Analysis Report https://onedrive.live.com/view.aspx?resid=BBBE2211A9BFBBEA!212&wdo=2&authkey=!AEJn6N9d9VRmlNY

AV Detection:

Antivirus detection for URL or domain

Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Source: Yara match

File source: 94382.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php

Matcher: Found strong image similarity, brand: Microsoft image: 94382.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Phishing site detected (based on logo template match)

Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks

Matcher: Template: microsoft matched

Found iframes

Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Iframe src: ./Sign in to your account_files/prefetch(1).html
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Iframe src: ./Sign in to your account_files/prefetch(1).html

HTML body contains low number of good links

Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Number of links: 0
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Number of links: 0
Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks	HTTP Parser: Number of links: 0
Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks	HTTP Parser: Number of links: 0
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: Number of links: 0
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Number of links: 1
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Number of links: 1
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Number of links: 1
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Number of links: 1

HTML title does not match URL

Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3Db54de359-6da3-40d9-8724-331152618f47&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: Title: Sign in to Skype does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3Db54de359-6da3-40d9-8724-331152618f47&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: Title: Sign in to Skype does not match URL
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: Title: Sign in does not match URL
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: Title: Sign in does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3D7b6265ce-6754-4a13-8b43-9a100f5aeb5f&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: Title: Sign in to Skype does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3D7b6265ce-6754-4a13-8b43-9a100f5aeb5f&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: Title: Sign in to Skype does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: Title: Sign in to your account does not match URL

Submit button contains javascript call

Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: On click: goNext()
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: On click: goNext()

Suspicious form URL found

Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Form action: login.php
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: Form action: login.php

META author tag missing

Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3Db54de359-6da3-40d9-8724-331152618f47&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3Db54de359-6da3-40d9-8724-331152618f47&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="author".. found
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: No <meta name="author".. found
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: No <meta name="author".. found
Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks	HTTP Parser: No <meta name="author".. found
Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks	HTTP Parser: No <meta name="author".. found
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: No <meta name="author".. found
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3D7b6265ce-6754-4a13-8b43-9a100f5aeb5f&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3D7b6265ce-6754-4a13-8b43-9a100f5aeb5f&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3Db54de359-6da3-40d9-8724-331152618f47&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3Db54de359-6da3-40d9-8724-331152618f47&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="copyright".. found
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: No <meta name="copyright".. found
Source: https://igv-uj.xyz/go/+%20%20login.microsoftonline.com%20%20%20%20%20%20secure%20%20%20%20%20%20%20%20microsoftonline%20%20%20%20%20%20%20%20%20%20online%20%20%20%20%20%20%20%20%20.php	HTTP Parser: No <meta name="copyright".. found
Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks	HTTP Parser: No <meta name="copyright".. found
Source: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks	HTTP Parser: No <meta name="copyright".. found
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: No <meta name="copyright".. found
Source: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&ver=16&fpEnabled=1	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D3jrQXStM15hwRBjptWh5Si1YtTMabvSjFGruxtw83sJnGdotpgxquQJUh1qvYcp9n7PUhH1Saq2uTWOEq3FISb2ZoaZRBBpErVH5dM5YzWsBtVoa80V7nrxaNlyASY-x1xeZOtOMFi-bzhvrSAlGjGj6Zam8uwzQoEn035u3MvoB73xIauOa_ajbiYUMjIduuEZ4EpeMDdMviVB37Gh-KZBIJ_kKl-Ijqb3J-ustFErKXtULBch7gYdKWm_mFtnb5W0Y7CRHvNhNtd_qXUyFYg&response_mode=form_post&nonce=637535837244320327.NWVlOGQ3ZmUtNjNiNS00NmRhLThjNjQtODQxOGM2Yzg0MmNiOWQ0OWUxMjYtMDlmZi00MDA2LTlhMDEtY2FiMjkxZTMzNTk3&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3D7b6265ce-6754-4a13-8b43-9a100f5aeb5f&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D572381%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%252FAuth%252FPostHandler%26state%3D7b6265ce-6754-4a13-8b43-9a100f5aeb5f&lc=1033&id=293290&mkt=en-US&psi=skype&lw=1&cobrandid=2befc4b5-19e3-46e8-8347-77317a16a5a5&client_flight=ReservedFlight33%2CReservedFlight67	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&resource=https%3A%2F%2Fservice.flow.microsoft.com%2F&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DSyR28VEtzzXsykjqi-v55uL0NY1Jv9Vs7i3p0LZxPzOnhfX9fUUK_WDnEThnF8YS5tHo7oF5QmHNTi7mj0ykUIG6vyIo-UHzlx52mhtDgyrCTIarbX0M8H1vuX-PTgWChnbDfu6oOilxJJBMgQQ4pC-1687gl-fe6_FcSH1zvh06nRkFvEXuIvG9SqZ6LxdbJ3_ZezX5Z66YH5tmMr5ig4lQCmaOfc6o5hiF-ZjkVqnP8uuw7pysrGz-LNaWawZGhuSN6VIi9eTMOhijc0p30w&response_mode=form_post&nonce=637535837439415970.MWIyN2Q1ODAtZjQ0Yy00MDZhLTk4MWYtZTY5ZjFkY2YxOTU0MTQ3MjU3NmEtNGJlYy00M2JlLWI0Y2ItYWRiNTBmOWNmNzVj&redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&post_logout_redirect_uri=https%3A%2F%2Fflow.microsoft.com%2F&nux=1&msafed=1&x-client-SKU=ID_NET45&x-client-ver=5.3.0.0	HTTP Parser: No <meta name="copyright".. found

Compliance:

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49982 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.3:50038 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.4:443 -> 192.168.2.3:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.4:443 -> 192.168.2.3:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.4:443 -> 192.168.2.3:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.3:50075 version: TLS 1.2

Networking:

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: igv-uj.xyz
Source:	DNS query: igv-uj.xyz

Downloads files from webservers via HTTP

Source: global traffic

HTTP traffic detected: GET /?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referral HTTP/1.1Host: cpanel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: GET /?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referral HTTP/1.1Host: cpanel.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Found strings which match to known social media urls

Source: fec1328bc6b677d7_0.0.dr	String found in binary or memory: ;"https://www.youtube.com/iframe_api equals www.youtube.com (Youtube)
Source: fec1328bc6b677d7_0.0.dr	String found in binary or memory: https://www.youtube.com/iframe_api equals www.youtube.com (Youtube)

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: onedrive.live.com

URLs found in memory or binary data

Source: History.0.dr	String found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: http://cpanel.net/
Source: History.0.dr	String found in binary or memory: http://cpanel.net/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
Source: 572BF21E454637C9F000BE1AF9B1E1A9.2.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: A153659244D4657E2973A1765102781B_A73E63721CDD7A2F9C2ACFC55BAAC82D.2.dr	String found in binary or memory: http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBS83pEmglYTXfyF78OS%2BRiTRWadkgQULGn%2FgMmHkK40
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://aadcdn.msftauth.net/
Source: 40aeda517102c153_0.0.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_j-bwr7uxn0
Source: Favicons-journal.0.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: Favicons-journal.0.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.icov
Source: b72c548cd644b281_0.0.dr, d541f5b59e49a2d6_0.0.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_l_n1XPlyVcO0oZ_R8gRAPQ2.js
Source: b72c548cd644b281_0.0.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_l_n1XPlyVcO0oZ_R8gRAPQ2.jsaD
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, manifest.json0.0.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/
Source: 6e4b41db45f04ca5_0.0.dr, aa2fc5a9454aa8d9_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.12.0.min.js
Source: aa2fc5a9454aa8d9_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.12.0.min.jsaD
Source: 93a3fa42e61c139b_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: 7444ea2da1317cfb_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js
Source: ae824f296039a280_0.0.dr	String found in binary or memory: https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21056.2&market=EN-US&wrapperId=suites
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, manifest.json0.0.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://az725175.vo.msecnd.net/
Source: ddf697422f5b7076_0.0.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: c00ea5e2b2004bce_0.0.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/CommonIntl.js
Source: f2e7233ee833e446_0.0.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161392441017_App_Scripts/Feedback/latest/Intl/en/officeb
Source: cd4a93dbb80020d1_0.0.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161392441017_App_Scripts/Feedback/latest/officebrowserfe
Source: 3c48ab533b061584_0.0.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161392441017_App_Scripts/MicrosoftAjax.js
Source: 6b5c24ed233dd799_0.0.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161392441017_App_Scripts/wacairspaceanimationlibrary.js
Source: Favicons.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico
Source: Favicons-journal.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico;4&
Source: Favicons-journal.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico;4&t
Source: Favicons-journal.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.icoL
Source: Favicons-journal.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.icog
Source: Favicons-journal.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.icor
Source: c952f751be8315f7_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/Box4Intl.js
Source: 6dde4a80019bae0d_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/OneNoteIntl.js
Source: 9f9618de9c6bcb9d_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/OneNoteSimplified.Wac.TellMeM
