Loading ...

Play interactive tourEdit tour

Windows Analysis Report Change Order - Draw #3 .htm

Overview

General Information

Sample Name:Change Order - Draw #3 .htm
Analysis ID:528153
MD5:5ac8e089672b740a284022ba5116402c
SHA1:77b1aef47d51c4c74c9dfaac604ba0fa6673d66a
SHA256:2084d93ce967a9bbbc4973a018ac215d22323866ba7f5b6258f7128e04b4f1aa
Infos:

Most interesting Screenshot:

Detection

Outlook Phishing HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Yara detected HtmlPhish44
Yara detected obfuscated html page
Yara detected Outlook Phishing page
Phishing site detected (based on logo template match)
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
Suspicious form URL found
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3984 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Change Order - Draw #3 .htm MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 4528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,824141991095786902,2422586568805408263,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Change Order - Draw #3 .htmJoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
    Change Order - Draw #3 .htmJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      Phishing:

      barindex
      Yara detected HtmlPhish10Show sources
      Source: Yara matchFile source: 83002.0.pages.csv, type: HTML
      Yara detected HtmlPhish44Show sources
      Source: Yara matchFile source: Change Order - Draw #3 .htm, type: SAMPLE
      Yara detected obfuscated html pageShow sources
      Source: Yara matchFile source: Change Order - Draw #3 .htm, type: SAMPLE
      Yara detected Outlook Phishing pageShow sources
      Source: Yara matchFile source: 83002.0.pages.csv, type: HTML
      Phishing site detected (based on logo template match)Show sources
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmMatcher: Template: outlook matched
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: Has password / email / username input fields
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: Has password / email / username input fields
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: Number of links: 1
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: Number of links: 1
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: Form action: https://dma.ao/v1.1/___.php?_do=xxx_form
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: Form action: https://dma.ao/v1.1/___.php?_do=xxx_form
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/Desktop/Change%20Order%20-%20Draw%20%233%20.htmHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.4:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.4:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.30.21.144:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.30.21.144:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.30.21.144:443 -> 192.168.2.4:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.30.21.144:443 -> 192.168.2.4:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.30.21.144:443 -> 192.168.2.4:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49822 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49821 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.4:49829 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.4:49830 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 80.67.82.211:443 -> 192.168.2.4:49831 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49841 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49842 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49843 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49844 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49845 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49847 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.4:49848 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.4:49850 version: TLS 1.2
      Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
      Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: Joe Sandbox ViewIP Address: 104.16.18.94 104.16.18.94
      Source: Joe Sandbox ViewIP Address: 104.16.18.94 104.16.18.94
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: unknownTCP traffic detected without corresponding DNS query: 184.30.21.144
      Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
      Source: Filtering Rules.0.dr, Ruleset Data.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
      Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
      Source: angular.js.0.drString found in binary or memory: http://angularjs.org
      Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
      Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: http://llvm.org/):
      Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
      Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
      Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
      Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=B1V6483Ce5U4ngLqMuYvqFM6k3PFqGhsou3LRiSzLj8ybzgIxCRz6%2Fzxb
      Source: manifest.json.0.drString found in binary or memory: https://accounts.google.com
      Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
      Source: manifest.json.0.drString found in binary or memory: https://apis.google.com
      Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
      Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
      Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
      Source: manifest.json1.0.dr, manifest.json0.0.dr, manifest.json3.0.dr, manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
      Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
      Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
      Source: manifest.json.0.drString found in binary or memory: https://content.googleapis.com
      Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
      Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
      Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
      Source: 5e559647-4c67-4aea-b111-0d317bd14746.tmp.1.dr, 9e52c11b-34e0-4d99-9fd7-49a470a21b6c.tmp.1.drString found in binary or memory: https://dns.google
      Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
      Source: manifest.json.0.drString found in binary or memory: https://feedback.googleusercontent.com
      Source: manifest.json.0.drString found in binary or memory: https://fonts.googleapis.com;
      Source: manifest.json.0.drString found in binary or memory: https://fonts.gstatic.com;
      Source: material_css_min.css.0.dr, angular.js.0.drString found in binary or memory: https://github.com/angular/material
      Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
      Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
      Source: manifest.json.0.drString found in binary or memory: https://hangouts.google.com/
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
      Source: mirroring_hangouts.js.0.drString found in binary or memory: https: