Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://1drv.ms/o/s!BFzbliQHga9thHOqrI9QptDiwJUj?e=grwCUiO570G-WuG1MD-gig&at=9

Overview

General Information

Sample URL:https://1drv.ms/o/s!BFzbliQHga9thHOqrI9QptDiwJUj?e=grwCUiO570G-WuG1MD-gig&at=9
Analysis ID:505171
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on shot template match)
Yara detected HtmlPhish7
HTML body contains low number of good links
No HTML title found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6480 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://1drv.ms/o/s!BFzbliQHga9thHOqrI9QptDiwJUj?e=grwCUiO570G-WuG1MD-gig&at=9' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6652 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,9792526122180099326,15479179688600160912,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

barindex
Phishing site detected (based on shot template match)Show sources
Source: https://fuschia-sly-pilot.glitch.me/super.htmlMatcher: Template: office matched
Yara detected HtmlPhish7Show sources
Source: Yara matchFile source: 34231.3.pages.csv, type: HTML
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: Number of links: 0
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: Number of links: 0
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: HTML title missing
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: HTML title missing
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: No <meta name="author".. found
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: No <meta name="author".. found
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://fuschia-sly-pilot.glitch.me/super.htmlHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownDNS traffic detected: queries for: 1drv.ms
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /o/s!BFzbliQHga9thHOqrI9QptDiwJUj?e=grwCUiO570G-WuG1MD-gig&at=9 HTTP/1.1Host: 1drv.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/proxy?v=3 HTTP/1.1Host: skyapi.onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=0168f818-81cf-432e-9af2-3d4d694c889e&&RD00155D5EAE74&338; wla42=; mkt=en-US; xidseq=3; E=P:8U7qWIyS2Yg=:7pjeBlFbqlA2Xy3NuZx0/BnaR9jfEyus6dcxnr3wb/0=:F
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1634630992664 HTTP/1.1Host: storage.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=0168f818-81cf-432e-9af2-3d4d694c889e&&RD00155D5EAE74&338; wla42=; mkt=en-US; BP=l=SDX.Skydrive&FR=&ST=; MUID=11F9512581356A350B1741F185356EFC; xidseq=4; E=P:KwjPYoyS2Yg=:tCmvrQxQXizNh6SqVF+3cy8g5zZ24OuJgdjn3knoCGw=:F; wlidperf=latency=457
Source: global trafficHTTP traffic detected: GET /super.html HTTP/1.1Host: fuschia-sly-pilot.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/hover.css HTTP/1.1Host: fuschia-sly-pilot.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://fuschia-sly-pilot.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://fuschia-sly-pilot.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://fuschia-sly-pilot.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1Rvzzk8/gmail1.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fuschia-sly-pilot.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /super.html HTTP/1.1Host: fuschia-sly-pilot.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "6477557fed4f2f518c54c896b5b328ea"If-Modified-Since: Mon, 18 Oct 2021 14:23:33 GMT
Source: global trafficHTTP traffic detected: GET /css/hover.css HTTP/1.1Host: fuschia-sly-pilot.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1Rvzzk8/gmail1.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fuschia-sly-pilot.glitch.me/super.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Oct 2021 23:10:07 GMTContent-Length: 3616Connection: closeCache-Control: max-age=0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Oct 2021 23:10:07 GMTContent-Type: image/pngContent-Length: 1157Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Oct 2021 23:10:08 GMTContent-Length: 3616Connection: closeCache-Control: max-age=0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Oct 2021 23:10:09 GMTContent-Type: image/pngContent-Length: 1157Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Oct 2021 23:10:09 GMTContent-Length: 3616Connection: closeCache-Control: max-age=0
Source: angular.js.0.drString found in binary or memory: http://angularjs.org
Source: data_3.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: data_3.2.drString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: data_3.2.drString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: data_3.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: data_3.2.drString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
Source: data_3.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: data_3.2.drString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0
Source: data_3.2.drString found in binary or memory: http://crls.pki.goog/gts1c3/fVJxbV-Ktmk.crl0
Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: data_2.2.drString found in binary or memory: http://glitch.com/help
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.drString found in binary or memory: http://llvm.org/):
Source: data_3.2.drString found in binary or memory: http://ocsp.digicert.com0
Source: data_3.2.drString found in binary or memory: http://ocsp.digicert.com0F
Source: data_3.2.drString found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: data_3.2.drString found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: data_3.2.drString found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: data_3.2.drString found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: data_3.2.drString found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: data_3.2.drString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: data_3.2.drString found in binary or memory: http://www.digicert.com/CPS0
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: History.0.drString found in binary or memory: https://1drv.ms/o/s
Source: Reporting and NEL.2.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=OVjQvLTi8KvVsuhkcbRbVYt2%2Fe7PaX0kOsE%2FbHoSt999X4k3i8EkFDu
Source: Reporting and NEL.2.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=zx9ab3ccWUYVpFfx%2Fq4KZ9L1jHBVHFBB1O1rl%2Fo9z%2BMD72wOtbDkS
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.dr, manifest.json2.0.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: data_1.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: data_1.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.jsChIKBw1O73Z7GgAKBw3pOi5xGgA=
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.drString found in binary or memory: https://ajax.googleapis.com
Source: Network Action Predictor.0.drString found in binary or memory: https://ajax.googleapis.com/
Source: data_1.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_1.2.drString found in binary or memory: https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suites
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.dr, manifest.json2.0.drString found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.drString found in binary or memory: https://apis.google.com/js/client.js
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161460541023_App_Scripts/Feedback/latest/Intl/en/officeb
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161460541023_App_Scripts/Feedback/latest/officebrowserfe
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161460541023_App_Scripts/wacairspaceanimationlibrary.js
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161460541023_resources/1033/progress.gif
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161460541023_resources/1033/wapsw.png?b=1601460541023
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h4DDC354F0F9CEFBE_App_Scripts/MicrosoftAjax.js
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h4DDC354F0F9CEFBE_App_Scripts/MicrosoftAjax.jsT
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h6200B80D843E728A_App_Scripts/1033/CommonIntl.js
Source: data_1.2.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h6200B80D843E728A_App_Scripts/1033/CommonIntl.js5
Source: data_1.2.dr, Favicons.0.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/OneNoteSimplified.Wac.TellMeM
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/onenote-intl-mlr.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/onenote-navpane-strings.min.j
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/onenote-ribbon-intl.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/onenote-ribbon-intl.min.jsj:a
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/onenote-ribbon-sprite-lazy.mi
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/osfruntime_strings.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/1033/osfruntime_strings.jslz
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/OfficeExtension.WacRuntime.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/OfficeExtension.WacRuntime.js&
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/OneNote.box4.dll2.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/OneNote.box4.dll2.jsS)
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/OneNoteSimplified.Wac.TellMeSugges
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/OsfRuntimeOneNoteWAC.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/appChrome.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/appChrome.min.jsO
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/appChromeLazy.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/appIconsLazy.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/common.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/common.min.jsI
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/common50.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/navigation.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/onenoteloadingspinner.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/oreolazy.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/oreonavpane.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/oreonavpane.min.js-
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/oreonotebookpane.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/oreosearchpane.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/oreosearchpane.min.js1A
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/otelFull.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/suiteux-shell/js/suiteux.shell.con
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/suiteux-shell/js/suiteux.shell.cor
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/suiteux-shell/js/suiteux.shell.plu
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/suiteux-shell/strings/en/shellstri
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/uiFabricLazy.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_App_Scripts/uiSlice20.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/Meetings_manifest.xml
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/Meetings_manifest.xmlP
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/agavedefaulticon96x96.png
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/agavedefaulticon96x96.pngGIF89a
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/m2/box42.png
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/m2/box43.png
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/m2/one.png
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/moe_status_icons.png
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/moeerrorux.css
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161460541023_resources/1033/progress.gif
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h053B249223009B6E_App_Scripts/onenoteSync.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h06FE78141D1F3A43_App_Scripts/Compat.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h06FE78141D1F3A43_App_Scripts/Compat.js6
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h114A9F83C28E3888_App_Scripts/OneNote.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h114A9F83C28E3888_App_Scripts/OneNote.js#
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h29DB8AD8C3F08967_App_Scripts/1033/WoncaIntl.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h29DB8AD8C3F08967_App_Scripts/1033/WoncaIntl.jsl
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h3E4AB6B69F3A6D57_App_Scripts/common.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h3E4AB6B69F3A6D57_App_Scripts/common.min.jsQh
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h43213F46F5805E63_App_Scripts/OneNote.box4.dll1.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h48B2DF70432D0FA0_App_Scripts/onenote-boot.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h48B2DF70432D0FA0_App_Scripts/onenote-boot.min.jsGIF89a
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h4B0BA3B53F1616CA_resources/1033/OneNote.Refresh.css
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h4B0BA3B53F1616CA_resources/1033/OneNote.Refresh.cssM
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h54F708D9C0E5CC3B_App_Scripts/1033/OneNoteIntl.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h6A6761C6C69FA7E5_App_Scripts/1033/Box4Intl.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h816A0F42A2BF4732_resources/1033/EditSurface.css
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h89EDB66D2A189EF4_App_Scripts/fonts/sharedheaderplaceholder
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h8F800AEB9D180D26_App_Scripts/healthOffline.worker.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h92E940B7221AC34F_App_Scripts/wacBoot.min.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h92E940B7221AC34F_App_Scripts/wacBoot.min.js=E
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCF8E38AF39F430EA_App_Scripts/jSanity.js
Source: data_1.2.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCF8E38AF39F430EA_App_Scripts/jSanity.js=k
Source: 000003.log.0.drString found in binary or memory: https://c1-onenote-15.cdn.office.net:443/o/s/161460541023_
Source: mirroring_common.js.0.drString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_2.2.drString found in binary or memory: https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/BrowserUls.js
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/CommonDiagnostics.js
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/ExternalResources/js-cookie.js
Source: data_1.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/ExternalResources/js-cookie.jsH
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/Instrumentation.js
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/LearningTools/LearningTools.js
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/aria-web-telemetry-2.9.0.min.js
Source: data_1.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/aria-web-telemetry-2.9.0.min.js%
Source: data_1.2.dr, data_2.2.drString found in binary or memory: https://cdn.onenote.net/officeaddins/161460840453_Scripts/pickadate.min.js
Source: data_1.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jskf
Source: pnacl_public_x86_64_libcrt_platform_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
Source: data_2.2.drString found in binary or memory: https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: Network Action Predictor.0.drString found in binary or memory: https://code.jquery.com/
Source: data_1.2.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.2.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_1.2.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.drString found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.2.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCTUREd3XK5x-Egk
Source: data_1.2.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCU7H5x14rgQNEgk
Source: data_1.2.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIqCUMt63w4MkDvEgk
Source: manifest.json2.0.drString found in binary or memory: https://content.googleapis.com
Source: 000003.log.0.drString found in binary or memory: https://content.growth.office.net/mirrored/resources/programmablesurfaces/prod/officewebsurfaces.cor
Source: mirroring_cast_streaming.js.0.dr, common.js.0.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.2.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.2.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: data_3.2.dr, Reporting and NEL.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU
Source: data_3.2.dr, Reporting and NEL.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 132a3f40-0010-46ed-9472-1e9bd1662386.tmp.2.dr, 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, 918f102c-9e6f-4ea5-828a-92537000812f.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://dns.google
Source: mirroring_common.js.0.drString found in binary or memory: https://docs.google.com
Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
Source: manifest.json2.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.0.drString found in binary or memory: https://fonts.googleapis.com/
Source: data_1.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: manifest.json2.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: data_3.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://fonts.gstatic.com
Source: data_1.2.drString found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: manifest.json2.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: Network Action Predictor.0.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/
Source: data_1.2.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/css/hover.css
Source: data_1.2.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/css/hover.css/
Source: data_1.2.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/favicon.ico
Source: Current Session.0.dr, data_1.2.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/super.html
Source: data_1.2.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/super.htmlM
Source: History.0.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/super.htmlShare
Source: Current Session.0.drString found in binary or memory: https://fuschia-sly-pilot.glitch.me/super.htmlb
Source: material_css_min.css.0.drString found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: data_2.2.drString found in binary or memory: https://github.com/js-cookie/js-cookie
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: data_2.2.drString found in binary or memory: https://glitch.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json2.0.drString found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.2.drString found in binary or memory: https://i.ibb.co/1Rvzzk8/gmail1.png
Source: data_3.2.drString found in binary or memory: https://ka-f.fontawesome.com
Source: Network Action Predictor.0.drString found in binary or memory: https://ka-f.fontawesome.com/
Source: data_1.2.drString found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.2.drString found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_3.2.drString found in binary or memory: https://kit.fontawesome.com
Source: Network Action Predictor.0.drString found in binary or memory: https://kit.fontawesome.com/
Source: data_1.2.drString found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: data_1.2.drString found in binary or memory: https://kit.fontawesome.com/585b051251.jsC
Source: data_3.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1634598593&rver=7.3.6962.0&wp=MBI_SSL&wre
Source: Network Action Predictor.0.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: data_1.2.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_1.2.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: mirroring_common.js.0.drString found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.drString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://ogs.google.com
Source: Current Session.0.drString found in binary or memory: https://onedrive.live.com
Source: Current Session.0.drString found in binary or memory: https://onedrive.live.com/
Source: data_1.2.drString found in binary or memory: https://onedrive.live.com/Handlers/Plt.mvc?bicild=&v=0.0.0
Source: data_1.2.drString found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=GroupFolders&v=19.725.0719.2003&
Source: data_1.2.drString found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=Office&v=19.725.0719.2003&useReq
Source: History.0.drString found in binary or memory: https://onedrive.live.com/redir?resid=6DAF81072496DB5C
Source: History.0.drString found in binary or memory: https://onedrive.live.com/redir?resid=6DAF81072496DB5C%21627&authkey=%21Aqqsj1Cm0OLAlSM&page=View&wd
Source: History.0.drString found in binary or memory: https://onedrive.live.com/view.aspx?resid=6DAF81072496DB5C
Source: data_3.2.drString found in binary or memory: https://onedrive.live.comX-Content-Type-Options:
Source: Current Session.0.drString found in binary or memory: https://onedrive.live.comh
Source: Current Session.0.drString found in binary or memory: https://onenote.officeapps.live.com
Source: QuotaManager.0.dr, index.txt.tmp.0.drString found in binary or memory: https://onenote.officeapps.live.com/
Source: data_1.2.drString found in binary or memory: https://onenote.officeapps.live.com/o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US
Source: data_1.2.drString found in binary or memory: https://onenote.officeapps.live.com/o/AppSettingsHandler.ashx?app=OneNote&usid=da4b5c3f-2b24-4d3e-a0
Source: data_1.2.drString found in binary or memory: https://onenote.officeapps.live.com/o/App_Scripts/Acl/Acl1033.js
Source: data_1.2.drString found in binary or memory: https://onenote.officeapps.live.com/o/GetImage.ashx?&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fw
Source: Current Session.0.drString found in binary or memory: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=ovVcCMdvA0OpeLn
Source: data_3.2.dr, data_2.2.drString found in binary or memory: https://onenote.officeapps.live.comAccess-Control-Allow-Headers:
Source: data_3.2.drString found in binary or memory: https://onenote.officeapps.live.comAccess-Control-Allow-Methods:
Source: data_1.2.drString found in binary or memory: https://p.sfx.ms//storage/aria-2.5.0.min.js
Source: data_1.2.drString found in binary or memory: https://p.sfx.ms/is/invis.gif
Source: craw_window.js.0.dr, manifest.json1.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: data_3.2.drString found in binary or memory: https://pki.goog/repository/0
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.drString found in binary or memory: https://r4---sn-4g5ednsd.gvt1.com
Source: data_3.2.dr, data_1.2.drString found in binary or memory: https://r4---sn-4g5ednsd.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=102.1
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.drString found in binary or memory: https://redirector.gvt1.com
Source: data_1.2.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: craw_window.js.0.dr, manifest.json1.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.2.drString found in binary or memory: https://skyapi.onedrive.live.com/api/proxy?v=3
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.drString found in binary or memory: https://spoprod-a.akamaihd.net
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric/assets/icons/fabricmdl2icons.woff
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filesbucket3
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss1-11
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss2-78
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//maincss-3d63
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/jquery-1.7.2-
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac0-efa56458
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac1-cdc297b4
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac2-bf8b3319
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac_s_office-
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
Source: data_1.2.drString found in binary or memory: https://storage.live.com/mydata/myprofile/expressionprofile/profilephoto:UserTileStatic
Source: messages.json66.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json66.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: data_3.2.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.dr, manifest.json2.0.drString found in binary or memory: https://www.google.com
Source: manifest.json1.0.drString found in binary or memory: https://www.google.com/
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.drString found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json2.0.drString found in binary or memory: https://www.google.com;
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, craw_window.js.0.dr, craw_background.js.0.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json2.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.drString found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.drString found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 2291f22b-d4e4-4b66-a660-6b64aae428f2.tmp.2.dr, bada767a-8e31-4f0f-b0f1-63377321cc1a.tmp.2.drString found in binary or memory: https://www.gstatic.com
Source: common.js.0.drString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json2.0.drString found in binary or memory: https://www.gstatic.com;
Source: 000003.log.0.dr, data_2.2.drString found in binary or memory: https://www.onenote.com
Source: 000003.log5.0.drString found in binary or memory: https://www.onenote.com/
Source: Current Session.0.dr, data_1.2.drString found in binary or memory: https://www.onenote.com/officeaddins/learningtools/?et=
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\2bcfdc6f-be9e-4625-a33e-656cd9378822.tmpJump to behavior
Source: classification engineClassification label: mal56.phis.win@36/258@23/14
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://1drv.ms/o/s!BFzbliQHga9thHOqrI9QptDiwJUj?e=grwCUiO570G-WuG1MD-gig&at=9'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,9792526122180099326,15479179688600160912,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,9792526122180099326,15479179688600160912,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: QuotaManager.0.drBinary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-616E7D37-1950.pmaJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading3OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol4Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol5Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer3SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files