United States	16509	AMAZON-02US	false
157.240.253.1	unknown	United States	32934	FACEBOOKUS	false
172.66.0.227	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5
192.168.2.16
192.168.2.11
192.168.2.12

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522717
Start date and time:	2024-09-30 15:48:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@32/450@0/54
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#environments-in-a-tenant-with-an-expired-subscription Browse: https://www.linkedin.com/feed/?shareActive=true&text=Today%20I%20completed%20%22Automatic%20deletion%20of%20Power%20Platform%20environments%20-%20Power%20Platform%20%7C%20Microsoft%20Learn%22!%20I%27m%20so%20proud%20to%20be%20celebrating%20this%20achievement%20and%20hope%20this%20inspires%20you%20to%20start%20your%20own%20%40MicrosoftLearn%20journey!%0A%0D%0Ahttps%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dlinkedin Browse: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#view-the-status-of-your-environments Browse: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dtwitter&text=Today%20I%20completed%20%22Automatic%20deletion%20of%20Power%20Platform%20environments%20-%20Power%20Platform%20%7C%20Microsoft%20Learn%22!%20I%27m%20so%20proud%20to%20be%20celebrating%20this%20achievement%20and%20hope%20this%20inspires%20you%20to%20start%20your%20own%20%40MicrosoftLearn%20journey!&tw_p=tweetbutton&url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dtwitter Browse: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D

Input	Output
URL: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#definition-of-user-activity Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#environments-in-a-tenant-with-an-expired-subscription Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Ffeed%2F%3FshareActive%3Dtrue%26text%3DToday%2520I%2520completed%2520%2522Automatic%2520deletion%2520of%2520Power%2520Platform%2520environments%2520-%2520Power%2520Platfor Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://learn.microsoft.com/en-us/power-platform/admin/automatic-environment-cleanup?WT.mc_id=ppac_inproduct_email#view-the-status-of-your-environments Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://x.com/intent/post?original_referer=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dtwitter&text=Today%20I%20completed%20%22Automatic%20deletion%20of% Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://x.com/intent/post?original_referer=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dtwitter&text=Today+I+completed+%22Automatic+deletion+of+Power+Plat Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}
URL: https://www.facebook.com/share_channel/?link=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fautomatic-environment-cleanup%3FWT.mc_id%3Dppac_inproduct_email%26WT.mc_id%3Dfacebook&app_id=966242223397117&source_surface=external_reshare& Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:49:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.973291988799372
Encrypted:	false
SSDEEP:	48:8e+dFTUAkuBHYidAKZdA1nehwiZUklqehjy+3:8ewsxoy
MD5:	89CE21A320FE0FECFBCA442C110377E1
SHA1:	17054961A8904F339B8677CF0A8A0E764DBD2613
SHA-256:	15B4C0E19F20F6A0EBA0DFC79B551031E0490A13CD815299AC0E420B2BE69CA9
SHA-512:	45E669240476410AC3D18B8FB3AAD7C31712882BAABEA313E2FB89F97A1B7C823186DBCA31A49654C6F839B3253A9361261C2EF17DC74F22C28B3566ECC10689
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I>Y1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y1n....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V>Y1n....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V>Y1n..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y5n............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Target ID:	0
Start time:	09:49:26
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	09:49:36
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	09:49:40
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D"
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	8
Start time:	09:50:10
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6040 --field-trial-handle=1920,i,14918702719771116416,4743946418574674215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6a3150000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.4
Category:	dropped
Size (bytes):	118215714
Entropy (8bit):	7.656722926855311
Encrypted:	false
SSDEEP:	3145728:J8atgHx96TQ7390p4zNu9w4IkDqdIJPd:JEpY4s9w4L4S
MD5:	1CB0A1F5D15D175666C2FBF09A11C07C
SHA1:	50B670444B242D53324C697AB028C1D72AC15B0C
SHA-256:	3C8554C9F40BB6A5F53CA64C0E3C6BBF558C8DCA7B7BE4E81461E9E9D766731E
SHA-512:	9418CBD7283F42C1071E804FC696E07F781FF2E40A7D802D57FF3C40A9A10730AB689DB017C165821D360DDA7874DA18CA85447FB29679CBAEAC23085DD63B85
Malicious:	false
Reputation:	low
Preview:	%PDF-1.4.%.....3 0 obj.<</Type /Annot./Subtype /Link./F 4./Border [0 0 0]./Rect [380.40982 820.16083 567.98865 835.91748]./A <</Type /Action./S /URI./URI (https://aka.ms/learn-pdf-feedback)>>/StructParent 499999>>.endobj.13 0 obj.<</ca 1./BM /Normal>>.endobj.16 0 obj.<</Type /XObject./Subtype /Image./Width 1964./Height 830./ColorSpace /DeviceGray./BitsPerComponent 8./Filter /DCTDecode./ColorTransform 0./Length 12446>> stream.......JFIF.............C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc......>......................................).....................R.....4q.123...!AB........?..P...............D....$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np.a..M...6..$.np

