Windows Analysis Report
https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1

Overview

General Information

Sample URL:	https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1
Analysis ID:	1432273
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: https://teams.live.com/dl/launcher/attribution.txt

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.103.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.103.106
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /8DC65F1626550D3-1-1 HTTP/1.1Host: urlshortener.teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9lZxm4dKhGl2+5y&MD=6exllT7+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9lZxm4dKhGl2+5y&MD=6exllT7+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: urlshortener.teams.cloud.microsoft
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: teams.live.com
Source: global traffic	DNS traffic detected: DNS query: statics.teams.cdn.live.net

Source: chromecache_64.2.dr	String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: chromecache_64.2.dr	String found in binary or memory: http://underscorejs.org/
Source: chromecache_64.2.dr	String found in binary or memory: https://github.com/lodash/lodash
Source: chromecache_64.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_58.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net
Source: chromecache_58.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedcss-launcher/launcher.d6cd10b8b26b2130799c.css
Source: chromecache_58.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedjs-launcher/launcher.3c5b23498b3a051ad013.js
Source: chromecache_58.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedjs-launcher/polyfills.1f5a03d113c6ac7b91f5.js

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/23@12/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=2488,i,5596698943673808519,4703168147859055955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=2488,i,5596698943673808519,4703168147859055955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.189.132	www.google.com	United States	15169	GOOGLEUS	false
52.123.129.14	s-0005.dual-s-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.14

Contacted Domains

Name	IP	Active
www.google.com	142.250.189.132	true
s-0005.dual-s-msedge.net	52.123.129.14	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
urlshortener.teams.cloud.microsoft	unknown	unknown
statics.teams.cdn.live.net	unknown	unknown
teams.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1	false	unknown
https://teams.live.com/dl/launcher/launcher.html?url=%2F_%23%2Fl%2Fchat%2F19%3Auni01_hwqyajis52lhbwhhort3bchwjsah7ugopu6ankkekjxscrbwtaka%40thread.v2%2Fconversations%3FtenantId%3D9188040d-6c67-4c5b-b112-36a304b66dad%26launchAgent%3DES%26laEntry%3DMAE%26v%3DMAE5%26lm%3Ddeeplink%26lmsrc%3Demail%26emltid%3D6d58df1f-2a83-46df-9008-d8bdd89ec852%26linkpos%3D1%26emltype%3DNew_Activities_TFL%26linktype%3DNew_ChatActivity_TFL&type=chat&deeplinkId=2b273fac-8de0-4932-839e-a2f6bc23be94&directDl=true&msLaunch=true&enableMobilePage=true&suppressPrompt=true	false	high
https://teams.live.com/dl/launcher/attribution.txt	false	high

ID:	1432273
Product:	CloudBasic
Start time:	18:55:11
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 56	SVG Scalable Vector Graphics image	EE0F7622A71A597595C5A8FB2F89A097	0D9768FDBA8B1D89A6DBA27D5CECC27737BF5CDD	433388EFC4567EF14D3FED6F2DA976D457D43D09F6753E289C7FE544E0175281
Chrome Cache Entry: 57	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 58	HTML document, Unicode text, UTF-8 text, with very long lines (16913), with no line terminators	46E93971B624BC4B0C713273ED9BB517	3603950B7153E6315C7E99FDA0C9782A3DC63227	03E08B21D8B0C08CAB1F4BE55EF67AA02392AA44D159CBED2580BAED4DCB3033
Chrome Cache Entry: 59	SVG Scalable Vector Graphics image	570F11D9E530B70ED3FCC44B355C1D64	824EF8F872B2E7F86CF5AD2F6FFC6D2EE4018FDE	DCDA18533910157B38C266C465CE4E099C77DAC8F2DB94C21BEDE074A5A7583C
Chrome Cache Entry: 60	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 61	ASCII text, with very long lines (4212)	62624B374594C5B37AC2840166D36869	4F1ED0D897D0A729DB319A914DDC0607875C39C6	80270CC751ED1DE7959C538CD7032E811207AF63B73477A446865AA3870ED3F8
Chrome Cache Entry: 62	SVG Scalable Vector Graphics image	EE0F7622A71A597595C5A8FB2F89A097	0D9768FDBA8B1D89A6DBA27D5CECC27737BF5CDD	433388EFC4567EF14D3FED6F2DA976D457D43D09F6753E289C7FE544E0175281
Chrome Cache Entry: 63	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 64	ASCII text, with CRLF, LF line terminators	BAA8CDEDEF47FD3950E654413765C8E6	C618384521AA608E6E895DED423AA5974CEEDFB7	31534A922F42A7AE5672ED088270BA9BF07689774C375BC23A672614E86883BD
Chrome Cache Entry: 65	SVG Scalable Vector Graphics image	570F11D9E530B70ED3FCC44B355C1D64	824EF8F872B2E7F86CF5AD2F6FFC6D2EE4018FDE	DCDA18533910157B38C266C465CE4E099C77DAC8F2DB94C21BEDE074A5A7583C
Chrome Cache Entry: 66	ASCII text, with very long lines (65449)	1C620C053F64B1CC6580EB0976B03CF1	CE0F97846637599FDBA6C151FE37CF5B932DFCE0	DE1C3258200DE22E0EB2850183FBC4EA15A1E39C4C5D979B88015D4EEA549F3B
Chrome Cache Entry: 67	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 68	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 69	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 70	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D

Windows Analysis Report
https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://urlshortener.teams.cloud.microsoft/8DC65F1626550D3-1-1