Windows Analysis Report .htm.htm

Overview

General Information

Sample Name: .htm.htm
Analysis ID: 483816
MD5: 452fb55522a19199e1655e3d83115291
SHA1: 1704740911845f8b6fc7303ef7ab4d53cade86e6
SHA256: 53aa93b8006b0c7feac69c363efe775f4bd47382773d2fe03bc5235545a70dc9
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish44
Phishing site detected (based on image similarity)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Phishing:

barindex
Yara detected HtmlPhish44
Source: Yara match File source: .htm.htm, type: SAMPLE
Phishing site detected (based on image similarity)
Source: file:///C:/Users/user/Desktop/.htm.htm?bbre=1631708713710#/1631708713710-!@IMUN9POcGRlegruYQdojaVFLSK@&!196IBp4fWhzt7OeviPV3@!&-donna.m.sanza@saic.com-1631708713710/1631708713710 Matcher: Found strong image similarity, brand: Microsoft image: 87229.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/user/Desktop/.htm.htm?bbre=1631708713710#/1631708713710-!@IMUN9POcGRlegruYQdojaVFLSK@&!196IBp4fWhzt7OeviPV3@!&-donna.m.sanza@saic.com-1631708713710/1631708713710 Matcher: Found strong image similarity, brand: Microsoft image: 58111.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
No HTML title found
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: HTML title missing
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: Number of links: 0
Submit button contains javascript call
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6648_740306370\LICENSE.txt Jump to behavior
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49866 version: TLS 1.2

Networking:

barindex
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.16.122.175 104.16.122.175
Source: Joe Sandbox View IP Address: 172.67.145.59 172.67.145.59
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundX-MSEdge-Ref: Ref A: 3459D9952B3A4DC28A092DAF5A9F8820 Ref B: AMS04EDGE2314 Ref C: 2021-09-15T12:25:00ZDate: Wed, 15 Sep 2021 12:24:59 GMTConnection: closeContent-Length: 0
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=6WeusdqsU7baRSsIf%2F1GbUAa%2F1zaol6sicB77Z6lRnW4eCcp9U2ptUe
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=FsMHNSweYKWjMQ%2FkMdDf7EZyNR7fYLdv9jerDys9a9ZFG3sHiRtNjOpx6
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=GXr4pKWUCqOWU9Phqfrj1ICuzZaiL4zTW9btT5dEOEjZ13W%2Bh8kHI%2BL
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, manifest.json0.0.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://acctcdn.msauth.net/
Source: 59f8bbf14d4853fd_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Source: Favicons.0.dr String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: aa9287de0c8e3679_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
Source: 4f3329f3f8204488_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Source: 7fe4ac91e4089c5a_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_cJXxPLRToG0ngSKFZSDoOA2.js?v=1
Source: d87d9f144fbdb8cc_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-gb_piBRJsXgxy0DAocfwbyzaQ2.js?v=1
Source: 7e4cea594f77c74d_0.0.dr String found in binary or memory: https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
Source: c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://ajax.googleapis.com
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, manifest.json0.0.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: Current Session.0.dr String found in binary or memory: https://bit.ly/3iynvOz
Source: History.0.dr String found in binary or memory: https://bit.ly/3iynvOzCreate
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, e1aa9b39-4a79-4908-8af6-d0b650efdbd5.tmp.1.dr, 03d698c0-4e3f-4b95-bd06-aa5a14ef0f11.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: Current Session.0.dr String found in binary or memory: https://fpt.live.com
Source: Current Session.0.dr String found in binary or memory: https://fpt.live.com/?session_id=7f0ff711039e45f99266ed8502548dc0&CustomerId=33e01921-4d64-4f8c-a055
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: d87d9f144fbdb8cc_0.0.dr, 4f3329f3f8204488_0.0.dr String found in binary or memory: https://live.com/
Source: 7e4cea594f77c74d_0.0.dr String found in binary or memory: https://live.com/D
Source: Network Action Predictor.0.dr String found in binary or memory: https://login.live.com/
Source: History.0.dr String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1631708743&rver=7.3.6960.0&wp=M
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://play.google.com
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Favicons-journal.0.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
Source: Current Session.0.dr String found in binary or memory: https://signup.live.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://signup.live.com/
Source: Current Session.0.dr String found in binary or memory: https://signup.live.com/signup#
Source: History.0.dr String found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45
Source: Favicons.0.dr String found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&amp;amp;rpsnv=13&amp;am
Source: History.0.dr String found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&amp;amp;rpsnv=13&amp;amCreate
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, manifest.json0.0.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: global traffic HTTP traffic detected: GET /client/config?cc=US&setlang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: 120X-BM-FirstEnabledTime: 132061327679472806X-DeviceID: 0100748C0900D485X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUW3WS0TDKGu2jEbBhB%2BXls4oNzBQAAe6nopwCYKdw73MnHG/NxfTS3frKPmsjhP8PLTUkWrlkdiRw2NHnsvjvURSNPAXPox7jOnj/SjJqG%2Bt711v9YbMCFSf5BVMMkTcnsRTNknNp%2Bw8TI62uE7hZqb793kpOAxKS8WKyYn/%2BtkgB30WTgE0VeICtszhDsIDCR3mueXcTwD3bmmUz95UkaS6X4rsZaJOTp0YDc0ke7009T2teLU7PgHqqaWz7fpgjeMHerPuVv8DM%2BsYtzNk63/VCOW8A1HHO3CIQEfyrRwCODgMiLatcv3W4nwt/jKmlNz4htVn%2B4Egy/Nc7cZWHwhfjQSuNvSPL0Ru4sn6gpMA01Eacnh8DZgAACMX70MbFnNC1qAFp%2BXZSv1HBtrXlmKHIpWXrFBMwvSa7EHarf05s%2BhsZ2HbdiFwfCzMj%2BVFcASFYJEGLzSdBauDnxmQB1ZJhZ1S790pyKb5CaMCGRPLf6XhErSU24ZTUlgWfDqVLtvp5a9gZk3ih7nS5Lo5MOMmpQKZwc8dFKA2oKonHvHTldkDeVQOi%2BFy0z86Vj62ryagR64r9aSR5ieN1G2txQ3boENQXwpu7c7aYy8gxZSXwvIsFHjXCn2umsYWobYGCq4CaWVjynS3C/8El36yi9PtQBDSfTaH5F0MPIAGzT21db9YNBkWR6x6tsK%2Bkq9VGNINrA7//e/hGTna/w0cJAA55Vk3Zu1i3tJbcTiDz6vKkXDGxOBqhtzHDFPvzh8xawqkDcxnpgAT2Z71aFhJ%2B2JHjEli3lB/kopPMPkOXtl1iCof0Vh1/IkTbLsWtG3UZnt/NQf1DbaSJBc0JdIQdg0vf0av0z3gM/L%2BdDQttGlhH6hZ4fKQlSA923VrQkILhvFcr2uOwuPn5F3j7ijj5%2BUaciK1U%2Ba4yWNn3J7r73Evs5/mELRUJwdwg9z6j1QE%3D%26p%3DX-Agent-DeviceId: 0100748C0900D485X-BM-CBT: 1631708693User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134X-Device-isOptin: trueAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: 8B3559E573404D9DBB475849B0298B3DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderHost: www.bing.comConnection: Keep-AliveCookie: MUID=BEEBF15262804E24A8DF6781500AB975; SRCHUID=V=2&GUID=473755C50BC5489881A8E23CE1EFF586&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20210915; SRCHHPGUSR=SRCHLANG=en&IPMH=37efd466&IPMID=1631708697322&LUT=1631708696982; CortanaAppUID=B6948D87EDD147F9CB93B6BF4870B62C; MUIDB=BEEBF15262804E24A8DF6781500AB975
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20210915T122456Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=0a2a969ce891421fa2ee926fa2a4ce97&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1167492&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1167492&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32068&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAAdafoAY2iOKmyjVicIf+VrdbDqkPtZ0t7l0ksoE3MNtSbXpd9ZCyQI9qcSv281tXDuk/v0PVpeypKbfbo3FxV2ysZV1eC9OU/q4aqTzeoNkKDbPOpg7sh/pdAcC8cVdcQ9VxxIaOcteU2sbrXML612FGQCpivmuxHIdqYdQlfHljt6UxM0wlebnEJeLtM73LaZNrpUOd/DQ2qxnfAkc5POY278aAsBZNK7ev9cLlO2MU5U322Q2bUy4ablK571lF1PyYQy7AsvHPpAnSexEYyaDTk/jl+KaX9X4083dwinhCE+7XH5YzpqnraCz0ck2jj7awcNpZ89RxkezTjHMnW18DZgAACBovOtU3eis3qAGXo0HsFcDMHIwl8Me4RW73QISmzYJsVuMdgXPPIsR/E9QMGEvn9KX/odqKFtoGxYD36zIYvuESL+smGZEMNBJr4nHMQ0yoilH5T3KSdRfizcU5wE9a1Ry/OGTRiQg4LMOJsvQyr+Xz9Rn0z0pI5wLQVWLyoO66H/KwQGaWs8h2RKUKsw/zPT/l7yV9rX3eZAPQ2XH1rXTPI6XlEDRq/MuZSMErNaTkwV8Cz74omP+6Nc8XfF6HnTQCZloS/ypTrAdfyG0QOjLuHyKtZIeauCxjoahY7oUYN0gNBf/7TkuWDk2JrDTm4zTvJExkZ1+bHJwGee+qNkixRU9EpUGctyEWusoKcD5FqqbSvovNu5L/4xztCzK+YBkYowvX+WxvQu1QO9E4D3MQcpNzPZGpEGSVNEzT905+tr5HO9IzW4i9vXPtt7WFoVAVUHjnqnZM7adlbRt9f2cvA26miQa37LCBLs/N+xcLgcH+IIlJFh6/1i5rEy6WqN3I5RFeenFaTRTCmUhO2pWaGilFca3HbDoAv2tuqpNkN7fCyP/iy5V4XN7OQuu7mx9f1QE=&p=Cache-Control: no-cacheMS-CV: IvDQmYPOVUKSTfrq.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20210915T122456Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8e3e95daf6494bc789ac9eeadedd4e1d&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1167492&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1167492&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32068&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAAb57DOCB7T/xACqCcuD2nlZ06GTVajuUZ3OKCwpo6T+mr8r2NbkgvuujgIrhzyTlez+bL2rkvy3XV0ChdG0gy0t4iKhRDgiGfLeXasNZsOHAQ7DqqlcYyF4/cbZ2aFDXLddhQw0BBob3+QdV4zPpO/4nyYqgXifT5Ev5ZQAHAOyxPEr1K8wr7GRF/m3UsCFnaP4k/NceyCbBEtwzmLHeazD+RmW+3aAuWrSnNlIjnD+hE0MR7RAEC4itBh/tc4an/1PzxFQEoheTE9Oti47K2qTytn0WD5Ncqf05Pv/qlamoeX9O09q3WINKPB1sIvAqkyhdM0sBbB/EvuaWza9xmqQDZgAACHqH1JRNqUgjqAGueTbxxnvN9Dzd52NX3hd4oD1Av9zUzm7D5G1CZ9jRMI+ykpYqL5Ha5vVEq8ONrUpDWamBSxlH7MzCe3X9jjxeTMTtpDk0+PFTXi97Cw9Lu/Qn3Th2JVVbOkU79fqgsSWBw/+JAgrS54AFqmwRWoR6Kmfor4CG6IdbgYdKPeBg6pOcc0ILUkEuN4fdGd5qEcvmeVlYOeOnpSg4ZiyqSuYmeSFjELrdL0R1QU6QXODEKkI7Rfh+Q8f+9+wrkoBeysAgyqYGKHKv5zykEuRTYvWnUmPa2RDmkYrasBJAl9RAHUsBvMrCIhNoTjV2bYWXsPrO/a7Rm7nTjluWUxFuLZvbY0hkBmtffN1+iC3H7oe2GRa1lr/xpg7f5+ZkZ8Xa0i2YNgurIFHVTrwoydiyadzowQnCD3eGPmuDWn4HIhtm78L/dZPyIawYqQ6uKfzZaKm/4eDuz9jjs7xgWR91kWH4pF2bauKzxPYv8MhuhXkGLCafpdk815XsXk4DKWvEfvlxzNOAMbZoL/FeOl3Rfk41LNA79XNIssZpAZQLPupOOzVe6tWLgcH91QE=&p=Cache-Control: no-cacheMS-CV: GC8fu0CsykqypPC0.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /config/v1/Office/0.0.0.0?&Clientid=%7bB7AA9FBC-69B9-4BDF-8E28-F8B8D26FD102%7d&Application=hxcomm&Platform=winrt&Version=16.0.8827.2205&MsoVersion=16.0.8827.2205&Audience=Production&Build=ship&Architecture=x64&Channel=CC&InstallType=Immersive&LabMachine=false&Holdout=false HTTP/1.1Accept: */*User-Agent: Microsoft Office 2014DisableExperiments: falseAccept-Encoding: gzip, deflate, brHost: config.edge.skype.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /ab? HTTP/1.1Accept: */*User-Agent: Microsoft Office 2014X-MSEdge-ClientId: B7AA9FBC-69B9-4BDF-8E28-F8B8D26FD102X-OfficeApp-LabMachine: 0X-OfficeApp-Application: hxcommX-OfficeApp-Architecture: x64X-OfficeApp-BuildVersion: 16.0.8827.2205X-OfficeApp-Audience: ProductionX-OfficeApp-BuildFlavor: shipX-OfficeApp-Channel: CCX-OfficeApp-MsoVersion: 16.0.8827.2205X-OfficeApp-Platform: winrtX-OfficeApp-InstallType: ImmersiveAccept-Encoding: gzip, deflate, brHost: client-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /ab?&clientid=%7bB7AA9FBC-69B9-4BDF-8E28-F8B8D26FD102%7d HTTP/1.1Accept: */*User-Agent: Microsoft Office 2014X-MSEdge-AppID: hxcommX-OCAS-Platform: winrtX-OCAS-Build: 16.0.8827X-MSEdge-IG: 85D8BB1D-8D21-41CE-A7BD-ED65E1BC88F7Accept-Encoding: gzip, deflate, brHost: ocos-office365-s2s.msedge.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /v8.0/oemdiscovery?oemId=&scmId=&phoneManufacturerName=&smBiosManufacturerName=VMware%2C+Inc.&phoneDeviceModel=&smBiosDm=VMware7%2C1 HTTP/1.1Accept-Encoding: gzip, deflateAccept: */*TASIGNORE: YESMS-PreciseDeviceFamilyVersion: 2814750890000385User-Agent: WindowsStore/11712.1001.23.0MS-CV: WzKuRvsak0mWUobt.1Accept-Language: en-USHost: storeedgefd.dsx.mp.microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /613a3488528020034b141176.js HTTP/1.1Host: kifot.wancdnapp.pageConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/css/8ae91b86a04f3d3bddf80251b21eff61nbr1631204484.css HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/css/a9b0aa3b02f474bda26de4056d033076nbr1631204485.css HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/8ae91b86a04f3d3bddf80251b21eff61nbr1631204484.js HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/5c01e8f23c1de684823a2b17b3508308.js HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301631204477.js HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/microsoft_logo.svg HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_white.svg HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.app
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.app
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.app
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.appIf-Modified-Since: Tue, 14 Sep 2021 17:16:39 GMTIf-None-Match: "a88f22478e52f27f6f24668e3ff397bf66ba51e21b2cc2375100de1d281417be"
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.appIf-Modified-Since: Tue, 14 Sep 2021 17:16:39 GMTIf-None-Match: "b1336d85e1a0c89eea2a4969953d0326f0faedd47871ea522033f7f6e513ea57"
Source: global traffic HTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.appIf-Modified-Since: Tue, 14 Sep 2021 17:16:39 GMTIf-None-Match: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e"
Source: global traffic HTTP traffic detected: GET /3iynvOz HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /converged_ux_v2_94I0sEqY0Jv8LdLTslehNA2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /lightweightsignuppackage_cJXxPLRToG0ngSKFZSDoOA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-gb_piBRJsXgxy0DAocfwbyzaQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49866 version: TLS 1.2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\.htm.htm'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17906253154991432827,2475525804298393733,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17906253154991432827,2475525804298393733,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6141E626-19F8.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\f3189703-97d4-4565-b201-bc589abb03a2.tmp Jump to behavior
Source: classification engine Classification label: mal52.phis.winHTM@41/230@17/15
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6648_740306370\LICENSE.txt Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 483816 Sample: .htm.htm Startdate: 15/09/2021 Architecture: WINDOWS Score: 52 13 vgrelaxacndapp.web.app 2->13 15 sni1gl.wpc.alphacdn.net 2->15 17 2 other IPs or domains 2->17 31 Yara detected HtmlPhish44 2->31 33 Phishing site detected (based on image similarity) 2->33 7 chrome.exe 14 487 2->7         started        signatures3 process4 dnsIp5 19 192.168.2.1 unknown unknown 7->19 21 192.168.2.3 unknown unknown 7->21 23 2 other IPs or domains 7->23 10 chrome.exe 35 7->10         started        process6 dnsIp7 25 clients.l.google.com 142.250.185.206, 443, 49763, 63118 GOOGLEUS United States 10->25 27 accounts.google.com 172.217.168.13, 443, 49764 GOOGLEUS United States 10->27 29 20 other IPs or domains 10->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.185.206
 clients.l.google.com United States
15169 GOOGLEUS false
104.16.122.175
 unpkg.com United States
13335 CLOUDFLARENETUS false
172.67.145.59
 kifot.wancdnapp.page United States
13335 CLOUDFLARENETUS false
172.217.168.65
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
67.199.248.11
 bit.ly United States
396982 GOOGLE-PRIVATE-CLOUDUS false
104.21.39.220
 mmidevnc.net United States
13335 CLOUDFLARENETUS false
172.217.168.13
 accounts.google.com United States
15169 GOOGLEUS false
199.36.158.100
 vgrelaxacndapp.web.app United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.21.175
 sni1gl.wpc.alphacdn.net United States
15133 EDGECASTUS false

Private
IP
192.168.2.1
192.168.2.4
192.168.2.3
127.0.0.1

Contacted Domains

Name IP Active
kifot.wancdnapp.page 172.67.145.59 true
mmidevnc.net 104.21.39.220 true
accounts.google.com 172.217.168.13 true
vgrelaxacndapp.web.app 199.36.158.100 true
cdnjs.cloudflare.com 104.16.18.94 true
bit.ly 67.199.248.11 true
sni1gl.wpc.alphacdn.net 152.199.21.175 true
clients.l.google.com 142.250.185.206 true
unpkg.com 104.16.122.175 true
googlehosted.l.googleusercontent.com 172.217.168.65 true
signup.live.com unknown unknown
aadcdn.msauth.net unknown unknown
acctcdn.msauth.net unknown unknown
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
secure.aadcdn.microsoftonline-p.com unknown unknown
fpt.live.com unknown unknown
acctcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js false
    		high
    https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1 false
    • URL Reputation: safe
    		 unknown
    file:///C:/Users/user/Desktop/.htm.htm?bbre=1631708713710#/1631708713710-!@IMUN9POcGRlegruYQdojaVFLSK@&!196IBp4fWhzt7OeviPV3@!&-donna.m.sanza@saic.com-1631708713710/1631708713710 true
      		low
      https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/css/8ae91b86a04f3d3bddf80251b21eff61nbr1631204484.css false
      • Avira URL Cloud: safe
      		 unknown
      https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
        		high
        https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/css/a9b0aa3b02f474bda26de4056d033076nbr1631204485.css false
        • Avira URL Cloud: safe
        		 unknown
        https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/imgs/microsoft_logo.svg false
        • Avira URL Cloud: safe
        		 unknown
        https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 false
        • URL Reputation: safe
        		 unknown
        https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js false
          		high
          https://unpkg.com/vue@2.6.11/dist/vue.min.js false
            		high
            https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 false
            • Avira URL Cloud: safe
            		 unknown
            https://acctcdn.msauth.net/converged_ux_v2_94I0sEqY0Jv8LdLTslehNA2.css?v=1 false
            • Avira URL Cloud: safe
            		 unknown
            https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg false
            • Avira URL Cloud: safe
            		 unknown
            https://unpkg.com/lodash@4.17.4/lodash.min.js false
              		high
              https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js false
              • URL Reputation: safe
              		 unknown
              https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js false
                		high
                https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/5c01e8f23c1de684823a2b17b3508308.js false
                • Avira URL Cloud: safe
                		 unknown
                https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/imgs/ellipsis_white.svg false
                • Avira URL Cloud: safe
                		 unknown
                https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg false
                • URL Reputation: safe
                		 unknown
                https://mmidevnc.net/re/Y000NVZQaXlOL3dtdkdBN2E4TmM4b3kxNytIRzRYK2owSkk2Q1dlTnF0MnpBNzNWbFJoTGZkeUkyYUNkQllYKzNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ== false
                • Avira URL Cloud: safe
                		 unknown
                https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg false
                • Avira URL Cloud: safe
                		 unknown
                https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/8ae91b86a04f3d3bddf80251b21eff61nbr1631204484.js false
                • Avira URL Cloud: safe
                		 unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                  		high
                  https://kifot.wancdnapp.page/613a3488528020034b141176.js false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0 false
                    		high
                    https://vgrelaxacndapp.web.app/adhjxtfzdvzx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301631204477.js false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
                      		high
                      https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://bit.ly/3iynvOz false
                        		high
                        https://unpkg.com/vue-router@2.7.0/dist/vue-router.min.js false
                          		high
                          https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-gb_piBRJsXgxy0DAocfwbyzaQ2.js?v=1 false
                          • Avira URL Cloud: safe
                          		 unknown
                          https://fpt.live.com/?session_id=7f0ff711039e45f99266ed8502548dc0&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU false
                            		high
                            https://unpkg.com/axios@0.16.1/dist/axios.min.js false
                              		high
                              https://acctcdn.msauth.net/images/favicon.ico?v=2 false
                              • URL Reputation: safe
                              		 unknown
                              https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js false
                                		high