Windows Analysis Report
https://aka.ms/LearnAboutSenderIdentification

Overview

General Information

Sample URL:	https://aka.ms/LearnAboutSenderIdentification
Analysis ID:	1638197
Infos:

Detection

Score:	3
Range:	0 - 100
Confidence:	100%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

Form action URLs do not match main URL

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Signatures

Form action URLs do not match main URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Form action: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxy&sso_reload=true microsoft microsoftonline

HTML body contains low number of good links

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Base64 decoded: 8f67dc46-9d2c-4e45-9424-b392316949c5d9ddae86-4200-4715-8386-04ba9123c749

HTML title does not match URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Title: Redirecting does not match URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="author".. found

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 216.58.206.68:443 -> 192.168.2.8:49688 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.215:443 -> 192.168.2.8:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.106.98:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.73:443 -> 192.168.2.8:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.123.12.139:443 -> 192.168.2.8:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.73.237.198:443 -> 192.168.2.8:49802 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveOrigin: https://support.microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://support.microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638775389724976118.OGY2N2RjNDYtOWQyYy00ZTQ1LTk0MjQtYjM5MjMxNjk0OWM1ZDlkZGFlODYtNDIwMC00NzE1LTgzODYtMDRiYTkxMjNjNzQ5&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPQ1YpXoXDNugpO9PJgx57laBPB4JmC1amX5SIDKyvLnekTvKQrBmq66NpeFMFBbd-TQYxDp_mOEuxWoQUfg4jvSYMtutwem21QrutbMQ4-hENEoQujEftry7uwyV_dHtQ_1-_dJIMqqhVMyiKlqotkfgILiUzcQ3tvODl3zJ3fF-4u2iBQa43Fs3iP6yGkpIRBaR27rRdboDD-_su9CWZ0wTzBPSRWIuIB1jj5BoTE2_deF_cKPVa0SC8X5yEhzrvbPxqsrA8q9W9d7oeT_vje0XLjGNcOfIfEkHRuirQ-S_j3o0xAl8N9aZAkdytr8-K3MOObo16ZrEFaXQT0mWzdw&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveOrigin: https://login.microsoftonline.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://support.microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /public-a601c2d1-845c-4bbf-89f0-24e3e56bb31d/thumbnail_w800.jpeg HTTP/1.1Host: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxy HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-4rwp2KHr124=AQABCQEAAABVrSpeuWamRam2jAF1XRQEpeJAjqq3nYZ81yvI70EEmeLSqiC_J0XKmnVNA1COaF-PaGohjnvpOY5aRZA2XXm3KnkpVqOJ-LFdj8fmnDqOQhyE6oGf9oLhxn8vS6XlTbeYFJ2hAgCn-71D9f7N0x2O5aQfBOuoHbw7YF3WGrbNySAA; fpc=ApYohLBimrxKqBXRhse3sxg; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE4u1A8_Krx12sY_5o_oii54QtIxq9LfXuRBrEpVpTfCdqJvU4uBNb6uFvh5P3w--VqLsJlSMI6YfQri4iVhU8FvODEZTUwFVNITMTrSyuPIvoImNJtGubAey7ifm98AH-f9QN16EW_mwiD7SdLiFzbILkN-Uy3ZgTJ5eh5PtWtpwgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638775389724976118.OGY2N2RjNDYtOWQyYy00ZTQ1LTk0MjQtYjM5MjMxNjk0OWM1ZDlkZGFlODYtNDIwMC00NzE1LTgzODYtMDRiYTkxMjNjNzQ5&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPQ1YpXoXDNugpO9PJgx57laBPB4JmC1amX5SIDKyvLnekTvKQrBmq66NpeFMFBbd-TQYxDp_mOEuxWoQUfg4jvSYMtutwem21QrutbMQ4-hENEoQujEftry7uwyV_dHtQ_1-_dJIMqqhVMyiKlqotkfgILiUzcQ3tvODl3zJ3fF-4u2iBQa43Fs3iP6yGkpIRBaR27rRdboDD-_su9CWZ0wTzBPSRWIuIB1jj5BoTE2_deF_cKPVa0SC8X5yEhzrvbPxqsrA8q9W9d7oeT_vje0XLjGNcOfIfEkHRuirQ-S_j3o0xAl8N9aZAkdytr8-K3MOObo16ZrEFaXQT0mWzdw&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638775389724976118.OGY2N2RjNDYtOWQyYy00ZTQ1LTk0MjQtYjM5MjMxNjk0OWM1ZDlkZGFlODYtNDIwMC00NzE1LTgzODYtMDRiYTkxMjNjNzQ5&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPQ1YpXoXDNugpO9PJgx57laBPB4JmC1amX5SIDKyvLnekTvKQrBmq66NpeFMFBbd-TQYxDp_mOEuxWoQUfg4jvSYMtutwem21QrutbMQ4-hENEoQujEftry7uwyV_dHtQ_1-_dJIMqqhVMyiKlqotkfgILiUzcQ3tvODl3zJ3fF-4u2iBQa43Fs3iP6yGkpIRBaR27rRdboDD-_su9CWZ0wTzBPSRWIuIB1jj5BoTE2_deF_cKPVa0SC8X5yEhzrvbPxqsrA8q9W9d7oeT_vje0XLjGNcOfIfEkHRuirQ-S_j3o0xAl8N9aZAkdytr8-K3MOObo16ZrEFaXQT0mWzdw&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-4rwp2KHr124=AQABCQEAAABVrSpeuWamRam2jAF1XRQEpeJAjqq3nYZ81yvI70EEmeLSqiC_J0XKmnVNA1COaF-PaGohjnvpOY5aRZA2XXm3KnkpVqOJ-LFdj8fmnDqOQhyE6oGf9oLhxn8vS6XlTbeYFJ2hAgCn-71D9f7N0x2O5aQfBOuoHbw7YF3WGrbNySAA; fpc=ApYohLBimrxKqBXRhse3sxg; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE4u1A8_Krx12sY_5o_oii54QtIxq9LfXuRBrEpVpTfCdqJvU4uBNb6uFvh5P3w--VqLsJlSMI6YfQri4iVhU8FvODEZTUwFVNITMTrSyuPIvoImNJtGubAey7ifm98AH-f9QN16EW_mwiD7SdLiFzbILkN-Uy3ZgTJ5eh5PtWtpwgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_R0PmDES6QHGvk93sC6IvjQ2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveOrigin: https://login.microsoftonline.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /public-a601c2d1-845c-4bbf-89f0-24e3e56bb31d/thumbnail_w800.jpeg HTTP/1.1Host: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxy&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-4rwp2KHr124=AQABCQEAAABVrSpeuWamRam2jAF1XRQEpeJAjqq3nYZ81yvI70EEmeLSqiC_J0XKmnVNA1COaF-PaGohjnvpOY5aRZA2XXm3KnkpVqOJ-LFdj8fmnDqOQhyE6oGf9oLhxn8vS6XlTbeYFJ2hAgCn-71D9f7N0x2O5aQfBOuoHbw7YF3WGrbNySAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; esctx-63uPvBeda8Y=AQABCQEAAABVrSpeuWamRam2jAF1XRQEknnip7MVJ41UFoFThr_gt4Ab-aml011CbuW1xI-hUyPv9d9eRoN36Y25Tjyl-nNrlG7gwMLksKTr2ZUlMRowdsiPDPefz8EbzCHsbCiYLfHTcwsI-8ev6XD4YAXR9-WfeBbllObKEJZdZjj7ujyc2SAA; buid=1.AV0AMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAABdAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmQfbR2n9jbklT8QtzOsUDmVxQqeA4KN8uj1kvZj2A1paARBvRfTKREPNj0Bbv43SCBa3R__piuDVhMAL5tZDF_hCkv4sLUth3Vul5AeRtaYgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZkzZjL_rqaWr32YtxdmQ1RVqA17UKXT1WLuw4wo_XHmX3tPxvgSFDKYaTGcvPG4MJGDSEyUOgyKXyfXay26THWUqzYrsZDhuEeCyOpfP2QAtN03lK-wvtSEguAbHsuAXi9rYpXUEEktIClq5Ov6Q3bT26iZaDFHnNXuDu9YlA6YgAA; esctx-wqFScfAveHI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEwGYJS1f0QXVcg3H5ay9uZs13ycu3n1dkCxwYcDA5eQ-bXxdDC5s5um3E3saAyQSnMfma5sQExLrCR5ISrqCC1PbvAh-8PWeSGyosoNGZKvVZTZiH2BkVQo5SqMueX2IWuF1oHay99Fs4NUApqI7J2SAA; fpc=ApYohLBimrxKqBXRhse3sxhqwEtIAQAAAJ_kZd8OAAAA
Source: global traffic	HTTP traffic detected: GET /en-us/media/0b1fe818-4ce3-46e9-8851-111cec3c540c.png HTTP/1.1Host: support.content.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aka.ms
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: cxcs.microsoft.net
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: support.content.office.net

Source: chromecache_148.1.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_121.1.dr, chromecache_108.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_121.1.dr, chromecache_108.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_100.1.dr, chromecache_128.1.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: chromecache_121.1.dr, chromecache_108.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_100.1.dr, chromecache_107.1.dr, chromecache_136.1.dr, chromecache_99.1.dr, chromecache_128.1.dr, chromecache_119.1.dr	String found in binary or memory: https://github.com/google/shaka-packager
Source: chromecache_100.1.dr, chromecache_99.1.dr, chromecache_128.1.dr, chromecache_119.1.dr	String found in binary or memory: https://github.com/google/shaka-packagerv2.6.1-634af65-release
Source: chromecache_101.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_101.1.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 216.58.206.68:443 -> 192.168.2.8:49688 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.215:443 -> 192.168.2.8:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.106.98:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.73:443 -> 192.168.2.8:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.123.12.139:443 -> 192.168.2.8:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.73.237.198:443 -> 192.168.2.8:49802 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5200_1715945005

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5200_1715945005

Jump to behavior

Source: classification engine

Classification label: clean3.win@26/123@32/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aka.ms/LearnAboutSenderIdentification"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4192 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4192 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.196.240.134	e3230.b.akamaiedge.net	United States	16625	AKAMAI-ASUS	false
104.73.237.198	e12627.g.akamaiedge.net	United States	16625	AKAMAI-ASUS	false
2.19.106.98	e13678.dscg.akamaiedge.net	European Union	16625	AKAMAI-ASUS	false
2.22.242.73	unknown	European Union	20940	AKAMAI-ASN1EU	false
23.36.225.166	aka.ms	United States	16625	AKAMAI-ASUS	false
2.22.242.215	e329293.dscd.akamaiedge.net	European Union	20940	AKAMAI-ASN1EU	false
92.123.12.139	unknown	European Union	16625	AKAMAI-ASUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
20.190.160.65	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.8
192.168.2.4

Contacted Domains

Name	IP	Active
e329293.dscd.akamaiedge.net	2.22.242.215	true
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
www.google.com	216.58.206.68	true
e13678.dscg.akamaiedge.net	2.19.106.98	true
e12627.g.akamaiedge.net	104.73.237.198	true
aka.ms	23.36.225.166	true
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true
e3230.b.akamaiedge.net	23.196.240.134	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
www.tm.a.prd.aadg.trafficmanager.net	20.190.160.65	true
js.monitor.azure.com	unknown	unknown
c.s-microsoft.com	unknown	unknown
support.content.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
cxcs.microsoft.net	unknown	unknown
acctcdn.msftauth.net	unknown	unknown
mem.gfx.ms	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://cxcs.microsoft.net/static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png	false	high
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js	false	high
https://mem.gfx.ms/scripts/me/MeControl/10.24228.4/en-US/meCore.min.js	false	high
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_R0PmDES6QHGvk93sC6IvjQ2.js	false	high
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	false	high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-a601c2d1-845c-4bbf-89f0-24e3e56bb31d/thumbnail_w800.jpeg	false	high
https://mem.gfx.ms/scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js	false	high
https://cxcs.microsoft.net/static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png	false	high
https://support.content.office.net/en-us/media/0b1fe818-4ce3-46e9-8851-111cec3c540c.png	false	high
https://aka.ms/LearnAboutSenderIdentification	false	high
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js	false	high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ISO Media, MP4 v1 [ISO 14496-1:ch13]	EBC52D30D6B183422E87D658CF09FC04	30489E041A85E7F2AE2B2C4280840F6FDF1656A5	93010FD856ADB59AB6DD83DCBA0CA7DAF3A2512BD187DB9C06422F7359C6E85F
Chrome Cache Entry: 101	HTML document, ASCII text, with very long lines (3445), with CRLF line terminators	ACDEC8DAD3164FBA20E86D50F1B979F1	0C5FD1CCA5BECDB0080D20E6A90CCD91BC0D5894	1D2CDE2E778A731CBD158758F735E1BCC2508A8252720D261D94068AFF45AACC
Chrome Cache Entry: 102	ASCII text, with very long lines (11026)	F8BBFC7AA538BB412A5F94737E74CB9E	BCAEE8BA1F100BDBF0233B034DE5D4FC90158055	1FE043C5C3AEEBF5A48A03651FAF147C22632FCDCE49DC385F122CEE7663424A
Chrome Cache Entry: 103	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	DDCB4FCA39CCADCDF6C1FE2E1F717867	88238D53920F32AF37A802A5E6BFEEC3B1E6F75D	097DF2DFA3781F1AEDB631C968D04D8152D7C7FA8E92BC91E233B3000E2F34BB
Chrome Cache Entry: 104	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	68B6034D22E6083CF2592BF4B8B71F0E	0981B22AF5F2BF930794557717FF7C7F4FF563FF	56E5D47C342207184BE9DE6E3CF06CF26C32B34EE799B3ACC95EBEEEEFA5484A
Chrome Cache Entry: 105	Unicode text, UTF-8 text, with very long lines (65456)	4730ADC834E2A7DD777A49738B957BA5	9DAB5916633383DB2799B83B972D31B5948545FC	67314E6307110FDA53BECA76E9E82BA025D888AD6599ED8F35CF9233794877DF
Chrome Cache Entry: 106	ASCII text, with very long lines (2824)	78C4311E4D7A1AFDE2EC6FB093FE40A2	FB9A1881E03ADF12A393759606FF384F847A52A8	2CA909B3DA6E4A4FC7FD3C9DD490C4DB45435C995177AA5D7D154852EFD69E25
Chrome Cache Entry: 107	XML 1.0 document, ASCII text	6E0F9D9A778BA0BBED21D2AF00866CD7	7774EC5D52750F6BC786945AB2DE0473B6355902	14898C854F6F163B5F9E1A2B8DDDF21EE3E11107B9F4B88C386F4BBCA2CBBD16
Chrome Cache Entry: 108	ASCII text, with very long lines (52786)	4743E60C44BA4071AF93DDEC0BA22F8D	972320A67C2A94F2FB976E544DA86A5ED107C8DF	6C068C6BCE1A3E792E5AA7E10270A050BE60B395964281CA162035C13D63E30E
Chrome Cache Entry: 109	Unicode text, UTF-8 (with BOM) text, with very long lines (65505), with no line terminators	69C0160C1B174077BC1DC969CFE54896	54C34ECD339578D1FE5D22B68FFB8A79E5B26AAE	AC64A328B6DF45E408FD9713F3D8E840955B10E6E634AF14DCD0643236F023E7
Chrome Cache Entry: 110	PNG image data, 180 x 180, 4-bit colormap, non-interlaced	4F0176B7EBF39C82AA272C7271B0D9C2	97C4BAAB78B3D7FE0F1686A0B7714CC88448F8ED	531D0E0B41CFADC5668DABD018226AE7CE366B800CFB45C16A800FB597E53B26
Chrome Cache Entry: 111	ASCII text, with CRLF line terminators	C49C34EE38F103BCB82F58DED32F57DB	757C8CE6D92102903F636C20B70E414A5E9A2E20	BDBBDA3BD97031FF5BCB76B427D2ECD9C4617922C3860F662E51FB18AC5CC591
Chrome Cache Entry: 112	ASCII text, with very long lines (1789), with no line terminators	A994A7E8C64A7067E10B96EB4EC80FD8	20AFCA199B332D7BF7D0FC629C2AFF30EEE2E20A	5D673164F48498DDED9C758054C385B0094F26AEDABA0E3D7D419BF2C693363C
Chrome Cache Entry: 113	ASCII text, with very long lines (2674)	468D4ACC570CFFC7101AC8A63514AD31	6983E89B6EC798B5B8C2B3B76D9311808437B572	B4B342F2025799CA602A75590B324E7493B0903726720BCE4CA793207C83255C
Chrome Cache Entry: 114	ASCII text, with very long lines (503)	A3BC5418F2834309CE2918B15F3B8EEA	62BA2712C6D4960F1057E103F6E1F3C95F2C701B	B2B62643A7C4FE4A4E12934AD819F0293CC00181B78D8091AFFFF3617CEB96B1
Chrome Cache Entry: 115	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 116	ASCII text, with very long lines (65398)	107489D1ED6BE77BFD69EBE4D7B52B6D	FD56DF206A1DD0223D6D18ADAC841582282A346E	3BBC0000E28054DDBE38B2E7A21DCA8D66FDA56EA48448BCE4658BC6B518A970
Chrome Cache Entry: 117	Unicode text, UTF-8 text, with very long lines (45878)	2D239F75690602434780A10306B90C92	FD2005D03A856C786D53E7B28C00F5026727CFCA	62124873D78845E0C099FA26D62BF1C0DEB57B78100E4A3C0F0E28AEEFD95E2E
Chrome Cache Entry: 118	ASCII text, with very long lines (2230), with no line terminators	4D56AF8ACF934242A6D0C2D5FD5785E1	9D58373C57C53221C4762B87BDC186F6E38384D0	6F26F0CC605A8C789C557B2956CE78D147D5D2CC16D2F09B3A606306BCA3F4DE
Chrome Cache Entry: 119	ISO Media, MP4 v1 [ISO 14496-1:ch13]	7E00EA2DAEB12B9B3C2D9B35CA680381	7552A7DDE7C91127BC51BDA9BF947221BBD30B27	EA63AE2EBB3F1BB3603BD0641CF5352C7DCD15B34891C20143704E484D1A4D1B
Chrome Cache Entry: 120	data	12F734959794C3EB599F2657FAC91AD2	003DF35754440C3B2547C044CF56CD438450A18A	46A08E991DCF7AA2955CA20E0A240A95498EAFFA39E007DFA4E1A18C4711D00C
Chrome Cache Entry: 121	ASCII text, with very long lines (46812)	F7CD746319AB2EA391D6B4386A7C8D32	4ADFCD23EE4D2E2C50937B5E8DAA50762E1DE018	3136538617D98C749991F5DCAD819761C127C419D62F85DBAAE00F7B1DC1E997
Chrome Cache Entry: 122	ASCII text, with very long lines (4873), with no line terminators	ED927CF0F8A1BE103DF48446270416EE	F7B2BE7FC2B063AAC03E76DF9F3E19D615970213	EBDD298DFD39A35E5F54469F12953081A17CBEA55F3A4A79C0FD4997D804F7D5
Chrome Cache Entry: 123	Web Open Font Format (Version 2), TrueType, length 30032, version 0.0	BE43045E5C1119DB2B2C2C38342A9216	5028764DAB0DEFCEA18691B1EDF769E924D5AB55	F2AD20DA85ABF7AD48AFBFE14E5E60A7AC5E648C0AFAECAB8751981644154CF3
Chrome Cache Entry: 124	PNG image data, 262 x 96, 8-bit/color RGBA, non-interlaced	CCA42A6DD7E8378D54197303C9B94BD1	4D956D4A7049610D6728557695A2B40D71C24069	3806A156470D2669E497B39DCD453A1F69CA74D5A1AB69EAB755185C0EFB6A88
Chrome Cache Entry: 125	ASCII text, with very long lines (34235), with CRLF, LF line terminators	6FE3DD83A0D98BC1977F57EA33C37693	8DF606F40E4CC8C07CE929D5A82FD5304EAF4EB7	A5268A183F2A091D2D17773997E89A25FC45CBD60E586EDF61F544FB85D6F6A8
Chrome Cache Entry: 126	data	3D30FB37DF3821DEA3427B782530D54A	760ACEE12017CA7078CAF20C2ED79933663AEE9C	B30D3D8B6B9805187F47BAEB54B62FA7B042269AED6BF10A912BECA78577483F
Chrome Cache Entry: 127	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 128	ISO Media, MP4 v1 [ISO 14496-1:ch13]	8033EAC3BD8F6073C05531C70D6CC7BE	72E3E68318181A36C81E74CC27CDDB35DB840EEA	7942781E5B15C19E5918B39EF67F6D3BA69D57CBC17D8AD27CCA5783223FD4DD
Chrome Cache Entry: 129	ASCII text, with very long lines (65460)	C0BB28600CF931A17482376C5E27CABE	3C9B65F94334C9312F168AC51D2067D07DB3A619	70EB3BBB025DC4C9CB7F7297EF68B928E4A7D9F77F8B60BD4DE6C526CF195464
Chrome Cache Entry: 130	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	9AA997545CAD62F24960E39B773AE81C	3EBF01E3B3630F127309F816F13FF86B94798E07	BC5E9528086858FD7BFF758A1B0AE0D559A9930E279ECDF4955572B6AD1E53EA
Chrome Cache Entry: 131	ASCII text, with very long lines (4370), with no line terminators	5F05B23BAD0F2D477C4E6B9266F99A74	E6CC0BE0A86B8330B4FD16CE8EB27614FB313B40	70099F944DDCE86C3B9E24CE88C3C489EF4C63CEF20C4DA64A5DC33BBFE36512
Chrome Cache Entry: 132	ASCII text, with very long lines (2974), with no line terminators	8C4035FBAA828A7E23B8584328FE8F88	F222869596F1E3E94C131DE6E85BF233ED1EC511	0F4950468225BC51D24014536FE8004392A415EF01F0DB92A258818E74F9C59E
Chrome Cache Entry: 133	ASCII text, with very long lines (65536), with no line terminators	C1338BAD680C7B30034BB2BEE2C447D3	E93C535395F25D15F4AA67E481DFCEAF94F25A1E	906A3B2A89AA06A9C0DA125FBF248D1F9FD188511B44D4822D9E3FCFD28197E8
Chrome Cache Entry: 134	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	530E019ACA1B16CCCC6D7F9AF809A5EF	44DE170BF83E1D8DC50DB4C09D01B2AF567BA394	180B72AEFEC3FB19BB76E97D00EDF90932D02A9A4DA4CE82711E263DC16971A5
Chrome Cache Entry: 135	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	DDCB4FCA39CCADCDF6C1FE2E1F717867	88238D53920F32AF37A802A5E6BFEEC3B1E6F75D	097DF2DFA3781F1AEDB631C968D04D8152D7C7FA8E92BC91E233B3000E2F34BB
Chrome Cache Entry: 136	XML 1.0 document, ASCII text	6E0F9D9A778BA0BBED21D2AF00866CD7	7774EC5D52750F6BC786945AB2DE0473B6355902	14898C854F6F163B5F9E1A2B8DDDF21EE3E11107B9F4B88C386F4BBCA2CBBD16
Chrome Cache Entry: 137	ASCII text, with no line terminators	46DF3E5E2D15256CA16616EBFDA5427F	BE8F9B307E458075DA0D43585A05F1D451469182	AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
Chrome Cache Entry: 138	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	FB2ED9313C602F40B7A2762ACC15FF89	8A390D07A8401D40CBC1A16D873911FA4CB463F5	B241D02FAB4B17291AF37993EB249F9303EB5897610ABAFAC4C9F6AA6A878369
Chrome Cache Entry: 139	ASCII text, with no line terminators	BEB5075867AC37A3C8903AB23A5ABA22	86A41106441F795558A31574CBD24D5403E2F054	BD38B37956C818D4084814F47B69B7798F07AF7889D3D13DEBBD2D76ECB86095
Chrome Cache Entry: 140	ASCII text, with very long lines (65394)	CF5CC7F4B57526CC37893DCB83DED031	E953783BE0A7894585778455AAE3D0DF094D6F29	3A790B6C0D26D7A4D292CB27F992EAFAFF42C37E9318B2AB704207039127FCB8
Chrome Cache Entry: 141	Web Open Font Format (Version 2), TrueType, length 36888, version 0.0	9B0D118DF2786766F3F2ADBDE755ECEF	6256A445CD294EF0EDFA22D410AE40E45355BB3C	F610165947CB23BF323DAA9848F04657202FA468D32D9D3B0C5B6D6EF43852CD
Chrome Cache Entry: 142	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	530E019ACA1B16CCCC6D7F9AF809A5EF	44DE170BF83E1D8DC50DB4C09D01B2AF567BA394	180B72AEFEC3FB19BB76E97D00EDF90932D02A9A4DA4CE82711E263DC16971A5
Chrome Cache Entry: 143	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	68B6034D22E6083CF2592BF4B8B71F0E	0981B22AF5F2BF930794557717FF7C7F4FF563FF	56E5D47C342207184BE9DE6E3CF06CF26C32B34EE799B3ACC95EBEEEEFA5484A
Chrome Cache Entry: 144	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 145	ASCII text, with very long lines (6125), with no line terminators	97C18402D0D5AD89F12C548A55C8284F	412ACD023C48FA79C9F846040497C74C2EBEC46D	464730FF27CB58E32D39C58E96330E89983298C72B1B4183A68E0B7FE4D4CCFA
Chrome Cache Entry: 146	ASCII text, with very long lines (780), with no line terminators	CB3531F56366637C3E928C625264646D	3F6B2AC9B3A9C76EF8410FCA587105F1D95238A5	47F3F44C9BC3F47A111D004476F051D5684D9FB7526EF3985A6540F6D6B16E93
Chrome Cache Entry: 147	PNG image data, 180 x 180, 4-bit colormap, non-interlaced	4F0176B7EBF39C82AA272C7271B0D9C2	97C4BAAB78B3D7FE0F1686A0B7714CC88448F8ED	531D0E0B41CFADC5668DABD018226AE7CE366B800CFB45C16A800FB597E53B26
Chrome Cache Entry: 148	ASCII text, with very long lines (42133)	B9C3E4320DB870036919F1EE117BDA6E	29B5A9066B5B1F1FE5AFE7EE986E80A49E86606A	A1FE019388875B696EDB373B51A51C0A8E3BAD52CD489617D042C0722BDB1E48
Chrome Cache Entry: 149	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142588	47B6359A09BBEE6AA41B82E06C5A6105	7049BB7A20217A9153F9AED16A0A6B6DF27B1038	EACBD5A1C958B4A2859D1D59FCDF028EDB6DD7567109218A83AA4E263A253A35
Chrome Cache Entry: 150	JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 800x450, components 3	D04267E54C8189FFA334002AA2607089	BC2FA3189A0405852F71A7B0ADD3407A23DCDCC3	AB5FDC608DD13F52D71E6F7E6E23648A6A2FA4000031E0F2146DB7C4374B69AC
Chrome Cache Entry: 151	data	7A74F1C5593C38BE1DAB65840A74CC50	9B160C0BE68B22FEE0EFFC3102A948008927A600	15CE26E5B33718404125CABF2145A806D2B1E3BCA97719E5C19726C16049BC5B
Chrome Cache Entry: 152	Web Open Font Format, TrueType, length 26288, version 0.0	D0263DC03BE4C393A90BDA733C57D6DB	8A032B6DEAB53A33234C735133B48518F8643B92	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
Chrome Cache Entry: 153	JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 800x450, components 3	D04267E54C8189FFA334002AA2607089	BC2FA3189A0405852F71A7B0ADD3407A23DCDCC3	AB5FDC608DD13F52D71E6F7E6E23648A6A2FA4000031E0F2146DB7C4374B69AC
Chrome Cache Entry: 154	Unicode text, UTF-8 text, with very long lines (64241)	97A7AD53DCC2CB34895CA7932A24F1D6	0CD7562FCBB6E6782F379EA4AEDFBC1FD68916BE	A4CF9C20DA583D6053F6D120467224875DE6C3F740FAD08ABD1E041A0C3F18B6
Chrome Cache Entry: 155	GIF image data, version 89a, 960 x 540	B1F5B34FD4653ECC55A495B7A6A59B51	A3E0E79E99FE0614A67143206A4B91E6811AE61C	2A38C4E7692EFECBF4B5F6EFD20DDBD3D77D2EDC91F8A76132431C6A068A6E41
Chrome Cache Entry: 156	GIF image data, version 89a, 960 x 540	B1F5B34FD4653ECC55A495B7A6A59B51	A3E0E79E99FE0614A67143206A4B91E6811AE61C	2A38C4E7692EFECBF4B5F6EFD20DDBD3D77D2EDC91F8A76132431C6A068A6E41
Chrome Cache Entry: 157	ASCII text, with very long lines (30237)	F04D3E51969894BD486CD9A9A1549EA6	6DB7ED2E034FE99F5013144CA91DD21408F7AC36	33A747222E8AE5381AEB53C9671BB3EB309B7226587674CD6D901F99645A852B
Chrome Cache Entry: 158	PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced	9AA997545CAD62F24960E39B773AE81C	3EBF01E3B3630F127309F816F13FF86B94798E07	BC5E9528086858FD7BFF758A1B0AE0D559A9930E279ECDF4955572B6AD1E53EA
Chrome Cache Entry: 159	Unicode text, UTF-8 (with BOM) text, with very long lines (10421), with no line terminators	3E3EA0F20789B9C194D77279528CA129	99602884211E9F11410506099E1B4D44D7F17CF1	54E9EF853E38D4F6B2D1600A1F981D7175E2817A62B8D6DA41C23D0E05F2A031
Chrome Cache Entry: 160	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 161	PNG image data, 262 x 96, 8-bit/color RGBA, non-interlaced	CCA42A6DD7E8378D54197303C9B94BD1	4D956D4A7049610D6728557695A2B40D71C24069	3806A156470D2669E497B39DCD453A1F69CA74D5A1AB69EAB755185C0EFB6A88
Chrome Cache Entry: 162	ASCII text, with very long lines (5781)	3E0DA3FCC8786DF60C5779AA73A48E7A	BAB1FCA9B33DC6D081C2AB2612E54D1AFFE75AAA	C70101AF27ED7D57829D940470CAC787BD11C3BA96A3944118033AE487BA9FD1
Chrome Cache Entry: 163	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 164	ASCII text, with very long lines (3385), with no line terminators	838B4CF03009164350BEE28EC54B1B28	7289901F526CD15984F080E40BBF8B8B6098EB73	70C7CD74052E7BB3716548F7748B7FBF90C8BB39B0F688495B5D3D8974295A72
Chrome Cache Entry: 97	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	FB2ED9313C602F40B7A2762ACC15FF89	8A390D07A8401D40CBC1A16D873911FA4CB463F5	B241D02FAB4B17291AF37993EB249F9303EB5897610ABAFAC4C9F6AA6A878369
Chrome Cache Entry: 98	ASCII text, with very long lines (3637)	A249B03B72AB5E7B60E7806457B9BE61	FF0B5F4FB91A9DBF147262AD59B292C6C2DFE122	48FF8C6449BEF199F206C7A1C49403E10DC6341A9D4A1F8946B042DDE66E315F
Chrome Cache Entry: 99	ISO Media, MP4 v1 [ISO 14496-1:ch13]	EC0C6879350DC72FBCE112272EF7BDFF	E0D979EB6B56A04EB2DAED774147D223804F0DD8	E042B638A0831BDB011D0FCF2CDE799E536F0FD46298B6D91E42BBE3CC9E7491

Form action URLs do not match main URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTML body contains low number of good links

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Base64 decoded: 8f67dc46-9d2c-4e45-9424-b392316949c5d9ddae86-4200-4715-8386-04ba9123c749

HTML title does not match URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Title: Redirecting does not match URL

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No favicon

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="author".. found

Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 216.58.206.68:443 -> 192.168.2.8:49688 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.215:443 -> 192.168.2.8:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.106.98:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.73:443 -> 192.168.2.8:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.123.12.139:443 -> 192.168.2.8:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.73.237.198:443 -> 192.168.2.8:49802 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveOrigin: https://support.microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://support.microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638775389724976118.OGY2N2RjNDYtOWQyYy00ZTQ1LTk0MjQtYjM5MjMxNjk0OWM1ZDlkZGFlODYtNDIwMC00NzE1LTgzODYtMDRiYTkxMjNjNzQ5&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPQ1YpXoXDNugpO9PJgx57laBPB4JmC1amX5SIDKyvLnekTvKQrBmq66NpeFMFBbd-TQYxDp_mOEuxWoQUfg4jvSYMtutwem21QrutbMQ4-hENEoQujEftry7uwyV_dHtQ_1-_dJIMqqhVMyiKlqotkfgILiUzcQ3tvODl3zJ3fF-4u2iBQa43Fs3iP6yGkpIRBaR27rRdboDD-_su9CWZ0wTzBPSRWIuIB1jj5BoTE2_deF_cKPVa0SC8X5yEhzrvbPxqsrA8q9W9d7oeT_vje0XLjGNcOfIfEkHRuirQ-S_j3o0xAl8N9aZAkdytr8-K3MOObo16ZrEFaXQT0mWzdw&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveOrigin: https://login.microsoftonline.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://support.microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /public-a601c2d1-845c-4bbf-89f0-24e3e56bb31d/thumbnail_w800.jpeg HTTP/1.1Host: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxy HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-4rwp2KHr124=AQABCQEAAABVrSpeuWamRam2jAF1XRQEpeJAjqq3nYZ81yvI70EEmeLSqiC_J0XKmnVNA1COaF-PaGohjnvpOY5aRZA2XXm3KnkpVqOJ-LFdj8fmnDqOQhyE6oGf9oLhxn8vS6XlTbeYFJ2hAgCn-71D9f7N0x2O5aQfBOuoHbw7YF3WGrbNySAA; fpc=ApYohLBimrxKqBXRhse3sxg; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE4u1A8_Krx12sY_5o_oii54QtIxq9LfXuRBrEpVpTfCdqJvU4uBNb6uFvh5P3w--VqLsJlSMI6YfQri4iVhU8FvODEZTUwFVNITMTrSyuPIvoImNJtGubAey7ifm98AH-f9QN16EW_mwiD7SdLiFzbILkN-Uy3ZgTJ5eh5PtWtpwgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638775389724976118.OGY2N2RjNDYtOWQyYy00ZTQ1LTk0MjQtYjM5MjMxNjk0OWM1ZDlkZGFlODYtNDIwMC00NzE1LTgzODYtMDRiYTkxMjNjNzQ5&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPQ1YpXoXDNugpO9PJgx57laBPB4JmC1amX5SIDKyvLnekTvKQrBmq66NpeFMFBbd-TQYxDp_mOEuxWoQUfg4jvSYMtutwem21QrutbMQ4-hENEoQujEftry7uwyV_dHtQ_1-_dJIMqqhVMyiKlqotkfgILiUzcQ3tvODl3zJ3fF-4u2iBQa43Fs3iP6yGkpIRBaR27rRdboDD-_su9CWZ0wTzBPSRWIuIB1jj5BoTE2_deF_cKPVa0SC8X5yEhzrvbPxqsrA8q9W9d7oeT_vje0XLjGNcOfIfEkHRuirQ-S_j3o0xAl8N9aZAkdytr8-K3MOObo16ZrEFaXQT0mWzdw&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638775389724976118.OGY2N2RjNDYtOWQyYy00ZTQ1LTk0MjQtYjM5MjMxNjk0OWM1ZDlkZGFlODYtNDIwMC00NzE1LTgzODYtMDRiYTkxMjNjNzQ5&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPQ1YpXoXDNugpO9PJgx57laBPB4JmC1amX5SIDKyvLnekTvKQrBmq66NpeFMFBbd-TQYxDp_mOEuxWoQUfg4jvSYMtutwem21QrutbMQ4-hENEoQujEftry7uwyV_dHtQ_1-_dJIMqqhVMyiKlqotkfgILiUzcQ3tvODl3zJ3fF-4u2iBQa43Fs3iP6yGkpIRBaR27rRdboDD-_su9CWZ0wTzBPSRWIuIB1jj5BoTE2_deF_cKPVa0SC8X5yEhzrvbPxqsrA8q9W9d7oeT_vje0XLjGNcOfIfEkHRuirQ-S_j3o0xAl8N9aZAkdytr8-K3MOObo16ZrEFaXQT0mWzdw&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-4rwp2KHr124=AQABCQEAAABVrSpeuWamRam2jAF1XRQEpeJAjqq3nYZ81yvI70EEmeLSqiC_J0XKmnVNA1COaF-PaGohjnvpOY5aRZA2XXm3KnkpVqOJ-LFdj8fmnDqOQhyE6oGf9oLhxn8vS6XlTbeYFJ2hAgCn-71D9f7N0x2O5aQfBOuoHbw7YF3WGrbNySAA; fpc=ApYohLBimrxKqBXRhse3sxg; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE4u1A8_Krx12sY_5o_oii54QtIxq9LfXuRBrEpVpTfCdqJvU4uBNb6uFvh5P3w--VqLsJlSMI6YfQri4iVhU8FvODEZTUwFVNITMTrSyuPIvoImNJtGubAey7ifm98AH-f9QN16EW_mwiD7SdLiFzbILkN-Uy3ZgTJ5eh5PtWtpwgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_R0PmDES6QHGvk93sC6IvjQ2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveOrigin: https://login.microsoftonline.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /public-a601c2d1-845c-4bbf-89f0-24e3e56bb31d/thumbnail_w800.jpeg HTTP/1.1Host: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxy&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=7c0cf029-c8ce-4af6-6aca-7a7f9137eb83&partnerId=smcconvergence&idpflag=proxyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-4rwp2KHr124=AQABCQEAAABVrSpeuWamRam2jAF1XRQEpeJAjqq3nYZ81yvI70EEmeLSqiC_J0XKmnVNA1COaF-PaGohjnvpOY5aRZA2XXm3KnkpVqOJ-LFdj8fmnDqOQhyE6oGf9oLhxn8vS6XlTbeYFJ2hAgCn-71D9f7N0x2O5aQfBOuoHbw7YF3WGrbNySAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; esctx-63uPvBeda8Y=AQABCQEAAABVrSpeuWamRam2jAF1XRQEknnip7MVJ41UFoFThr_gt4Ab-aml011CbuW1xI-hUyPv9d9eRoN36Y25Tjyl-nNrlG7gwMLksKTr2ZUlMRowdsiPDPefz8EbzCHsbCiYLfHTcwsI-8ev6XD4YAXR9-WfeBbllObKEJZdZjj7ujyc2SAA; buid=1.AV0AMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAABdAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmQfbR2n9jbklT8QtzOsUDmVxQqeA4KN8uj1kvZj2A1paARBvRfTKREPNj0Bbv43SCBa3R__piuDVhMAL5tZDF_hCkv4sLUth3Vul5AeRtaYgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZkzZjL_rqaWr32YtxdmQ1RVqA17UKXT1WLuw4wo_XHmX3tPxvgSFDKYaTGcvPG4MJGDSEyUOgyKXyfXay26THWUqzYrsZDhuEeCyOpfP2QAtN03lK-wvtSEguAbHsuAXi9rYpXUEEktIClq5Ov6Q3bT26iZaDFHnNXuDu9YlA6YgAA; esctx-wqFScfAveHI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEwGYJS1f0QXVcg3H5ay9uZs13ycu3n1dkCxwYcDA5eQ-bXxdDC5s5um3E3saAyQSnMfma5sQExLrCR5ISrqCC1PbvAh-8PWeSGyosoNGZKvVZTZiH2BkVQo5SqMueX2IWuF1oHay99Fs4NUApqI7J2SAA; fpc=ApYohLBimrxKqBXRhse3sxhqwEtIAQAAAJ_kZd8OAAAA
Source: global traffic	HTTP traffic detected: GET /en-us/media/0b1fe818-4ce3-46e9-8851-111cec3c540c.png HTTP/1.1Host: support.content.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aka.ms
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: cxcs.microsoft.net
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: support.content.office.net

Source: chromecache_148.1.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_121.1.dr, chromecache_108.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_121.1.dr, chromecache_108.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_100.1.dr, chromecache_128.1.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: chromecache_121.1.dr, chromecache_108.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_100.1.dr, chromecache_107.1.dr, chromecache_136.1.dr, chromecache_99.1.dr, chromecache_128.1.dr, chromecache_119.1.dr	String found in binary or memory: https://github.com/google/shaka-packager
Source: chromecache_100.1.dr, chromecache_99.1.dr, chromecache_128.1.dr, chromecache_119.1.dr	String found in binary or memory: https://github.com/google/shaka-packagerv2.6.1-634af65-release
Source: chromecache_101.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_101.1.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 216.58.206.68:443 -> 192.168.2.8:49688 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.225.166:443 -> 192.168.2.8:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.215:443 -> 192.168.2.8:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.106.98:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.240.134:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.242.73:443 -> 192.168.2.8:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.65:443 -> 192.168.2.8:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.123.12.139:443 -> 192.168.2.8:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.73.237.198:443 -> 192.168.2.8:49802 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5200_1715945005

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5200_1715945005

Jump to behavior

Source: classification engine

Classification label: clean3.win@26/123@32/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aka.ms/LearnAboutSenderIdentification"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4192 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2084,i,14542350356144878619,5201175776123541410,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4192 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1638197
Product:	CloudBasic
Start time:	09:48:13
Start date:	14.03.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://aka.ms/LearnAboutSenderIdentification

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://aka.ms/LearnAboutSenderIdentification

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://aka.ms/LearnAboutSenderIdentification