Windows Analysis Report
https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub

Overview

General Information

Sample URL:	https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZ
Analysis ID:	1428617
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

Phishing site detected (based on OCR NLP Model)

Submit button contains javascript call

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_64, type: DROPPED

HTML body contains low number of good links

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Sharing Link Validation does not match URL

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM: 0.0	ML Model on OCR Text: Matched 95.2% probability on "SharePoint Microsoft Verify Your Identity You've received a secure link to: novobanco_Guia de Utilizaqo do Campus_Pasta Partilhada To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Next By clicking Next you allow JLL to use your email address in accordance with their privacy statement. 2017 Microsoft Privacy & Cookies "
Source: Chrome DOM: 0.1	ML Model on OCR Text: Matched 97.0% probability on "SharePoint Microsoft Verify Your Identity You've received a secure link to: novobanco_Guia de Utilizaqo do Campus_Pasta Partilhada To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Your email address is required Next By clicking Next you allow JLL to use your email address in accordance with their privacy statement. 2017 Microsoft Privacy & Cookies "

Submit button contains javascript call

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="author".. found
Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="author".. found

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="copyright".. found
Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=ycHivovJo1IuKk-tzRJ8ufQQ-iuwfP1ezGTy8BG_qsbyQ7m85kJF662PJDnxcTalLQpQhNNol9FH5EXa_s1HUh_x-MhZGY8UowqnTM8hA1w1&t=638449966421100877 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=dSOB5QLW4iDr5SkrwcwcbHnQzJ6q2z4iZGg9UM7Gd6n5LEQmqo_pdgO7Hn-2VwenIzSKVhLbd1eYR0JBwuZEO_Sx2kCmsu-sDB-NQJepVGWgysvVvGhtPKwXQuwZlD9XGtQkgoXLVXOylnwHkYKZhTGy_Kntf7Hs4kS5ZvStdOw1&t=fffffffff37b5a97 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=67ZbPPrvp9FatQKPpo_wd8dEBfrpVfEkOuEw6CarcEOY8j3-e-HU8qAHqD-vPnyVfbyDTrlBFzUyRDdMpJOwjO2qcHnX542t84-lzGr60bAXhIRNrts52JcSMQ938UvPDTAKYPVayGDBXAYb6KNrQxhjZaFClWDAhtW9eJzMEbvAAP1NnDdHVU3nVMvcWoEI0&t=722fe453 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=r4BQmYn_Fo39zB3ho7PLjifUHBAA8DUHJmV1req5BQ37v_OeYKDPejvq2zkH9GxyxW2JAEQ_TewPv31vItS4rQ0l2BiIIL8xtY8RWhM72w6nK5MmhaXVocTRR3KXCn_5JeuO6Ck0Gh7zCDwGcxnAeqnmneguE-7YqpZcWGXHJWvcUdU2qJv5GwtwndFSfi0t0&t=722fe453 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: jll2.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: jll2.sharepoint.com

Source: chromecache_65.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_64.2.dr	String found in binary or memory: https://jll2.sharepoint.com/teams/WorkplaceStrategy274/_layouts/15/images/folder.png
Source: chromecache_66.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_64.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_64.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.24803.12007/require.js
Source: chromecache_64.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.013/
Source: chromecache_64.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-04-05.013/
Source: chromecache_64.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_64.2.dr	String found in binary or memory: https://www.jll.com/privacy-statement

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/24@10/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,2649959660875642474,11769306728732929291,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,2649959660875642474,11769306728732929291,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.15.106	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
dual-spo-0005.spo-msedge.net	13.107.136.10	true
www.google.com	142.251.15.106	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
jll2.sharepoint.com	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://jll2.sharepoint.com/ScriptResource.axd?d=dSOB5QLW4iDr5SkrwcwcbHnQzJ6q2z4iZGg9UM7Gd6n5LEQmqo_pdgO7Hn-2VwenIzSKVhLbd1eYR0JBwuZEO_Sx2kCmsu-sDB-NQJepVGWgysvVvGhtPKwXQuwZlD9XGtQkgoXLVXOylnwHkYKZhTGy_Kntf7Hs4kS5ZvStdOw1&t=fffffffff37b5a97	false	unknown
https://jll2.sharepoint.com/ScriptResource.axd?d=67ZbPPrvp9FatQKPpo_wd8dEBfrpVfEkOuEw6CarcEOY8j3-e-HU8qAHqD-vPnyVfbyDTrlBFzUyRDdMpJOwjO2qcHnX542t84-lzGr60bAXhIRNrts52JcSMQ938UvPDTAKYPVayGDBXAYb6KNrQxhjZaFClWDAhtW9eJzMEbvAAP1NnDdHVU3nVMvcWoEI0&t=722fe453	false	unknown
https://jll2.sharepoint.com/_layouts/15/images/microsoft-logo.png	false	unknown
https://jll2.sharepoint.com/ScriptResource.axd?d=r4BQmYn_Fo39zB3ho7PLjifUHBAA8DUHJmV1req5BQ37v_OeYKDPejvq2zkH9GxyxW2JAEQ_TewPv31vItS4rQ0l2BiIIL8xtY8RWhM72w6nK5MmhaXVocTRR3KXCn_5JeuO6Ck0Gh7zCDwGcxnAeqnmneguE-7YqpZcWGXHJWvcUdU2qJv5GwtwndFSfi0t0&t=722fe453	false	unknown
https://jll2.sharepoint.com/WebResource.axd?d=ycHivovJo1IuKk-tzRJ8ufQQ-iuwfP1ezGTy8BG_qsbyQ7m85kJF662PJDnxcTalLQpQhNNol9FH5EXa_s1HUh_x-MhZGY8UowqnTM8hA1w1&t=638449966421100877	false	unknown
https://jll2.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 54	ASCII text, with CRLF line terminators	B3D7A123BE5203A1A3F0F10233ED373F	F4C61F321D8F79A805B356C6EC94090C0D96215C	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
Chrome Cache Entry: 55	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced	EF884BDEDEF280DF97A4C5604058D8DB	6F04244B51AD2409659E267D308B97E09CE9062B	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
Chrome Cache Entry: 56	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	0B60F3C9E4DA6E807E808DA7360F24F2	9AFC7ABB910DE855EFB426206E547574A1E074B7	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
Chrome Cache Entry: 57	ASCII text, with no line terminators	858372DD32511CB4DD08E48A93B4F175	CE4555B7B2EFBBD644D8E34CF3453A0E8CAA3C43	3D18F3E1469C83D62CF3A39BA93F8EAA5B22447FE630E59F39DC1B7747635359
Chrome Cache Entry: 58	ASCII text, with very long lines (39257), with CRLF line terminators	DA9DC1C32E89C02FC1E9EEB7E5AAB91E	3EFB110EFA6068CE6B586A67F87DA5125310BC30	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
Chrome Cache Entry: 59	XML 1.0 document, Unicode text, UTF-8 (with BOM) text	BD299B72C86CEA5E99BC4D020CFF3197	4D99854ED6A4EC97E7EC1442A8DDBBA2A77F3CE1	5A73490AB05EDD4F8AF070EB5F06C9E31DD008A7CD24B00D35B6078B928F6B56
Chrome Cache Entry: 60	ASCII text, with very long lines (65329), with CRLF line terminators	C89EAA5B28DF1E17376BE71D71649173	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
Chrome Cache Entry: 61	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	0B60F3C9E4DA6E807E808DA7360F24F2	9AFC7ABB910DE855EFB426206E547574A1E074B7	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
Chrome Cache Entry: 62	ASCII text, with CRLF line terminators	90EA7274F19755002360945D54C2A0D7	647B5D8BF7D119A2C97895363A07A0C6EB8CD284	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
Chrome Cache Entry: 63	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced	EF884BDEDEF280DF97A4C5604058D8DB	6F04244B51AD2409659E267D308B97E09CE9062B	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
Chrome Cache Entry: 64	HTML document, Unicode text, UTF-8 text, with very long lines (30522), with CRLF, LF line terminators	7B568DAF40C498F6E995D0D82914A1D2	CAE5B567E5B8A7A1813D0C0376095FFE97D1AC0B	A251C509460467D26F621713D8EDA9AA86495E689594D4F14F26457C1789EA59
Chrome Cache Entry: 65	ASCII text, with very long lines (17444)	6EFDDF589864D2E146A55C01C6764A35	EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F	2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
Chrome Cache Entry: 66	ASCII text, with very long lines (37295)	BB2EBF3A9D1A622C2C7042EDE3A58D78	56D9D66C1D40DED3CF25413568FD2D9830D0F06A	43196D3655BF9DBD434ACECB73E79D7D05015A0CF36A2D36AD7F120BF6514A21

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_64, type: DROPPED

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Sharing Link Validation does not match URL

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM: 0.0	ML Model on OCR Text: Matched 95.2% probability on "SharePoint Microsoft Verify Your Identity You've received a secure link to: novobanco_Guia de Utilizaqo do Campus_Pasta Partilhada To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Next By clicking Next you allow JLL to use your email address in accordance with their privacy statement. 2017 Microsoft Privacy & Cookies "
Source: Chrome DOM: 0.1	ML Model on OCR Text: Matched 97.0% probability on "SharePoint Microsoft Verify Your Identity You've received a secure link to: novobanco_Guia de Utilizaqo do Campus_Pasta Partilhada To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Your email address is required Next By clicking Next you allow JLL to use your email address in accordance with their privacy statement. 2017 Microsoft Privacy & Cookies "

Submit button contains javascript call

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="author".. found
Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="author".. found

Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="copyright".. found
Source: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.81
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=ycHivovJo1IuKk-tzRJ8ufQQ-iuwfP1ezGTy8BG_qsbyQ7m85kJF662PJDnxcTalLQpQhNNol9FH5EXa_s1HUh_x-MhZGY8UowqnTM8hA1w1&t=638449966421100877 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=dSOB5QLW4iDr5SkrwcwcbHnQzJ6q2z4iZGg9UM7Gd6n5LEQmqo_pdgO7Hn-2VwenIzSKVhLbd1eYR0JBwuZEO_Sx2kCmsu-sDB-NQJepVGWgysvVvGhtPKwXQuwZlD9XGtQkgoXLVXOylnwHkYKZhTGy_Kntf7Hs4kS5ZvStdOw1&t=fffffffff37b5a97 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=67ZbPPrvp9FatQKPpo_wd8dEBfrpVfEkOuEw6CarcEOY8j3-e-HU8qAHqD-vPnyVfbyDTrlBFzUyRDdMpJOwjO2qcHnX542t84-lzGr60bAXhIRNrts52JcSMQ938UvPDTAKYPVayGDBXAYb6KNrQxhjZaFClWDAhtW9eJzMEbvAAP1NnDdHVU3nVMvcWoEI0&t=722fe453 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=r4BQmYn_Fo39zB3ho7PLjifUHBAA8DUHJmV1req5BQ37v_OeYKDPejvq2zkH9GxyxW2JAEQ_TewPv31vItS4rQ0l2BiIIL8xtY8RWhM72w6nK5MmhaXVocTRR3KXCn_5JeuO6Ck0Gh7zCDwGcxnAeqnmneguE-7YqpZcWGXHJWvcUdU2qJv5GwtwndFSfi0t0&t=722fe453 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: jll2.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: jll2.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: jll2.sharepoint.com

Source: chromecache_65.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_64.2.dr	String found in binary or memory: https://jll2.sharepoint.com/teams/WorkplaceStrategy274/_layouts/15/images/folder.png
Source: chromecache_66.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_64.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_64.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.24803.12007/require.js
Source: chromecache_64.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.013/
Source: chromecache_64.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-04-05.013/
Source: chromecache_64.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_64.2.dr	String found in binary or memory: https://www.jll.com/privacy-statement

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/24@10/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,2649959660875642474,11769306728732929291,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,2649959660875642474,11769306728732929291,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1428617
Product:	CloudBasic
Start time:	10:22:06
Start date:	19.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs