Windows Analysis Report
https://friwin2.z13.web.core.windows.net/

Overview

General Information

Sample URL:	https://friwin2.z13.web.core.windows.net/
Analysis ID:	1432425
Infos:

Detection

TechSupportScam

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected TechSupportScam

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://friwin2.z13.web.core.windows.net/

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://friwin2.z13.web.core.windows.net/

Matcher: Template: microsoft matched with high similarity

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.16.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML
Source: Yara match	File source: 0.14.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_199, type: DROPPED

Form action URLs do not match main URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true

HTTP Parser: Form action: https://support.microsoft.com/signin-oidc microsoftonline microsoft

Found iframes

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Redirecting does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=745ba5e7-ce0d-43bd-3b23-40eabc1d3f15&partnerId=smcconvergence&idpflag=proxy	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49790 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /postback?format=img&sum={replace} HTTP/1.1Host: m03lm.rdtk.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /57319e009c52c0bc56e39866/default HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://friwin2.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /code?code=a7400ed6d3f8ef9dff8b932728043756 HTTP/1.1Host: edgecdn.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_3t7NOYeExpPOIPRYbFaWvA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_5BiUVwve_jNbxMN6Aaj8bg2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-vendor.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-main.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-vendors.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-common.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-app.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-runtime.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://friwin2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/languages/en.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrt5L HTTP/1.1Host: vsa68.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: +DtjxrS8jztDXLI7L4IzFw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/min-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/bubble-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/message-preview.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/max-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrtna HTTP/1.1Host: vsa68.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 91Rs1pJhnhdsuOYnb8XnGg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySru9f HTTP/1.1Host: vsa102.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 3dEmg6DNvBboLdgu6HPNtQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrvU6 HTTP/1.1Host: vsa33.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: E51U3Fz5FUf2F5/9TmH0Kw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrwTs HTTP/1.1Host: vsa33.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 8Am3rDbbWqm+n0MmB3PIjA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_165.2.dr

String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: m03lm.rdtk.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: embed.tawk.to
Source: global traffic	DNS traffic detected: DNS query: edgecdn.dev
Source: global traffic	DNS traffic detected: DNS query: userstatics.com
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: support.content.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: va.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa68.tawk.to
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: vsa102.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa33.tawk.to
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Source: unknown

HTTP traffic detected: POST /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveContent-Length: 195sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/json; charset=utf-8Accept: */*Origin: https://friwin2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_227.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_227.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_206.2.dr, chromecache_202.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_141.2.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_199.2.dr	String found in binary or memory: http://www.hitsteps.com/
Source: chromecache_165.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_165.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_141.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: chromecache_141.2.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
Source: chromecache_141.2.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: chromecache_165.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_199.2.dr	String found in binary or memory: https://edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756
Source: chromecache_199.2.dr	String found in binary or memory: https://embed.tawk.to/57319e009c52c0bc56e39866/default
Source: chromecache_131.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-arr-find-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-entries-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-event-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-iterator-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-object-values-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-promise-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js
Source: chromecache_220.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_125.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_125.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_125.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_141.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_139.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_139.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_141.2.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_141.2.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_165.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_165.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_141.2.dr	String found in binary or memory: https://products.office.com/en-us/home
Source: chromecache_141.2.dr	String found in binary or memory: https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams
Source: chromecache_141.2.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Source: chromecache_165.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_165.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_165.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_165.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_165.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_165.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_199.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-4FXBGDDKSQ
Source: chromecache_165.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_141.2.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_178.2.dr, chromecache_187.2.dr	String found in binary or memory: https://www.tawk.to/?utm_source=tawk-messenger&utm_medium=link&utm_campaign=referral&utm_term=57319e
Source: chromecache_141.2.dr	String found in binary or memory: https://www.xbox.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49790 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.16.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML
Source: Yara match	File source: 0.14.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_199, type: DROPPED

Source: classification engine

Classification label: mal64.phis.win@21/218@46/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2020,i,10895461938143384577,13357170919498850915,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://friwin2.z13.web.core.windows.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2020,i,10895461938143384577,13357170919498850915,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.22.25.131	embed.tawk.to	United States	13335	CLOUDFLARENETUS	false
207.244.126.81	wdc.rdtk.io	United States	30633	LEASEWEB-USA-WDCUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.22.24.131	vsa33.tawk.to	United States	13335	CLOUDFLARENETUS	false
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
172.67.193.253	edgecdn.dev	United States	13335	CLOUDFLARENETUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.53.38	userstatics.com	United States	13335	CLOUDFLARENETUS	false
172.67.38.66	va.tawk.to	United States	13335	CLOUDFLARENETUS	false
142.251.41.4	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.1.229	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
edgecdn.dev	172.67.193.253	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
embed.tawk.to	104.22.25.131	true
va.tawk.to	172.67.38.66	true
userstatics.com	104.21.53.38	true
vsa33.tawk.to	104.22.24.131	true
vsa102.tawk.to	104.22.24.131	true
wdc.rdtk.io	207.244.126.81	true
www.google.com	142.251.41.4	true
cs1227.wpc.alphacdn.net	192.229.211.199	true
part-0012.t-0009.t-msedge.net	13.107.213.40	true
vsa68.tawk.to	104.22.24.131	true
js.monitor.azure.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
assets.onestore.ms	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown
mem.gfx.ms	unknown	unknown
m03lm.rdtk.io	unknown	unknown
c.s-microsoft.com	unknown	unknown
support.content.office.net	unknown	unknown
login.microsoftonline.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://embed.tawk.to/57319e009c52c0bc56e39866/default	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js	false	Avira URL Cloud: safe	unknown
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/max-widget.css	false		high
about:blank	false	Avira URL Cloud: safe	low
https://m03lm.rdtk.io/postback?format=img&sum={replace}	false	Avira URL Cloud: safe	unknown
https://edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756	false	Avira URL Cloud: safe	unknown
https://vsa102.tawk.to/s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySru9f	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js	false		high
https://va.tawk.to/v1/session/start	false		high
https://vsa33.tawk.to/s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrwTs	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js	false		high
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js	false		high
https://va.tawk.to/v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/bubble-widget.css	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/min-widget.css	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meCore.min.js	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	false	URL Reputation: safe	unknown
https://embed.tawk.to/_s/v4/app/6625f366c87/languages/en.js	false		high
https://vsa33.tawk.to/s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrvU6	false		high
https://vsa68.tawk.to/s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrtna	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js	false		high
https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js	false		high
https://vsa68.tawk.to/s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrt5L	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js	false		high
https://logincdn.msftauth.net/16.000/content/js/MeControl_5BiUVwve_jNbxMN6Aaj8bg2.js	false	Avira URL Cloud: safe	unknown
https://embed.tawk.to/_s/v4/assets/images/attention-grabbers/62-r-br.svg	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/message-preview.css	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 120	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 121	ASCII text, with very long lines (34235), with CRLF, LF line terminators	6FE3DD83A0D98BC1977F57EA33C37693	8DF606F40E4CC8C07CE929D5A82FD5304EAF4EB7	A5268A183F2A091D2D17773997E89A25FC45CBD60E586EDF61F544FB85D6F6A8
Chrome Cache Entry: 122	PNG image data, 66 x 68, 8-bit colormap, non-interlaced	0E9558D2D6E8000CE5C6C749C8FC67C2	F7BA9490807EF70BB6195150D6287CD54B7FEFD0	91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
Chrome Cache Entry: 123	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced	BF2B460590FBB9D8E9611A6E9006B816	561E1DAB259D61E798B3CE380527B71B61074FF3	EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
Chrome Cache Entry: 124	ASCII text, with very long lines (52717), with no line terminators	413FCC759CC19821B61B6941808B29B5	1AD23B8A202043539C20681B1B3E9F3BC5D55133	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
Chrome Cache Entry: 125	ASCII text, with very long lines (59765)	02D223393E00C273EFDCB1ADE8F4F8B1	0CC93B8421D89C24A889642428B363CB831DE78A	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
Chrome Cache Entry: 126	ASCII text, with CRLF line terminators	DA6AACC1CA8EAA4902D9FEE5C9C984B7	A06F41817583CE6182DD7121460C0BD16EA8B088	989120D05B8F3D703FD6E63B49B94845D7E038D536DD27723619E1F00623683F
Chrome Cache Entry: 127	PNG image data, 63 x 70, 8-bit colormap, non-interlaced	2CD03A547F00CAD010F9038619DF45DE	912F919836A77A514C76B990ACEAF5E930A24024	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
Chrome Cache Entry: 128	ASCII text, with CRLF, LF line terminators	7F37A030886EC7FCE1D065EC482789EE	661AD608AC1513E2CCDEC4CD55EB552A8604C8F6	75B20E74E3EFFA00E4B62B9DA6DF7D7542D91CB4B50078B8365112D556A73A7E
Chrome Cache Entry: 129	PNG image data, 77 x 63, 8-bit colormap, non-interlaced	B0495EDE4C875843FEC037C794E9FF9A	C813AEFBA255A5CC53AEA7811F987CCB551C3128	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
Chrome Cache Entry: 130	Unicode text, UTF-8 text, with very long lines (65464)	1C73B4EB89BBE24ECF154B671DDBCAFC	75E59EC09164B620648BE5CC80048372E6C62AA5	972DE8C5257C5C31F0AE45016595089022E4F82E766CEC78FB40C997BFBAC75F
Chrome Cache Entry: 131	ASCII text, with very long lines (2306), with no line terminators	D1DC816C161B3A7313B3D42F478F140A	66E30073FF65F5B96FED00992224F97DD93453BC	CC6265BB78FC4F136D1E4843B385D90A1FABA320821361B71895DCAF2077630F
Chrome Cache Entry: 132	ASCII text, with very long lines (513), with no line terminators	602C381194795DFC124FACDF48492EF1	90D594B7B5AF217824F2974514548C95FECFBFA5	BF450798FB52E2458A1E10749577E5334F3E1D7907A47FDFEA5430CB71FA19E6
Chrome Cache Entry: 133	ASCII text, with very long lines (65398)	107489D1ED6BE77BFD69EBE4D7B52B6D	FD56DF206A1DD0223D6D18ADAC841582282A346E	3BBC0000E28054DDBE38B2E7A21DCA8D66FDA56EA48448BCE4658BC6B518A970
Chrome Cache Entry: 134	ASCII text, with very long lines (65536), with no line terminators	AA429D098305EFEB3D236B3872F2DA79	E0D6E416EB7C1C8F10EC76F835EDA23D5C1D0AB0	5285275760CE24F97FC85A2AA7A705E2BFCDEBE875A6028441382D2CA36B3F1C
Chrome Cache Entry: 135	ASCII text, with no line terminators	EC331136E75314D2030EE013B6069921	6B7428B8B15616A67F767D42964AF94FCBE2A803	A7358DF6B7B60280F2A0D7CD5B70A9F1DFA4FCE5C31FB1A24FB2F109AF7EE977
Chrome Cache Entry: 136	Unicode text, UTF-8 text, with very long lines (56143)	E9ED45828A949A28F4649E3D60FD988D	CB7DD7DCD50AA7D58C60DEF4E9AFFC94CF86899F	F797881FAA013B18996C6076A21397D8318CF5FD31B9659FD960592F1877CFAE
Chrome Cache Entry: 137	ASCII text, with no line terminators	DC28AC9CFEB60489659B8E3AC000F0EC	710CB7651F17BF067A5EA5E430940D24F2E124EA	697CFE98DE5737B36C0BAA405810255626C528F8CCA6B835F9A0EC1E6E03D7C0
Chrome Cache Entry: 138	ASCII text, with very long lines (65464)	44934D48F839E3143311BC044E6E0D89	A96C3D95BE19A80330977ACEAD67FD9B92AC6E4B	500D20E95A2ED662891673D812FE9A71E2E2C31B170BCD331C33B97114879FA6
Chrome Cache Entry: 139	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 140	ASCII text, with very long lines (2674)	468D4ACC570CFFC7101AC8A63514AD31	6983E89B6EC798B5B8C2B3B76D9311808437B572	B4B342F2025799CA602A75590B324E7493B0903726720BCE4CA793207C83255C
Chrome Cache Entry: 141	HTML document, ASCII text, with very long lines (955), with CRLF line terminators	85DE642E1467807F64F7E10807DF3869	C795B490811C0E5A1A8F3C3F620AAB9F00C34F07	5965B2C5472AACA1CD66EA5B0D07A971B961FEE72FC27EB1F6C760042084B21B
Chrome Cache Entry: 142	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 143	ASCII text, with very long lines (1877), with no line terminators	DCD61EE564F0AAA6F4304F2B12FA08B9	114BB27FB0B7127541B5DB9F33ED2CC1EA42C101	7EDE728A94FE48F55CE32325E302BD3E73135EA85552B5096683D056B6038D42
Chrome Cache Entry: 144	ASCII text, with very long lines (32014)	7BB7AAC0CAC89A90304AF1C72EB4F50D	729F6F8CA5787D89743B0ED7EB27FD76406BF985	F5C06455E539DCD889F7F05D709B5ADC76C444099FE57F431365AF2FC57E803B
Chrome Cache Entry: 145	ASCII text, with very long lines (65394)	06423867592D7246B2509B064482709F	4FF499E171F2B154DCDD0AB94F843CDE151BEA4A	B797BAA552116E4BA21EAD29F41A4258E3B04DB8DA18E796CE571F05D54D59C5
Chrome Cache Entry: 146	ASCII text	9D96D694079AF413F073FE36DDBB8542	1539453060585121DB9E797C1636B91A535E60F7	0DAFE30F37039D8C53A70C12F09A00A5DB144F1D1175E7ECBC4500ACEE4082DC
Chrome Cache Entry: 147	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3	4BF52EB9B3EFCE840ADD1A90D83A40E5	6348A7617DFCE3165E07AF53A48DF7892D62FFE1	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
Chrome Cache Entry: 148	ASCII text, with very long lines (4370), with no line terminators	5F05B23BAD0F2D477C4E6B9266F99A74	E6CC0BE0A86B8330B4FD16CE8EB27614FB313B40	70099F944DDCE86C3B9E24CE88C3C489EF4C63CEF20C4DA64A5DC33BBFE36512
Chrome Cache Entry: 149	GIF image data, version 89a, 193 x 71	6FCB78E0CD7933A70EEA2CF071F82118	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
Chrome Cache Entry: 150	ASCII text, with very long lines (65536), with no line terminators	7B3A8EB2DF127E5D0870E11C116A5F8F	3A7EC51120E9EC70911C3B5554DEC5AA5FD61168	6BFD174274D9ACE1C7E8B7B66F8AE0C33D263AF788ED989561E9E43D46622482
Chrome Cache Entry: 151	ASCII text	2856B9008B89D67BE19D586E43AE8521	D47AC3F1328FB58B19584D77D2E3ACC93663FB10	19E9AAA12F8478366B3707FF49B0E3CFC4818F9343B48F5D43890C943D1B1A3D
Chrome Cache Entry: 152	Web Open Font Format (Version 2), TrueType, length 29588, version 0.0	F04217F47619AC51664E7A65B3F77B48	C32C07C33BA8850F282492B2BD38BE170B556541	5975DEA100208142BB9CBD2AE15E1BAE43213598A2A4496E42C4BAEC3BD50A61
Chrome Cache Entry: 153	PNG image data, 77 x 72, 8-bit colormap, non-interlaced	D648C1837D01495ECCD63E053491F72A	991D8F6C72777239472410D6129FD5F25ED9D134	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
Chrome Cache Entry: 154	PNG image data, 27 x 28, 8-bit colormap, non-interlaced	35629CC2ADC804353A548305F1217206	CDA6E89C5F6A644683AEA6999A5D11E00DC64275	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
Chrome Cache Entry: 155	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x450, components 3	3662E8423DBF93ECBB554A07F3E99EB3	F3B749D5D61F5924942FA6C8DEBC82459461CD1F	56E33BDB5B225FF31A5CA86D04B08D483D60D7078C2254818DD7FF96CC7933E3
Chrome Cache Entry: 156	assembler source, ASCII text, with very long lines (1266)	6EF2560453A7B6BFF8EA7EC4265A9816	1ED7044A0579BB751B10BA7353A36E9D208C659E	A072681FF11D60E33EB625E1D75E828542F80C9362D905C3EB9626063E27B4CC
Chrome Cache Entry: 157	Unicode text, UTF-8 text, with very long lines (65458)	5FF5B56DD253D3FD717915B2773593D3	3FCB89ABD877241F130E2712B54233763D0D2B03	162951E9132B74BF11C97D7F234D998954DF2729C604E2925291A28699ACA260
Chrome Cache Entry: 158	ASCII text, with very long lines (535), with no line terminators	C506281367048D4A134C9AFFBC68C8C6	FFA331EB81694501D6FF64AE2D1F7E667529C3BA	7E0A886153A50F34ADEB6D141B542D08A6338C5E3BADA9FC3CCF88D0580356DF
Chrome Cache Entry: 159	PNG image data, 800 x 450, 8-bit colormap, non-interlaced	0AC986FEEE19E0644C89FD1FC4FBD61A	41D0C5BF6D6B2E5CE0CC5D58790BD22041F4EEEA	0BDA9E3CD6F539197F34CED03402C52C60BC1AAC4260B1799E79576F0A54663E
Chrome Cache Entry: 160	ASCII text, with very long lines (3771)	3AC61FD106DD3E7BCF5701D2B67BF612	F1C42D74CC3CDD638A95E40BE4F42494ADCDF515	969FA8125179E9F1DC817837FF7D77EA66BAF9D221E26C8AC58998270E54C4A9
Chrome Cache Entry: 161	HTML document, ASCII text, with very long lines (321), with no line terminators	F6BB81F2DE2AB9DCF8329E9103971ABE	4764E2E200CED765BFA533A578D1872D0CE9ACBF	C0EBFAF922E0C0F8D277C34F9002F1D2B56816E8672C71E0A50F8A2BB0135400
Chrome Cache Entry: 162	PNG image data, 77 x 72, 8-bit colormap, non-interlaced	D648C1837D01495ECCD63E053491F72A	991D8F6C72777239472410D6129FD5F25ED9D134	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
Chrome Cache Entry: 163	SVG Scalable Vector Graphics image	9F9370510AE706972F6BCA868CD18E3E	969B1F3FBF8D448E51E1D1ED5329540B1A9B77D1	3CF0BE5FFCD530F43FA3A3B316EDDCF5C9A064C883432032415F462DF545D79D
Chrome Cache Entry: 164	Unicode text, UTF-8 text, with very long lines (64241)	B7AF9FB8EB3F12D3BAA37641537BEDC2	A3FBB622FD4D19CDB371F0B71146DD9F2605D8A4	928ACFBA36CCD911340D2753DB52423F0C7F6FEAA72824E2A1EF6F5667ED4A71
Chrome Cache Entry: 165	ASCII text, with very long lines (5945)	ECBF350B2E5CFA91CA14E243D1783677	FD75ECAFC23372DDB4023B4A6EFEB31E2021C660	82853D5F5C3423970F0AE538134C34397E64A2C5ABA9C86282B085935072D6E1
Chrome Cache Entry: 166	ASCII text, with very long lines (18229), with no line terminators	6BF62C737DEC7D16542425992BE5986C	7F5EC461A46E4526FCF8ED0A24F758BD0168E5B0	2DEAAE9C5E06DF6C98B9775E2A5FBB66EAB1A591458F9D1982E8F0E350FDB59E
Chrome Cache Entry: 167	ASCII text, with very long lines (9929), with no line terminators	70AEC2DD89CAC4933594C25B71D61F46	3DFE6F517BD57ABBEA46DD4DA776E80270D9DB5F	CD50385CEF163EB376D93E7B1E07FE467DE23B60C98373F7D69448214D3E9CDD
Chrome Cache Entry: 168	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 169	PNG image data, 63 x 70, 8-bit colormap, non-interlaced	2CD03A547F00CAD010F9038619DF45DE	912F919836A77A514C76B990ACEAF5E930A24024	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
Chrome Cache Entry: 170	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 171	PNG image data, 27 x 28, 8-bit colormap, non-interlaced	35629CC2ADC804353A548305F1217206	CDA6E89C5F6A644683AEA6999A5D11E00DC64275	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
Chrome Cache Entry: 172	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced	BE42AD7752720327D28BF52DBDBB64C2	F4CCE31B9236319AA9C87FEE038638D1DE12C07D	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
Chrome Cache Entry: 173	ASCII text, with very long lines (30651)	A7B3E42431F6C12C64F0592929CD696C	8C22C84F365F9ED967818D17FF7A6F307B731AE6	488034B909CF93338DC893E981761F87CEAEACF570032935255C3C39D5EAB366
Chrome Cache Entry: 174	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced	BF2B460590FBB9D8E9611A6E9006B816	561E1DAB259D61E798B3CE380527B71B61074FF3	EE4BC5FE81FA7C1E8497D79C9C8A96485DF217092D334E9B48FA8840FED11D03
Chrome Cache Entry: 175	ASCII text, with very long lines (699), with no line terminators	838903127A65EC440893B4945C40CA4A	827F3E5341F56FA4473D53B788AF41EC6BF21B8B	89F08C4A66C9A737C6155B8313E87B36687FE65BFC9A1BA1783AEACE487BCDE3
Chrome Cache Entry: 176	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x450, components 3	3662E8423DBF93ECBB554A07F3E99EB3	F3B749D5D61F5924942FA6C8DEBC82459461CD1F	56E33BDB5B225FF31A5CA86D04B08D483D60D7078C2254818DD7FF96CC7933E3
Chrome Cache Entry: 177	ASCII text, with very long lines (906), with no line terminators	1C5ECF371149FECA23BD895BA9DFEC4D	6F6213AE4C63D959441572D232F0425467ED05DE	FB193C2BCF1A14030CEA8D72BAA20AB7B1CF88F9E90ADB31895279BEEDF6BF84
Chrome Cache Entry: 178	JSON data	A91BD06948B589428DFA825D7B0CB4CB	F12307D1E696084535E87AE6A4A5490C69C8CF5A	8144D6E972F7EC12683996F7E7C4BB884F2FABA23EBDACC448185E2D042A5C78
Chrome Cache Entry: 179	Unicode text, UTF-8 (with BOM) text, with very long lines (64795), with no line terminators	0234943560422C35994AE97078BB3A28	646DD007262E7797C792FC834A9368CDC559C2AF	3E21B52B93B6F3F309AF1C4A312119900033F372E5E3CC4CA20EB99D30562615
Chrome Cache Entry: 180	PNG image data, 33 x 31, 8-bit colormap, non-interlaced	905D91C276116928FA306EA732723FA9	092604F6A8786E46A7DEE06065D29D2896FCF568	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
Chrome Cache Entry: 181	ASCII text, with no line terminators	4CF09A531C260F6F06378FD2521C1B24	CD708E55317C517E02C97C54D62E1F99952C5773	D8637AFC3E6A2A5512A1D6914980BA597263C1D015C8C6940ED04F59447F9D0E
Chrome Cache Entry: 182	Unicode text, UTF-8 (with BOM) text, with very long lines (10253), with no line terminators	48636ADB79C8C3722257AA3BA6B6EE15	2D56F155FCCBD3FBC4268D19C63FBA7CE63232B2	E9C4A6BB4F1BDDCA6DF0275E1EF52B386EF0EC88441A537007601DC17EF149B5
Chrome Cache Entry: 183	ASCII text, with no line terminators	39A19D0882684989864FA50BCED6A2D1	5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E	8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
Chrome Cache Entry: 184	PNG image data, 77 x 63, 8-bit colormap, non-interlaced	B0495EDE4C875843FEC037C794E9FF9A	C813AEFBA255A5CC53AEA7811F987CCB551C3128	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
Chrome Cache Entry: 185	ASCII text, with very long lines (40772), with no line terminators	96BE1F6983C01FE07004E163E0C6CE8A	46334521CA7C554FB7608E4E93CBA4C6FAC72F77	26C00C91AA26F8A81DC41FE7CA0DB1DFD849180200596138437F2CA57357DD0F
Chrome Cache Entry: 186	ASCII text, with very long lines (1685), with no line terminators	7E9EDAA648AC5BBD2AFB55847CDCDCF7	67644113FC5DEBC0131513C92F571AC7E876F2A5	C721BADC18FDBF15228470FF8C234A30DB5BB8CD9D710391FA696370B551F6B3
Chrome Cache Entry: 187	JSON data	A91BD06948B589428DFA825D7B0CB4CB	F12307D1E696084535E87AE6A4A5490C69C8CF5A	8144D6E972F7EC12683996F7E7C4BB884F2FABA23EBDACC448185E2D042A5C78
Chrome Cache Entry: 188	ASCII text, with very long lines (17287), with no line terminators	E41894570BDEFE335BC4C37A01A8FC6E	34D6F423170A67F9280BF4D21C02958E48F7D870	8894250AD2ACE3ACA911B3E12FA60F3D3300C1A36CF795D8C1F8AFC3EDB461F0
Chrome Cache Entry: 189	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced	51147EB9734C3C0CAF22AA77A80D96F0	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
Chrome Cache Entry: 190	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 191	ASCII text, with very long lines (24751), with no line terminators	D4F9AD34FAE3BA64CBC48057DC47E968	F8D0D55DC6E9B5D53F74B0B8BFC5E2EDBDB0618D	2B5B9F68ACE12B789B1371204754547021DCBF3E9DF630E7E22B49EE56E05B8C
Chrome Cache Entry: 192	HTML document, ASCII text, with very long lines (321), with no line terminators	B54249A50481AF6AFE091B2D6620D79C	C251ADAAC47B8E18ED8CF7E6E63B5367ADA23BF7	5CDC59B616816019D416F62AC5020B36B819E9278B6F8A5EF88A83783E72F1C8
Chrome Cache Entry: 193	Web Open Font Format, TrueType, length 26288, version 0.0	D0263DC03BE4C393A90BDA733C57D6DB	8A032B6DEAB53A33234C735133B48518F8643B92	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
Chrome Cache Entry: 194	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 195	Unicode text, UTF-8 text, with very long lines (64025)	292F566C910A37FDD1F543ABB604A1D7	BC7E96BDE6577542CCB9AA46F56A485D75206885	6ECCA904DE565690F31BA1D73926819805AF7EB63831BE328D15BBBA9B202C3C
Chrome Cache Entry: 196	ASCII text, with very long lines (13521), with no line terminators	950518E32FD92957181F766F08D3CF98	9FE20C86B818D3576E9D70E6ED091964CB8B7427	2F56F47D64037D5AA3A96B50C840580E5549FEE6F9FAFFF8AF3D1821D189FA5C
Chrome Cache Entry: 197	SVG Scalable Vector Graphics image	9F9370510AE706972F6BCA868CD18E3E	969B1F3FBF8D448E51E1D1ED5329540B1A9B77D1	3CF0BE5FFCD530F43FA3A3B316EDDCF5C9A064C883432032415F462DF545D79D
Chrome Cache Entry: 198	ASCII text, with very long lines (11139), with no line terminators	2C0A34EB401CADF7CBFF6278FEE2648E	DBE67F8390375E1C733D456B2F99573EF65557A0	46C6D4802A043D5E6E655091ECBB961110943825F54F74F5364AD786A234976E
Chrome Cache Entry: 199	HTML document, Unicode text, UTF-8 text, with very long lines (1266)	AE46A44F3FFE1089D2C92F34A2F58FA8	A11A3EC2989B1DE6F35F70D749897959A4AFF628	096929DB56DE366FCAE05741F503627AC5D47596B3CC2D306B599AF1E80CE654
Chrome Cache Entry: 200	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 201	ASCII text, with very long lines (1194), with no line terminators	8B0B345FF0FCDABBDB6BE5D760B1CE07	8E74F1A21EF56B0FBBE06A4008023E06F8AF6786	038FFB4CC72B4349FABC1252B5A71A94A86954DC2CA0D4695E492D45C57C3165
Chrome Cache Entry: 202	ASCII text, with very long lines (41651)	30B7C335C62E5269E2D35B8E8B9F44B4	C6D92B1516EB8F6D44AAF171FB24A1B2AADD0C4C	10733A5D876108F81C5F78EEE5C9760A739D89C52FA6180C4290B7F909F24346
Chrome Cache Entry: 203	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced	BE42AD7752720327D28BF52DBDBB64C2	F4CCE31B9236319AA9C87FEE038638D1DE12C07D	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
Chrome Cache Entry: 204	Unicode text, UTF-8 text, with very long lines (45900)	F00CFBA8F9859DFEFDFE90EA520C6FCF	B32E153588A287DE81050E327EB5BD7A90B04D99	977CC9882BA50763333DF64E98D26BC3C60A15D6EFA4A2C1FE70579985EDDF84
Chrome Cache Entry: 205	Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural	0116152611DD51432E852781F8CC7E82	2408D3D281B25649894F78A4E19F7F8A8AC735F9	FC59BBB18F923747B9CD3F3B23537FF09C5AD2FDFC1505A4800A3F269A234E65
Chrome Cache Entry: 206	ASCII text, with very long lines (42133)	B9C3E4320DB870036919F1EE117BDA6E	29B5A9066B5B1F1FE5AFE7EE986E80A49E86606A	A1FE019388875B696EDB373B51A51C0A8E3BAD52CD489617D042C0722BDB1E48
Chrome Cache Entry: 207	ASCII text, with very long lines (1789), with no line terminators	36A2C31F1954D2E8DD7AB64B3EA0B7C7	66CE8A4003FE074D92F5D5C08DE790D4E65ED34C	9DD6A969EC40D376F962D75EB16D2A7FFB473CDEEF55378B0CB7E5638BA87B14
Chrome Cache Entry: 208	ASCII text, with very long lines (65472)	3B341E35B39F6195793ECAF5DB7C1D63	3EF56ED9AC8BFBF5347DC4592653703F59763083	548669D6434F5204DCA25B9A6F8A02F63301B8C1B58A717B91FEC8B6C2918305
Chrome Cache Entry: 209	PNG image data, 33 x 31, 8-bit colormap, non-interlaced	905D91C276116928FA306EA732723FA9	092604F6A8786E46A7DEE06065D29D2896FCF568	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
Chrome Cache Entry: 210	ASCII text, with very long lines (4873), with no line terminators	ED927CF0F8A1BE103DF48446270416EE	F7B2BE7FC2B063AAC03E76DF9F3E19D615970213	EBDD298DFD39A35E5F54469F12953081A17CBEA55F3A4A79C0FD4997D804F7D5
Chrome Cache Entry: 211	ASCII text, with very long lines (15362)	62D0603255799B2717F54159C276AF48	97056DF066CB1687D7998F4186D3D06C3797ECA9	84468CCB19BCA093EFA79C9A0BC75FB49860472B18EEE1B1CC9D736A5947236F
Chrome Cache Entry: 212	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 148772	130A19BB38ACE100E5E92401AF67B998	9E593EF5EB526E9409F0D553E2E34C624002DCDD	500F918A951954C4728BD1D6C017BA056D1D8432E9AF37FCC57C415869BA19BB
Chrome Cache Entry: 213	ASCII text, with no line terminators	AD6D641AA24601811392120F3974D922	969B81A00DE6554484B6628ABD9309B43C374E83	502474C5BA706BF67F0252D44CC03C33B233C741C35F60DE2B26E1DF9051196A
Chrome Cache Entry: 214	ASCII text, with very long lines (32089)	397754BA49E9E0CF4E7C190DA78DDA05	AE49E56999D82802727455F0BA83B63ACD90A22B	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
Chrome Cache Entry: 215	Unicode text, UTF-8 (with BOM) text, with very long lines (65511), with no line terminators	F12733C5DA7923D982EF110C16700AF9	5EA567915D13F3F24E3B63D4C5E7253645351EF5	F8E25ACA94692ADE2E93ECEAF6E78B2A4604047C68D6871D27C1B35894CB5AB2
Chrome Cache Entry: 216	ASCII text, with very long lines (18963), with no line terminators	4F773FE8050DCFD8FD096E061EED08A7	0921110716284E797A40855B98B113B683FADB51	29704F658E0A24AF40A7EC9F1BA5800E7BF3366DE3FEAE6E044BD20C28C89018
Chrome Cache Entry: 217	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators	12DD1E4D0485A80184B36D158018DE81	EB2594062E90E3DCD5127679F9C369D3BF39D61C	A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
Chrome Cache Entry: 218	Web Open Font Format, TrueType, length 26288, version 0.0	D0263DC03BE4C393A90BDA733C57D6DB	8A032B6DEAB53A33234C735133B48518F8643B92	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
Chrome Cache Entry: 219	ASCII text, with no line terminators	E736E189EDB5D0D9D5B8E7F23DD9114A	BCABEE193F13756FA9154FC492FE420C47140343	13CF82E6F9D48221CD55F8B3C3D206F7BDB83F291034B478E484CCFEF7D500DD
Chrome Cache Entry: 220	GIF image data, version 89a, 193 x 71	6FCB78E0CD7933A70EEA2CF071F82118	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
Chrome Cache Entry: 221	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3	4BF52EB9B3EFCE840ADD1A90D83A40E5	6348A7617DFCE3165E07AF53A48DF7892D62FFE1	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
Chrome Cache Entry: 222	ASCII text, with no line terminators	DA5BB1DC647470204DF0E49F5AFAC2DE	F5CBF596CA5E4FE208E4C55AF6E45B71F9FEBBE8	705186BECC9E0A306A6B4867AE2768AA9DD3B8C12393D9F9C52029E9A6FCF31C
Chrome Cache Entry: 223	ASCII text, with very long lines (2230), with no line terminators	4D56AF8ACF934242A6D0C2D5FD5785E1	9D58373C57C53221C4762B87BDC186F6E38384D0	6F26F0CC605A8C789C557B2956CE78D147D5D2CC16D2F09B3A606306BCA3F4DE
Chrome Cache Entry: 224	ASCII text, with very long lines (32478)	20C129BEDB4A26DB02FC0F54D026C3F5	093B9D2728788DE24A728742070A348B2848573F	436ECC90FAB5ED1034B68A4A0E924E0132D93D9E7FB59B4FE23018EB7D9242C1
Chrome Cache Entry: 225	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 226	PNG image data, 800 x 450, 8-bit colormap, non-interlaced	0AC986FEEE19E0644C89FD1FC4FBD61A	41D0C5BF6D6B2E5CE0CC5D58790BD22041F4EEEA	0BDA9E3CD6F539197F34CED03402C52C60BC1AAC4260B1799E79576F0A54663E
Chrome Cache Entry: 227	ASCII text, with very long lines (27265)	FD1609EB97E739683ACF23120FD6F6C9	19B2E83FE8DF09B85E74835C398AEFEE816BDFCB	CE26D1B76DAE2F3B5D0CCC8D0ECD88D2EDB411101B8A4C5EDC4D9AA7008C9B04
Chrome Cache Entry: 228	ASCII text, with very long lines (3080), with no line terminators	5948BDFE0605DACD8281F30E29D2F36F	251EA6B3194850AC193DC231C19EB214BD058519	3BBCAED8283EAA802C06F8464B8F3285FDA694EC52FEB8724C3715DCE314889E
Chrome Cache Entry: 229	ASCII text, with no line terminators	FEA7FBF2C619FD4B7716FCAA64070C6C	F192732937981A26F526B7C1293A2AE13BC59A22	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
Chrome Cache Entry: 230	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141339	DAF955BF2112F74E4F78B2187A8D6BEF	231CE9BE42327A3BC1AA7F48C03ABA46740DC456	72D3BBFFAAD400572BF853223BFFD96DC0CC6A336CFA7F3452259BF468590A4D
Chrome Cache Entry: 231	Unicode text, UTF-8 text, with very long lines (64241)	AFB5C64B13342F6E568093548D0A2A9F	95FC121CCCFDBA12443CF87A9C823486065A14AB	238DB52476BF8107E2E851CD3299B071ED5944B570C1603A1EA758A4FADF5F29
Chrome Cache Entry: 232	ASCII text, with very long lines (65460)	0848B540E7CEFA19B6B90711E600470E	15A6D705E861BDBD6E4620F3982C4CDD6581BCD5	5E8CB94E51F938396C62AAB378E9CCEB8D94C008730084188AAC207E8151697E
Chrome Cache Entry: 233	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced	51147EB9734C3C0CAF22AA77A80D96F0	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
Chrome Cache Entry: 234	ASCII text, with very long lines (503)	A3BC5418F2834309CE2918B15F3B8EEA	62BA2712C6D4960F1057E103F6E1F3C95F2C701B	B2B62643A7C4FE4A4E12934AD819F0293CC00181B78D8091AFFFF3617CEB96B1
Chrome Cache Entry: 235	ASCII text, with CRLF line terminators	C49C34EE38F103BCB82F58DED32F57DB	757C8CE6D92102903F636C20B70E414A5E9A2E20	BDBBDA3BD97031FF5BCB76B427D2ECD9C4617922C3860F662E51FB18AC5CC591
Chrome Cache Entry: 236	JSON data	7464AA9E0B5A66DC886A358AAD59678F	2154BA86166207B449C10ECC6C20D57461CDD49B	8EA23781867D642ED7D4974A3690A73769FD8E81A16FB63BC64F7F9F0F25D94D
Chrome Cache Entry: 237	PNG image data, 66 x 68, 8-bit colormap, non-interlaced	0E9558D2D6E8000CE5C6C749C8FC67C2	F7BA9490807EF70BB6195150D6287CD54B7FEFD0	91FB42A68A122344FD78CFD5F0CF9D06FF6D307FD4A5C68F40231C5950ECE9A1
Chrome Cache Entry: 238	HTML document, ASCII text, with very long lines (321), with no line terminators	4A02F2FF3B70B008C9C80862624BF301	2DC46C454EE75071EF418D2863B053B79493741C	3D8F11A0DCEFFA022F33E9455C9A37712E70BC1E534478A0BE29F619B57122D6

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://friwin2.z13.web.core.windows.net/

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://friwin2.z13.web.core.windows.net/

Matcher: Template: microsoft matched with high similarity

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.16.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML
Source: Yara match	File source: 0.14.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_199, type: DROPPED

Form action URLs do not match main URL

HTTP Parser: Form action: https://support.microsoft.com/signin-oidc microsoftonline microsoft

Found iframes

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Redirecting does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=745ba5e7-ce0d-43bd-3b23-40eabc1d3f15&partnerId=smcconvergence&idpflag=proxy	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638497725968325322.ZTNjZTFmNmYtMTYyNC00MmE3LTlhNWUtYjIxNDQ5YWJjOWIxNzg0MzFjMjYtZmZmYy00NGU5LTlhYTctY2EwZGJhZjYxMjkx&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJoFUMMZCX0I7bB9xWOT3ocoYWiAapBhWjYCzYCOyPqEBHTmx1wGruM1D8b0RKJ0BwMW6H5gl3nrL8VEqcodZRXvuMI2Hxbb2s66bGoLoYnVU6G8RhPwh854UeMjdVWqVCY1ZZX1uBngcbnq9b6GXlJEKb-J0zygBl-X7Io6JCltcN_n3XFre6cpSmFoO1Yd7Y-iUaKW6ux5EAmS0-UbvLkRtp7zDTB08X1aCaSU6agb6hWWec2NgO0wR0erY3CnyeWcBdkVHgAHhDD0gsPLV3Kh35rE-usozKyVNu2UNVg_ZmKStHAlIdZPcLl3LR06RHjLob5YwnS0_S2EkbWgMuBl&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49790 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /postback?format=img&sum={replace} HTTP/1.1Host: m03lm.rdtk.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /57319e009c52c0bc56e39866/default HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://friwin2.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /code?code=a7400ed6d3f8ef9dff8b932728043756 HTTP/1.1Host: edgecdn.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_3t7NOYeExpPOIPRYbFaWvA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_5BiUVwve_jNbxMN6Aaj8bg2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-vendor.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-main.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-vendors.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-common.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-app.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-runtime.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://friwin2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://friwin2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/languages/en.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrt5L HTTP/1.1Host: vsa68.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: +DtjxrS8jztDXLI7L4IzFw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/min-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/bubble-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/message-preview.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/max-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://friwin2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrtna HTTP/1.1Host: vsa68.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 91Rs1pJhnhdsuOYnb8XnGg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySru9f HTTP/1.1Host: vsa102.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 3dEmg6DNvBboLdgu6HPNtQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrvU6 HTTP/1.1Host: vsa33.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: E51U3Fz5FUf2F5/9TmH0Kw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /s/?k=662c3f58a3c8d40bf964eed5&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtcWVJc1gwVm1rRmtzMTNBNDZmQkV0Iiwic2lkIjoiNjYyYzNmNThhM2M4ZDQwYmY5NjRlZWQ1IiwiaWF0IjoxNzE0MTc1ODMyLCJleHAiOjE3MTQxNzc2MzIsImp0aSI6IjFPVHVwQUF4RnJQU0pxaEJEbnZlOCJ9.M_JAZYn5sBJ_Z92LnLAh5iKObnfjwrLWstON6Wwks_0hUqHUYo2qNXiuDFeEiOOhaxR-EXTbDeZdp_c1frwq0w&EIO=3&transport=websocket&__t=OySrwTs HTTP/1.1Host: vsa33.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://friwin2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 8Am3rDbbWqm+n0MmB3PIjA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_165.2.dr

Source: global traffic	DNS traffic detected: DNS query: m03lm.rdtk.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: embed.tawk.to
Source: global traffic	DNS traffic detected: DNS query: edgecdn.dev
Source: global traffic	DNS traffic detected: DNS query: userstatics.com
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: support.content.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: va.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa68.tawk.to
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: vsa102.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa33.tawk.to
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Source: unknown

Source: chromecache_227.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_227.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_206.2.dr, chromecache_202.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_141.2.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_199.2.dr	String found in binary or memory: http://www.hitsteps.com/
Source: chromecache_165.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_165.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_141.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: chromecache_141.2.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
Source: chromecache_141.2.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: chromecache_165.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_199.2.dr	String found in binary or memory: https://edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756
Source: chromecache_199.2.dr	String found in binary or memory: https://embed.tawk.to/57319e009c52c0bc56e39866/default
Source: chromecache_131.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-arr-find-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-entries-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-event-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-iterator-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-object-values-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-promise-polyfill.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js
Source: chromecache_146.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js
Source: chromecache_220.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_125.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_125.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_125.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_141.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_139.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_139.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_141.2.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_141.2.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_165.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_165.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_141.2.dr	String found in binary or memory: https://products.office.com/en-us/home
Source: chromecache_141.2.dr	String found in binary or memory: https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams
Source: chromecache_141.2.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Source: chromecache_165.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_165.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_165.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_165.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_165.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_165.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_199.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-4FXBGDDKSQ
Source: chromecache_165.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_141.2.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_178.2.dr, chromecache_187.2.dr	String found in binary or memory: https://www.tawk.to/?utm_source=tawk-messenger&utm_medium=link&utm_campaign=referral&utm_term=57319e
Source: chromecache_141.2.dr	String found in binary or memory: https://www.xbox.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49790 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.16.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML
Source: Yara match	File source: 0.14.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_199, type: DROPPED

Source: classification engine

Classification label: mal64.phis.win@21/218@46/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2020,i,10895461938143384577,13357170919498850915,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://friwin2.z13.web.core.windows.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2020,i,10895461938143384577,13357170919498850915,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1432425
Product:	CloudBasic
Start time:	01:55:26
Start date:	27.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://friwin2.z13.web.core.windows.net/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://friwin2.z13.web.core.windows.net/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://friwin2.z13.web.core.windows.net/