Source: https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9 |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Directory created: C:\Program Files\Google |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Directory created: C:\Program Files\Google\GoogleUpdater |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Directory created: C:\Program Files\chrome_BITS_1456_2038269960 |
Jump to behavior |
Source: global traffic |
HTTP traffic detected: GET /:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9 HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /personal/paul_scace_srfed_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fpaul%5Fscace%5Fsrfed%5Fcom%2FDocuments%2FAccounts%20Payable%20%28AP%29%2FEra&ga=1 HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cycW5HSTdJYy92TktWOE9MaXhGMlpFWUYwNGcxRmcxVitvaExRTW9Pd0xWNDJRWVBHT0dxNVJxZExDbFZFMGtaRWhoeHZMYlFtWUZrZGMraElNTEM4R3FrK0RUWEtwdz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cycW5HSTdJYy92TktWOE9MaXhGMlpFWUYwNGcxRmcxVitvaExRTW9Pd0xWNDJRWVBHT0dxNVJxZExDbFZFMGtaRWhoeHZMYlFtWUZrZGMraElNTEM4R3FrK0RUWEtwdz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cycW5HSTdJYy92TktWOE9MaXhGMlpFWUYwNGcxRmcxVitvaExRTW9Pd0xWNDJRWVBHT0dxNVJxZExDbFZFMGtaRWhoeHZMYlFtWUZrZGMraElNTEM4R3FrK0RUWEtwdz09PC9TUD4= |
Source: global traffic |
DNS traffic detected: DNS query: srfed-my.sharepoint.com |
Source: global traffic |
DNS traffic detected: DNS query: spo.nel.measure.office.net |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: chromecache_84.1.dr |
String found in binary or memory: http://www.opensource.org/licenses/mit-license.php |
Source: chromecache_86.1.dr, chromecache_88.1.dr |
String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/ |
Source: chromecache_86.1.dr, chromecache_88.1.dr |
String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/spwebworker.js |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49179 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49189 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49164 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49177 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49165 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49165 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49164 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49189 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49171 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49171 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49177 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49179 -> 443 |
Source: classification engine |
Classification label: mal48.win@18/15@10/4 |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File created: C:\Program Files\Google |
Jump to behavior |
Source: unknown |
Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" |
|
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1072,i,8817321110583036791,13478569038220876855,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: unknown |
Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9" |
|
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1072,i,8817321110583036791,13478569038220876855,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Directory created: C:\Program Files\Google |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Directory created: C:\Program Files\Google\GoogleUpdater |
Jump to behavior |
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Directory created: C:\Program Files\chrome_BITS_1456_2038269960 |
Jump to behavior |