Play interactive tour

Edit tour

Windows Analysis Report https://bit.ly/3qqvaV0

Overview

General Information

Sample URL:	https://bit.ly/3qqvaV0
Analysis ID:	519951
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Misleading page title found

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Phishing site detected (based on logo template match)

Phishing site detected (based on image similarity)

No HTML title found

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6944 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://bit.ly/3qqvaV0 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 7164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14811375601130491884,358538752275320024,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://microsoftazure-2-62j77.ondigitalocean.app/	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://microsoftazure-2-62j77.ondigitalocean.app/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	Avira URL Cloud: Label: phishing
Source: https://microsoftazure-2-62j77.ondigitalocean.app/images/microsoft_logo.svg	Avira URL Cloud: Label: phishing
Source: https://microsoftazure-2-62j77.ondigitalocean.app/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://microsoftazure-2-62j77.ondigitalocean.app/images/bg.jpg	Avira URL Cloud: Label: phishing
Source: https://microsoftazure-2-62j77.ondigitalocean.app/images/loading.gif	Avira URL Cloud: Label: phishing

Phishing:

Misleading page title found

Show sources

Source: https://microsoftazure-2-62j77.ondigitalocean.app/	Page Title: Microsoft \| Login
Source: https://microsoftazure-2-62j77.ondigitalocean.app/	Page Title: Microsoft \| Login

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 16391.1.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Show sources

Source: https://microsoftazure-2-62j77.ondigitalocean.app/

Matcher: Template: microsoft matched

Phishing site detected (based on image similarity)

Show sources

Source: https://microsoftazure-2-62j77.ondigitalocean.app/

Matcher: Found strong image similarity, brand: Microsoft image: 16391.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: HTML title missing
Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: HTML title missing

Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: Number of links: 0
Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4b233688-031c-404b-9a80-a4f3f2351f90&redirect_uri=https%3A%2F%2Ftemplates.office.com%3A443%2Fauth%2Fsignin&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637722345793195672.cf4ee1ba-59b1-41ed-b48b-944e6bdbbf2f&state=CfDJ8Dd368yApZhAooEa1MZntLXo4CWGb8b6bOL2-1pLCJVQw6vAUFpjydS_W-He4kvw-EApHTPu3IOMZPnVY9I7KuN4RZFOXcaKrxdCOQKNCa5ZXjDqJC7Xy7S34d5jQetfAp5I6U-dv19QAT51pO-gqhxMC-846_Np9Zp-MG7At99SBydQD6euty9co1Sv63oBLWg9j92pWrVUrQeTC9ALghUsthtxNQYsbYRGT29LyTQDASsshXFdxcD3PzcTPTgqv-D28Pp3wTR6jiwHgQeCc1KEyptc62BuqlHs78UpRlbP0E60_nTYyR_QwkdqwMd1BScXP5Yn_FnUVlTvCKZVC20wcpintRmUE8DjM2qZBhQWWZ0M5j-5IyLy8e1xCeXM9w1kMlAAIMzGg23BXusGe0I&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4b233688-031c-404b-9a80-a4f3f2351f90&redirect_uri=https%3A%2F%2Ftemplates.office.com%3A443%2Fauth%2Fsignin&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637722345793195672.cf4ee1ba-59b1-41ed-b48b-944e6bdbbf2f&state=CfDJ8Dd368yApZhAooEa1MZntLXo4CWGb8b6bOL2-1pLCJVQw6vAUFpjydS_W-He4kvw-EApHTPu3IOMZPnVY9I7KuN4RZFOXcaKrxdCOQKNCa5ZXjDqJC7Xy7S34d5jQetfAp5I6U-dv19QAT51pO-gqhxMC-846_Np9Zp-MG7At99SBydQD6euty9co1Sv63oBLWg9j92pWrVUrQeTC9ALghUsthtxNQYsbYRGT29LyTQDASsshXFdxcD3PzcTPTgqv-D28Pp3wTR6jiwHgQeCc1KEyptc62BuqlHs78UpRlbP0E60_nTYyR_QwkdqwMd1BScXP5Yn_FnUVlTvCKZVC20wcpintRmUE8DjM2qZBhQWWZ0M5j-5IyLy8e1xCeXM9w1kMlAAIMzGg23BXusGe0I&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0

HTTP Parser: Title: Redirecting does not match URL

Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: No <meta name="author".. found
Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4b233688-031c-404b-9a80-a4f3f2351f90&redirect_uri=https%3A%2F%2Ftemplates.office.com%3A443%2Fauth%2Fsignin&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637722345793195672.cf4ee1ba-59b1-41ed-b48b-944e6bdbbf2f&state=CfDJ8Dd368yApZhAooEa1MZntLXo4CWGb8b6bOL2-1pLCJVQw6vAUFpjydS_W-He4kvw-EApHTPu3IOMZPnVY9I7KuN4RZFOXcaKrxdCOQKNCa5ZXjDqJC7Xy7S34d5jQetfAp5I6U-dv19QAT51pO-gqhxMC-846_Np9Zp-MG7At99SBydQD6euty9co1Sv63oBLWg9j92pWrVUrQeTC9ALghUsthtxNQYsbYRGT29LyTQDASsshXFdxcD3PzcTPTgqv-D28Pp3wTR6jiwHgQeCc1KEyptc62BuqlHs78UpRlbP0E60_nTYyR_QwkdqwMd1BScXP5Yn_FnUVlTvCKZVC20wcpintRmUE8DjM2qZBhQWWZ0M5j-5IyLy8e1xCeXM9w1kMlAAIMzGg23BXusGe0I&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0	HTTP Parser: No <meta name="author".. found

Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: No <meta name="copyright".. found
Source: https://microsoftazure-2-62j77.ondigitalocean.app/	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4b233688-031c-404b-9a80-a4f3f2351f90&redirect_uri=https%3A%2F%2Ftemplates.office.com%3A443%2Fauth%2Fsignin&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637722345793195672.cf4ee1ba-59b1-41ed-b48b-944e6bdbbf2f&state=CfDJ8Dd368yApZhAooEa1MZntLXo4CWGb8b6bOL2-1pLCJVQw6vAUFpjydS_W-He4kvw-EApHTPu3IOMZPnVY9I7KuN4RZFOXcaKrxdCOQKNCa5ZXjDqJC7Xy7S34d5jQetfAp5I6U-dv19QAT51pO-gqhxMC-846_Np9Zp-MG7At99SBydQD6euty9co1Sv63oBLWg9j92pWrVUrQeTC9ALghUsthtxNQYsbYRGT29LyTQDASsshXFdxcD3PzcTPTgqv-D28Pp3wTR6jiwHgQeCc1KEyptc62BuqlHs78UpRlbP0E60_nTYyR_QwkdqwMd1BScXP5Yn_FnUVlTvCKZVC20wcpintRmUE8DjM2qZBhQWWZ0M5j-5IyLy8e1xCeXM9w1kMlAAIMzGg23BXusGe0I&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6944_503803464\LICENSE.txt

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

HTTPS traffic detected: 13.111.23.28:443 -> 192.168.2.3:49770 version: TLS 1.2

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: KDPR0E60XF29TP02x-amz-id-2: xQqxH1FuqwYpqwOLqQmLmWX/HCeDldQW7glLq1XiVtinX/kJXoPKXm01AM+BvnHDWRBb31d0hMU=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Thu, 11 Nov 2021 13:35:13 GMTServer: AmazonS3Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Nov 2021 13:35:21 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecache-control: privateCF-Cache-Status: MISSExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Server: cloudflareCF-RAY: 6ac7e73c08445c50-FRA

Source: angular.js.0.dr	String found in binary or memory: http://angularjs.org
Source: angular.js.0.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, manifest.json.0.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://ajax.googleapis.com
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, manifest.json.0.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: History Provider Cache.0.dr	String found in binary or memory: https://bit.ly/3qqvaV02
Source: History Provider Cache.0.dr	String found in binary or memory: https://bit.ly/3qqvaV02:
Source: mirroring_common.js.0.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, b4ba5443-dd81-4c4c-9ce6-877676da6f19.tmp.2.dr, 108ef283-3e33-463e-86d0-735ba4fd631c.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr	String found in binary or memory: https://docs.google.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: manifest.json.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr	String found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: mirroring_common.js.0.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json0.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://r2---sn-5hnekn76.gvt1.com
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json0.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: History Provider Cache.0.dr	String found in binary or memory: https://secure-xerox.s3.ap-southeast-2.amazonaws.com/Get
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr, feedback.html.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr, feedback.html.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, manifest.json.0.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 076f9de7-f870-44c3-ab36-11d2850153c2.tmp.2.dr, 7c2548ea-025b-4a70-b9cd-81dece7fba84.tmp.2.dr, 11259ef6-90aa-4b4b-a77d-17718b5b93dd.tmp.2.dr, cee635c4-df2d-428f-ae53-c5362f3e07d2.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic	HTTP traffic detected: GET /3qqvaV0 HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Get+started+with+New+OneDrive.htm HTTP/1.1Host: secure-xerox.s3.ap-southeast-2.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /open.aspx?ffcb10-fec910747466017b-fdf3167576610c787c117275-fe9713727665037f77-ff981675-fe2513777761067f701276-fec8137675650179&d=70163&bmt=0 HTTP/1.1Host: click.mail.onedrive.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-xerox.s3.ap-southeast-2.amazonaws.com/Get+started+with+New+OneDrive.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secure-xerox.s3.ap-southeast-2.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-xerox.s3.ap-southeast-2.amazonaws.com/Get+started+with+New+OneDrive.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /open.aspx?ffcb10-fec910747466017b-fdf3167576610c787c117275-fe9713727665037f77-ff981675-fe2513777761067f701276-fec8137675650179&d=70163&bmt=0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: click.mail.onedrive.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3C5gs82 HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _bit=labdza-4692a190a96b21fcd7-00z
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoftazure-2-62j77.ondigitalocean.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://microsoftazure-2-62j77.ondigitalocean.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: microsoftazure-2-62j77.ondigitalocean.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://microsoftazure-2-62j77.ondigitalocean.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo.svg HTTP/1.1Host: microsoftazure-2-62j77.ondigitalocean.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/loading.gif HTTP/1.1Host: microsoftazure-2-62j77.ondigitalocean.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bg.jpg HTTP/1.1Host: microsoftazure-2-62j77.ondigitalocean.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://microsoftazure-2-62j77.ondigitalocean.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: microsoftazure-2-62j77.ondigitalocean.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microsoftazure-2-62j77.ondigitalocean.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qs=3f4130314e585754655bed58a52caa07352a51fe03da45887f98b9f854d6365daebbad54c76457bda7adc92151a20735b205507a80dee3b2 HTTP/1.1Host: click.mail.onedrive.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_VyB0XkljVfit3UIQGUcvqA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveOrigin: https://login.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qs=21705f8af334965bd8452629b42c76e3808b63a19cba8978706ff3f4e36917f3aa5fa75294f1d3f24b3e06aa9a49a16ad42acd6cc788bd64 HTTP/1.1Host: click.mail.onedrive.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-de-ch&buttons=lpChatService,lpChatSales HTTP/1.1Host: publisher.liveperson.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/de-ch/store/b/sale?icid=MSCOM-HERO1-CTA2-generic-HOLFY22Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.analytics-web-3.min.js HTTP/1.1Host: az416426.vo.msecnd.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://templates.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoft/lp_ada_enhancements-prod.js HTTP/1.1Host: static-assets.fs.liveperson.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-de-ch&buttons=lpChatService,lpChatSalesAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /microsoft/lp_ada_enhancements-prod.css HTTP/1.1Host: static-assets.fs.liveperson.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-de-ch&buttons=lpChatService,lpChatSalesAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

HTTPS traffic detected: 13.111.23.28:443 -> 192.168.2.3:49770 version: TLS 1.2

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://bit.ly/3qqvaV0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14811375601130491884,358538752275320024,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14811375601130491884,358538752275320024,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-618D9A9A-1B20.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\764e1659-d9cf-4f91-9e61-cbb0eab9a5a8.tmp

Jump to behavior

Source: classification engine

Classification label: mal72.phis.win@50/224@45/18

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6944_503803464\LICENSE.txt

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol4	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol5	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer3	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://bit.ly/3qqvaV0

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails