Loading ...

Play interactive tourEdit tour

Analysis Report https://trotech-my.sharepoint.com:443/:b:/g/personal/ikraam_efficient-trotech_co_za/EQccQ3Y1AFpPhkQAot32X-AB4gLH19tc9YKT5NxYgXT3FQ?e=4%3aIyocBb&at=9

Overview

General Information

Sample URL:https://trotech-my.sharepoint.com:443/:b:/g/personal/ikraam_efficient-trotech_co_za/EQccQ3Y1AFpPhkQAot32X-AB4gLH19tc9YKT5NxYgXT3FQ?e=4%3aIyocBb&at=9
Analysis ID:289700

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish_20
Machine Learning detection for dropped file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
HTML body contains low number of good links
HTML title does not match URL
Invalid 'forgot password' link found
Yara signature match

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 4572 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6872 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4572 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5876 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4572 CREDAT:82980 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • AcroRd32.exe (PID: 7164 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 5876 MD5: B969CF0C7B2C443A99034881E8C8740A)
        • AcroRd32.exe (PID: 6064 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 5876 MD5: B969CF0C7B2C443A99034881E8C8740A)
        • RdrCEF.exe (PID: 6720 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 2652 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,10805256003890111889,13149129896026751831,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=16542631248878670657 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16542631248878670657 --renderer-client-id=2 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 4488 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,10805256003890111889,13149129896026751831,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=18259943140349611048 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 6352 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,10805256003890111889,13149129896026751831,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6410033221456681591 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6410033221456681591 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 5476 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,10805256003890111889,13149129896026751831,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4883346505670705200 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4883346505670705200 --renderer-client-id=5 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
    • iexplore.exe (PID: 5516 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4572 CREDAT:17450 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 2344 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4572 CREDAT:17470 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\login[1].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth
  • 0x105e:$x1: 78 34 4E 44 4E 63 65 44 51 30 58 48 67
  • 0x106e:$x1: 78 34 4E 44 5A 63 65 44 51 33 58 48 67
  • 0x107e:$x1: 78 34 4E 44 6C 63 65 44 52 68 58 48 67
  • 0x108e:$x1: 78 34 4E 47 4E 63 65 44 52 6B 58 48 67
  • 0x109e:$x1: 78 34 4E 47 5A 63 65 44 55 77 58 48 67
  • 0x10ae:$x1: 78 34 4E 54 4A 63 65 44 55 7A 58 48 67
  • 0x10be:$x1: 78 34 4E 54 56 63 65 44 55 32 58 48 67
  • 0x10ce:$x1: 78 34 4E 54 68 63 65 44 55 35 58 48 67
  • 0x10de:$x1: 78 34 4E 6A 46 63 65 44 59 79 58 48 67
  • 0x10ee:$x1: 78 34 4E 6A 52 63 65 44 59 31 58 48 67
  • 0x10fe:$x1: 78 34 4E 6A 64 63 65 44 59 34 58 48 67
  • 0x110e:$x1: 78 34 4E 6D 46 63 65 44 5A 69 58 48 67
  • 0x111e:$x1: 78 34 4E 6D 52 63 65 44 5A 6C 58 48 67
  • 0x112e:$x1: 78 34 4E 7A 42 63 65 44 63 78 58 48 67
  • 0x113e:$x1: 78 34 4E 7A 4E 63 65 44 63 30 58 48 67
  • 0x114e:$x1: 78 34 4E 7A 5A 63 65 44 63 33 58 48 67
  • 0x115e:$x1: 78 34 4E 7A 6C 63 65 44 64 68 58 48 67
  • 0x11b2:$x1: 78 34 4E 6D 56 63 65 44 63 7A 58 48 67
  • 0x11c2:$x1: 78 34 4E 7A 42 63 65 44 63 77 58 48 67
  • 0x11d2:$x1: 78 34 4E 7A 4A 63 65 44 63 30 58 48 67
  • 0x11e2:$x1: 78 34 4E 6A 52 63 65 44 49 77 58 48 67
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[1].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth
  • 0x105e:$x1: 78 34 4E 44 4E 63 65 44 51 30 58 48 67
  • 0x106e:$x1: 78 34 4E 44 5A 63 65 44 51 33 58 48 67
  • 0x107e:$x1: 78 34 4E 44 6C 63 65 44 52 68 58 48 67
  • 0x108e:$x1: 78 34 4E 47 4E 63 65 44 52 6B 58 48 67
  • 0x109e:$x1: 78 34 4E 47 5A 63 65 44 55 77 58 48 67
  • 0x10ae:$x1: 78 34 4E 54 4A 63 65 44 55 7A 58 48 67
  • 0x10be:$x1: 78 34 4E 54 56 63 65 44 55 32 58 48 67
  • 0x10ce:$x1: 78 34 4E 54 68 63 65 44 55 35 58 48 67
  • 0x10de:$x1: 78 34 4E 6A 46 63 65 44 59 79 58 48 67
  • 0x10ee:$x1: 78 34 4E 6A 52 63 65 44 59 31 58 48 67
  • 0x10fe:$x1: 78 34 4E 6A 64 63 65 44 59 34 58 48 67
  • 0x110e:$x1: 78 34 4E 6D 46 63 65 44 5A 69 58 48 67
  • 0x111e:$x1: 78 34 4E 6D 52 63 65 44 5A 6C 58 48 67
  • 0x112e:$x1: 78 34 4E 7A 42 63 65 44 63 78 58 48 67
  • 0x113e:$x1: 78 34 4E 7A 4E 63 65 44 63 30 58 48 67
  • 0x114e:$x1: 78 34 4E 7A 5A 63 65 44 63 33 58 48 67
  • 0x115e:$x1: 78 34 4E 7A 6C 63 65 44 64 68 58 48 67
  • 0x11b2:$x1: 78 34 4E 6D 56 63 65 44 63 7A 58 48 67
  • 0x11c2:$x1: 78 34 4E 7A 42 63 65 44 63 77 58 48 67
  • 0x11d2:$x1: 78 34 4E 7A 4A 63 65 44 63 30 58 48 67
  • 0x11e2:$x1: 78 34 4E 6A 52 63 65 44 49 77 58 48 67
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[2].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth
  • 0x105e:$x1: 78 34 4E 44 4E 63 65 44 51 30 58 48 67
  • 0x106e:$x1: 78 34 4E 44 5A 63 65 44 51 33 58 48 67
  • 0x107e:$x1: 78 34 4E 44 6C 63 65 44 52 68 58 48 67
  • 0x108e:$x1: 78 34 4E 47 4E 63 65 44 52 6B 58 48 67
  • 0x109e:$x1: 78 34 4E 47 5A 63 65 44 55 77 58 48 67
  • 0x10ae:$x1: 78 34 4E 54 4A 63 65 44 55 7A 58 48 67
  • 0x10be:$x1: 78 34 4E 54 56 63 65 44 55 32 58 48 67
  • 0x10ce:$x1: 78 34 4E 54 68 63 65 44 55 35 58 48 67
  • 0x10de:$x1: 78 34 4E 6A 46 63 65 44 59 79 58 48 67
  • 0x10ee:$x1: 78 34 4E 6A 52 63 65 44 59 31 58 48 67
  • 0x10fe:$x1: 78 34 4E 6A 64 63 65 44 59 34 58 48 67
  • 0x110e:$x1: 78 34 4E 6D 46 63 65 44 5A 69 58 48 67
  • 0x111e:$x1: 78 34 4E 6D 52 63 65 44 5A 6C 58 48 67
  • 0x112e:$x1: 78 34 4E 7A 42 63 65 44 63 78 58 48 67
  • 0x113e:$x1: 78 34 4E 7A 4E 63 65 44 63 30 58 48 67
  • 0x114e:$x1: 78 34 4E 7A 5A 63 65 44 63 33 58 48 67
  • 0x115e:$x1: 78 34 4E 7A 6C 63 65 44 64 68 58 48 67
  • 0x11b2:$x1: 78 34 4E 6D 56 63 65 44 63 7A 58 48 67
  • 0x11c2:$x1: 78 34 4E 7A 42 63 65 44 63 77 58 48 67
  • 0x11d2:$x1: 78 34 4E 7A 4A 63 65 44 63 30 58 48 67
  • 0x11e2:$x1: 78 34 4E 6A 52 63 65 44 49 77 58 48 67
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\index[1].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth
  • 0x4f6:$x1: 78 34 4E 6D 5A 63 65 44 5A 6B 58 48 67
  • 0x506:$x1: 78 34 4E 6A 6C 63 65 44 5A 6A 58 48 67
  • 0x51a:$x1: 78 34 4E 7A 5A 63 65 44 59 78 58 48 67
  • 0x53e:$x1: 78 34 4E 6A 4A 63 65 44 59 78 58 48 67
  • 0x54e:$x1: 78 34 4E 7A 4A 63 65 44 59 78 58 48 67
  • 0x562:$x1: 78 34 4E 7A 4E 63 65 44 59 31 58 48 67
  • 0x576:$x1: 78 34 4E 7A 5A 63 65 44 59 78 58 48 67
  • 0x59a:$x1: 78 34 4E 6A 56 63 65 44 63 7A 58 48 67
  • 0x5be:$x1: 78 34 4E 6A 52 63 65 44 59 35 58 48 67
  • 0x5ce:$x1: 78 34 4E 7A 52 63 65 44 49 77 58 48 67
  • 0x5de:$x1: 78 34 4E 6D 4E 63 65 44 59 78 58 48 67
  • 0x60e:$x1: 78 34 4E 7A 52 63 65 44 49 77 58 48 67
  • 0x61e:$x1: 78 34 4E 7A 56 63 65 44 63 77 58 48 67
  • 0x62e:$x1: 78 34 4E 6D 5A 63 65 44 63 79 58 48 67
  • 0x652:$x1: 78 34 4E 6D 5A 63 65 44 5A 6B 58 48 67
  • 0x662:$x1: 78 34 4E 7A 4A 63 65 44 59 31 58 48 67
  • 0x672:$x1: 78 34 4E 7A 4E 63 65 44 59 35 58 48 67
  • 0x682:$x1: 78 34 4E 6D 56 63 65 44 55 30 58 48 67
  • 0x6a6:$x1: 78 34 4E 6D 56 63 65 44 5A 69 58 48 67
  • 0x6b6:$x1: 78 34 4E 6D 5A 63 65 44 63 33 58 48 67
  • 0x6d6:$x1: 78 34 4E 54 6C 63 65 44 55 77 58 48 67

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Multi AV Scanner detection for domain / URLShow sources
Source: bomohsmtp.comVirustotal: Detection: 10%Perma Link
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Mise%20 %20jour%20substantielle%20urgente[1].pdfJoe Sandbox ML: detected

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://trotech-my.sharepoint.com/personal/ikraam_efficient-trotech_co_za/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fikraam%5Fefficient%2Dtrotech%5Fco%5Fza%2FDocuments%2FMicrosoft%20Teams%20Chat%20Files%2FMise%20%C3%A0%20jour%20substantielle%20urgente%2Epdf&parent=%2Fpersonal%2Fikraam%5Fefficient%2Dtrotech%5Fco%5Fza%2FDocuments%2FMicrosoft%20Teams%20Chat%20Files&originalPath=aHR0cHM6Ly90cm90ZWNoLW15LnNoYXJlcG9pbnQuY29tLzpiOi9nL3BlcnNvbmFsL2lrcmFhbV9lZmZpY2llbnQtdHJvdGVjaF9jb196YS9FUWNjUTNZMUFGcFBoa1FBb3QzMlgtQUI0Z0xIMTl0YzlZS1Q1TnhZZ1hUM0ZRP3J0aW1lPXFLelZsTGRnMkVnMatcher: Template: onedrive matched with high similarity
Yara detected HtmlPhish_20Show sources
Source: Yara matchFile source: 128757.pages.csv, type: HTML
Source: Yara matchFile source: 849224.0.links.csv, type: HTML
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: Number of links: 0
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: Number of links: 0
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: Number of links: 0
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: Number of links: 0
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: Title: does not match URL
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: Title: does not match URL
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: Title: does not match URL
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: Title: does not match URL
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: Invalid link: forgot password
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: Invalid link: forgot password
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: Invalid link: forgot password
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: Invalid link: forgot password
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: No <meta name="author".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: No <meta name="author".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: No <meta name="author".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: No <meta name="author".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: No <meta name="copyright".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbuhozcn=odcSvHIvwoRH1hS&zeuqw=BLLUc1JD5ep4XPQDHbgS8Ju8WHGgd&jzyngprti=ibqdk4esKbPHmcGw3h9KsTTWPj7&zcxtipkl=4YxngIfPslkYXUolm7&qcoq=5biW4B35uoKOaunghgKiEMACLIscQh&eej=6kenvuDAPxOA8rdGRAwXf8jGQ&nfucfuro=eIf1lNcDn3BUbTUHTTP Parser: No <meta name="copyright".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: No <meta name="copyright".. found
Source: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mzsgv=3W1SRruGTOlM3ac76uzOte7TMJE&bhgb=gaN2wv1i1QNSFYdyjcZ4dqSalD6d&gbmrhjjss=aFeoYXdQrPDrzvsHTTP Parser: No <meta name="copyright".. found
Source: msapplication.xml1.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf6e39910,0x01d692eb</date><accdate>0xf6e39910,0x01d692eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml1.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf6e39910,0x01d692eb</date><accdate>0xf6e5fb74,0x01d692eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf6e85dbc,0x01d692eb</date><accdate>0xf6e85dbc,0x01d692eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml6.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf6e85dbc,0x01d692eb</date><accdate>0xf6e85dbc,0x01d692eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf6ed226d,0x01d692eb</date><accdate>0xf6ed226d,0x01d692eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml8.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf6ed226d,0x01d692eb</date><accdate>0xf6ed226d,0x01d692eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: trotech-my.sharepoint.com
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: http://app.powerbi.com
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: odbitemsscope-mini-b13c2552[1].js.5.drString found in binary or memory: http://fb.me/use-check-prop-types
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: http://jedwatson.github.io/classnames
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: http://linkless.header/
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: http://msit.powerbi.com
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: http://powerbi-df.analysis-df.windows.net
Source: msapplication.xml.3.drString found in binary or memory: http://www.amazon.com/
Source: pdf.worker.min[1].js.5.dr, OneShell[1].js.5.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: msapplication.xml3.3.drString found in binary or memory: http://www.live.com/
Source: OneShell[1].js.5.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000014.00000002.656068360.00000000075B0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000014.00000002.680021844.000000000B051000.00000004.00000001.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml5.3.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.3.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.3.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.3.drString found in binary or memory: http://www.youtube.com/
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://1drv.com/
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/3
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/_
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/g
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/V
Source: AcroRd32.exe, 00000014.00000002.670837434.0000000009D4A000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://aka.ms/excelandroidww
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://aka.ms/exceliosww
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://aka.ms/pptandroidww
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://aka.ms/pptiosww
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://aka.ms/wordandroidww
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://aka.ms/wordiosww
Source: AcroRd32.exe, 00000014.00000002.682570457.000000000BDB0000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000014.00000002.682570457.000000000BDB0000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com33
Source: AcroRd32.exe, 00000014.00000002.682570457.000000000BDB0000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.comameArra
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://app.adjust.com/9q1p8z_qg964b
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://app.adjust.com/if0p3v_5r337w
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://app.adjust.com/k8x1qd_mpo9r5
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://app.adjust.com/xxf6jd_wkry4s_qxfx79
Source: odbdeferredcontrols-mini-666cc1b4[1].js.5.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://bomohsmtp.com/email-list/office365-21/finish.php
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://bomohsmtp.com/email-list/office365-22/1.png
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://bomohsmtp.com/email-list/office365-22/2.png
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://bomohsmtp.com/email-list/office365-22/bootstrap.min.css
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://calendar.live.com
Source: odbpushchannel-mini-d51c23df[1].js.5.drString found in binary or memory: https://centralus0.pushd.svc.ms
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://centralus1-mediad.svc.ms
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations/
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://dynmsg.modpim.com/
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://fluidpreview.office.net/p/
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://g.live.com/8seskydrive/switchersway
Source: bootstrap.min[1].css.27.drString found in binary or memory: https://getbootstrap.com/)
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://github.com/microsoft/fluentui/wiki/Using-icons
Source: bootstrap.min[1].css.27.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: AcroRd32.exe, 00000014.00000002.665150671.0000000008ED0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000014.00000002.665150671.0000000008ED0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com_
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://itunes.apple.com/us/app/onedrive/id477537958?mt=8
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://livefilestore.com/
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://loki.delve.office.com
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://loki.delve.office.com/
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://loki.delve.office.de/
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://mail.live.com
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://media.cloudapp.net
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://messaging-int.msonerm.com/
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://northcentralus0-pushs.svc.ms
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://northcentralus1-medias.svc.ms
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://ocws.officeapps.live.com/ocs/v2
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://office.live.com/start/default.aspx
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://office.live.com/start/excel.aspx
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://office.live.com/start/onenote.aspx
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://office.live.com/start/powerpoint.aspx
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://office.live.com/start/word.aspx
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://officeapps.live.com
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://onedrive.live.com
Source: OneShell[1].js.5.drString found in binary or memory: https://oneshellprcorp.blob.core.windows.net/oneshellpr/20200921.3/bootstrapper.map
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://outlook.office.com/search
Source: odbclientform-mini-ca6261cf[1].js.5.drString found in binary or memory: https://outlook.office365.com
Source: odbclientform-mini-ca6261cf[1].js.5.drString found in binary or memory: https://outlook.office365.com/Scheduling/api/v1.0/me/findmeetinglocations
Source: odbclientform-mini-ca6261cf[1].js.5.drString found in binary or memory: https://outlook.office365.com/SchedulingB2/api/v1.0/me/findmeetinglocations
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://people.live.com
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://portal.office.com/
Source: odbfloodgate-mini-25f0fa35[1].js.5.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://shellppe.msocdn.com
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://shellppe.msocdn.com/api/shellbootstrapper/business/oneshell
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://shellprod.msocdn.com
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://shellprod.msocdn.com/api/shellbootstrapper/business/oneshell
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20200727.001/assets/brand-icons/product-fluent/
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20200727.001/assets/brand-icons/product/
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20200727.001/assets/item-types-fluent/
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20200727.001/assets/item-types/
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20200727.001/office-ui-fabric-react-assets/fold
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric/assets/icons/
Source: odbtiles-mini-29a3025b[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric/office-ui-fabric-react-assets/foldericons
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric/office-ui-fabric-react-assets/foldericons-fluent/folder-
Source: odbonedriveapp-mini-7fcd4e51[1].js.5.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/onedrive-assets/images/empty_state_sfl.svg
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/onedrive-assets/images/gleam.svg
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/onedrive-assets/images/sync_to_device_illustration
Source: {1E09C504-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.g
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.gRoot
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.gapis.com/anonvariable-962929450/index.htmlRoot
Source: {1E09C504-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.gapis.com/anonvariable-962929450/index.htmlh_co_za/_layouts/15/onedrive.aspx?id=%2Fp
Source: {40F59EB9-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.gapis.com/anonvariable-962929450/login.html?abmcq=97hjffaqJa3DpqS
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.gapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.google
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.dr, {1E09C504-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/index.html
Source: Mise%20 %20jour%20substantielle%20urgente[2].pdf.5.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/index.html)
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/index.htmlRoot
Source: ~DF00E871258D1E7898.TMP.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/index.htmlh_co_za/_layouts/15/onedrive.aspx?id
Source: AcroRd32.exe, 00000014.00000002.645530376.0000000005160000.00000002.00000001.sdmpString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?abmcq=97hjffaqJa3DpqS&csfhk=S4
Source: {40F59EB9-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?abmcq=97hjffaqJa3DpqS&csfhk=S4tVPMP
Source: {40F59EB9-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?abmcq=97hjffaqJaRoot
Source: AcroRd32.exe, 00000014.00000002.645530376.0000000005160000.00000002.00000001.sdmpString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mN
Source: {1E09C504-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.dr, ~DF00E871258D1E7898.TMP.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?jhgnzon=TejqFBY5owQxiOCQsPZ4mNyG&mz
Source: AcroRd32.exe, 00000014.00000002.645530376.0000000005160000.00000002.00000001.sdmpString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr
Source: {40F59EB7-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.googleapis.com/anonvariable-962929450/login.html?tolggu=jh48wQY8oDHoNI2jpKWPiEr&ghbu
Source: imagestore.dat.28.drString found in binary or memory: https://storage.googleapis.com/favicon.icoR
Source: {1E09C504-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://storage.googlerepoint.com/personal/ikraam_efficient-trotech_co_za/_layouts/15/onedrive.aspx?
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.dr, odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://substrate.office.com
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://substrate.office.com/search/api/v2/resources
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://support.office.com/article/9fcc2f7d-de0c-4cec-93b0-a82024800c07
Source: odbonedrive-mini-b52c7c21[1].js.5.drString found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: AcroRd32.exe, 00000014.00000002.645530376.0000000005160000.00000002.00000001.sdmpString found in binary or memory: https://trotech-my.sharepoint.com/personal/ikraam_efficient-trotech_co_za/Documents/Microsoft%2
Source: AcroRd32.exe, 00000014.00000002.665187771.0000000008EEC000.00000004.00000001.sdmpString found in binary or memory: https://trotech-my.sharepoint.com/personal/ikraam_efficient-trotech_co_za/Documents/Microsoft%20Team
Source: {1E09C504-FEDF-11EA-90E2-ECF4BB862DED}.dat.3.drString found in binary or memory: https://trotech-my.sharepoint.com/personal/ikraam_efficient-trotech_co_za/_layouts/15/onedrive.aspx?
Source: AcroRd32.exe, 00000014.00000002.660429314.000000000846D000.00000002.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: odbitemsscopedeferred-mini-bbcaecea[1].js.5.drString found in binary or memory: https://www.office.com/launch/fluid/content?drive=
Source: odbdeferred-mini-4b91188c[1].js.5.drString found in binary or memory: https://www.placeimg.com/50/50/people
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\login[1].htm, type: DROPPEDMatched rule: SUSP_Base64_Encoded_Hex_Encoded_Code date = 2019-04-29, author = Florian Roth, description = Detects hex encoded code that has been base64 encoded, score = https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[1].htm, type: DROPPEDMatched rule: SUSP_Base64_Encoded_Hex_Encoded_Code date = 2019-04-29, author = Florian Roth, description = Detects hex encoded code that has been base64 encoded, score = https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[2].htm, type: DROPPEDMatched rule: SUSP_Base64_Encoded_Hex_Encoded_Code date = 2019-04-29, author = Florian Roth, description = Detects hex encoded code that has been base64 encoded, score = https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\index[1].htm, type: DROPPEDMatched rule: SUSP_Base64_Encoded_Hex_Encoded_Code date = 2019-04-29, author = Florian Roth, description = Detects hex encoded code that has been base64 encoded, score = https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/
Source: classification engineClassification label: mal76.phis.win@23/140@9/3
Source: Mise%20 %20jour%20substantielle%20urgente[1].pdf.18.drInitial sample: https://storage.googleapis.com/anonvariable-962929450/index.html
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\LowJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4572 CREDAT:17410 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4572 CREDAT:82980 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 5876
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 5876
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,10805256003890111889,13149129896026751831,131072 --disable-features=VizDisplayCompositor --disable-gpu