Windows Analysis Report 111 ___xaf.html

Overview

General Information

Sample Name: 111 ___xaf.html
Analysis ID: 553066
MD5: 4248035c5ba365d547e489c68b9191e0
SHA1: f1f23e5b18c95668c8cde0f1aa2644bb8974e80e
SHA256: c1bea0ef7241ed911db4650b486c1ba1adf74d9916497ca7465fbc2133ff6f48
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish44
Found iframes
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Phishing:

barindex
Yara detected HtmlPhish44
Source: Yara match File source: 111 ___xaf.html, type: SAMPLE
Found iframes
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
No HTML title found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: HTML title missing
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: HTML title missing
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: HTML title missing
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: HTML title missing
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: HTML title missing
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: HTML title missing
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: Number of links: 0
Submit button contains javascript call
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1 HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6384_843513366\LICENSE.txt Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49830 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49831 version: TLS 1.2

Networking:

barindex
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 152.199.21.175 152.199.21.175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr, Ruleset Data.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: angular.js.0.dr String found in binary or memory: http://angularjs.org
Source: angular.js.0.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr String found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Network Action Predictor.0.dr String found in binary or memory: https://aadcdn.msauth.net/
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_o71-iz4tb7lo
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.g
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6dde
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12d
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_9f2
Source: Network Action Predictor.0.dr String found in binary or memory: https://account.live.com/
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_HFeToeM4u6fzMQF_f_rQ5Q
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_white_ufRYlllWOw4YyDRi
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg5x
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_White_4MYDQRab31HKDWWN-1HafA2.svg
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/favicon.ico
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/favicon.ico4
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: Current Session.0.dr String found in binary or memory: https://account.live.com/password/reset
Source: Current Session.0.dr String found in binary or memory: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2fre
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: Network Action Predictor.0.dr String found in binary or memory: https://acctcdn.msauth.net/
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1$
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svgw
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1W
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1Z
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1CB
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1a
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.0.dr, manifest.json.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.1.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCRy7EhpVl_tMEgk
Source: data_1.1.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCYICaXLWAdtdEgk
Source: data_1.1.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCZ1PG8T4iKcFEgk
Source: data_1.1.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRJACWgyQUSDDfCUEgk
Source: LICENSE.txt.0.dr String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, 28f01bdd-24db-4f00-9b11-f38f29612806.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://dns.google
Source: LICENSE.txt.0.dr String found in binary or memory: https://easylist.to/)
Source: 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: Current Session.0.dr String found in binary or memory: https://fpt.live.com
Source: Current Session.0.dr, data_1.1.dr String found in binary or memory: https://fpt.live.com/?session_id=9b831d366a8442dca54814ababb677a3&CustomerId=33e01921-4d64-4f8c-a055
Source: data_2.1.dr String found in binary or memory: https://fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=9b831d366a8442dca54814ababb677a3&Custom
Source: material_css_min.css.0.dr, angular.js.0.dr String found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.0.dr String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_2.1.dr String found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
Source: Network Action Predictor.0.dr String found in binary or memory: https://login.live.com/
Source: Current Session.0.dr, data_1.1.dr String found in binary or memory: https://login.live.com/Me.htm?v=3
Source: Current Session.0.dr String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&scope=op
Source: Current Session.0.dr, data_2.1.dr String found in binary or memory: https://login.microsoftonline.com
Source: Current Session.0.dr String found in binary or memory: https://login.microsoftonline.com)
Source: Network Action Predictor.0.dr, Current Session.0.dr String found in binary or memory: https://login.microsoftonline.com/
Source: Current Session.0.dr String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scop
Source: data_1.1.dr String found in binary or memory: https://login.microsoftonline.com/favicon.ico
Source: data_2.1.dr String found in binary or memory: https://login.windows-ppe.net
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://meetings.clients6.google.com
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr String found in binary or memory: https://r4---sn-4g5lznle.gvt1.com
Source: data_1.1.dr String found in binary or memory: https://r4---sn-4g5lznle.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.1.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Current Session.0.dr String found in binary or memory: https://signup.live.com
Source: Network Action Predictor.0.dr, Current Session.0.dr String found in binary or memory: https://signup.live.com/
Source: data_1.1.dr String found in binary or memory: https://signup.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Source: data_1.1.dr String found in binary or memory: https://signup.live.com/Resources/images/favicon.ico
Source: data_1.1.dr String found in binary or memory: https://signup.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: Current Session.0.dr String found in binary or memory: https://signup.live.com/signup#
Source: Current Session.0.dr String found in binary or memory: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%2
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json15.0.dr, messages.json66.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json29.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json62.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json35.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json87.0.dr, messages.json18.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json51.0.dr, messages.json50.0.dr, messages.json28.0.dr, messages.json67.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json52.0.dr, messages.json81.0.dr, messages.json31.0.dr, messages.json32.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json15.0.dr, messages.json66.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json29.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json62.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json35.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json87.0.dr, messages.json18.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json51.0.dr, messages.json50.0.dr, messages.json28.0.dr, messages.json67.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json52.0.dr, messages.json81.0.dr, messages.json31.0.dr, messages.json32.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: login.microsoftonline.com
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.netIf-Modified-Since: Sun, 18 Jul 2021 09:01:24 GMTIf-None-Match: 0x8D949CA9E99F66E
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.netIf-Modified-Since: Fri, 01 Oct 2021 00:11:18 GMTIf-None-Match: 0x8D9846FFE07F84C
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.netIf-Modified-Since: Sat, 02 Oct 2021 09:05:47 GMTIf-None-Match: 0x8D98583D2C8CF51
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49830 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49831 version: TLS 1.2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\111 ___xaf.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,15964479368950770915,15836311204322071073,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,15964479368950770915,15836311204322071073,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E1AC3A-18F0.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\b8a49ad5-f829-4145-813b-76c061025dd7.tmp Jump to behavior
Source: classification engine Classification label: mal48.phis.winHTML@37/266@14/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6384_843513366\LICENSE.txt Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553066 Sample: 111 ___xaf.html Startdate: 14/01/2022 Architecture: WINDOWS Score: 48 20 sni1gl.wpc.alphacdn.net 2->20 22 scdn1efff.wpc.9da5e.alphacdn.net 2->22 24 2 other IPs or domains 2->24 36 Yara detected HtmlPhish44 2->36 7 chrome.exe 16 459 2->7         started        signatures3 process4 dnsIp5 26 192.168.2.1 unknown unknown 7->26 28 239.255.255.250 unknown Reserved 7->28 14 C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF 7->14 dropped 16 C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF 7->16 dropped 18 C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF 7->18 dropped 11 chrome.exe 34 7->11         started        file6 process7 dnsIp8 30 googlehosted.l.googleusercontent.com 142.250.181.225, 443, 49763 GOOGLEUS United States 11->30 32 accounts.google.com 142.250.184.205, 443, 49744 GOOGLEUS United States 11->32 34 19 other IPs or domains 11->34
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.181.225
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.21.175
 sni1gl.wpc.alphacdn.net United States
15133 EDGECASTUS false
142.250.184.205
 accounts.google.com United States
15169 GOOGLEUS false
172.217.16.142
 clients.l.google.com United States
15169 GOOGLEUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
cs1100.wpc.omegacdn.net 152.199.23.37 true
accounts.google.com 142.250.184.205 true
sni1gl.wpc.alphacdn.net 152.199.21.175 true
clients.l.google.com 172.217.16.142 true
googlehosted.l.googleusercontent.com 142.250.181.225 true
clients2.googleusercontent.com unknown unknown
signup.live.com unknown unknown
clients2.google.com unknown unknown
identity.nel.measure.office.net unknown unknown
aadcdn.msftauth.net unknown unknown
login.microsoftonline.com unknown unknown
aadcdn.msauth.net unknown unknown
account.live.com unknown unknown
fpt.live.com unknown unknown
acctcdn.msauth.net unknown unknown
acctcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://acctcdn.msauth.net/oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1 false
  • URL Reputation: safe
 unknown
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=true false
    		high
    https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 false
    • URL Reputation: safe
    		 unknown
    https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 false
    • URL Reputation: safe
    		 unknown
    https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 false
    • URL Reputation: safe
    		 unknown
    https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg false
    • URL Reputation: safe
    		 unknown
    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf false
      		high
      https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js false
      • URL Reputation: safe
      		 unknown
      https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg false
      • URL Reputation: safe
      		 unknown
      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
        		high
        https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 false
        • URL Reputation: safe
        		 unknown
        https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 false
        • URL Reputation: safe
        		 unknown
        https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 false
        • URL Reputation: safe
        		 unknown
        https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 false
        • URL Reputation: safe
        		 unknown
        https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-US false
          		high
          https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
            		high
            https://acctcdn.msauth.net/accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1 false
            • Avira URL Cloud: safe
            		 unknown
            https://acctcdn.msauth.net/lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1 false
            • Avira URL Cloud: safe
            		 unknown
            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
              		high
              https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1 false
              • URL Reputation: safe
              		 unknown