Windows
Analysis Report
https://outlook.office365.com/owa/?viewmodel=ReadMessageItem&InternetMessageID=%3cSA1PR13MB4829DA31B32981E27A9F8EB4FC1A2%40SA1PR13MB4829.namprd13.prod.outlook.com%3e
Overview
General Information
Detection
Score: | 22 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 4308 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// outlook.of fice365.co m/owa/?vie wmodel=Rea dMessageIt em&Interne tMessageID =%3cSA1PR1 3MB4829DA3 1B32981E27 A9F8EB4FC1 A2%40SA1PR 13MB4829.n amprd13.pr od.outlook .com%3e MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6268 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2164 --fi eld-trial- handle=195 6,i,136256 6773216312 6822,25950 1467284429 6469,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
Phishing |
---|
Source: | LLM: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Drive-by Compromise | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
EAT-efz.ms-acdc.office.com | 52.96.119.98 | true | false | high | |
cs1100.wpc.omegacdn.net | 152.199.4.44 | true | false | unknown | |
www.google.com | 142.251.215.228 | true | false | high | |
part-0042.t-0009.t-msedge.net | 13.107.246.70 | true | false | unknown | |
identity.nel.measure.office.net | unknown | unknown | false | high | |
r4.res.office365.com | unknown | unknown | false | high | |
aadcdn.msftauth.net | unknown | unknown | false | unknown | |
login.microsoftonline.com | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.99.84 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
142.251.33.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.217.67 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.217.99 | unknown | United States | 15169 | GOOGLEUS | false | |
172.217.14.202 | unknown | United States | 15169 | GOOGLEUS | false | |
20.190.190.193 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.42.65.91 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.211.238 | unknown | United States | 15169 | GOOGLEUS | false | |
152.199.4.44 | cs1100.wpc.omegacdn.net | United States | 15133 | EDGECASTUS | false | |
52.96.121.34 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
23.53.122.211 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
13.107.246.70 | part-0042.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
13.78.111.199 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.215.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
23.216.145.6 | unknown | United States | 7016 | CCCH-3US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
23.55.168.8 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
20.190.151.134 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.190.151.132 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.96.119.98 | EAT-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.16 |
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438536 |
Start date and time: | 2024-05-08 20:26:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://outlook.office365.com/owa/?viewmodel=ReadMessageItem&InternetMessageID=%3cSA1PR13MB4829DA31B32981E27A9F8EB4FC1A2%40SA1PR13MB4829.namprd13.prod.outlook.com%3e |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus22.phis.win@16/21@24/192 |
- Exclude process from analysis (whitelisted): svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.217.99, 142.251.211.238, 142.250.99.84, 20.190.190.193, 40.126.62.129, 40.126.62.130, 20.190.190.196, 20.190.190.129, 40.126.62.131, 20.190.190.132, 20.190.190.195, 34.104.35.123, 23.55.168.8, 23.55.168.75, 20.190.151.132, 20.190.151.134, 20.190.151.7, 20.190.151.69, 20.190.151.131, 20.190.151.133, 20.190.151.70, 20.190.151.9, 23.216.145.6, 23.216.145.8, 23.216.145.17, 172.217.14.202, 142.250.217.74, 142.250.217.106, 142.251.33.106, 142.251.215.234, 142.251.33.74, 142.251.211.234, 142.250.69.202, 172.217.14.234
- Excluded domains from analysis (whitelisted): e40491.dscg.akamaiedge.net, prdv4a.aadg.msidentity.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.ak.prd.aadg.akadns.net, www.tm.v4.a.prd.aadg.akadns.net, clientservices.googleapis.com, aadcdn.msauth.net, ak.privatelink.msidentity.com, a1894.dscb.akamai.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, clients2.google.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, login.live.com, aadcdnoriginwus2.afd.azureedge.net, login.mso.msidentity.com, clients.l.google.com, r4.res.office365.com.edgekey.net, www.tm.lg.prod.aadmsa.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://outlook.office365.com/owa/?viewmodel=ReadMessageItem&InternetMessageID=%3cSA1PR13MB4829DA31B32981E27A9F8EB4FC1A2%40SA1PR13MB4829.namprd13.prod.outlook.com%3e
Input | Output |
---|---|
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | { "riskscore": 1, "reasons": "The JavaScript code provided appears to be configuration data for a login page and does not contain any malicious code. The URL provided is for a login page on the microsoftonline.com domain, which is a legitimate domain owned by Microsoft. However, I cannot guarantee the safety of the page as it is possible for a phishing site to use a legitimate domain in its URL. It is recommended to double-check the URL and verify the SSL certificate before entering any sensitive information." }" |
//<![CDATA[ $Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://outlook.office365.com/owa/","urlMsaLogout":"https://login.live.com/logout.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com","urlOtherIdpForget":"https://login.live.com/forgetme.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://outlook.office365.com/owa/?idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~Greece~30!!!GL~Greenland~299!!!GD~Grenada~1!!!GP~Guadeloupe~590!!!GU~Guam~1!!!GT~Guatemala~502!!!GG~Guernsey~44!!!GN~Guinea~224!!!GW~Guinea-Bissau~245!!!GY~Guyana~592!!!HT~Haiti~509!!!HN~Honduras~504!!!HK~Hong Kong SAR~852!!!HU~Hungary~36!!!IS~Iceland~354!!!IN~India~91!!!ID~Indonesia~62!!!IR~Iran~98!!!IQ~Iraq~964!!!IE~Ireland~353!!!IM~Isle of Man~44!!!IL~Israel~972!!!IT~Italy~39!!!JM~Jamaica~1!!!JP~Japan~81!!!JE~Jersey~44!!!JO~Jordan~962!!!KZ~Kazakhstan~7!!!KE~Kenya~254!!!KI~Kiribati~686!!!KR~Korea~82!!!KW~Kuwait~965!!!KG~Kyrgyzstan~996!!!LA~Laos~856!!!LV~Latvia~371!!!LB~Lebanon~961!!!LS~Lesotho~266!!!LR~Liberia~231!!!LY~Libya~218!!!LI~Liechtenstein~423!!!LT~Lithuania~370!!!LU~Luxembourg~352!!!MO~Macao SAR~853!!!MG~Madagascar~261!!!MW~Malawi~265!!!MY~Malaysia~60!!!MV~Maldives~960!!!ML~Mali~223!!!MT~Malta~356!!!MH~Marshall Islands~692!!!MQ~Martinique~596!!!MR~Mauritania~222!!!MU~Mauritius~230!!!YT~Mayotte~262!!!MX~Mexico~52!!!FM~Micronesia~691!!!MD~Moldova~373!!!MC~Monaco~377!!!MN~Mongolia~976!!!ME~Montenegro~382!!!MS~Montserrat~1!!!MA~Morocco~212!!!MZ~Mozambique~258!!!MM~Myanmar~95!!!NA~Namibia~264!!!NR~Nauru~674!!!NP~Nepal~977!!!NL~Netherlands~31!!!NC~New Caledonia~687!!!NZ~New Zealand~64!!!NI~Nicaragua~505!!!NE~Niger~227!!!NG~Nigeria~234!!!NU~Niue~683!!!NF~Norfolk Island~672!!!KP~North Korea~850!!!MK~North Macedonia~389!!!MP~Northern Mariana Islands~1!!!NO~Norway~47!!!OM~Oman~968!!!PK~Pakistan~92!!!PW~Palau~680!!!PS~Palestinian Authority~970!!!PA~Panama~507!!!PG~Papua New Guinea~675!!!PY~Paraguay~595!!!PE~Peru~51!!!PH~Philippines~63!!!PL~Poland~48!!!PT~Portugal~351!!!PR~Puerto Rico~1!!!QA~Qatar~974!!!RE~Runion~262!!!RO~Romania~40!!!RU~Russia~7!!!RW~Rwanda~250!!!BL~Saint Barthlemy~590!!!KN~Saint Kitts and Nevis~1!!!LC~Saint Lucia~1!!!MF~Saint Martin~590!!!PM~Saint Pierre and Miquelon~508!!!VC~Saint Vincent and the Grenadines~1!!!WS~Samoa~685!!!SM~San Marino~378!!!ST~So Tom and Prncipe~239!!!SA~Saudi Arabia~966!!!SN~Senegal~221!!!RS~Serbia~381!!!SC~Seychelles~248!!!SL~Sierra Leone~232!!!SG~Singapore~65!!!SX~Sint Maarten~1!!!SK~Slovakia~421!!!SI~Slovenia~386!!!SB~Solomon Islands~677!!!SO~Somalia~252!!!ZA~South Africa~27!!!SS~South Sudan~211!!!ES~Spain~34!!!LK~Sri Lanka~94!!!SH~St Helena, Ascension, and Tristan da Cunha~290!!!SD~Sudan~249!!!SR~Suriname~597!!!SJ~Svalbard~47!!!SZ~Swaziland~268!!!SE~Sweden~46!!!CH~Switzerland~41!!!SY~Syria~963!!!TW~Taiwan~886!!!TJ~Tajikistan~992!!!TZ~Tanzania~255!!!TH~Thailand~66!!!TL~Timor-Leste~670!!!TG~Togo~228!!!TK~Tokelau~690!!!TO~Tonga~676!!!TT~Trinidad and Tobago~1!!!TA~Tristan da Cunha~290!!!TN~Tunisia~216!!!TR~Turkey~90!!!TM~Turkmenistan~993!!!TC~Turks and Caicos Islands~1!!!TV~Tuvalu~688!!!VI~U.S. Virgin Islands~1!!!UG~Uganda~256!!!UA~Ukraine~380!!!AE~United Arab Emirates~971!!!GB~United Kingdom~44!!!US~Uni | |
URL: https://outlook.office365.com/owa/prefetch.aspx | { "riskscore": 2, "reasons": "The text extracted via OCR contains phrases that are commonly found on legitimate websites, such as 'Sign in', 'Create one', 'Can't access your account', 'Terms of use', and 'Privacy'. The URL also appears to be a legitimate Microsoft Office 365 URL. However, the lack of context and the fact that the text was obtained via OCR raises some suspicion. Therefore, a risk score of 2 is assigned, indicating a low risk of malicious intent." }" |
Sign in to continue to Outlook Email, phone, or Skype No account? Create one! Can't access your account? Next Sign-in options Terms of use Privacy & | |
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | ```json { "riskscore": 1, "reasons": "The JavaScript code is not malicious, it is a simple self-executing anonymous function that checks if the page is in a frame and if so, it modifies the page's URL to include an iframe-request-id parameter. The URL is also not malicious, it is a login page for Microsoft Online. However, it is always important to verify the authenticity of the page and ensure that it is secure (HTTPS) before entering any sensitive information." } ```" |
//<![CDATA[ !function(){var e=window,o=e.document,i=e.$Config||{};if(e.self===e.top){o&&o.body&&(o.body.style.display="block")}else if(!i.allowFrame){var s=e.self.location.href,l=s.indexOf("#"),n=-1!==l,t=s.indexOf("?"),f=n?l:s.length,d=-1===t||n&&t>l?"?":"&";s=s.substr(0,f)+d+"iframe-request-id="+i.sessionId+s.substr(f),e.top.location=s}}(); // | |
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | { "riskscore": 7, "reasons": "Medium risk of typosquatting detected.\ The URL provided is a legitimate Microsoft login page, but the use of a raw client ID in the 'client\\_id' parameter and 'resource' parameter raises some concerns. These parameters are typically obfuscated or replaced with more secure identifiers in production environments. Additionally, the 'response\\_type' parameter should include 'id\\_token' or 'token' for a valid OAuth 2.0 request. The absence of this may indicate a potential typosquatting attempt." }" |
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | |
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | { "riskscore": 2, "reasons": "The JavaScript code and URL provided do not appear to be malicious at first glance. The code is using various functions to register and unregister event handlers, and the URL is for a login page on the microsoftonline.com domain. However, it is always important to thoroughly examine and test any code and URLs before using them in a production environment. Some potential risks to consider include cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks, and phishing attacks. It is also worth noting that the code contains a function for reporting failures, which could indicate that the code is expecting to encounter errors. Overall, the risk score is relatively low, but it is always better to be safe than sorry when it comes to web security." }" |
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("script[nonce]");if(r.type="text/javascript",r.src=e,r.defer=!1,r.async=!1,t){var n=t.nonce||t.getAttribute("nonce");r.setAttribute("nonce",n)}return r}function s(e,r){var t=g.createElement(r);return t.src=e,t}function d(e,r){if(e&&e.length>0&&r){for(var t=0;t<e.length;t++){if(-1!==r.indexOf(e[t])){return!0}}}return!1}function l(r){if(e().fTenantBrandingCdnAddEventHandlers){var t=d($,r)?$:b;if(!(t&&t.length>1)){return r}for(var n=0;n<t.length;n++){ if(-1!==r.indexOf(t[n])){var o=t[n+1<t.length?n+1:0],i=r.substring(t[n].length);return"https://"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;a<b.length;a++){if(0===r.indexOf(b[a])){return b[a+1<b.length?a+1:0]+r.substring(b[a].length)}}return r}function f(e,t,n,o){if(r("[$Loader]: "+(w.failMessage||"Failed"),o),E[e].retry<y){return E[e].retry++,v(e,t,n),void c._ReportFailure(E[e].retry,E[e].srcPath)}n&&n()} function h(e,t,n,o){if(u(o)){retu | |
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | { "riskscore": 1, "reasons": "The JavaScript code provided appears to be using an IIFE (Immediately Invoked Function Expression) to add event listeners for 'error' and 'load' events on the head element of the document. While this in itself is not malicious, it is often used in obfuscated code to make it harder to read and understand. However, the code only seems to be checking for elements with a 'data-loader' attribute of 'cdn' and calling either $Loader.OnError or $Loader.OnSuccess, which is not inherently dangerous. Therefore, the risk score is set to 1 out of 10. The URL provided appears to be a legitimate Microsoft Online login page, and there are no obvious signs of phishing or other malicious activity. However, it is always important to verify the URL and check for any suspicious elements on the page before entering any sensitive information." }" |
//<![CDATA[ !function(t,e){!function(){var n=e.getElementsByTagName("head")[0];n&&n.addEventListener&&(n.addEventListener("error",function(e){null!==e.target&&"cdn"===e.target.getAttribute("data-loader")&&t.$Loader.OnError(e.target)},!0),n.addEventListener("load",function(e){null!==e.target&&"cdn"===e.target.getAttribute("data-loader")&&t.$Loader.OnSuccess(e.target)},!0))}()}(window,document); // | |
URL: https://outlook.office365.com/owa/prefetch.aspx | { "riskscore": 2, "reasons": "The text appears to be from a legitimate site (Outlook/Microsoft). The URL provided is the official Office " |
Outlook Microsoft Sign in to continue to Outlook Email, phone, or Skype No account? Create one! Can't access your account? Next Sign-in options Terms of use Privacy & | |
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=cod | { "riskscore": 2, "reasons": "The text appears to be a legitimate Outlook/Microsoft sign-in page. The URL seems to be the Microsoft Online login page, and the client ID and resource are also associated with Microsoft. However, it is always important to double-check the URL in the address bar and ensure that it is secure (https) before entering any sensitive information." }" |
Outlook Microsoft Sign in to continue to Outlook k mail, phone, or Skype No account? Create one! Can't access your account? Next Sign-in options Terms of use Privacy & | |
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_ | ```json { "phishing_score": 2, "brands": "Microsoft", "phishing": false, "suspicious_domain": false, "has_loginform": true, "has_captcha": false, "setechniques": false, "reasons": "The URL 'https://login.microsoftonline.com/common/oauth2/authorize' is a legitimate Microsoft domain used for authentication services. The parameters in the URL are typical for OAuth2 authentication flows, including client IDs and redirect URIs. The image shows a standard Microsoft Outlook login page, which matches the expected appearance and functionality of a legitimate Microsoft sign-in page. There are no visible signs of social engineering techniques such as urgency or fear appeals. The domain does not appear to be suspicious, and the overall presentation is consistent with Microsoft's branding and security practices." } |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.991389310272219 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0266E71FABF9D3583527945BE5670619 |
SHA1: | D85AD217AA6854B8B2D68012500ED16330CA1C00 |
SHA-256: | 1E03B0482DE6DEBE66B687C8F46CF9F0EF36E341A12FD1D74D86C0B22451930C |
SHA-512: | C0EC13116C0E10E9CE01D799334ECD06105F8FE3CAF898EAF58C1228E3DD298407D40D6E07D36C396387C61359CA785269BCE29367CB4C5002BD8F47C55F610B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.0048685795025785 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2FA7F66BFFA2117FD293F64C8D050EFF |
SHA1: | F35399AFCD85258986F728711919FC9246FA28FC |
SHA-256: | E13CCDA7E236CBBE3D902671791CBBCC1F02C3BECA50A09A71167B476754071B |
SHA-512: | F92D822442C677C2B611B74C0D3C1E261884585C73729B7D785DFCC5922F917F6111E979E0B80F64A6675C8C19C64369801D5A33939883856064A5C7FDD7F42D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.014214543320783 |
Encrypted: | false |
SSDEEP: | |
MD5: | EAD02928E71D269A050E208AC8C40ED6 |
SHA1: | 5A86A0F161BCBF58286DAF2ECF6047B794A26260 |
SHA-256: | 9194EA51431539D52758285E782B8F9B3CA5C6E999AF149E215D1B27EF64FEFF |
SHA-512: | 7453E5A97C05C8B6C0471B0CFE56334DD27D37ABE27E66CF2BF69EE8A45AF90C1661A63C4131B3DEC85079E8F66C06809205DFD6CEBED4979770849F3D8AF8E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.004081232997853 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F37B2FD794E4C7727EF86E3BE1B4F96 |
SHA1: | 0EA190C3D08AB107404D04E7A611CFEB02484F24 |
SHA-256: | F6197E2A643FF748EF625452C95F5718DA834F753AEBDDC63C37411E7130A030 |
SHA-512: | 9B08C288B71BCB84123EA5E0B2C387E8183C3D324436ABA8F31B9A2C6CEF1E706428C9A76FF058C91C068DDA78F5C985DC7DB34C4E234AA6AF9DFF0229075AF1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9930946847541002 |
Encrypted: | false |
SSDEEP: | |
MD5: | ECC78C32285FC87C42B05B661857EDEC |
SHA1: | E9031A9DB08060B95F80409FE69C39516DDD57BD |
SHA-256: | 0F83155BC0E48418D091B56FAEDC79B4BD09EF2DE63DB32AD2399F29AB975E78 |
SHA-512: | 7D10EDA1E8CE8A6C63D31FA2DCF618B648DFE5A24995342F188C3D741A39C0FA73840C7DEF43770CF84C54439F4E504B3FB6CB3B995FC6B5D569E2BFE5D2EE22 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.000280327361203 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9865ED4F489B613F7F809479C18DE960 |
SHA1: | DB0D187FD864940FB43BA426E94F65E011D18261 |
SHA-256: | 0F976F48EEE3A5CED926BC3B531CFD9389714759901F46879206CBC83D62E464 |
SHA-512: | FCCBDF12C415A385BE14FFB41E390338EC2A7F850860E3212068575F51BDC48ACE6FE6305372FB791535BE8AC9F1F0D15177499C69E5D963B615D0E97EA6A672 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 444415 |
Entropy (8bit): | 5.450109779488817 |
Encrypted: | false |
SSDEEP: | |
MD5: | 203C1A41789C3931624553901A82BD6D |
SHA1: | 1586BAFBA00C9ECF85C262632B3469CFA2E16A09 |
SHA-256: | B31E8319AD5221D5962E76FBE57D673EDA3218D83D7BCFEEC4C9A6B5D2A03B82 |
SHA-512: | 20DC5B272591569EBE0E3E434EA68E64B23721A608EAFBA7536063661EB686B2761395CDD11474C0ABDB26C4BB2877A27D79C173F9DC2053373AE4C807A10B28 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IDwaQXicOTFiRVOQGoK9bQ2.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 113657 |
Entropy (8bit): | 5.491055924169325 |
Encrypted: | false |
SSDEEP: | |
MD5: | B6783C7717E4042517138D9C9A48C867 |
SHA1: | 7A7D6B0F36C2A3B557F1A75461630D433E5F4942 |
SHA-256: | 4BE11C075187615ADAF493D54CB7B05556E76806AED2B3B082D72952D0025BE5 |
SHA-512: | 2A322A8377784CBE543C978F32CB811388658F2E328B0024580D83DDE24AF0E131276AA76FEBED0B3AD1073ABCA8189AB9CD40BC4D36CFD93C0A1ECDAD63B705 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 660449 |
Entropy (8bit): | 5.4121922690110535 |
Encrypted: | false |
SSDEEP: | |
MD5: | D9E3D2CE0228D2A5079478AAE5759698 |
SHA1: | 412F45951C6AEDA5F3DF2C52533171FC7BDD5961 |
SHA-256: | 7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502 |
SHA-512: | 06700C65BEF4002EBFBFF9D856C12E8D71F408BACA2D2103DDE1C28319B6BD3859FA9D289D8AEB6DD484E802040F6EE537F31F97B4B60A6B120A6882C992207A |
Malicious: | false |
Reputation: | unknown |
URL: | https://r4.res.office365.com/owa/prem/15.20.7544.46/scripts/boot.worldwide.3.mouse.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17453 |
Entropy (8bit): | 3.890509953257612 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7916A894EBDE7D29C2CC29B267F1299F |
SHA1: | 78345CA08F9E2C3C2CC9B318950791B349211296 |
SHA-256: | D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3 |
SHA-512: | 2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 659798 |
Entropy (8bit): | 5.352921769071548 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9786D38346567E5E93C7D03B06E3EA2D |
SHA1: | 23EF8C59C5C9AA5290865933B29C9C56AB62E3B0 |
SHA-256: | 263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C |
SHA-512: | 4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805 |
Malicious: | false |
Reputation: | unknown |
URL: | https://r4.res.office365.com/owa/prem/15.20.7544.46/scripts/boot.worldwide.1.mouse.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17174 |
Entropy (8bit): | 2.9129715116732746 |
Encrypted: | false |
SSDEEP: | |
MD5: | 12E3DAC858061D088023B2BD48E2FA96 |
SHA1: | E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 |
SHA-256: | 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 |
SHA-512: | C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 662286 |
Entropy (8bit): | 5.315860951951661 |
Encrypted: | false |
SSDEEP: | |
MD5: | 12204899D75FC019689A92ED57559B94 |
SHA1: | CCF6271C6565495B18C1CED2F7273D5875DBFB1F |
SHA-256: | 39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B |
SHA-512: | AA397E6ABD4C54538E42CCEDA8E3AA64ACE76E50B231499C20E88CF09270AECD704565BC9BD3B27D90429965A0233F99F27697F66829734FF02511BD096CF030 |
Malicious: | false |
Reputation: | unknown |
URL: | https://r4.res.office365.com/owa/prem/15.20.7544.46/scripts/boot.worldwide.2.mouse.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 663451 |
Entropy (8bit): | 5.3635307555313165 |
Encrypted: | false |
SSDEEP: | |
MD5: | 761CE9E68C8D14F49B8BF1A0257B69D6 |
SHA1: | 8CF5D714D35EFFA54F3686065CB62CCE028E2C77 |
SHA-256: | BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1 |
SHA-512: | CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263 |
Malicious: | false |
Reputation: | unknown |
URL: | https://r4.res.office365.com/owa/prem/15.20.7544.46/scripts/boot.worldwide.0.mouse.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 113084 |
Entropy (8bit): | 5.285180915082997 |
Encrypted: | false |
SSDEEP: | |
MD5: | D62B4EDEB512B07ABEF4688E27ECDDE3 |
SHA1: | 981A7825DA5E29938AB6FE0CBFE2DB622F7B8333 |
SHA-256: | 4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41 |
SHA-512: | 6E91B285BEA8566EBB7829F592744A6706CF6498E6D5DC1C5A0EBDD0A685D767AA215B275A88568B957E6BE824AEE60521ED1D77D92A697A3CE0F446ECDCDDB9 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 994 |
Entropy (8bit): | 4.934955158256183 |
Encrypted: | false |
SSDEEP: | |
MD5: | E2110B813F02736A4726197271108119 |
SHA1: | D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857 |
SHA-256: | 6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC |
SHA-512: | E79CF6DB777D62690DB9C975B5494085C82E771936DB614AF9C75DB7CE4B6CA0A224B7DFB858437EF1E33C6026D772BE9DBBB064828DB382A4703CB34ECEF1CF |
Malicious: | false |
Reputation: | unknown |
URL: | https://r4.res.office365.com/owa/prem/15.20.7544.46/resources/images/0/sprite1.mouse.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 36 |
Entropy (8bit): | 4.503258334775644 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06B313E93DD76909460FBFC0CD98CB6B |
SHA1: | C4F9B2BBD840A4328F85F54873C434336A193888 |
SHA-256: | B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA |
SHA-512: | EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 232394 |
Entropy (8bit): | 5.54543362321178 |
Encrypted: | false |
SSDEEP: | |
MD5: | AF8D946B64D139A380CF3A1C27BDBEB0 |
SHA1: | C76845B6FFEAF14450795C550260EB618ABD60AB |
SHA-256: | 37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904 |
SHA-512: | C5CFB514F993310676E834C8A5477576BD57C82A8665387F9909BA0D4C3C2DE693E738ACAA74E7B4CA20894EA2FEEA5CF9A2428767D03FE1DE9C84538FDC3EE9 |
Malicious: | false |
Reputation: | unknown |
URL: | https://r4.res.office365.com/owa/prem/15.20.7544.46/resources/styles/0/boot.worldwide.mouse.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 55182 |
Entropy (8bit): | 5.378540857980212 |
Encrypted: | false |
SSDEEP: | |
MD5: | 225E855F9B7DB39D3A09D5C55376303E |
SHA1: | 5FF86FC34398717197FBF80BBA4BCDDE91755EDB |
SHA-256: | 939CD5C21BAF8A4F2E8DEB2E423BD8C8C67BD18B2E54EC7ED2BB157C716BF7A2 |
SHA-512: | 87451C0131140019394512B55E4FC4DF307E569183FDF59E5589DA797B66ADC265C71B2398D8082D15754DA181BF374BF8D617A3D01A9EDB33E6BAC5F6656DA9 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_il6fx5t9s506cdxfu3ywpg2.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 190152 |
Entropy (8bit): | 5.348678574819375 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4877EFC88055D60953886EC55B04DE34 |
SHA1: | 2341B026A3E2A3B01AFA1A39D1706840D75E09B3 |
SHA-256: | 8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0 |
SHA-512: | 625844EDC37594D5C2F7622BD1B59278BF68ABB2FA22476C56826433C961C7B1924858A7588F8B6284D3C5AC8738ECB895EEC949DE18667A98C04A59CB03DAC0 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Reputation: | unknown |
Preview: |