Loading ...

Play interactive tourEdit tour

Windows Analysis Report .htm.htm

Overview

General Information

Sample Name:.htm.htm
Analysis ID:483816
MD5:452fb55522a19199e1655e3d83115291
SHA1:1704740911845f8b6fc7303ef7ab4d53cade86e6
SHA256:53aa93b8006b0c7feac69c363efe775f4bd47382773d2fe03bc5235545a70dc9
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Phishing site detected (based on image similarity)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6648 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\.htm.htm' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6804 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17906253154991432827,2475525804298393733,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
.htm.htmJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing:

    barindex
    Yara detected HtmlPhish44Show sources
    Source: Yara matchFile source: .htm.htm, type: SAMPLE
    Phishing site detected (based on image similarity)Show sources
    Source: file:///C:/Users/user/Desktop/.htm.htm?bbre=1631708713710#/1631708713710-!@IMUN9POcGRlegruYQdojaVFLSK@&!196IBp4fWhzt7OeviPV3@!&-donna.m.sanza@saic.com-1631708713710/1631708713710Matcher: Found strong image similarity, brand: Microsoft image: 87229.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/user/Desktop/.htm.htm?bbre=1631708713710#/1631708713710-!@IMUN9POcGRlegruYQdojaVFLSK@&!196IBp4fWhzt7OeviPV3@!&-donna.m.sanza@saic.com-1631708713710/1631708713710Matcher: Found strong image similarity, brand: Microsoft image: 58111.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: HTML title missing
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: HTML title missing
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: Number of links: 0
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: Number of links: 0
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: On click: OnBack(); return false;
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: On click: OnBack(); return false;
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: No <meta name="author".. found
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: No <meta name="author".. found
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: No <meta name="copyright".. found
    Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45f99266ed8502548dc0HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\6648_740306370\LICENSE.txtJump to behavior
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49807 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49865 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49866 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 104.16.122.175 104.16.122.175
    Source: Joe Sandbox ViewIP Address: 172.67.145.59 172.67.145.59
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
    Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
    Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
    Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
    Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
    Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-MSEdge-Ref: Ref A: 3459D9952B3A4DC28A092DAF5A9F8820 Ref B: AMS04EDGE2314 Ref C: 2021-09-15T12:25:00ZDate: Wed, 15 Sep 2021 12:24:59 GMTConnection: closeContent-Length: 0
    Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
    Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=6WeusdqsU7baRSsIf%2F1GbUAa%2F1zaol6sicB77Z6lRnW4eCcp9U2ptUe
    Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=FsMHNSweYKWjMQ%2FkMdDf7EZyNR7fYLdv9jerDys9a9ZFG3sHiRtNjOpx6
    Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=GXr4pKWUCqOWU9Phqfrj1ICuzZaiL4zTW9btT5dEOEjZ13W%2Bh8kHI%2BL
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, manifest.json0.0.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://accounts.google.com
    Source: Network Action Predictor.0.drString found in binary or memory: https://acctcdn.msauth.net/
    Source: 59f8bbf14d4853fd_0.0.drString found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
    Source: Favicons.0.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
    Source: aa9287de0c8e3679_0.0.drString found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
    Source: 4f3329f3f8204488_0.0.drString found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
    Source: 7fe4ac91e4089c5a_0.0.drString found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_cJXxPLRToG0ngSKFZSDoOA2.js?v=1
    Source: d87d9f144fbdb8cc_0.0.drString found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-gb_piBRJsXgxy0DAocfwbyzaQ2.js?v=1
    Source: 7e4cea594f77c74d_0.0.drString found in binary or memory: https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
    Source: c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://ajax.googleapis.com
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, manifest.json0.0.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://apis.google.com
    Source: Current Session.0.drString found in binary or memory: https://bit.ly/3iynvOz
    Source: History.0.drString found in binary or memory: https://bit.ly/3iynvOzCreate
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://clients2.google.com
    Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
    Source: c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://content-autofill.googleapis.com
    Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, e1aa9b39-4a79-4908-8af6-d0b650efdbd5.tmp.1.dr, 03d698c0-4e3f-4b95-bd06-aa5a14ef0f11.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://dns.google
    Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
    Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
    Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
    Source: Current Session.0.drString found in binary or memory: https://fpt.live.com
    Source: Current Session.0.drString found in binary or memory: https://fpt.live.com/?session_id=7f0ff711039e45f99266ed8502548dc0&CustomerId=33e01921-4d64-4f8c-a055
    Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
    Source: d87d9f144fbdb8cc_0.0.dr, 4f3329f3f8204488_0.0.drString found in binary or memory: https://live.com/
    Source: 7e4cea594f77c74d_0.0.drString found in binary or memory: https://live.com/D
    Source: Network Action Predictor.0.drString found in binary or memory: https://login.live.com/
    Source: History.0.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1631708743&rver=7.3.6960.0&wp=M
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://ogs.google.com
    Source: manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://play.google.com
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.drString found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
    Source: manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
    Source: Favicons-journal.0.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
    Source: Current Session.0.drString found in binary or memory: https://signup.live.com
    Source: Network Action Predictor.0.drString found in binary or memory: https://signup.live.com/
    Source: Current Session.0.drString found in binary or memory: https://signup.live.com/signup#
    Source: History.0.drString found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=7f0ff711039e45
    Source: Favicons.0.drString found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&amp;amp;rpsnv=13&amp;am
    Source: History.0.drString found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&amp;amp;rpsnv=13&amp;amCreate
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
    Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
    Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, manifest.json0.0.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://www.google.com
    Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
    Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://www.googleapis.com
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
    Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
    Source: a06f550e-b249-4a2c-907b-0a947d90425f.tmp.1.dr, c5a5ef7e-e72c-498f-bbd5-1a26a8df7267.tmp.1.drString found in binary or memory: https://www.gstatic.com
    Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: unknownDNS traffic detected: queries for: clients2.google.com
    Source: global trafficHTTP traffic detected: GET /client/config?cc=US&setlang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: 120X-BM-FirstEnabledTime: 132061327679472806X-DeviceID: 0100748C0900D485X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUW3WS0TDKGu2jEbBhB%2BXls4oNzBQAAe6nopwCYKdw73MnHG/NxfTS3frKPmsjhP8PLTUkWrlkdiRw2NHnsvjvURSNPAXPox7jOnj/SjJqG%2Bt711v9YbMCFSf5BVMMkTcnsRTNknNp%2Bw8TI62uE7hZqb793kpOAxKS8WKyYn/%2BtkgB30WTgE0VeICtszhDsIDCR3mueXcTwD3bmmUz95UkaS6X4rsZaJOTp0YDc0ke7009T2teLU7PgHqqaWz7fpgjeMHerPuVv8DM%2BsYtzNk63/VCOW8A1HHO3CIQEfyrRwCODgMiLatcv3W4nwt/jKmlNz4htVn%2B4Egy/Nc7cZWHwhfjQSuNvSPL0Ru4sn6gpMA01Eacnh8DZgAACMX70MbFnNC1qAFp%2BXZSv1HBtrXlmKHIpWXrFBMwvSa7EHarf05s%2BhsZ2HbdiFwfCzMj%2BVFcASFYJEGLzSdBauDnxmQB1ZJhZ1S790pyKb5CaMCGRPLf6XhErSU24ZTUlgWfDqVLtvp5a9gZk3ih7nS5Lo5MOMmpQKZwc8dFKA2oKonHvHTldkDeVQOi%2BFy0z86Vj62ryagR64r9aSR5ieN1G2txQ3boENQXwpu7c7aYy8gxZSXwvIsFHjXCn2umsYWobYGCq4CaWVjynS3C/8El36yi9PtQBDSfTaH5F0MPIAGzT21db9YNBkWR6x6tsK%2Bkq9VGNINrA7//e/hGTna/w0cJAA55Vk3Zu1i3tJbcTiDz6vKkXDGxOBqhtzHDFPvzh8xawqkDcxnpgAT2Z71aFhJ%2B2JHjEli3lB/kopPMPkOXtl1iCof0Vh1/IkTbLsWtG3UZnt/NQf1DbaSJBc0JdIQdg0vf0av0z3gM/L%2BdDQttGlhH6hZ4fKQlSA923VrQkILhvFcr2uOwuPn5F3j7ijj5%2BUaciK1U%2Ba4yWNn3J7r73Evs5/mELRUJwdwg9z6j1QE%3D%26p%3DX-Agent-DeviceId: 0100748C0900D485X-BM-CBT: 1631708693User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134X-Device-isOptin: trueAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: 8B3559E573404D9DBB475849B0298B3DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderHost: www.bing.comConnection: Keep-AliveCookie: MUID=BEEBF15262804E24A8DF6781500AB975; SRCHUID=V=2&GUID=473755C50BC5489881A8E23CE1EFF586&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20210915; SRCHHPGUSR=SRCHLANG=en&IPMH=37efd466&IPMID=1631708697322&LUT=1631708696982; CortanaAppUID=B6948D87EDD147F9CB93B6BF4870B62C; MUIDB=BEEBF15262804E24A8DF6781500AB975
    Source: global trafficHTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20210915T122456Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=0a2a969ce891421fa2ee926fa2a4ce97&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1167492&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1167492&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32068&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAAdafoAY2iOKmyjVicIf+VrdbDqkPtZ0t7l0ksoE3MNtSbXpd9ZCyQI9qcSv281tXDuk/v0PVpeypKbfbo3FxV2ysZV1eC9OU/q4aqTzeoNkKDbPOpg7sh/pdAcC8cVdcQ9VxxIaOcteU2sbrXML612FGQCpivmuxHIdqYdQlfHljt6UxM0wlebnEJeLtM73LaZNrpUOd/DQ2qxnfAkc5POY278aAsBZNK7ev9cLlO2MU5U322Q2bUy4ablK571lF1PyYQy7AsvHPpAnSexEYyaDTk/jl+KaX9X4083dwinhCE+7XH5YzpqnraCz0ck2jj7awcNpZ89RxkezTjHMnW18DZgAACBovOtU3eis3qAGXo0HsFcDMHIwl8Me4RW73QISmzYJsVuMdgXPPIsR/E9QMGEvn9KX/odqKFtoGxYD36zIYvuESL+smGZEMNBJr4nHMQ0yoilH5T3KSdRfizcU5wE9a1Ry/OGTRiQg4LMOJsvQyr+Xz9Rn0z0pI5wLQVWLyoO66H/KwQGaWs8h2RKUKsw/zPT/l7yV9rX3eZAPQ2XH1rXTPI6XlEDRq/MuZSMErNaTkwV8Cz74omP+6Nc8XfF6HnTQCZloS/ypTrAdfyG0QOjLuHyKtZIeauCxjoahY7oUYN0gNBf/7TkuWDk2JrDTm4zTvJExkZ1+bHJwGee+qNkixRU9EpUGctyEWusoKcD5FqqbSvovNu5L/4xztCzK+YBkYowvX+WxvQu1QO9E4D3MQcpNzPZGpEGSVNEzT905+tr5HO9IzW4i9vXPtt7WFoVAVUHjnqnZM7adlbRt9f2cvA26miQa37LCBLs/N+xcLgcH+IIlJFh6/1i5rEy6WqN3I5RFeenFaTRTCmUhO2pWaGilFca3HbDoAv2tuqpNkN7fCyP/iy5V4XN7OQuu7mx9f1QE=&p=Cache-Control: no-cacheMS-CV: IvDQmYPOVUKSTfrq.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20210915T122456Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8e3e95daf6494bc789ac9eeadedd4e1d&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1167492&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1167492&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32068&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAAb57DOCB7T/xACqCcuD2nlZ06GTVajuUZ3OKCwpo6T+mr8r2NbkgvuujgIrhzyTlez+bL2rkvy3XV0ChdG0gy0t4iKhRDgiGfLeXasNZsOHAQ7DqqlcYyF4/cbZ2aFDXLddhQw0BBob3+QdV4zPpO/4nyYqgXifT5Ev5ZQAHAOyxPEr1K8wr7GRF/m3UsCFnaP4k/NceyCbBEtwzmLHeazD+RmW+3aAuWrSnNlIjnD+hE0MR7RAEC4itBh/tc4an/1PzxFQEoheTE9Oti47K2qTytn0WD5Ncqf05Pv/qlamoeX9O09q3WINKPB1sIvAqkyhdM0sBbB/EvuaWza9xmqQDZgAACHqH1JRNqUgjqAGueTbxxnvN9Dzd52NX3hd4oD1Av9zUzm7D5G1CZ9jRMI+ykpYqL5Ha5vVEq8ONrUpDWamBSxlH7MzCe3X9jjxeTMTtpDk0+PFTXi97Cw9Lu/Qn3Th2JVVbOkU79fqgsSWBw/+JAgrS54AFqmwRWoR6Kmfor4CG6IdbgYdKPeBg6pOcc0ILUkEuN4fdGd5qEcvmeVlYOeOnpSg4ZiyqSuYmeSFjELrdL0R1QU6QXODEKkI7Rfh+Q8f+9+wrkoBeysAgyqYGKHKv5zykEuRTYvWnUmPa2RDmkYrasBJAl9RAHUsBvMrCIhNoTjV2bYWXsPrO/a7Rm7nTjluWUxFuLZvbY0hkBmtffN1+iC3H7oe2GRa1lr/xpg7f5+ZkZ8Xa0i2YNgurIFHVTrwoydiyadzowQnCD3eGPmuDWn4HIhtm78L/dZPyIawYqQ6uKfzZaKm/4eDuz9jjs7xgWR91kWH4pF2bauKzxPYv8MhuhXkGLCafpdk815XsXk4DKWvEfvlxzNOAMbZoL/FeOl3Rfk41LNA79XNIssZpAZQLPupOOzVe6tWLgcH91QE=&p=Cache-Control: no-cacheMS-CV: GC8fu0CsykqypPC0.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /config/v1/Office/0.0.0.0?&Clientid=%7bB7AA9FBC-69B9-4BDF-8E28-F8B8D26FD102%7d&Application=hxcomm&Platform=winrt&Version=16.0.8827.2205&MsoVersion=16.0.8827.2205&Audience=Production&Build=ship&Architecture=x64&Channel=CC&InstallType=Immersive&LabMachine=false&Holdout=false HTTP/1.1Accept: */*User-Agent: Microsoft Office 2014DisableExperiments: falseAccept-Encoding: gzip, deflate, brHost: config.edge.skype.comConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /ab? HTTP/1.1Accept: */*User-Agent: Microsoft Office 2014X-MSEdge-ClientId: B7AA9FBC-69B9-4BDF-8E28-F8B8D26FD102X-OfficeApp-LabMachine: 0X-OfficeApp-Application: hxcommX-OfficeApp-Architecture: x64X-OfficeApp-BuildVersion: 16.0.8827.2205X-OfficeApp-Audience: ProductionX-OfficeApp-BuildFlavor: shipX-OfficeApp-Channel: CCX-OfficeApp-MsoVersion: 16.0.8827.2205X-OfficeApp-Platform: winrtX-OfficeApp-InstallType: ImmersiveAccept-Encoding: gzip, deflate, brHost: client-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /ab?&clientid=%7bB7AA9FBC-69B9-4BDF-8E28-F8B8D26FD102%7d HTTP/1.1Accept: */*User-Agent: Microsoft Office 2014X-MSEdge-AppID: hxcommX-OCAS-Platform: winrtX-OCAS-Build: 16.0.8827X-MSEdge-IG: 85D8BB1D-8D21-41CE-A7BD-ED65E1BC88F7Accept-Encoding: gzip, deflate, brHost: ocos-office365-s2s.msedge.netConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /v8.0/oemdiscovery?oemId=&scmId=&phoneManufacturerName=&smBiosManufacturerName=VMware%2C+Inc.&phoneDeviceModel=&smBiosDm=VMware7%2C1 HTTP/1.1Accept-Encoding: gzip, deflateAccept: */*TASIGNORE: YESMS-PreciseDeviceFamilyVersion: 2814750890000385User-Agent: WindowsStore/11712.1001.23.0MS-CV: WzKuRvsak0mWUobt.1Accept-Language: en-USHost: storeedgefd.dsx.mp.microsoft.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /613a3488528020034b141176.js HTTP/1.1Host: kifot.wancdnapp.pageConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/css/8ae91b86a04f3d3bddf80251b21eff61nbr1631204484.css HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/css/a9b0aa3b02f474bda26de4056d033076nbr1631204485.css HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/8ae91b86a04f3d3bddf80251b21eff61nbr1631204484.js HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/5c01e8f23c1de684823a2b17b3508308.js HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301631204477.js HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/microsoft_logo.svg HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_white.svg HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: vgrelaxacndapp.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.app
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.app
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.app
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.appIf-Modified-Since: Tue, 14 Sep 2021 17:16:39 GMTIf-None-Match: "a88f22478e52f27f6f24668e3ff397bf66ba51e21b2cc2375100de1d281417be"
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.appIf-Modified-Since: Tue, 14 Sep 2021 17:16:39 GMTIf-None-Match: "b1336d85e1a0c89eea2a4969953d0326f0faedd47871ea522033f7f6e513ea57"
    Source: global trafficHTTP traffic detected: GET /adhjxtfzdvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: vgrelaxacndapp.web.appIf-Modified-Since: Tue, 14 Sep 2021 17:16:39 GMTIf-None-Match: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e"
    Source: global trafficHTTP traffic detected: GET /3iynvOz HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /converged_ux_v2_94I0sEqY0Jv8LdLTslehNA2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /lightweightsignuppackage_cJXxPLRToG0ngSKFZSDoOA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-gb_piBRJsXgxy0DAocfwbyzaQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.4:49807 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49865 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49866 version: TLS 1.2
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\.htm.htm'
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17906253154991432827,2475525804298393733,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17906253154991432827,2475525804298393733,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6141E626-19F8.pma