Source: 324ff239dba9759d_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/WoncaIntl.js
Source: a70da6d09ed29ebf_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/onenote-intl-mlr.min.js
Source: 5c65553377705661_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/onenote-ribbon-intl.min.js
Source: 56a1c54121bced7a_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/onenote-ribbon-sprite-lazy.mi
Source: 996fb0cc97dc8409_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/1033/osfruntime_strings.js
Source: aff618be55cad59c_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/Compat.js
Source: b0befa3d680344c1_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/OfficeExtension.WacRuntime.js
Source: 8e09854e908bf7ca_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/OneNote.box4.dll1.js
Source: 5df93476604d46db_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/OneNote.box4.dll2.js
Source: 594cec52998be81d_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/OneNote.js
Source: d87258609659b4ab_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/OneNoteSimplified.Wac.TellMeSugges
Source: 90a2d87359957c41_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/OsfRuntimeOneNoteWAC.js
Source: bb6d03b294c9ff3d_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/appChrome.min.js
Source: 42bb21ed90c95e46_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/appChromeLazy.min.js
Source: ec7d32126082108b_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/appIconsLazy.min.js
Source: d3c8ce2690f55320_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/common.min.js
Source: fd7404bfa10212a2_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/common.min.jsaD
Source: d66feeae39fc5d63_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/common50.min.js
Source: e2e650ed46fced2f_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/jSanity.js
Source: f350d8c33b51e783_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/navigation.min.js
Source: 8a9bb120acaab28f_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/onenoteSync.min.js
Source: e808b8f39e801b15_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/onenoteloadingspinner.min.js
Source: eb29abe6f9a73f7f_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/oreolazy.min.js
Source: fc35d240367785ec_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/oreonavpane.min.js
Source: e4b9a913b33ada37_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/oreonotebookpane.min.js
Source: 9f395f73deac96c3_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/oreosearchpane.min.js
Source: eb367444c11661a9_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/otelFull.min.js
Source: 6b96086d34df59a0_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/suiteux-shell/js/suiteux.shell.con
Source: 22caab40b88abda7_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/suiteux-shell/js/suiteux.shell.cor
Source: f25916ec352795fe_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/suiteux-shell/js/suiteux.shell.plu
Source: d038b2bf14b55bee_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161392441017_App_Scripts/wacBoot.min.js
Source: de272f24ef9bbe31_0.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/App_Scripts/onenote-boot.min.js
Source: e03f50a0799b9a85_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/CommonDiagnostics.js?b=13922.30551
Source: e03f50a0799b9a85_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/CommonDiagnostics.js?b=13922.30551aD
Source: e09d1f778ed89312_0.0.dr, 9cbb21a4bf86e0fd_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/jquery-1.12.4.1.min.js?b=13922.30551
Source: 9cbb21a4bf86e0fd_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/jquery-1.12.4.1.min.js?b=13922.30551aD
Source: 3d5cf7e3dd24edc5_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/knockout-3.4.2.js?b=13922.30551
Source: 3d5cf7e3dd24edc5_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/knockout-3.4.2.js?b=13922.30551a
Source: 3d5cf7e3dd24edc5_0.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/knockout-3.4.2.js?b=13922.30551aD
Source: 3d526a8124c0bde3_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/BrowserUls.js
Source: 98c76a69202da264_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/CommonDiagnostics.js
Source: c34c088eb3ef63ba_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/ExternalResources/js-cookie.js
Source: 1916fe9d3c747fef_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/Instrumentation.js
Source: 929fa13d4ef61aaa_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/LearningTools/LearningTools.js
Source: a7f5238a08868646_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/aria-web-telemetry-2.9.0.min.js
Source: 8fe5704c7b27840b_0.0.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161400540454_Scripts/pickadate.min.js
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: ce3b1a62ea8a441d_0.0.dr, 627ee706b0a1e610_0.0.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.min.js
Source: 627ee706b0a1e610_0.0.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.min.jsaD
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: 000003.log4.0.dr	String found in binary or memory: https://content.growth.office.net/mirrored/resources/programmablesurfaces/prod/officewebsurfaces.cor
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://cpanel.com/
Source: Favicons.0.dr	String found in binary or memory: https://cpanel.com/privacy-policy.html
Source: History.0.dr	String found in binary or memory: https://cpanel.com/privacy-policy.htmlPrivacy
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://cpanel.net/
Source: 40e28dad09fba182_0.0.dr	String found in binary or memory: https://cpanel.net/0
Source: History.0.dr	String found in binary or memory: https://cpanel.net/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refe
Source: 66c96e4e3a3f6772_0.0.dr	String found in binary or memory: https://cpanel.net/A
Source: Favicons.0.dr	String found in binary or memory: https://cpanel.net/privacy-policy.html
Source: History.0.dr	String found in binary or memory: https://cpanel.net/privacy-policy.htmlPrivacy
Source: Current Session.0.dr	String found in binary or memory: https://cpanel.net/privacy-policy/
Source: History.0.dr	String found in binary or memory: https://cpanel.net/privacy-policy/Privacy
Source: Favicons.0.dr	String found in binary or memory: https://cpanel.net/wp-content/themes/cPbase/assets/img/favicon.ico
Source: Favicons.0.dr	String found in binary or memory: https://cpanel.net/wp-content/themes/cPbase/assets/img/favicon.icoI
Source: 66c96e4e3a3f6772_0.0.dr	String found in binary or memory: https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6
Source: e8474ba2e1e91fff_0.0.dr	String found in binary or memory: https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6a
Source: e8474ba2e1e91fff_0.0.dr	String found in binary or memory: https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6aD
Source: 1d5582ba5edb9b59_0.0.dr	String found in binary or memory: https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6
Source: 1d5582ba5edb9b59_0.0.dr	String found in binary or memory: https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6aD
Source: 7c09118d3d75e3a8_0.0.dr	String found in binary or memory: https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6
Source: 7c09118d3d75e3a8_0.0.dr	String found in binary or memory: https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6aD
Source: b7642952-abfe-4529-a203-f2695e987918.tmp.2.dr, 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr, cccb23fe-b824-40d6-a22b-fd97d53a104e.tmp.2.dr	String found in binary or memory: https://dns.google
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/
Source: 16f8a4f9752a1238_0.0.dr, 4c86c8bac3ba93ea_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/Common.js
Source: 4c86c8bac3ba93ea_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/Common.jsaD
Source: 73bc2959bbe08e4f_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/Home.js
Source: fec1328bc6b677d7_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/Preload.js
Source: fec1328bc6b677d7_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/Preload.jsa
Source: fec1328bc6b677d7_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/Preload.jsaD
Source: 6ce6c89585f187e2_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/common_raw.js
Source: 6ce6c89585f187e2_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/common_raw.jsaD
Source: 0b0e082679315186_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/en-us/Resources.js
Source: 5072c668b3ed6ec4_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/en-us/Resources.jsa
Source: 5072c668b3ed6ec4_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/en-us/Resources.jsaD
Source: Favicons-journal.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/favicon.ico
Source: 1399c0c5768e9149_0.0.dr, 3d82cb120e19d746_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/feedback/OfficeBrowserFeedback.js
Source: 3d82cb120e19d746_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/feedback/OfficeBrowserFeedback.jsaD
Source: abaf606fe1b93cc7_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/tdb.js
Source: 9217f737cff04956_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/tdb.jsa
Source: 9217f737cff04956_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/161392240102_Content/tdb.jsaD
Source: b2273f0c1af7041a_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/CommonDiagnostics-Sway-1.0.0.js
Source: b2273f0c1af7041a_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/CommonDiagnostics-Sway-1.0.0.jsa
Source: b2273f0c1af7041a_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/CommonDiagnostics-Sway-1.0.0.jsaD
Source: 9fa3e08635ef38cd_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/DefaultSignIn-1.3.1387.1646.js
Source: 9ea376314010a7df_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/Hammer-2.0.4.js
Source: 9ea376314010a7df_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/Hammer-2.0.4.jsa
Source: 9ea376314010a7df_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/Hammer-2.0.4.jsaD
Source: e3cfa6ba85c75176_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/jquery-2.2.4-custom-1.js
Source: d9655d05b22e667e_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/jquery-2.2.4-custom-1.jsaD
Source: 3d3bb4106c1a0467_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/jquery-ui-1.11.4-custom.js
Source: 3d3bb4106c1a0467_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/jquery-ui-1.11.4-custom.jsaD
Source: 2eac174dde5c806e_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/modernizr-3.3.1-custom.js
Source: 2eac174dde5c806e_0.0.dr	String found in binary or memory: https://eus-www.sway-cdn.com/Content/modernizr-3.3.1-custom.jsaD
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: Current Session.0.dr	String found in binary or memory: https://go.cpanel.net/privacy
Source: History.0.dr	String found in binary or memory: https://go.cpanel.net/privacyPrivacy
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: Current Session.0.dr	String found in binary or memory: https://igv-uj.xyz
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://igv-uj.xyz/
Source: History-journal.0.dr	String found in binary or memory: https://igv-uj.xyz/go/
Source: Current Session.0.dr	String found in binary or memory: https://igv-uj.xyz/go/Sign%20in%20to%20your%20account_files/prefetch(1).html
Source: f6a58be1ee04a8d7_0.0.dr, 6b5c24ed233dd799_0.0.dr, 90a2d87359957c41_0.0.dr, aff618be55cad59c_0.0.dr, e2e650ed46fced2f_0.0.dr, e03f50a0799b9a85_0.0.dr, cd4a93dbb80020d1_0.0.dr	String found in binary or memory: https://live.com/
Source: f25916ec352795fe_0.0.dr	String found in binary or memory: https://live.com/&
Source: ae824f296039a280_0.0.dr	String found in binary or memory: https://live.com/0
Source: eb29abe6f9a73f7f_0.0.dr	String found in binary or memory: https://live.com/8
Source: f350d8c33b51e783_0.0.dr	String found in binary or memory: https://live.com/G
Source: d3c8ce2690f55320_0.0.dr	String found in binary or memory: https://live.com/GA
Source: 594cec52998be81d_0.0.dr	String found in binary or memory: https://live.com/H
Source: 9f395f73deac96c3_0.0.dr	String found in binary or memory: https://live.com/K
Source: 742164eda427c98a_0.0.dr	String found in binary or memory: https://live.com/M&
Source: fc35d240367785ec_0.0.dr	String found in binary or memory: https://live.com/N
Source: e09d1f778ed89312_0.0.dr	String found in binary or memory: https://live.com/b
Source: b0befa3d680344c1_0.0.dr	String found in binary or memory: https://live.com/e
Source: 996fb0cc97dc8409_0.0.dr	String found in binary or memory: https://live.com/pD4
Source: bb6d03b294c9ff3d_0.0.dr	String found in binary or memory: https://live.com/q
Source: d66feeae39fc5d63_0.0.dr	String found in binary or memory: https://live.com/xU
Source: 36e68586828ffbd4_0.0.dr	String found in binary or memory: https://live.com/y
Source: 8a9bb120acaab28f_0.0.dr	String found in binary or memory: https://live.com/zC
Source: Current Session.0.dr	String found in binary or memory: https://login.live.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://login.live.com/
Source: Current Session.0.dr	String found in binary or memory: https://login.live.com/Me.srf?wa=wsignin1.0&wreply=https://www.onenote.com/notebooks?wdoriginondcnot
Source: Current Session.0.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986920&rver=7.3.6963.0&wp=MBI_SSL&wre
Source: Favicons-journal.0.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986923&rver=7.1.6819.0&wp=MBI_SSL&wre
Source: Current Session.0.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986940&rver=7.3.6963.0&wp=MBI_SSL&wre
Source: Current Session.0.dr, History-journal.0.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617986942&rver=7.1.6819.0&wp=MBI_SSL&wre
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: History-journal.0.dr, Favicons-journal.0.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d99
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.com/savedusers?wreply=https://sway.office.com/&appid=905fcf26-4eb7-48a
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.com/savedusers?wreply=https://www.onenote.com/notebooks?wdoriginondcno
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.comh
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://login.skype.com/
Source: History-journal.0.dr	String found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=572381&partner=999&redirect_uri=https://web.
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://logincdn.msauth.net/
Source: Favicons-journal.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000.28976.3/images/favicon.ico
Source: Favicons-journal.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000.28976.3/images/favicon.icoB
Source: 2398cf4ac380af6e_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en_fT9m0IFklQU1v_JKf7YY
Source: 2b178dc788abedc5_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_8fmFau_zfDGioPAajB3ICg2.js
Source: 2b178dc788abedc5_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_8fmFau_zfDGioPAajB3ICg2.jsaD
Source: dda6c47d45a66465_0.0.dr, 36e68586828ffbd4_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_r65f9Km4mDqph5L6eBG11A2.js
Source: dda6c47d45a66465_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_r65f9Km4mDqph5L6eBG11A2.jsaD
Source: 24215ede5385238b_0.0.dr	String found in binary or memory: https://mem.gfx.ms
Source: 24215ede5385238b_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=Sway&market=en-us&uhf=1
Source: 24215ede5385238b_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=Sway&market=en-us&uhf=1a
Source: 24215ede5385238b_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=Sway&market=en-us&uhf=1aD
Source: bb10d014a808faae_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meBoot.min.js
Source: bb10d014a808faae_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meBoot.min.jsaD
Source: a947101d498ca626_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meCore.min.js
Source: a947101d498ca626_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meCore.min.jsaD
Source: d541f5b59e49a2d6_0.0.dr	String found in binary or memory: https://microsoftonline.com/
Source: 40aeda517102c153_0.0.dr	String found in binary or memory: https://microsoftonline.com/i
Source: Current Session.0.dr	String found in binary or memory: https://oauth.online.office.com/oa/WacOAuth.aspx?replyUrl=https://onenote.officeapps.live.com&usid=4
Source: 2e36b2047189d8a4_0.0.dr	String found in binary or memory: https://oauth.online.office.com/oa/sharedauthclient.js
Source: 742164eda427c98a_0.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/jsonstrings?g=EmailHrdv2&mkt=1033&hm=0
Source: aacab199021528da_0.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/hrd.min.js?b=13922.30551
Source: aacab199021528da_0.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/hrd.min.js?b=13922.30551aD
Source: Current Session.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.0/hrd?lcid=1033&syslcid=1033&uilcid=1033&app=8&a=1&p=11&hm=0&
Source: e3cfa6ba85c75176_0.0.dr, bbc149ea10d29cc1_0.0.dr, 2eac174dde5c806e_0.0.dr	String found in binary or memory: https://office.com/
Source: 2e36b2047189d8a4_0.0.dr	String found in binary or memory: https://office.com/5
Source: b2273f0c1af7041a_0.0.dr	String found in binary or memory: https://office.com/G
Source: 24215ede5385238b_0.0.dr	String found in binary or memory: https://office.com/L1#
Source: 3d3bb4106c1a0467_0.0.dr	String found in binary or memory: https://office.com/X
Source: 9ea376314010a7df_0.0.dr	String found in binary or memory: https://office.com/h
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: 000003.log4.0.dr	String found in binary or memory: https://onedrive.live.com
Source: Current Session.0.dr	String found in binary or memory: https://onedrive.live.com/
Source: c95918580f8c1f73_0.0.dr	String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=GroupFolders&v=19.619.0204.2006&
Source: e627cc91d1ac9eb3_0.0.dr	String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=Office&v=19.619.0204.2006&useReq
Source: Current Session.0.dr, History-journal.0.dr, Favicons-journal.0.dr	String found in binary or memory: https://onedrive.live.com/redir?resid=BBBE2211A9BFBBEA%21212&authkey=%21AEJn6N9d9VRmlNY&page=View&wd
Source: Favicons-journal.0.dr, History.0.dr	String found in binary or memory: https://onedrive.live.com/view.aspx?resid=BBBE2211A9BFBBEA
Source: Current Session.0.dr	String found in binary or memory: https://onedrive.live.comh
Source: 511f06892f5a721b_0.0.dr	String found in binary or memory: https://onenote.com/
Source: 3d526a8124c0bde3_0.0.dr	String found in binary or memory: https://onenote.com/7
Source: 98c76a69202da264_0.0.dr	String found in binary or memory: https://onenote.com/R
Source: 49c3de3abf9291a9_0.0.dr	String found in binary or memory: https://onenote.com/c6
Source: 929fa13d4ef61aaa_0.0.dr	String found in binary or memory: https://onenote.com/oTu
Source: c787521737d48d0a_0.0.dr	String found in binary or memory: https://onenote.com/z5
Source: 000003.log4.0.dr, 000003.log0.0.dr	String found in binary or memory: https://onenote.officeapps.live.com
Source: QuotaManager.0.dr, index.txt.tmp.0.dr, 000003.log0.0.dr	String found in binary or memory: https://onenote.officeapps.live.com/
Source: QuotaManager.0.dr	String found in binary or memory: https://onenote.officeapps.live.com//
Source: Current Session.0.dr	String found in binary or memory: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=roJutOdci0KaZVg
Source: Current Session.0.dr	String found in binary or memory: https://onenote.officeapps.live.comh
Source: 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://p.sfx.ms
Source: a5534787ec2d07e5_0.0.dr	String found in binary or memory: https://p.sfx.ms//storage/aria-2.5.0.min.js
Source: manifest.json1.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 5072c668b3ed6ec4_0.0.dr	String found in binary or memory: https://pickit.com
Source: 5072c668b3ed6ec4_0.0.dr	String found in binary or memory: https://pickit.com/terms-privacy/
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://play.google.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://pro.fontawesome.com/
Source: 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://r5---sn-1gi7znes.gvt1.com
Source: 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json1.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Favicons-journal.0.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/favicon_a_eupayfgghqiai7
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://site-cdn.onenote.net/
Source: Favicons-journal.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Images/FavIcon_OneNote.ico
Source: Favicons-journal.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Images/FavIcon_OneNote.icoB
Source: 0e95785c5c7fc903_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Common.js
Source: 0e95785c5c7fc903_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Common.jsaD
Source: 49c3de3abf9291a9_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/CommonDiagnostics.js
Source: 49c3de3abf9291a9_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/CommonDiagnostics.jsaD
Source: d9b7591a7c39b239_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Default2SignIn.js
Source: d9b7591a7c39b239_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Default2SignIn.jsaD
Source: c787521737d48d0a_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/DefaultSignIn.min.js
Source: c787521737d48d0a_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/DefaultSignIn.min.jsaD
Source: 681fd9719250177b_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Hrd.js
Source: 681fd9719250177b_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Hrd.jsa
Source: 681fd9719250177b_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/Hrd.jsaD
Source: 12e9f7a5754eabc3_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/home.js
Source: 12e9f7a5754eabc3_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/161400540454_Scripts/home.jsaD
Source: 8b64ecc4262c4430_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/libraries/bodymovin/4.13.0/bodymovin.min.js
Source: a8cf95dd88fa3419_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/libraries/bodymovin/4.13.0/bodymovin.min.jsa
Source: a8cf95dd88fa3419_0.0.dr	String found in binary or memory: https://site-cdn.onenote.net/libraries/bodymovin/4.13.0/bodymovin.min.jsaD
Source: Current Session.0.dr	String found in binary or memory: https://skyapi.onedrive.live.com/api/proxy?v=3
Source: ac019aa6441efee1_0.0.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20201013.002/jquery-1.7.2-
Source: f6a58be1ee04a8d7_0.0.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20201013.002/wac0-efa56458
Source: 9422602c3104bebd_0.0.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20201013.002/wac1-cdc297b4
Source: 24af17d226eee8c1_0.0.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20201013.002/wac2-bf8b3319
Source: 7ea87c16eac874ed_0.0.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20201013.002/wac_s_office-
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://store.cpanel.net/
Source: 40e28dad09fba182_0.0.dr	String found in binary or memory: https://store.cpanel.net/commonui/js/vendor/cookieconsent/3.1.0/cookieconsent.min.js
Source: 8a7dba7149f3d333_0.0.dr	String found in binary or memory: https://store.cpanel.net/idev_magic_revision/e470da806e17928830aa7ed88e3301a2/commonui/js/common/gdp
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 4c86c8bac3ba93ea_0.0.dr	String found in binary or memory: https://support.office.com/article/c8d9638b-bd09-446f-80a5-234af71e42d9
Source: Current Session.0.dr	String found in binary or memory: https://sway.com/?ui=en%2DUS&rs=US
Source: History-journal.0.dr	String found in binary or memory: https://sway.com/?ui=en%2DUS&rs=USMicrosoft
Source: Current Session.0.dr	String found in binary or memory: https://sway.com/?ui=en%2DUS&rs=USRb
Source: Current Session.0.dr	String found in binary or memory: https://sway.office.com
Source: 000003.log0.0.dr	String found in binary or memory: https://sway.office.com/
Source: Current Session.0.dr	String found in binary or memory: https://sway.office.com/?ui=en-US&rs=US
Source: History-journal.0.dr	String found in binary or memory: https://sway.office.com/?ui=en-US&rs=USMicrosoft
Source: Current Session.0.dr	String found in binary or memory: https://sway.office.com/?ui=en-US&rs=USbMicrosoft
Source: Current Session.0.dr	String found in binary or memory: https://sway.office.comh
Source: 7c09118d3d75e3a8_0.0.dr	String found in binary or memory: https://twemoji.maxcdn.com/v/13.0.1/
Source: Current Session.0.dr, History-journal.0.dr	String found in binary or memory: https://web.skype.com/?source=wac&ui=en%2DUS&rs=US
Source: Current Session.0.dr	String found in binary or memory: https://web.skype.com/?source=wac&ui=en%2DUS&rs=USE?
Source: History-journal.0.dr	String found in binary or memory: https://web.skype.com/?source=wac&ui=en%2DUS&rs=USSign
Source: Current Session.0.dr	String found in binary or memory: https://web.skype.com/?source=wac&ui=en%2DUS&rs=UShn
Source: 5072c668b3ed6ec4_0.0.dr	String found in binary or memory: https://www.flickr.com/people/
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, manifest.json0.0.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 9400dd4e-cd14-4996-b2eb-37023f8d206c.tmp.2.dr, 140a75df-11c8-43f1-a33f-813303c739da.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;
Source: 000003.log4.0.dr	String found in binary or memory: https://www.onenote.com
Source: Network Action Predictor-journal.0.dr, 000003.log0.0.dr	String found in binary or memory: https://www.onenote.com/
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooks
Source: History-journal.0.dr	String found in binary or memory: https://www.onenote.com/hrd?wdorigin=ondcauth2&wdorigin=ondcnotebooksSign
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.com/notebooks?ui=en%2DUS&rs=US
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.com/notebooks?ui=en%2DUS&rs=USI
Source: History-journal.0.dr	String found in binary or memory: https://www.onenote.com/notebooks?ui=en%2DUS&rs=USMicrosoft
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.com/officeaddins/learningtools/?et=
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Source: History-journal.0.dr	String found in binary or memory: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=trueMicrosoft
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=truewK
Source: Current Session.0.dr	String found in binary or memory: https://www.onenote.comh
Source: fec1328bc6b677d7_0.0.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 63.250.38.203:443 -> 192.168.2.3:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49982 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.3:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.3:50038 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.4:443 -> 192.168.2.3:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.4:443 -> 192.168.2.3:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.4:443 -> 192.168.2.3:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.94.204.2:443 -> 192.168.2.3:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.3:50075 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: mal68.phis.troj.win@61/365@44/17

Creates files inside the program directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-607103D8-110C.pma

Jump to behavior

Creates temporary files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\be8837c5-ad3f-4e22-80f5-d919b12caf51.tmp

Jump to behavior

SQL strings found in memory and binary data

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://onedrive.live.com/view.aspx?resid=BBBE2211A9BFBBEA!212&wdo=2&authkey=!AEJn6N9d9VRmlNY'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,811269984779653485,8825632401784948793,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1796 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1540,811269984779653485,8825632401784948793,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5648 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1540,811269984779653485,8825632401784948793,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=5664 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,811269984779653485,8825632401784948793,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1796 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1540,811269984779653485,8825632401784948793,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5648 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1540,811269984779653485,8825632401784948793,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=5664 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior