IOC Report
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071
downloaded
Chrome Cache Entry: 101
PNG image data, 62 x 62, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 102
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 103
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 104
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084
downloaded
Chrome Cache Entry: 105
data
downloaded
Chrome Cache Entry: 106
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657
downloaded
Chrome Cache Entry: 69
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
downloaded
Chrome Cache Entry: 70
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (649)
downloaded
Chrome Cache Entry: 72
ASCII text, with very long lines (45563)
downloaded
Chrome Cache Entry: 73
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15708
downloaded
Chrome Cache Entry: 74
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 75
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
downloaded
Chrome Cache Entry: 76
ASCII text, with very long lines (27214), with no line terminators
downloaded
Chrome Cache Entry: 77
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 78
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227
downloaded
Chrome Cache Entry: 79
PNG image data, 280 x 60, 8-bit/color RGBA, interlaced
downloaded
Chrome Cache Entry: 80
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 81
ASCII text
downloaded
Chrome Cache Entry: 82
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 83
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
dropped
Chrome Cache Entry: 84
PNG image data, 280 x 60, 8-bit/color RGBA, interlaced
dropped
Chrome Cache Entry: 85
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 86
JSON data
dropped
Chrome Cache Entry: 87
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 88
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759
downloaded
Chrome Cache Entry: 89
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 90
ASCII text, with very long lines (32031)
downloaded
Chrome Cache Entry: 91
JSON data
dropped
Chrome Cache Entry: 92
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3
dropped
Chrome Cache Entry: 93
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 94
Web Open Font Format (Version 2), TrueType, length 34052, version 0.0
downloaded
Chrome Cache Entry: 95
JSON data
downloaded
Chrome Cache Entry: 96
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (1482)
downloaded
Chrome Cache Entry: 98
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 99
PNG image data, 62 x 62, 8-bit/color RGBA, non-interlaced
downloaded
There are 29 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2012,i,13689327843227247037,18124641368038824989,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085"

URLs

Name
IP
Malicious
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
malicious
https://aadcdn.msauthimages.net/dbd5a2dd-avjm7q6yockj6clgtqda-xdwc1ruzzsfyrzf0zk25ek/logintenantbranding/0/illustration?ts=636565365803385104
152.195.19.97
https://github.com/handlebars-lang/allow-prototype-access
unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/warning.png
13.107.246.41
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6
13.107.246.41
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/lodash-core.min.js
13.107.246.41
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/translate.js
13.107.246.41
https://login.microsoftonline.com
unknown
http://www.opensource.org/licenses/mit-license.php)
unknown
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy
unknown
https://mcasproxy.cdn.mcas.ms/i18n/0.274.5/proxyweb/en_us.json
13.107.246.41
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/handlebars.min.js
13.107.246.41
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js
13.107.246.41
http://knockoutjs.com/
unknown
https://formatjs.io/handlebars/
unknown
https://aadcdn.msauthimages.net/dbd5a2dd-avjm7q6yockj6clgtqda-xdwc1ruzzsfyrzf0zk25ek/logintenantbranding/0/bannerlogo?ts=637617112422502334
152.195.19.97
https://github.com/douglascrockford/JSON-js
unknown
https://login.windows-ppe.net
unknown
https://github.com/angular-translate/angular-translate/blob/master/src/service/translate.js
unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js
13.107.246.41
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/continue.png
13.107.246.41
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
152.199.4.44
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6
13.107.246.41
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mcas-proxyweb.mcas.ms
unknown
 malicious
part-0013.t-0009.t-msedge.net
13.107.246.41
apc01.safelinks.protection.outlook.com
104.47.110.28
cs1100.wpc.omegacdn.net
152.199.4.44
sni1gl.wpc.upsiloncdn.net
152.195.19.97
www.google.com
192.178.50.36
fp2e7a.wpc.phicdn.net
192.229.211.108
autologon.microsoftazuread-sso.com
40.126.28.14
account.activedirectory.windowsazure.com
unknown
aadcdn.msauthimages.net
unknown
c.s-microsoft.com
unknown
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
mcasproxy.cdn.mcas.ms
unknown
login.microsoftonline.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.178.50.36
www.google.com
United States
104.47.110.28
apc01.safelinks.protection.outlook.com
United States
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
152.199.4.44
cs1100.wpc.omegacdn.net
United States
152.195.19.97
sni1gl.wpc.upsiloncdn.net
United States
192.168.2.4
unknown
unknown
239.255.255.250
unknown
Reserved
13.107.213.41
unknown
United States

DOM / HTML

URL
Malicious
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
https://login.microsoftonline.com/258ac4e4-146a-411e-9dc8-79a9e12fd6da/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=L-dkjBZahopAZr0ySy1WWvGFT_GPGCmPjGwvjuX7M3Y&code_challenge_method=S256&response_mode=form_post&nonce=638496979481455478.YjU1ODBlM2QtOTg0ZS00MGM1LThiMDItOTIxNjBlOGM4ZmQxMTE3ODMzNDQtYTYyMy00OTVhLThhMTItZTU1YzAyNWM1YmQz&client_info=1&x-client-brkrver=IDWeb.2.17.1.0&client-request-id=8ac8d9fc-957a-44a1-89ce-df1ddb0b3f62&state=CfDJ8Jf7XhjzbihDvpJPccI4CQkLRdwmnKeCMRTL__Ae-6mIrzP9tY-ORjL_yY_8olE3xW9pjMHEji64ETVI2y4jdJ1SmOqWL0ZexoA33xE1Fq227vtBjQnyMame2ePfeW4f3YjCFnZ2nCrSVOF4HFLJUEmKaMxZysgo2QqCk-SiDBwtRvX-4RQ52WXqoEXn1iKpEZPXLhP2khPLMslkRaksElre0IBuegKQ6YEylTQ_9__1AHpHiEQSfJKklFBTb1ryznp5i3EyXTaTzKHgkM2jr_K8sHDjDgHgvu1nsIvDqKyZK7CQaKQJ4oznhZchWS5ygGEULUXyrZFt2Gpjzg_sT0g1W9hjydWIn2PLD_uM6fYLC2UxJLVeIGbO5LX0-F6FYt1-_r-WxFBBobjnPez2Q99Qcr
https://login.microsoftonline.com/258ac4e4-146a-411e-9dc8-79a9e12fd6da/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=L-dkjBZahopAZr0ySy1WWvGFT_GPGCmPjGwvjuX7M3Y&code_challenge_method=S256&response_mode=form_post&nonce=638496979481455478.YjU1ODBlM2QtOTg0ZS00MGM1LThiMDItOTIxNjBlOGM4ZmQxMTE3ODMzNDQtYTYyMy00OTVhLThhMTItZTU1YzAyNWM1YmQz&client_info=1&x-client-brkrver=IDWeb.2.17.1.0&client-request-id=8ac8d9fc-957a-44a1-89ce-df1ddb0b3f62&state=CfDJ8Jf7XhjzbihDvpJPccI4CQkLRdwmnKeCMRTL__Ae-6mIrzP9tY-ORjL_yY_8olE3xW9pjMHEji64ETVI2y4jdJ1SmOqWL0ZexoA33xE1Fq227vtBjQnyMame2ePfeW4f3YjCFnZ2nCrSVOF4HFLJUEmKaMxZysgo2QqCk-SiDBwtRvX-4RQ52WXqoEXn1iKpEZPXLhP2khPLMslkRaksElre0IBuegKQ6YEylTQ_9__1AHpHiEQSfJKklFBTb1ryznp5i3EyXTaTzKHgkM2jr_K8sHDjDgHgvu1nsIvDqKyZK7CQaKQJ4oznhZchWS5ygGEULUXyrZFt2Gpjzg_sT0g1W9hjydWIn2PLD_uM6fYLC2UxJLVeIGbO5LX0-F6FYt1-_r-WxFBBobjnPez2Q99Qcr
https://login.microsoftonline.com/258ac4e4-146a-411e-9dc8-79a9e12fd6da/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=L-dkjBZahopAZr0ySy1WWvGFT_GPGCmPjGwvjuX7M3Y&code_challenge_method=S256&response_mode=form_post&nonce=638496979481455478.YjU1ODBlM2QtOTg0ZS00MGM1LThiMDItOTIxNjBlOGM4ZmQxMTE3ODMzNDQtYTYyMy00OTVhLThhMTItZTU1YzAyNWM1YmQz&client_info=1&x-client-brkrver=IDWeb.2.17.1.0&client-request-id=8ac8d9fc-957a-44a1-89ce-df1ddb0b3f62&state=CfDJ8Jf7XhjzbihDvpJPccI4CQkLRdwmnKeCMRTL__Ae-6mIrzP9tY-ORjL_yY_8olE3xW9pjMHEji64ETVI2y4jdJ1SmOqWL0ZexoA33xE1Fq227vtBjQnyMame2ePfeW4f3YjCFnZ2nCrSVOF4HFLJUEmKaMxZysgo2QqCk-SiDBwtRvX-4RQ52WXqoEXn1iKpEZPXLhP2khPLMslkRaksElre0IBuegKQ6YEylTQ_9__1AHpHiEQSfJKklFBTb1ryznp5i3EyXTaTzKHgkM2jr_K8sHDjDgHgvu1nsIvDqKyZK7CQaKQJ4oznhZchWS5ygGEULUXyrZFt2Gpjzg_sT0g1W9hjydWIn2PLD_uM6fYLC2UxJLVeIGbO5LX0-F6FYt1-_r-WxFBBobjnPez2Q99Qcr