IOC Report
https://pcbuildsjax-my.sharepoint.com/:f:/p/ac/Eg2jLJJF1BFHuuCppZjY6=%20NkBf-6-6WBwAZaez182gRayxA?e=3DUtcUU4

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
ASCII text, with very long lines (64612)
dropped
Chrome Cache Entry: 101
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (64612)
downloaded
Chrome Cache Entry: 103
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 104
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 102804
downloaded
Chrome Cache Entry: 105
HTML document, ASCII text, with very long lines (64259), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (456), with no line terminators
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 108
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 109
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 110
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
downloaded
Chrome Cache Entry: 111
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (45797)
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (23437), with CRLF line terminators
dropped
Chrome Cache Entry: 114
ASCII text, with very long lines (64616)
downloaded
Chrome Cache Entry: 115
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 40329
dropped
Chrome Cache Entry: 116
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 117
Unicode text, UTF-8 text, with very long lines (32009)
dropped
Chrome Cache Entry: 118
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 119
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 121
JSON data
dropped
Chrome Cache Entry: 122
ASCII text, with very long lines (45797)
dropped
Chrome Cache Entry: 123
ASCII text, with very long lines (456), with no line terminators
dropped
Chrome Cache Entry: 124
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 125
ASCII text, with very long lines (3757)
dropped
Chrome Cache Entry: 126
ASCII text, with very long lines (35238), with no line terminators
downloaded
Chrome Cache Entry: 127
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 128
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 129
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 130
ASCII text, with very long lines (61177)
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 132
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 133
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 134
Unicode text, UTF-8 text, with very long lines (32009)
downloaded
Chrome Cache Entry: 135
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 136
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 81
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
dropped
Chrome Cache Entry: 82
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 83
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 84
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 85
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 86
ASCII text, with very long lines (3757)
downloaded
Chrome Cache Entry: 87
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 88
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 102804
dropped
Chrome Cache Entry: 89
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (23437), with CRLF line terminators
downloaded
Chrome Cache Entry: 91
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 92
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 93
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 94
ASCII text, with very long lines (64616)
dropped
Chrome Cache Entry: 95
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 96
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 40329
downloaded
Chrome Cache Entry: 97
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 98
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (35238), with no line terminators
dropped
There are 48 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1996,i,10381072568455059411,1981868667104945956,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pcbuildsjax-my.sharepoint.com/:f:/p/ac/Eg2jLJJF1BFHuuCppZjY6=%20NkBf-6-6WBwAZaez182gRayxA?e=3DUtcUU4"

URLs

Name
IP
Malicious
https://pcbuildsjax-my.sharepoint.com/:f:/p/ac/Eg2jLJJF1BFHuuCppZjY6=%20NkBf-6-6WBwAZaez182gRayxA?e=3DUtcUU4
https://login.microsoftonline.com/67bd47fb-bbcf-4194-a6bf-fc4c5f03d48a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=FED22F97F024BBF64812DCF29DB7B6C9E0B4129396E3AD50%2DB8E588D7685B6B784807E10FFB50B6D7D114D37370218F1ED9217BB83225E3EC&redirect%5Furi=https%3A%2F%2Fpcbuildsjax%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=bba657a1%2Db0f4%2D6000%2Dba30%2Da0129268c6be&sso_reload=true
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg
152.199.21.175
https://pcbuildsjax-my.sharepoint.com/:f:/p/ac/Eg2jLJJF1BFHuuCppZjY6=%20NkBf-6-6WBwAZaez182gRayxA?e=3DUtcUU4
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
152.199.21.175
https://login.microsoftonline.com/67bd47fb-bbcf-4194-a6bf-fc4c5f03d48a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=FED22F97F024BBF64812DCF29DB7B6C9E0B4129396E3AD50%2DB8E588D7685B6B784807E10FFB50B6D7D114D37370218F1ED9217BB83225E3EC&redirect%5Furi=https%3A%2F%2Fpcbuildsjax%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=bba657a1%2Db0f4%2D6000%2Dba30%2Da0129268c6be
http://knockoutjs.com/
unknown
https://pcbuildsjax-my.sharepoint.com/ScriptResource.axd?d=vLmV5nwMB5_2J50VaFwgYH33eNY11f7h7LATTspMTDl6VGrFRnfZ_8FVoYOPubLdER5sEOkmMnyIlK_55112lJoSbj3WoeHlvqdLq8HSH3hcdWI1XeL4PW5K6YI-Qf5eTQTHf-MjNVTuSlmYrgRoomVS2dXaEK47yQsFGzlsdZsbcAEC54e3qlm2_g9vL82J0&t=7a0cc936
13.107.136.10
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
152.199.21.175
https://github.com/douglascrockford/JSON-js
unknown
https://login.windows-ppe.net
unknown
https://pcbuildsjax-my.sharepoint.com/_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG96
13.107.136.10
https://pcbuildsjax-my.sharepoint.com/_forms/default.aspx?ReturnUrl=%2fpersonal%2fac_pcbuildsjax_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fac%255Fpcbuildsjax%255Fcom&Source=cookie
13.107.136.10
https://pcbuildsjax-my.sharepoint.com/WebResource.axd?d=b5ZAgNylb-xSAlNvDQsPQJV3_Ec_lvbxJDXxiB1YwMKTIEIXmqgIiUc9GzjAU7oBxvR4-iXgc5OgNsRGnBDnSERKcBefTWRfFp6V-TurGkI1&t=638611486345608193
13.107.136.10
https://pcbuildsjax-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
13.107.136.10
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
152.199.21.175
https://login.microsoftonline.com
unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
152.199.21.175
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
152.199.21.175
http://www.opensource.org/licenses/mit-license.php)
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
152.199.21.175
https://pcbuildsjax-my.sharepoint.com/_layouts/15/1033/styles/corev15.css?rev=9gLUJDe4lA0tMx7r7OPYBg%3D%3DTAG96
13.107.136.10
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
152.199.21.175
https://pcbuildsjax-my.sharepoint.com/personal/ac_pcbuildsjax_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fac%5Fpcbuildsjax%5Fcom
13.107.136.10
https://pcbuildsjax-my.sharepoint.com/personal/ac_pcbuildsjax_com
13.107.136.10
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
152.199.21.175
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
152.199.21.175
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
152.199.21.175
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg
152.199.21.175
http://feross.org
unknown
https://pcbuildsjax-my.sharepoint.com/ScriptResource.axd?d=P82F-s2IetzVjl10E5jX_dahe5bfaJw4xYC9K8d3I2iJqP9HGgbGWW2ElFuXuDA52ZO2z9elgnoH6HD3MjVlcpLL_dM0dYci4372j5fGNZoCS9enHxL5qO_Vuu9XFTsY_8j8JMYpYvxZJoKYve4odbUyhERpoQkqoE_LG2TZUxg7t8e3JMIQuKaLPwe-YDjn0&t=7a0cc936
13.107.136.10
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_54b287bb6b3cdb3a7698.js
152.199.21.175
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
152.199.21.175
There are 22 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dual-spo-0005.spo-msedge.net
13.107.136.10
s-part-0036.t-0009.t-msedge.net
13.107.246.64
s-part-0017.t-0009.t-msedge.net
13.107.246.45
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
142.250.181.228
s-part-0032.t-0009.t-msedge.net
13.107.246.60
fp2e7a.wpc.phicdn.net
192.229.221.95
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
login.microsoftonline.com
unknown
pcbuildsjax-my.sharepoint.com
unknown
spo.nel.measure.office.net
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.64
s-part-0036.t-0009.t-msedge.net
United States
13.107.136.10
dual-spo-0005.spo-msedge.net
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
192.168.2.6
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.181.228
www.google.com
United States
152.199.21.175
sni1gl.wpc.omegacdn.net
United States

DOM / HTML

URL
Malicious
https://pcbuildsjax-my.sharepoint.com/:f:/p/ac/Eg2jLJJF1BFHuuCppZjY6=%20NkBf-6-6WBwAZaez182gRayxA?e=3DUtcUU4
https://pcbuildsjax-my.sharepoint.com/:f:/p/ac/Eg2jLJJF1BFHuuCppZjY6=%20NkBf-6-6WBwAZaez182gRayxA?e=3DUtcUU4
https://login.microsoftonline.com/67bd47fb-bbcf-4194-a6bf-fc4c5f03d48a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=FED22F97F024BBF64812DCF29DB7B6C9E0B4129396E3AD50%2DB8E588D7685B6B784807E10FFB50B6D7D114D37370218F1ED9217BB83225E3EC&redirect%5Furi=https%3A%2F%2Fpcbuildsjax%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=bba657a1%2Db0f4%2D6000%2Dba30%2Da0129268c6be
https://login.microsoftonline.com/67bd47fb-bbcf-4194-a6bf-fc4c5f03d48a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=FED22F97F024BBF64812DCF29DB7B6C9E0B4129396E3AD50%2DB8E588D7685B6B784807E10FFB50B6D7D114D37370218F1ED9217BB83225E3EC&redirect%5Furi=https%3A%2F%2Fpcbuildsjax%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=bba657a1%2Db0f4%2D6000%2Dba30%2Da0129268c6be&sso_reload=true
https://login.microsoftonline.com/67bd47fb-bbcf-4194-a6bf-fc4c5f03d48a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=FED22F97F024BBF64812DCF29DB7B6C9E0B4129396E3AD50%2DB8E588D7685B6B784807E10FFB50B6D7D114D37370218F1ED9217BB83225E3EC&redirect%5Furi=https%3A%2F%2Fpcbuildsjax%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=bba657a1%2Db0f4%2D6000%2Dba30%2Da0129268c6be&sso_reload=true
https://login.microsoftonline.com/67bd47fb-bbcf-4194-a6bf-fc4c5f03d48a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=FED22F97F024BBF64812DCF29DB7B6C9E0B4129396E3AD50%2DB8E588D7685B6B784807E10FFB50B6D7D114D37370218F1ED9217BB83225E3EC&redirect%5Furi=https%3A%2F%2Fpcbuildsjax%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=bba657a1%2Db0f4%2D6000%2Dba30%2Da0129268c6be&sso_reload=true