Loading ...

Play interactive tourEdit tour

Windows Analysis Report ATT24207.html

Overview

General Information

Sample Name:ATT24207.html
Analysis ID:502671
MD5:29e469d37ccfa7a163da4ed671bf14e2
SHA1:3eb92a8efc70db1864cbf69b16938d75dadce934
SHA256:e45e1a7b4d3c9f67921c3ad5a8d58058f4f390e016346c183118143b5c8e4f8c
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Phishing site detected (based on image similarity)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2200 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\ATT24207.html' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5416 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,2607996047392706192,9024024679786612816,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
ATT24207.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing:

    barindex
    Yara detected HtmlPhish44Show sources
    Source: Yara matchFile source: ATT24207.html, type: SAMPLE
    Phishing site detected (based on image similarity)Show sources
    Source: file:///C:/Users/user/Desktop/ATT24207.html?bbre=1634226343231#/1634226343231-@&WQ3JwLcquUHyk5hzPVseNTK4t!&@R6wPnDsXgHNIv2fx!&@-ZWxpc2FiZXRoLmdhbGxleUBjaHV2LmNo-1634226343231/1634226343231Matcher: Found strong image similarity, brand: Microsoft image: 81505.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: HTML title missing
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: HTML title missing
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: Number of links: 0
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: Number of links: 0
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="author".. found
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="author".. found
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="copyright".. found
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\2200_1522987924\LICENSE.txtJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.6:49800 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.6:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49849 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49850 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 104.16.18.94 104.16.18.94
    Source: Joe Sandbox ViewIP Address: 104.16.18.94 104.16.18.94
    Source: Joe Sandbox ViewIP Address: 67.199.248.11 67.199.248.11
    Source: Joe Sandbox ViewIP Address: 67.199.248.11 67.199.248.11
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49680
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49678
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
    Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 23.49.139.27
    Source: unknownTCP traffic detected without corresponding DNS query: 23.49.139.27
    Source: unknownTCP traffic detected without corresponding DNS query: 23.49.139.27
    Source: unknownTCP traffic detected without corresponding DNS query: 23.49.139.27
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 104.127.115.201
    Source: unknownTCP traffic detected without corresponding DNS query: 104.127.115.201
    Source: unknownTCP traffic detected without corresponding DNS query: 104.127.115.201
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 95.100.218.151
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
    Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
    Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
    Source: angular.js.0.drString found in binary or memory: http://angularjs.org
    Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
    Source: pnacl_public_x86_64_pnacl_sz_nexe.0.drString found in binary or memory: http://llvm.org/):
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
    Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=9GZUHXTtvE%2F15QkRa0W4K7oUlqhobZhX9fBp7Ouq2oruVaHd5me7bDA9v
    Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=WBIgPf73%2BWxk5oUE8vtcPgBls90hzqDwCB4Vye3y%2F4znIs8zLZAiCeV
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfa
    Source: Network Action Predictor.0.drString found in binary or memory: https://account.live.com/
    Source: History.0.drString found in binary or memory: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_HFeToeM4u6fzMQF_f_rQ5Q
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_white_ufRYlllWOw4YyDRi
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg5x
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_White_4MYDQRab31HKDWWN-1HafA2.svg
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/favicon.ico
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/favicon.ico4
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: Current Session.0.drString found in binary or memory: https://account.live.com/password/reset
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, manifest.json4.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://accounts.google.com
    Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
    Source: Network Action Predictor.0.drString found in binary or memory: https://acctcdn.msauth.net/
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/accountcorepackage_tJqkxod2akFqIDWp-BRsNA2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1$
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svgw
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
    Source: data_1.1.dr, Favicons.0.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1:.
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=17-
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1a
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://ajax.googleapis.com
    Source: data_1.1.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
    Source: data_1.1.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jso
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, manifest.json4.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://apis.google.com
    Source: mirroring_common.js.0.drString found in binary or memory: https://apis.google.com/js/client.js
    Source: Current Session.0.drString found in binary or memory: https://bit.ly/2UqudLY
    Source: History.0.drString found in binary or memory: https://bit.ly/2UqudLYRecover
    Source: mirroring_common.js.0.drString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
    Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js
    Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js
    Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js?
    Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js
    Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js
    Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.jsf
    Source: pnacl_public_x86_64_libcrt_platform_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
    Source: pnacl_public_x86_64_libcrt_platform_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://clients2.google.com
    Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
    Source: manifest.json1.0.dr, manifest.json3.0.dr, manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
    Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
    Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://content-autofill.googleapis.com
    Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCZ1PG8T4iKcFEgk
    Source: manifest.json4.0.drString found in binary or memory: https://content.googleapis.com
    Source: mirroring_cast_streaming.js.0.dr, common.js.0.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
    Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
    Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
    Source: data_3.1.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Source: data_3.1.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
    Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
    Source: data_3.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, e77329a5-9a19-4dc2-b9ef-e00baa5a174a.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr, 3cddfce6-c5a2-4d2c-9441-dd7beef21176.tmp.1.drString found in binary or memory: https://dns.google
    Source: mirroring_common.js.0.drString found in binary or memory: https://docs.google.com
    Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
    Source: manifest.json4.0.drString found in binary or memory: https://feedback.googleusercontent.com
    Source: 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
    Source: manifest.json4.0.drString found in binary or memory: https://fonts.googleapis.com;
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
    Source: manifest.json4.0.drString found in binary or memory: https://fonts.gstatic.com;
    Source: material_css_min.css.0.drString found in binary or memory: https://github.com/angular/material
    Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
    Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
    Source: manifest.json4.0.drString found in binary or memory: https://hangouts.google.com/
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
    Source: data_1.1.drString found in binary or memory: https://kifot.wancdnapp.page/616700eab73a140ba8549ca3.js
    Source: mirroring_common.js.0.drString found in binary or memory: https://meet.google.com
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://meetings.clients6.google.com
    Source: mirroring_common.js.0.drString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://ogs.google.com
    Source: craw_window.js.0.dr, manifest.json1.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://r4---sn-4g5ednsd.gvt1.com
    Source: data_3.1.drString found in binary or memory: https://r4---sn-4g5ednsd.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=102.1
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
    Source: data_1.1.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/332031507388606b90fee610b57841a3.js
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.j
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/css/afa6a734c2a7acf6d83fe55994ffbde1nbr16341403
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/css/b54d64bedeab2e123782af00bf32d7banbr16341403
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg9
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg
    Source: data_1.1.drString found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301634140370.j
    Source: craw_window.js.0.dr, manifest.json1.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
    Source: data_1.1.dr, Favicons.0.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
    Source: data_1.1.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico~r
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
    Source: messages.json66.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
    Source: messages.json66.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
    Source: data_1.1.drString found in binary or memory: https://unpkg.com/axios
    Source: data_1.1.drString found in binary or memory: https://unpkg.com/lodash
    Source: data_1.1.drString found in binary or memory: https://unpkg.com/vue
    Source: data_1.1.drString found in binary or memory: https://unpkg.com/vue-router
    Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, manifest.json4.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://www.google.com
    Source: manifest.json1.0.drString found in binary or memory: https://www.google.com/
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
    Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
    Source: feedback_script.js.0.drString found in binary or memory: https://www.google.com/tools/feedback
    Source: manifest.json4.0.drString found in binary or memory: https://www.google.com;
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://www.googleapis.com
    Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
    Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
    Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
    Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
    Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
    Source: manifest.json4.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
    Source: mirroring_common.js.0.drString found in binary or memory: https://www.googleapis.com/calendar/v3
    Source: mirroring_common.js.0.drString found in binary or memory: https://www.googleapis.com/hangouts/v1
    Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.drString found in binary or memory: https://www.gstatic.com
    Source: common.js.0.drString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
    Source: manifest.json4.0.drString found in binary or memory: https://www.gstatic.com;
    Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 18.10.0.17134.0.0; IDCRL-cfg 16.000.27716.00; App svchost.exe, 10.0.17134.1, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4740Host: login.live.com
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: global trafficHTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:BE8AB8DF-DCD1-3523-4A95-3A04EAFF1CBA&ctry=US&time=20211014T154526Z&lc=en-US&pl=en-US&idtp=mid&uid=b029da70-c67b-4a7e-9bd5-517f7e302ed9&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f8fe5003920149bf97d237d78c495040&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1209353&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1209353&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32345&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAARZBCLq1twRyg2iSP3eIYMS42sDelJJyfwjLzJeHFZ1K+G9EDFBmRoXfbKUWgcJqzYfLKyrQMp6+uC9Fh3ZjcIkGAlgHYWU4w98yeLpBakQHP8mWUHz7jHx0ST4I1Z7cDGcu725PNBeQ2ym0yme/xxaodd/crR84vzNj3zhPqBDwgx+pK3gMK+CBcbJ1Riu+RTOZyvoHoxfRagz8nFA83XyAldQIvaCUP/yoFndsM11CKZwpxU2VDJCK3/yrdj3JdZXSKV8hZOv7UdgenUMS1CJKCjZcdPktYK/f+M+HRErFCE8wiZoVcBk8EHweLrhevDy3S3+SrA/dc+ud2GclKJgDZgAACAVhvew7fWkAsAFwXW28geF70k4rjBf/DZrz9Jxf5EoLW6+ejvZJsglgx8HYqXuhPj6E8NxeILowLaZgjGB8AckBE5OJfahs64xbW7uoPUrd6pLW//b9VFQNxTWaOcCZSA5oRca7dvA44ZJPEytaVco19NuJaG9UZfmkZN8cQBM/SEa0fFGI77hFoLQiC9igeRnbdFblT43Y8ZCs+VCQXskw6k1k2EOE9ZZWPwrMOQQ9j+P3Ebm6+xJlxkbvTvr4AOhI65QssXCtFwe8m1JBdFBUWDa2ovLHcNO09snzVM754se6WouUsnDGhWWRK5xWTSEWxRzYNcnjCOYtQt0Dwq90GrtGxSOkT9JIkS+mZWfSIyiEiBFRws/OHpWVwC7wAbA+y7y6UhZvzyhztVkzFVMLMieyaGkjrCTFQi0ww/wstKDbfy4jcB7CiEmVKunszfBkzW1+hy8TpeP3NH0r++36CX9MilxXgDUjHtEjfYdP52Y1JLC5IeGRDvNDaDGomuqw0gOiG68J2oKMS4lGrtBLG9fYakyGR91Z+r1ETDvfh0F47RDh4/2xLKwjLL9SwDqNC3PKRSYQcw/YAQ==&p=Cache-Control: no-cacheMS-CV: NNZPdMUmRUqWyJhV.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:BE8AB8DF-DCD1-3523-4A95-3A04EAFF1CBA&ctry=US&time=20211014T154526Z&lc=en-US&pl=en-US&idtp=mid&uid=b029da70-c67b-4a7e-9bd5-517f7e302ed9&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=a87b8115d61c47e0bb9c94c4967ca79d&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1209353&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1209353&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32345&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAAYNg3Sww2/AnNV6ASdmYeau3E0KsmJsMPtVlQYGUtQkk+r8s32MUaLmDAHn1035rg0bsa1ev21d+vBSj+EU4RHMcNCTEq1ZXyu03Bp5NThlsVkPeZOLxg3No8lLQkRm/pDmyeAxNo60V/y3OOieLIoYntx7ccBh5fbOF/hhYgrUJPZQ2OY4hkihkxs2JLAafKr25E/iPHhZZOSpE0R6jHqa/1YaWzyUzFqmoWishndeOygS4kGyCBvUjPvbctkWPrh3pGXR6pYz4Vq1smGmMRWSv55n20ZMzWS4LQxMGNUVRPFB8fJbAsCRAzN4Jxo7h4b8Jmd8OondSn6liwjq2LKoDZgAACPiptPszdHXSsAFhFBuNyJJt92Ui5166+BHWUFZa+VwI7VKAlgn4qsfl4B2BKyuxjTos/ijetzYCV2PQDmSPBKmo1qUYL9rJiuKNEz0uDR46qkGxFZcbXM2Gn4nFb+M9liBDSR+NNR7Nq2Yc9E6azK253HXOBp7Oh1HTIE6m8daNKthzcGbSkInqED+AvAxJu9j2w+k8n4cqQGYPACR1gRyMHpSxpTKWWMvmg+oAwXoUfBSZEDe+kBhyOy566wVpJWGgaEcAncswiQ06hoOcnWfqLCUAB2V+tmtFBTepbYeBYdfOOTBwJKmOWVjERamxho/1JNaGL9x8Jql2x1J0pj4iZm4XoWk7prOi+S1AEpLW+5OKXg7YF3D/Fb16sf76B+fYWuWNEg5qAAMT3AVjt2fHmLGNc+zZbK0uhBPPEiate/8t+dVLZR8jO0yml0Umh/04LpouwbQyg/HRqP3GKNjTsG3CG2W8gd4W2MPE2m1sOEZeEU2kn0J5mCYTBi90IKx7qYmhRm0i5g4Wcg5+AS9tA/b8tsptXfXX6qacyyk0Emp3CXDzDa6ox8slAMCHZNp6p/AzmBAycHnYAQ==&p=Cache-Control: no-cacheMS-CV: NNZPdMUmRUqWyJhV.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /client/config?cc=US&setlang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -420X-BM-FirstEnabledTime: 132061387448759736X-DeviceID: 0100748C09001CEAX-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDgAkR8BAAUW3WS0TDKGu2jEbBhB%2BXls4oNzBQAAdmVI601s7YUxnKSDtCt75MkYvjR/sxxhMJRSf/1qwKjehDgmat/WImjpbgIsXWxkO%2BTixhklDMSGAbj4aRZJqRDLnViUCuusXpuhR5Mu%2BdAzJlkQ7wamedAz9aS%2BSKAQOCj/9OzRcAwzSMjo05yAkLpFv5oaZrwIvE7ye0FvUjznRvZ7dS9vHNZHbofJkvFcrAd/Ocnu1uKcFs71fhju1KSq2kV2qYIEMH8ZEuBu/uonTn7w%2BK7V4TQXNR%2BCuEs7c0mjDcISRWOe97TzHWXWTAQZ%2BrPqf%2BpSC5a%2BRC6ST0akoqBRdGyIKLsjqkzeTqrrKMZa/FogyDBUBfDKcPxt5QDZgAACNEW0rAszmM7sAHEGDKkrVOYpEEb8b2FkyEe/Dfg1WnCyQJ/IpMt4bjOB/0CI1sjsuSO4WZ6ZfbNUkcPnLk58RBfqzAwp8DjddXogQkLXFIGHC0x1AcA65kUQF%2BmomhD0N5goBYqG61GKdI9fadgp8/sbeUkn9NpSOy3PGfr5iZrGqXkL2WYOHyPpMt%2BGyeNomhoDVcVX5JJdgdIt29ccEGm/sDUJr9hsB8EADlx/cWah70C1G9wG11ezaTmgsQlvj2GeXhhyeAR0IpqSzsb4VmeT3p5BqZN3Cvh5EglRMxmjrbIlbF4mRlGYhpT7NPci9GpF%2BqFxF/iY0jJeMoRooAz%2BPsAMQo/6Tz2GSwZW2Fy6o0uPS1UyEVSfIyb/FDsBicn21bVLWADvK9DSB2zlHX94IDnsltoIkbV/i3hY4pvd9IHPmOzOgeDtazxfVjjQxOPBl1heegn41ZxIQFEU6TUxpS%2Buo8HRaokWz5Mo6TaLyQIVb592t33CRhUUM1fRxRFfaE7TZOl3zcaEdWKOTsV9ZbUt08YZd5h/DR7vSD3UgQxB55M4t9VrXg6ykRzQlxjzAFFAqipIAbYAQ%3D%3D%26p%3DX-Agent-DeviceId: 0100748C09001CEAX-BM-CBT: 1634226324User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134X-Device-isOptin: trueAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: CB3D104B96D94235B2067C059317C51AX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderHost: www.bing.comConnection: Keep-AliveCookie: MUID=54AD14FB4D1E4A6C815A867991009454
    Source: global trafficHTTP traffic detected: GET /616700eab73a140ba8549ca3.js HTTP/1.1Host: kifot.wancdnapp.pageConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/css/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.css HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/css/b54d64bedeab2e123782af00bf32d7banbr1634140376.css HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.js HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/332031507388606b90fee610b57841a3.js HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301634140370.js HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikcndapplala.web.app
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikcndapplala.web.app
    Source: global trafficHTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikcndapplala.web.app
    Source: global trafficHTTP traffic detected: GET /2UqudLY HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /accountcorepackage_tJqkxod2akFqIDWp-BRsNA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: