Windows Analysis Report
https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y

Overview

General Information

Sample URL:	https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y
Analysis ID:	1428359

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Phishing site detected (based on OCR NLP Model)

Stores files to the Windows start menu directory

Classification

Signatures

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM: 0.2

ML Model on OCR Text: Matched 96.4% probability on "This link has been removed. Sorry, access to this document has been removed. Please contact the person who shared it with u. TECHNICAL DETAILS Troubleshoot issues with Microsoft SharePoint Foundation. Correlation da4c20a1-50d7-n)O-249c-4gc5be80a038 Date and Time: 4/18/2024 PM GO BACK TO SITE "

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.18:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.18:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.18:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.14:443 -> 192.168.2.18:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.18:49725 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: unknown

DNS traffic detected: queries for: amerityf-my.sharepoint.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.18:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.18:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.18:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.14:443 -> 192.168.2.18:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.18:49725 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@14/20@8/96

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1920,i,4758365181315914950,9757403865534054341,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1920,i,4758365181315914950,9757403865534054341,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.9.139	unknown	United States	15169	GOOGLEUS	false
142.250.9.84	unknown	United States	15169	GOOGLEUS	false
142.250.105.113	unknown	United States	15169	GOOGLEUS	false
172.217.215.94	unknown	United States	15169	GOOGLEUS	false
142.251.15.147	www.google.com	United States	15169	GOOGLEUS	false
23.45.235.184	unknown	United States	20940	AKAMAI-ASN1EU	false
23.223.31.204	unknown	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.18

Contacted Domains

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
www.google.com	142.251.15.147	true
amerityf-my.sharepoint.com	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y	false		unknown

ID:	1428359
Product:	CloudBasic
Start time:	21:12:58
Start date:	18.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:13:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	19FE4D0F8D619627B7BFFC859884732B	9FD69D2393201368374D4075700B856621524039	0141C729C6B48EF3F605D714A46549BB9DAAB7C4C903952C0CADCF3E5F352C5D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:13:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	13303159AE1DBFCBB84FFDE01C59784D	5C0E1BE3337685FDC329043C5D6EB798A999A876	8D8BC3661ECB26337E73042861278DD4194B001247E26DCB54C08D4864FB71B7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	3F26E53BBD91F874FC0594BB85C3B379	113A1711E937D0F2E8264244D8DCB412643E4509	E0126C1460278A92425F2A90D335D956D377AC8F06055806B2F4A7D0348AAD4D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:13:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	A852ABE251F7CCE0FC1DD15DC15817FE	35BDF2B98E0680FA1D491862FEFA422C00E8E8C1	7C5548408B1AC15D2C61ED762457E12F4DCCFB15CEE71A8D70DAD9DF63354125
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:13:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	41D432EDE3A57842D2D8B4C80BFCC9E9	ED451BDBF60163806C750B82E181685B0AC1E796	A52DFD0F7BF67F168223BB845731A26A204887CCD9CA5FE00162A7BAA940AF16
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:13:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	517A3BD259F58DE479A633F3E3EF9378	19F7B110BC1F7AAF0A697E28CB95F7A75F027BFA	E7DA68AE1F796D06E60C6D7BA9BAA7EFFE86649D3F1BFC20D9F46FA69DAF39C4
Chrome Cache Entry: 74	ASCII text, with very long lines (35238), with no line terminators	C637DE6889D81964119BA1FD124E2454	5DB2B1681BE6FF9A7B26E269CD80D817D41A01BE	18E8366C8C5590C3D056BA6CA9691B7471D6970EE00D0E22A4B68E517B54F087
Chrome Cache Entry: 75	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	0B60F3C9E4DA6E807E808DA7360F24F2	9AFC7ABB910DE855EFB426206E547574A1E074B7	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
Chrome Cache Entry: 76	HTML document, ASCII text, with very long lines (64255), with CRLF, LF line terminators	E348B9DA046794B39C4E0B419A8A6B76	B0633F6579FB30C1290AAE282860B56939943787	F4B3FC9251F35A1A9238A6F4A7F6098CF0C67BBA9EB2A78B37E1BA01A52510E3
Chrome Cache Entry: 77	ASCII text, with very long lines (23437), with CRLF line terminators	964FCB2BAF87049DC68975291AE89431	D0CD8C989D44BC531472B632868D3FB2DE4B3184	B8F7BD568E379502CF0C00027581D2761C7DC14B166F5D25FC048A0B56B7BFBB
Chrome Cache Entry: 78	ASCII text, with CRLF line terminators	77D1F7B68F8F6B2764896B1CA8DD2625	029DB673E5079D061FAF65C929E62381A2997112	6A8AA4FE96A0E0846655C2977C533F9AFABC9F8B02E6F4643244CD417D28263C
Chrome Cache Entry: 79	ASCII text, with very long lines (65536), with no line terminators	2DE2482829622DE740DB42E04CBCD047	2A88D65A01BDA232B97B24163F66BA7F90A63386	947D9E7117E8528021EC98FBBD6FE75A4D393A699DFFFFB3A2803EAE42845CEB
Chrome Cache Entry: 80	ASCII text, with very long lines (456), with no line terminators	812A51FE4BCC81F7290964637A165DC7	F798FF78C093C431C8069139A4137EF99482456C	FB516CFAA70B446C3DFE6125EEBE06462DC4C28FC471F8EBBA4AFEC1716632C4
Chrome Cache Entry: 81	ASCII text, with very long lines (2015), with no line terminators	1B66CA2166BF0326317487587F36DBD6	6080EB6E5B7160E7975665946C884B024809817E	163B9570B694A788FC732A44F6665138638D35F755DFC8A397B30A95ECFFDEAC
Chrome Cache Entry: 82	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 40329	027A7D52E1CEED8AEF7DC13505B81D36	33CF0BCE6A4C8B44B4A80B3116C978C12EE93FD0	29061464FB6FCE2326B952EACAA95C3C6183BFEA74C3851390E9838720D372A6
Chrome Cache Entry: 83	ASCII text, with very long lines (65536), with no line terminators	A2E6B0DBB425AF181D51BDE75DFE31B7	1F3DC7D98ADF930101F4A50DA6159DBE26C813A3	CC22978657C015FFDB2A15F584CA14BBCFB25B6075F809E04FB9B9B23382A244
Chrome Cache Entry: 84	ASCII text, with CRLF line terminators	B45EDFC9FCDB690CCDA004A8483955E0	BAEDF73329EABB32504CAC640538EE3B6B31819F	E817BF53005172205995AA07E0021BD8254A0204A1177E925F365E838C32D069
Chrome Cache Entry: 85	ASCII text, with very long lines (65536), with no line terminators	14075DE0975BC94F1D20DD49119A86CA	45E94A68D971A065B7EA12F4693AAA1090609252	503593AD87367F233322D3DC9DB7007B3C8940E078D99C42D154A2BBF273EDBC
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 102804	B62553925BD98826C60457D2EB6B9A46	84DBBB6D9B36A587C21B5A56B1D9E587E33BA943	C58166FE4DF4BA8F25A960C21451EAF841D97F6F552F104E43431C9DB1C2E2CC
Chrome Cache Entry: 87	ASCII text, with CRLF line terminators	90EA7274F19755002360945D54C2A0D7	647B5D8BF7D119A2C97895363A07A0C6EB8CD284	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB

Windows Analysis Report
https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://amerityf-my.sharepoint.com/:b:/p/jhunt/EWzTxvMAy2lPir_gLAR19iYBvGdNkLwE7QF2aBj-4KhsVA?e=E1OL4y