Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA

Overview

General Information

Sample URL:http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA
Analysis ID:756227
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid T&C link found
No HTML title found

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1784,i,14432860437327741238,17742013553884360258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
67460.4.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    88411.6.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfASlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
      Source: https://onedrive.live.com/view.aspx?resid=49DB1C6F4CE3ADF7!121&authkey=!AInOf-r72NbijR0SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
      Source: https://onedrive.live.com/redir?resid=49DB1C6F4CE3ADF7%21121&authkey=%21AInOf-r72NbijR0&page=View&wd=target%28Quick%20Notes.one%7C09c202ac-b53c-486e-b917-feeea66d027e%2FPROPOSAL%7C2fb3d88b-1f2f-42b6-8f97-4520dc81c8f2%2F%29&wdorigin=NavigationUrlSlashNext: Label: Credential Stealing type: Phishing & Social Engineering
      Source: https://appdaptsites.co.za/brighter/SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

      Phishing

      barindex
      Source: Yara matchFile source: 67460.4.pages.csv, type: HTML
      Source: Yara matchFile source: 88411.6.pages.csv, type: HTML
      Source: https://appdaptsites.co.za/brighter/Matcher: Template: onedrive matched
      Source: embeddedMatcher: Found strong image similarity, brand: Microsoft image: 67460.4.img.2.gfk.csv EF884BDEDEF280DF97A4C5604058D8DB
      Source: embeddedMatcher: Found strong image similarity, brand: Microsoft image: 88411.6.img.2.gfk.csv EF884BDEDEF280DF97A4C5604058D8DB
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: Number of links: 0
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: Number of links: 0
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: Invalid link: Privacy & Cookies
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: Invalid link: Privacy & Cookies
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: HTML title missing
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: HTML title missing
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: No <meta name="author".. found
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: No <meta name="author".. found
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: No <meta name="copyright".. found
      Source: https://appdaptsites.co.za/brighter/HTTP Parser: No <meta name="copyright".. found
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.3:49926 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.3:49927 version: TLS 1.2
      Source: unknownDNS traffic detected: queries for: clients2.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /c.gif?DI=15347&wlxid=99a8b573-5dff-43ca-b4da-24a1d1fedcda&reqid=002cd683dfb&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD0003FFC9743D%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A%253ASDX.Skydrive%252AWac.view.F.U.%26PLT%3D6400%26IR%3D1%26EX%3D0%26L.h%3D1488%26L.bc%3D1539%26L.ac%3D1539%26L.f%3D1580%26L.sjs%3D6320%26L.ttg%3D5598%26C.st%3D1669751923107%26N.domIn%3D1595%26N.tcp%3D105%26N.req%3D1017%26N.resp%3D86%26N.navType%3D0%26N.redirectCount%3D0&r=0.1987747768171153&CtsSyncId=5813017E15A543458EF7253D99FD2F62&RedC=c.live.com&MXFR=26A8124BB350656513C00020B750617F HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=dCYBzRwvAUG%2FVafXBsY42w.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2F49DB1C6F4CE3ADF7!121&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=OneDrive&wdorigin=Other&wdhostclicktime=1669751923107&jsapi=1&jsapiver=v1&newsession=1&corrid=fbe5151c-07fd-4e2c-92d3-180727921d10&usid=fbe5151c-07fd-4e2c-92d3-180727921d10&sftc=1&readonly=1&wdredirectionreason=Force_SingleStepBootAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=99a8b573-5dff-43ca-b4da-24a1d1fedcda&&RD00155D6F6AEE&381; wla42=; mkt=en-US; xidseq=3; E=P:zg82H0TS2og=:L2j7e6T8yB7KRzPSl7cAuazXvBH5FhOxI2ygL9pYa9E=:F; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; BP=l=SDX.Skydrive&FR=&ST=; MUID=26A8124BB350656513C00020B750617F
      Source: global trafficHTTP traffic detected: GET /o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffolders%2F49DB1C6F4CE3ADF7%21121&access_token=4wz%5F8YvQ6NizqQm0iZ%5FhOlM3rrGpGzae0a%5FDgZqI2bsS6A5ZCXQJOpQGrekzzPpSrsYYdUdueSmR0TZjQsyx8rVQaNKQCrOy8JF9ydzOL2d4U%5F9vL7PwwpNihojs86%5F11rQH7ELMZjVD3Nfs%5FGb2%5FmCg&access_token_ttl=1671566324618 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"haep: 1X-WacFrontEnd: AM4PEPF00006021X-UserSessionId: fbe5151c-07fd-4e2c-92d3-180727921d10sec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.15913.41006X-Key: p2nkVlvYezcen+QD6SsTgF06KWqMBfenkfi6FPwI6s4=,638053487258916668X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: PNL1sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=dCYBzRwvAUG%2FVafXBsY42w.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2F49DB1C6F4CE3ADF7!121&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=OneDrive&wdorigin=Other&wdhostclicktime=1669751923107&jsapi=1&jsapiver=v1&newsession=1&corrid=fbe5151c-07fd-4e2c-92d3-180727921d10&usid=fbe5151c-07fd-4e2c-92d3-180727921d10&sftc=1&readonly=1&wdredirectionreason=Force_SingleStepBootAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=99a8b573-5dff-43ca-b4da-24a1d1fedcda&&RD00155D6F6AEE&381; wla42=; mkt=en-US; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; BP=l=SDX.Skydrive&FR=&ST=; MUID=26A8124BB350656513C00020B750617F; ShCLSessionID=1669751933064_0.9348726919305292; xidseq=4; E=P:95NcJUTS2og=:g3ab/sCGUA8TPm1n8eaKptXlW1sbLJjaqPCQmaom6ec=:F; wlidperf=latency=279
      Source: global trafficHTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1669751935307 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=99a8b573-5dff-43ca-b4da-24a1d1fedcda&&RD00155D6F6AEE&381; wla42=; mkt=en-US; BP=l=SDX.Skydrive&FR=&ST=; MUID=26A8124BB350656513C00020B750617F; xidseq=4; E=P:95NcJUTS2og=:g3ab/sCGUA8TPm1n8eaKptXlW1sbLJjaqPCQmaom6ec=:F; wlidperf=latency=279
      Source: global trafficHTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1669751935307 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=99a8b573-5dff-43ca-b4da-24a1d1fedcda&&RD00155D6F6AEE&381; wla42=; mkt=en-US; BP=l=SDX.Skydrive&FR=&ST=; MUID=26A8124BB350656513C00020B750617F; xidseq=4; E=P:95NcJUTS2og=:g3ab/sCGUA8TPm1n8eaKptXlW1sbLJjaqPCQmaom6ec=:F; wlidperf=latency=279
      Source: global trafficHTTP traffic detected: GET /brighter/ HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/css.css HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/bootstrap.css HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://appdaptsites.co.zasec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/jquery-3.js HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://appdaptsites.co.zasec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/popper.js HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://appdaptsites.co.zasec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/bootstrap_002.js HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://appdaptsites.co.zasec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/jquery.js HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /brighter/Sharing%20Link%20Validation_files/bootstrap.js HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: appdaptsites.co.zaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appdaptsites.co.za/brighter/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1669751935307 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=99a8b573-5dff-43ca-b4da-24a1d1fedcda&&RD00155D6F6AEE&381; wla42=; mkt=en-US; BP=l=SDX.Skydrive&FR=&ST=; MUID=26A8124BB350656513C00020B750617F; xidseq=4; E=P:95NcJUTS2og=:g3ab/sCGUA8TPm1n8eaKptXlW1sbLJjaqPCQmaom6ec=:F; wlidperf=latency=279
      Source: global trafficHTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=fbe5151c-07fd-4e2c-92d3-180727921d10&build=16.0.15929.41003 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://onedrive.live.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA HTTP/1.1Host: 1drv.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: privateContent-Length: 1233Content-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 5c1302c6-5cc9-4d65-9409-6e3454d5fc47X-UserSessionId: fbe5151c-07fd-4e2c-92d3-180727921d10Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: AM4PEPF00006B53X-OfficeVersion: 16.0.15913.41006X-OfficeCluster: PNL1X-OFFICEFD: AM4PEPF00006B53X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5X-MSEdge-Features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5X-MSEdge-Ref: Ref A: 92E8CADF3A7A44EE8F0424D4BA626643 Ref B: AMS231032609005 Ref C: 2022-11-29T19:58:55ZDate: Tue, 29 Nov 2022 19:58:55 GMTConnection: close
      Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
      Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.3:49926 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.3:49927 version: TLS 1.2
      Source: classification engineClassification label: mal72.phis.win@29/0@23/11
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1784,i,14432860437327741238,17742013553884360258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1784,i,14432860437327741238,17742013553884360258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath Interception1
      Process Injection
      2
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
      Non-Application Layer Protocol
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
      Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
      Ingress Tool Transfer
      SIM Card SwapCarrier Billing Fraud
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA0%Avira URL Cloudsafe
      http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA100%SlashNextCredential Stealing type: Phishing & Social Engineering
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://onedrive.live.com/view.aspx?resid=49DB1C6F4CE3ADF7!121&authkey=!AInOf-r72NbijR0100%SlashNextCredential Stealing type: Phishing & Social Engineering
      https://onedrive.live.com/redir?resid=49DB1C6F4CE3ADF7%21121&authkey=%21AInOf-r72NbijR0&page=View&wd=target%28Quick%20Notes.one%7C09c202ac-b53c-486e-b917-feeea66d027e%2FPROPOSAL%7C2fb3d88b-1f2f-42b6-8f97-4520dc81c8f2%2F%29&wdorigin=NavigationUrl100%SlashNextCredential Stealing type: Phishing & Social Engineering
      https://appdaptsites.co.za/brighter/100%SlashNextCredential Stealing type: Phishing & Social Engineering
      NameIPActiveMaliciousAntivirus DetectionReputation
      b-0016.b-msedge.net
      13.107.6.171
      truefalse
        unknown
        i-am4p-cor001.api.p001.1drv.com
        13.105.66.144
        truefalse
          high
          i-dub06p-cor001.api.p001.1drv.com
          20.135.20.1
          truefalse
            high
            accounts.google.com
            142.250.184.205
            truefalse
              high
              dual-a-0001.a-msedge.net
              204.79.197.200
              truefalse
                unknown
                appdaptsites.co.za
                196.40.97.163
                truefalse
                  high
                  www.google.com
                  172.217.18.100
                  truefalse
                    high
                    clients.l.google.com
                    142.250.185.206
                    truefalse
                      high
                      1drv.ms
                      13.107.42.12
                      truefalse
                        high
                        onenoteonlinesync.onenote.com
                        unknown
                        unknownfalse
                          high
                          augloop.office.com
                          unknown
                          unknownfalse
                            high
                            c.live.com
                            unknown
                            unknownfalse
                              high
                              storage.live.com
                              unknown
                              unknownfalse
                                high
                                ajax.aspnetcdn.com
                                unknown
                                unknownfalse
                                  high
                                  clients2.google.com
                                  unknown
                                  unknownfalse
                                    high
                                    onedrive.live.com
                                    unknown
                                    unknownfalse
                                      high
                                      p.sfx.ms
                                      unknown
                                      unknownfalse
                                        high
                                        spoprod-a.akamaihd.net
                                        unknown
                                        unknownfalse
                                          high
                                          www.onenote.com
                                          unknown
                                          unknownfalse
                                            high
                                            messaging.engagement.office.com
                                            unknown
                                            unknownfalse
                                              high
                                              NameMaliciousAntivirus DetectionReputation
                                              https://onedrive.live.com/redir?resid=49DB1C6F4CE3ADF7%21121&authkey=%21AInOf-r72NbijR0&page=View&wd=target%28Quick%20Notes.one%7C09c202ac-b53c-486e-b917-feeea66d027e%2FPROPOSAL%7C2fb3d88b-1f2f-42b6-8f97-4520dc81c8f2%2F%29&wdorigin=NavigationUrlfalse
                                              • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                              high
                                              https://appdaptsites.co.za/brighter/false
                                              • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                              high
                                              https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/bootstrap.jsfalse
                                                high
                                                https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/css.cssfalse
                                                  high
                                                  https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/bootstrap_002.jsfalse
                                                    high
                                                    https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/jquery.jsfalse
                                                      high
                                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                                        high
                                                        https://appdaptsites.co.za/favicon.icofalse
                                                          high
                                                          https://appdaptsites.co.za/brighter/false
                                                          • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                                          high
                                                          https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/bootstrap.cssfalse
                                                            high
                                                            https://onedrive.live.com/view.aspx?resid=49DB1C6F4CE3ADF7!121&authkey=!AInOf-r72NbijR0false
                                                            • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                                            high
                                                            https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/jquery-3.jsfalse
                                                              high
                                                              http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfAfalse
                                                                high
                                                                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                                                                  high
                                                                  https://appdaptsites.co.za/brighter/Sharing%20Link%20Validation_files/popper.jsfalse
                                                                    high
                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs
                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    196.40.97.163
                                                                    appdaptsites.co.zaSouth Africa
                                                                    37153xneeloZAfalse
                                                                    142.250.185.206
                                                                    clients.l.google.comUnited States
                                                                    15169GOOGLEUSfalse
                                                                    204.79.197.200
                                                                    dual-a-0001.a-msedge.netUnited States
                                                                    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                    13.107.6.171
                                                                    b-0016.b-msedge.netUnited States
                                                                    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                    142.250.184.205
                                                                    accounts.google.comUnited States
                                                                    15169GOOGLEUSfalse
                                                                    13.105.66.144
                                                                    i-am4p-cor001.api.p001.1drv.comUnited States
                                                                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                    13.107.42.12
                                                                    1drv.msUnited States
                                                                    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                    239.255.255.250
                                                                    unknownReserved
                                                                    unknownunknownfalse
                                                                    142.250.185.196
                                                                    unknownUnited States
                                                                    15169GOOGLEUSfalse
                                                                    IP
                                                                    192.168.2.1
                                                                    127.0.0.1
                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                    Analysis ID:756227
                                                                    Start date and time:2022-11-29 20:58:15 +01:00
                                                                    Joe Sandbox Product:CloudBasic
                                                                    Overall analysis duration:0h 4m 2s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:light
                                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                    Sample URL:http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA
                                                                    Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                                                    Number of analysed new started processes analysed:10
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • HDC enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Detection:MAL
                                                                    Classification:mal72.phis.win@29/0@23/11
                                                                    EGA Information:Failed
                                                                    HDC Information:Failed
                                                                    HCA Information:
                                                                    • Successful, ratio: 100%
                                                                    • Number of executed functions: 0
                                                                    • Number of non-executed functions: 0
                                                                    • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
                                                                    • TCP Packets have been reduced to 100
                                                                    • Excluded IPs from analysis (whitelisted): 40.126.32.136, 40.126.32.72, 20.190.160.17, 40.126.32.74, 20.190.160.22, 20.190.160.20, 40.126.32.138, 40.126.32.68, 40.126.32.133, 40.126.32.134, 20.190.160.14, 142.250.186.67, 13.107.42.13, 34.104.35.123, 2.16.241.80, 2.16.241.83, 13.95.147.73, 88.221.169.199, 52.109.89.78, 13.69.116.104, 20.234.93.27, 172.217.18.106, 142.250.74.202, 142.250.186.74, 142.250.185.170, 142.250.185.138, 172.217.23.106, 142.250.185.202, 142.250.185.74, 142.250.185.234, 216.58.212.170, 142.250.184.234, 142.250.186.170, 172.217.16.202, 142.250.185.106, 142.250.186.106, 142.250.184.202, 20.50.73.9, 52.111.240.16, 152.199.19.161, 2.16.238.159, 2.16.238.138, 52.109.76.126, 52.111.243.14, 40.126.32.140, 40.126.32.76, 184.24.2.183, 184.24.3.163, 152.199.19.160, 142.250.185.227, 52.111.243.19
                                                                    • Excluded domains from analysis (whitelisted): odwebp.trafficmanager.net, e2682.g.akamaiedge.net, slscr.update.microsoft.com, c1-wildcard.cdn.office.net-c.edgekey.net.globalredir.akadns.net, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, res-1.cdn.office.net, browser.events.data.trafficmanager.net, appsforoffice.microsoft.com.edgekey.net, www.tm.a.prd.aadg.trafficmanager.net, cdn.onenote.net.edgekey.net, augloop-prod-pd00.westeurope.cloudapp.azure.com, prod-campaignaggregator.omexexternallfb.office.net.akadns.net, login.live.com, update.googleapis.com, eu-office.events.data.microsoft.com, onenoteonlinesync.onenote.trafficmanager.net, www.bing.com, onedscolprdweu06.westeurope.cloudapp.azure.com, fs.microsoft.com, spoppe-b.ec.azureedge.net, content-autofill.googleapis.com, westeurope1-odwebp.cloudapp.net, osiprod-neu-celadon-000.northeurope.cloudapp.azure.com, reverseproxy.onenote.trafficmanager.net, www.tm.a.prd.aadg.akadns.net, e19254.dscg.akamaiedge.net, onedscolprdneu01.northeurope.cloudapp
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                    No simulations
                                                                    No context
                                                                    No context
                                                                    No context
                                                                    No context
                                                                    No context
                                                                    No created / dropped files found
                                                                    No static file info
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Nov 29, 2022 20:58:42.716931105 CET4969280192.168.2.313.107.42.12
                                                                    Nov 29, 2022 20:58:42.717200994 CET4969380192.168.2.313.107.42.12
                                                                    Nov 29, 2022 20:58:42.718436003 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:42.718493938 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:42.718576908 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:42.720043898 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:42.720081091 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:42.720396996 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:42.720455885 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:42.720549107 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:42.720777988 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:42.720807076 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:42.736819983 CET804969213.107.42.12192.168.2.3
                                                                    Nov 29, 2022 20:58:42.736911058 CET4969280192.168.2.313.107.42.12
                                                                    Nov 29, 2022 20:58:42.736982107 CET804969313.107.42.12192.168.2.3
                                                                    Nov 29, 2022 20:58:42.737036943 CET4969380192.168.2.313.107.42.12
                                                                    Nov 29, 2022 20:58:42.737582922 CET4969280192.168.2.313.107.42.12
                                                                    Nov 29, 2022 20:58:42.757195950 CET804969213.107.42.12192.168.2.3
                                                                    Nov 29, 2022 20:58:42.794739008 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:42.796108007 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:42.796153069 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:42.797441006 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:42.797539949 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:42.802316904 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:42.802685976 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:42.802706003 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:42.803184986 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:42.803262949 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:42.803646088 CET804969213.107.42.12192.168.2.3
                                                                    Nov 29, 2022 20:58:42.804027081 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:42.804120064 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:42.843658924 CET4969280192.168.2.313.107.42.12
                                                                    Nov 29, 2022 20:58:43.087194920 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:43.087284088 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.087441921 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:43.087460041 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.087629080 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.087730885 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:43.087794065 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.087850094 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:43.087862968 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.088193893 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.120177984 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.120347023 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:43.120392084 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.120443106 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.120526075 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:43.121881008 CET49695443192.168.2.3142.250.185.206
                                                                    Nov 29, 2022 20:58:43.121926069 CET44349695142.250.185.206192.168.2.3
                                                                    Nov 29, 2022 20:58:43.128674984 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:43.128720999 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.140055895 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.140235901 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:43.140279055 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.140547991 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:43.140621901 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:43.144618034 CET49694443192.168.2.3142.250.184.205
                                                                    Nov 29, 2022 20:58:43.144654036 CET44349694142.250.184.205192.168.2.3
                                                                    Nov 29, 2022 20:58:45.697762012 CET49708443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.697854996 CET4434970813.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.697968006 CET49708443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.698157072 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.698211908 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.698301077 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.698476076 CET49708443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.698504925 CET4434970813.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.698668957 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.698703051 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.712171078 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.712260962 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.712362051 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.712574005 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.712605000 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.845626116 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.846018076 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.846060991 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.847258091 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.847362041 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.849375963 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.849392891 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.849514961 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.849625111 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.849684000 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.849714994 CET49711443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.849725008 CET4434971113.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.862226963 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.863667011 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.863713026 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.866172075 CET4434970813.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.866457939 CET49708443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.866503000 CET4434970813.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.866559029 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.866664886 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.867027044 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.867043018 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.867192984 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.867525101 CET49709443192.168.2.313.107.6.171
                                                                    Nov 29, 2022 20:58:45.867544889 CET4434970913.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.869709015 CET4434970813.107.6.171192.168.2.3
                                                                    Nov 29, 2022 20:58:45.869837046 CET49708443192.168.2.313.107.6.171
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Nov 29, 2022 20:58:42.648577929 CET5918353192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:42.650408983 CET6458153192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:42.652430058 CET5275253192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:42.666460037 CET53591831.1.1.1192.168.2.3
                                                                    Nov 29, 2022 20:58:42.667942047 CET53645811.1.1.1192.168.2.3
                                                                    Nov 29, 2022 20:58:42.670615911 CET53527521.1.1.1192.168.2.3
                                                                    Nov 29, 2022 20:58:42.813381910 CET6399553192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:43.709613085 CET5988953192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:44.795058012 CET6232353192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:46.365263939 CET6173053192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:46.382596970 CET53617301.1.1.1192.168.2.3
                                                                    Nov 29, 2022 20:58:46.435731888 CET5430653192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:46.454617977 CET53543061.1.1.1192.168.2.3
                                                                    Nov 29, 2022 20:58:46.532649040 CET6428753192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:50.168251991 CET6063353192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:54.819307089 CET6115353192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:55.119458914 CET6264153192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:55.922353029 CET6478253192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:56.093806982 CET5223053192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:56.217138052 CET5694353192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:56.611047983 CET4939253192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:58:57.895622015 CET5767353192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:59:01.870812893 CET5404453192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:59:02.447354078 CET53540441.1.1.1192.168.2.3
                                                                    Nov 29, 2022 20:59:02.495793104 CET5337253192.168.2.31.1.1.1
                                                                    Nov 29, 2022 20:59:57.739254951 CET5443953192.168.2.31.1.1.1
                                                                    Nov 29, 2022 21:00:19.740616083 CET5308253192.168.2.31.1.1.1
                                                                    Nov 29, 2022 21:00:46.463978052 CET6057553192.168.2.31.1.1.1
                                                                    Nov 29, 2022 21:00:46.483812094 CET53605751.1.1.1192.168.2.3
                                                                    Nov 29, 2022 21:00:46.485804081 CET4982653192.168.2.31.1.1.1
                                                                    Nov 29, 2022 21:00:46.504244089 CET53498261.1.1.1192.168.2.3
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Nov 29, 2022 20:58:42.648577929 CET192.168.2.31.1.1.10x4966Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.650408983 CET192.168.2.31.1.1.10xef28Standard query (0)1drv.msA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.652430058 CET192.168.2.31.1.1.10xfc87Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.813381910 CET192.168.2.31.1.1.10xacf6Standard query (0)onedrive.live.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:43.709613085 CET192.168.2.31.1.1.10x1d67Standard query (0)onedrive.live.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:44.795058012 CET192.168.2.31.1.1.10xa435Standard query (0)p.sfx.msA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:46.365263939 CET192.168.2.31.1.1.10x739dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:46.435731888 CET192.168.2.31.1.1.10xc46Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:46.532649040 CET192.168.2.31.1.1.10xcbbeStandard query (0)onenoteonlinesync.onenote.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:50.168251991 CET192.168.2.31.1.1.10x3c1bStandard query (0)c.live.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:54.819307089 CET192.168.2.31.1.1.10x7179Standard query (0)messaging.engagement.office.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.119458914 CET192.168.2.31.1.1.10x90c8Standard query (0)spoprod-a.akamaihd.netA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.922353029 CET192.168.2.31.1.1.10xb585Standard query (0)storage.live.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:56.093806982 CET192.168.2.31.1.1.10xa70eStandard query (0)www.onenote.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:56.217138052 CET192.168.2.31.1.1.10x160cStandard query (0)augloop.office.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:56.611047983 CET192.168.2.31.1.1.10x2d20Standard query (0)ajax.aspnetcdn.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:57.895622015 CET192.168.2.31.1.1.10x1d75Standard query (0)p.sfx.msA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:01.870812893 CET192.168.2.31.1.1.10x141dStandard query (0)appdaptsites.co.zaA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:02.495793104 CET192.168.2.31.1.1.10xe79aStandard query (0)storage.live.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:57.739254951 CET192.168.2.31.1.1.10x7379Standard query (0)www.onenote.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 21:00:19.740616083 CET192.168.2.31.1.1.10xd585Standard query (0)augloop.office.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 21:00:46.463978052 CET192.168.2.31.1.1.10x4948Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 21:00:46.485804081 CET192.168.2.31.1.1.10x185fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Nov 29, 2022 20:58:42.666460037 CET1.1.1.1192.168.2.30x4966No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.666460037 CET1.1.1.1192.168.2.30x4966No error (0)clients.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.667942047 CET1.1.1.1192.168.2.30xef28No error (0)1drv.ms13.107.42.12A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.670615911 CET1.1.1.1192.168.2.30xfc87No error (0)accounts.google.com142.250.184.205A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:42.831137896 CET1.1.1.1192.168.2.30xacf6No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:43.727652073 CET1.1.1.1192.168.2.30x1d67No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:44.815952063 CET1.1.1.1192.168.2.30xa435No error (0)p.sfx.msodwebp.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:45.655867100 CET1.1.1.1192.168.2.30xde3eNo error (0)onenote.wac.trafficmanager.net.b-0016.b-dc-msedge.net.b-0016.b-msedge.netb-0016.b-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:45.655867100 CET1.1.1.1192.168.2.30xde3eNo error (0)b-0016.b-msedge.net13.107.6.171A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:46.382596970 CET1.1.1.1192.168.2.30x739dNo error (0)www.google.com172.217.18.100A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:46.454617977 CET1.1.1.1192.168.2.30xc46No error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:46.551220894 CET1.1.1.1192.168.2.30xcbbeNo error (0)onenoteonlinesync.onenote.comonenoteonlinesync.onenote.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:50.189974070 CET1.1.1.1192.168.2.30x3c1bNo error (0)c.live.comc.msn.comCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:50.189974070 CET1.1.1.1192.168.2.30x3c1bNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:50.586435080 CET1.1.1.1192.168.2.30x9f0No error (0)c-bing-com.a-0001.a-msedge.netdual-a-0001.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:50.586435080 CET1.1.1.1192.168.2.30x9f0No error (0)dual-a-0001.a-msedge.net204.79.197.200A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:50.586435080 CET1.1.1.1192.168.2.30x9f0No error (0)dual-a-0001.a-msedge.net13.107.21.200A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:54.839752913 CET1.1.1.1192.168.2.30x7179No error (0)messaging.engagement.office.comprod-campaignaggregator.omexexternallfb.office.net.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.141391993 CET1.1.1.1192.168.2.30x90c8No error (0)spoprod-a.akamaihd.netspoprod-a.akamaihd.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.941742897 CET1.1.1.1192.168.2.30xb585No error (0)storage.live.comcommon-geo.ha.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.941742897 CET1.1.1.1192.168.2.30xb585No error (0)common-geo.ha.1drv.comcommon-geo.onedrive.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.941742897 CET1.1.1.1192.168.2.30xb585No error (0)am4pcor001-com.be.1drv.comi-am4p-cor001.api.p001.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:55.941742897 CET1.1.1.1192.168.2.30xb585No error (0)i-am4p-cor001.api.p001.1drv.com13.105.66.144A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:56.112489939 CET1.1.1.1192.168.2.30xa70eNo error (0)www.onenote.comreverseproxy.onenote.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:56.237684011 CET1.1.1.1192.168.2.30x160cNo error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:56.629834890 CET1.1.1.1192.168.2.30x2d20No error (0)ajax.aspnetcdn.commscomajax.vo.msecnd.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:58:57.918621063 CET1.1.1.1192.168.2.30x1d75No error (0)p.sfx.msodwebp.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:02.447354078 CET1.1.1.1192.168.2.30x141dNo error (0)appdaptsites.co.za196.40.97.163A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:02.514467955 CET1.1.1.1192.168.2.30xe79aNo error (0)storage.live.comcommon-geo.ha.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:02.514467955 CET1.1.1.1192.168.2.30xe79aNo error (0)common-geo.ha.1drv.comcommon-geo.onedrive.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:02.514467955 CET1.1.1.1192.168.2.30xe79aNo error (0)dub06pcor001-com.be.1drv.comi-dub06p-cor001.api.p001.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:02.514467955 CET1.1.1.1192.168.2.30xe79aNo error (0)i-dub06p-cor001.api.p001.1drv.com20.135.20.1A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:48.863146067 CET1.1.1.1192.168.2.30xfc3dNo error (0)onenote.wac.trafficmanager.net.b-0016.b-dc-msedge.net.b-0016.b-msedge.netb-0016.b-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:48.863146067 CET1.1.1.1192.168.2.30xfc3dNo error (0)b-0016.b-msedge.net13.107.6.171A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 20:59:57.758727074 CET1.1.1.1192.168.2.30x7379No error (0)www.onenote.comreverseproxy.onenote.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 21:00:19.760790110 CET1.1.1.1192.168.2.30xd585No error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                    Nov 29, 2022 21:00:46.483812094 CET1.1.1.1192.168.2.30x4948No error (0)www.google.com142.250.186.68A (IP address)IN (0x0001)false
                                                                    Nov 29, 2022 21:00:46.504244089 CET1.1.1.1192.168.2.30x185fNo error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
                                                                    • accounts.google.com
                                                                    • clients2.google.com
                                                                    • https:
                                                                      • onenote.officeapps.live.com
                                                                      • c.bing.com
                                                                      • storage.live.com
                                                                      • appdaptsites.co.za
                                                                      • www.bing.com
                                                                    • 1drv.ms

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:20:58:38
                                                                    Start date:29/11/2022
                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://1drv.ms/u/s!Avet40xvHNtJeYnOf-r72NbijR0?e=jLZzfA
                                                                    Imagebase:0x7ff6566b0000
                                                                    File size:2852640 bytes
                                                                    MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low

                                                                    Target ID:1
                                                                    Start time:20:58:40
                                                                    Start date:29/11/2022
                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1784,i,14432860437327741238,17742013553884360258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                                                    Imagebase:0x7ff6566b0000
                                                                    File size:2852640 bytes
                                                                    MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low

                                                                    No disassembly