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	71365
Entropy (8bit):	5.434388742232653
Encrypted:	false
SSDEEP:	1536:DlZAbLK//S5aumwWYAsmXYzlMxbOL150NBbCZVp:DLa5VmOOWH
MD5:	8C56DEA6998A620D92EE3EC1B029F36E
SHA1:	73CD99B5893E5FD1DAF2256BF75EB37E115EC88E
SHA-256:	CBE571FA451678B6BC298265E050B2C77C73D3C70DF042F801C9FAFDC4B351BF
SHA-512:	08D463FE4356C2DC5AC10BF2349188E740639E132BE69814CF52CB83493E9DFF53F06D0181C4FD733F45F891BF71D936B9E5BEC29F81F0653919AC6B5EDA2C64
Malicious:	false
Reputation:	low
URL:	https://abs.twimg.com/responsive-web/client-web/shared~ondemand.InlinePlayer~loader.AudioOnlyVideoPlayer~loader.immersiveTweetHandler~bundle.TV~bundle.Accoun.a10c715a.js
Preview:	"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web\|\|[]).push([["shared~ondemand.InlinePlayer~loader.AudioOnlyVideoPlayer~loader.immersiveTweetHandler~bundle.TV~bundle.Accoun"],{907187:(t,e,i)=>{i.d(e,{Z:()=>De});i(334115),i(200634),i(320796),i(449228),i(438695),i(827233),i(374083),i(418145),i(315735),i(543450),i(743108),i(332501),i(24895),i(499120),i(865584),i(326936),i(271245),i(414586),i(458143),i(43105),i(334769),i(358188),i(73439),i(477950),i(888233),i(428673),i(201939),i(906886),i(154226);var n,r,a,o,s=i(580753),c=i(981665),u=i(256666),l=i(22699),d=i.n(l);function h(t,e){var i;if("undefined"==typeof Symbol\|\|null==t[Symbol.iterator]){if(Array.isArray(t)\|\|(i=function(t,e){if(!t)return;if("string"==typeof t)return f(t,e);var i=Object.prototype.toString.call(t).slice(8,-1);"Object"===i&&t.constructor&&(i=t.constructor.name);if("Map"===i\|\|"Set"===i)return Array.from(t);if("Arguments"===i\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(i))re

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\downloaded.pdf.crdownload

Chrome Cache Entry: 264

Chrome Cache Entry: 265

Chrome Cache Entry: 266

Chrome Cache Entry: 267

Chrome Cache Entry: 268

Chrome Cache Entry: 269

Chrome Cache Entry: 270

Chrome Cache Entry: 271

Chrome Cache Entry: 272

Chrome Cache Entry: 273

Chrome Cache Entry: 274

Chrome Cache Entry: 275

Chrome Cache Entry: 276

Chrome Cache Entry: 277

Chrome Cache Entry: 278

Chrome Cache Entry: 279

Chrome Cache Entry: 280

Chrome Cache Entry: 281

Chrome Cache Entry: 282

Windows Analysis Report
https://eur.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2230573&p=bT00YjEyOTdiMS03M2E3LTRkMTgtYWY3Ni0yZTFhYTM4NmFhNjQmdT1hZW8mbD1md2xpbmtfMg%3D%3D