Loading ...

Play interactive tourEdit tour

Windows Analysis Report 111 ___xaf.html

Overview

General Information

Sample Name:111 ___xaf.html
Analysis ID:553066
MD5:4248035c5ba365d547e489c68b9191e0
SHA1:f1f23e5b18c95668c8cde0f1aa2644bb8974e80e
SHA256:c1bea0ef7241ed911db4650b486c1ba1adf74d9916497ca7465fbc2133ff6f48
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Found iframes
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6384 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\111 ___xaf.html MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,15964479368950770915,15836311204322071073,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
111 ___xaf.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing:

    barindex
    Yara detected HtmlPhish44Show sources
    Source: Yara matchFile source: 111 ___xaf.html, type: SAMPLE
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: HTML title missing
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: HTML title missing
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: HTML title missing
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: HTML title missing
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: HTML title missing
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: HTML title missing
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: HTML title missing
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: Number of links: 0
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: Number of links: 0
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: Number of links: 0
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: Number of links: 0
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: Number of links: 0
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: Number of links: 0
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: Number of links: 0
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: On click: OnBack(); return false;
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: No <meta name="author".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: No <meta name="author".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: No <meta name="author".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: No <meta name="author".. found
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: No <meta name="author".. found
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: No <meta name="author".. found
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: No <meta name="author".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: No <meta name="copyright".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabfHTTP Parser: No <meta name="copyright".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
    Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scope=openid%20profile%20offline_access%20user.read%20mailboxsettings.readwrite%20contacts.read%20mail.send%20mail.readwrite&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fviox.dev%2Fcallback&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: No <meta name="copyright".. found
    Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAdNiNtIzsFIxMEwxNk41SNS1ME421DVJNU3WtbRIStU1sDRLSjYyN0hNTEorEuISMJNtnt2SdcdpqYfI6tXbyhevYpTMKCkpKLbS1y_LzK_QS0kt009OzMlJSkzO3sHIeIGR8RYTv79jaUmGEYjIL8qsSp3FLBWWWZSZklmaq5teVFpQkFqSmZOvl1KUWpyZvopZxQACjHVBJIRIhrFgYBMzW3J-bm5-3inmjPyC1LzMFIWCovy0zJxUhfy0tJzMvNT4xOTk1OJihdLi1CK9otTEFIXcxMycpPyK4tSSksy89GKwYHlRZkmqQnJ-XklickkxQp1ecWoelAVXdoOZ8QIL4ysWHgNmKw4OLgEGCQYFhh8sjItYgQFz0u9IxfOXig5re895L9ZiZzzFqh-ana4fklmQF5zq5ukRUhBimm4R7ldk6paYkp_pXWaQop3im2SemVyVnp1ua2xlOIGN8QMbYwc7wy5O3GF6i0vEyMDISNfAUNfQRMHAwsrAwMrEPOoALwMA0&mkt=en-USHTTP Parser: No <meta name="copyright".. found
    Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d01d33e0a-83c1-4e5c-98be-096bc270eabf%26scope%3dopenid%2bprofile%2boffline_access%2buser.read%2bmailboxsettings.readwrite%2bcontacts.read%2bmail.send%2bmail.readwrite%26redirect_uri%3dhttps%253a%252f%252fviox.dev%252fcallback%26response_type%3dcode%26state%3dViridium-gruppetilo.dresig%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den-US%26lw%3d1%26fl%3deasi2%26mkt%3dEN-US%26uaid%3d9b831d366a8442dca54814ababb677a3%26mssupv%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&uaid=9b831d366a8442dca54814ababb677a3&suc=01d33e0a-83c1-4e5c-98be-096bc270eabf&lic=1HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\6384_843513366\LICENSE.txtJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49830 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49831 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewIP Address: 152.199.21.175 152.199.21.175
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: Filtering Rules.0.dr, Ruleset Data.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
    Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
    Source: angular.js.0.drString found in binary or memory: http://angularjs.org
    Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
    Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: http://llvm.org/):
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
    Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
    Source: Network Action Predictor.0.drString found in binary or memory: https://aadcdn.msauth.net/
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_o71-iz4tb7lo
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.g
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6dde
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12d
    Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_9f2
    Source: Network Action Predictor.0.drString found in binary or memory: https://account.live.com/
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_HFeToeM4u6fzMQF_f_rQ5Q
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_white_ufRYlllWOw4YyDRi
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg5x
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_White_4MYDQRab31HKDWWN-1HafA2.svg
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/favicon.ico
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/favicon.ico4
    Source: data_1.1.drString found in binary or memory: https://account.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: Current Session.0.drString found in binary or memory: https://account.live.com/password/reset
    Source: Current Session.0.drString found in binary or memory: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2fre
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://accounts.google.com
    Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
    Source: Network Action Predictor.0.drString found in binary or memory: https://acctcdn.msauth.net/
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1$
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svgw
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1W
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1Z
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1CB
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1a
    Source: data_1.1.drString found in binary or memory: https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://apis.google.com
    Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
    Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://clients2.google.com
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
    Source: manifest.json0.0.dr, manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
    Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
    Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.drString found in binary or memory: https://content-autofill.googleapis.com
    Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCRy7EhpVl_tMEgk
    Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCYICaXLWAdtdEgk
    Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCZ1PG8T4iKcFEgk
    Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRJACWgyQUSDDfCUEgk
    Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
    Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, 28f01bdd-24db-4f00-9b11-f38f29612806.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://dns.google
    Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
    Source: 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
    Source: Current Session.0.drString found in binary or memory: https://fpt.live.com
    Source: Current Session.0.dr, data_1.1.drString found in binary or memory: https://fpt.live.com/?session_id=9b831d366a8442dca54814ababb677a3&CustomerId=33e01921-4d64-4f8c-a055
    Source: data_2.1.drString found in binary or memory: https://fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=9b831d366a8442dca54814ababb677a3&Custom
    Source: material_css_min.css.0.dr, angular.js.0.drString found in binary or memory: https://github.com/angular/material
    Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
    Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
    Source: data_2.1.drString found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
    Source: Network Action Predictor.0.drString found in binary or memory: https://login.live.com/
    Source: Current Session.0.dr, data_1.1.drString found in binary or memory: https://login.live.com/Me.htm?v=3
    Source: Current Session.0.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=01d33e0a-83c1-4e5c-98be-096bc270eabf&scope=op
    Source: Current Session.0.dr, data_2.1.drString found in binary or memory: https://login.microsoftonline.com
    Source: Current Session.0.drString found in binary or memory: https://login.microsoftonline.com)
    Source: Network Action Predictor.0.dr, Current Session.0.drString found in binary or memory: https://login.microsoftonline.com/
    Source: Current Session.0.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=Viridium-gruppetilo.dresig&scop
    Source: data_1.1.drString found in binary or memory: https://login.microsoftonline.com/favicon.ico
    Source: data_2.1.drString found in binary or memory: https://login.windows-ppe.net
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://meetings.clients6.google.com
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://ogs.google.com
    Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://play.google.com
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.drString found in binary or memory: https://r4---sn-4g5lznle.gvt1.com
    Source: data_1.1.drString found in binary or memory: https://r4---sn-4g5lznle.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
    Source: data_1.1.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
    Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
    Source: Current Session.0.drString found in binary or memory: https://signup.live.com
    Source: Network Action Predictor.0.dr, Current Session.0.drString found in binary or memory: https://signup.live.com/
    Source: data_1.1.drString found in binary or memory: https://signup.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.1.drString found in binary or memory: https://signup.live.com/Resources/images/favicon.ico
    Source: data_1.1.drString found in binary or memory: https://signup.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: Current Session.0.drString found in binary or memory: https://signup.live.com/signup#
    Source: Current Session.0.drString found in binary or memory: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%2
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
    Source: messages.json15.0.dr, messages.json66.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json29.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json62.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json35.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json87.0.dr, messages.json18.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json51.0.dr, messages.json50.0.dr, messages.json28.0.dr, messages.json67.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json52.0.dr, messages.json81.0.dr, messages.json31.0.dr, messages.json32.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
    Source: messages.json15.0.dr, messages.json66.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json29.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json62.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json35.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json87.0.dr, messages.json18.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json51.0.dr, messages.json50.0.dr, messages.json28.0.dr, messages.json67.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json52.0.dr, messages.json81.0.dr, messages.json31.0.dr, messages.json32.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
    Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://www.google.com
    Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
    Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
    Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
    Source: mirroring_hangouts.js.0.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://www.googleapis.com
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
    Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
    Source: 30d171f3-e56f-4b7e-b76c-c84b5e623843.tmp.1.dr, ec65cecb-9554-47b7-8f03-a0f3aea4baf9.tmp.1.dr, 6180439b-1bf3-4350-a66d-ff616a22d0c7.tmp.1.drString found in binary or memory: https://www.gstatic.com
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: unknownDNS traffic detected: queries for: login.microsoftonline.com
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /lightweightsignuppackage_fDe8goGchXrPKDzhLxQ-ZA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.netIf-Modified-Since: Sun, 18 Jul 2021 09:01:24 GMTIf-None-Match: 0x8D949CA9E99F66E
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.netIf-Modified-Since: Fri, 01 Oct 2021 00:11:18 GMTIf-None-Match: 0x8D9846FFE07F84C
    Source: global trafficHTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.netIf-Modified-Since: Sat, 02 Oct 2021 09:05:47 GMTIf-None-Match: 0x8D98583D2C8CF51
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49830 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49831 version: TLS 1.2
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\111 ___xaf.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,15964479368950770915,15836311204322071073,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,15964479368950770915,15836311204322071073,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E1AC3A-18F0.pmaJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\b8a49ad5-f829-4145-813b-76c061025dd7.tmpJump to behavior
    Source: classification engineClassification label: mal48.phis.winHTML@37/266@14/7
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Next