Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://shareasale.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com

Overview

General Information

Sample URL:https://shareasale.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com
Analysis ID:828047

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
Phishing site detected (based on image similarity)
Yara signature match
HTML body contains low number of good links
Found iframes
No HTML title found

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5552 cmdline: "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" /PIM NoEmail MD5: CA3FDE8329DE07C95897DB0D828545CD)
  • chrome.exe (PID: 6608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://shareasale.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 6772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=328,i,8088195014292527259,13016869309004505035,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
40813.2.pages.csvSUSP_obfuscated_JS_obfuscatorioDetects JS obfuscation done by the js obfuscator (often malicious)@imp0rtp3
  • 0x26545:$c8: while(!![])
  • 0x41a72:$c8: while(!![])
  • 0x43b7d:$c8: while(!![])
  • 0x4434d:$c8: while(!![])
  • 0x460b2:$c8: while(!![])
  • 0x4695b:$c8: while(!![])
  • 0x48e3a:$c8: while(!![])
  • 0x26564:$d1: parseInt(_0x527c4e(0x139))/0x1*(-parseInt(_0x527c4e(0x1a7))/0x2)+parseInt(_0x527c4e(0x15a))/0x3*(parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-
  • 0x26585:$d1: parseInt(_0x527c4e(0x1a7))/0x2)+parseInt(_0x527c4e(0x15a))/0x3*(parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-parseInt(_0x527c4e(0x181))/0x7)+
  • 0x265a5:$d1: parseInt(_0x527c4e(0x15a))/0x3*(parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-parseInt(_0x527c4e(0x181))/0x7)+parseInt(_0x527c4e(0x1c7))/0x8+
  • 0x265c5:$d1: parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-parseInt(_0x527c4e(0x181))/0x7)+parseInt(_0x527c4e(0x1c7))/0x8+parseInt(_0x527c4e(0x185))/0x9+-
40813.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    39468.3.pages.csvSUSP_obfuscated_JS_obfuscatorioDetects JS obfuscation done by the js obfuscator (often malicious)@imp0rtp3
    • 0xad0c:$c8: while(!![])
    • 0x26239:$c8: while(!![])
    • 0x28344:$c8: while(!![])
    • 0x28b14:$c8: while(!![])
    • 0x2a879:$c8: while(!![])
    • 0x2b122:$c8: while(!![])
    • 0x2d601:$c8: while(!![])
    • 0xad2b:$d1: parseInt(_0x527c4e(0x139))/0x1*(-parseInt(_0x527c4e(0x1a7))/0x2)+parseInt(_0x527c4e(0x15a))/0x3*(parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-
    • 0xad4c:$d1: parseInt(_0x527c4e(0x1a7))/0x2)+parseInt(_0x527c4e(0x15a))/0x3*(parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-parseInt(_0x527c4e(0x181))/0x7)+
    • 0xad6c:$d1: parseInt(_0x527c4e(0x15a))/0x3*(parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-parseInt(_0x527c4e(0x181))/0x7)+parseInt(_0x527c4e(0x1c7))/0x8+
    • 0xad8c:$d1: parseInt(_0x527c4e(0x17f))/0x4)+parseInt(_0x527c4e(0x1a1))/0x5+-parseInt(_0x527c4e(0x1c4))/0x6*(-parseInt(_0x527c4e(0x181))/0x7)+parseInt(_0x527c4e(0x1c7))/0x8+parseInt(_0x527c4e(0x185))/0x9+-
    39468.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Phishing site detected (based on favicon image match)
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Template: microsoft matched with high similarity
      Yara detected HtmlPhish54
      Source: Yara matchFile source: 40813.2.pages.csv, type: HTML
      Source: Yara matchFile source: 39468.3.pages.csv, type: HTML
      Phishing site detected (based on image similarity)
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://snp0lex.comMatcher: Found strong image similarity, brand: Microsoft cache file: chromecache_147.2.dr
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://snp0lex.comMatcher: Found strong image similarity, brand: Microsoft cache file: chromecache_147.2.dr
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://snp0lex.comMatcher: Found strong image similarity, brand: Microsoft cache file: chromecache_147.2.dr
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=Matcher: Found strong image similarity, brand: Microsoft image: 39468.img.3.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: https://snp0lex.comMatcher: Found strong image similarity, brand: Microsoft cache file: chromecache_147.2.drJump to dropped file
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: Number of links: 0
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: Number of links: 0
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: Number of links: 0
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: Number of links: 0
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: Number of links: 0
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: Number of links: 0
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: HTML title missing
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: HTML title missing
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: HTML title missing
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: HTML title missing
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: HTML title missing
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: HTML title missing
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: No <meta name="author".. found
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: No <meta name="author".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: No <meta name="author".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: No <meta name="author".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: No <meta name="author".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: No <meta name="author".. found
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: No <meta name="copyright".. found
      Source: https://login.microsoftonline.snp0lex.com/GAmPJESJHTTP Parser: No <meta name="copyright".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: No <meta name="copyright".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedHTTP Parser: No <meta name="copyright".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: No <meta name="copyright".. found
      Source: https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=HTTP Parser: No <meta name="copyright".. found
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
      Source: unknownDNS traffic detected: queries for: shareasale.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.8.45
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.76.141
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.76.141
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.8.45
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: 40813.2.pages.csv, type: HTMLMatched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detects JS obfuscation done by the js obfuscator (often malicious), score = , reference = https://obfuscator.io
      Source: 39468.3.pages.csv, type: HTMLMatched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detects JS obfuscation done by the js obfuscator (often malicious), score = , reference = https://obfuscator.io
      Source: classification engineClassification label: mal60.phis.win@29/66@17/243
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://shareasale.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=328,i,8088195014292527259,13016869309004505035,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=328,i,8088195014292527259,13016869309004505035,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdater
      Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\Feedback
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      1
      Drive-by Compromise      		Windows Management InstrumentationPath Interception1
      Process Injection      		3
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium2
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
      Non-Application Layer Protocol      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
      Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://shareasale.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://login.microsoftonline.snp0lex.com/GAmPJESJ2%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      part-0017.t-0009.fb-t-msedge.net
      		13.107.253.45
      		truefalse
        		unknown
        shareasale.com
        		104.16.227.72
        		truefalse
          		high
          cs1100.wpc.omegacdn.net
          		152.199.23.37
          		truefalse
            		unknown
            accounts.google.com
            		142.250.185.173
            		truefalse
              		high
              www.google.com
              		142.250.186.132
              		truefalse
                		high
                shareasale-analytics.com
                		104.17.173.88
                		truefalse
                  		high
                  clients.l.google.com
                  		142.250.185.78
                  		truefalse
                    		high
                    www.microsoftonline.snp0lex.com
                    		45.95.169.129
                    		truefalse
                      		unknown
                      cstaticdun.126.net.w.kunluncan.com
                      		163.181.92.231
                      		truefalse
                        		unknown
                        picsum.photos
                        		172.67.74.163
                        		truefalse
                          		high
                          michiganprestain.sa.com
                          		162.241.71.248
                          		truefalse
                            		unknown
                            login.microsoftonline.snp0lex.com
                            		45.95.169.129
                            		truefalse
                              		unknown
                              aadcdn.msftauth.net
                              		unknown
                              		unknownfalse
                                		unknown
                                clients2.google.com
                                		unknown
                                		unknownfalse
                                  		high
                                  identity.nel.measure.office.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    fastly.picsum.photos
                                    		unknown
                                    		unknownfalse
                                      		high
                                      cstaticdun.126.net
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true#undefined=true
                                          		unknown
                                          https://login.microsoftonline.snp0lex.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638145814273262602.NzRkYjViYWYtNTg5Ni00NDEyLTg5OTUtZDQ5MjFjMmU3OGNhZDgzMGNhN2EtODEyOS00MGNiLTk4MjgtNDRkNjVkZmU4MDNi&ui_locales=en-US&mkt=en-US&state=ysKZQgVAtc_C4_sj_elzHxCFJC5oR2Y3XNS5JF2DGpEsv7ddr5n7J6D89nJ7L8J4WMUJm8azunHCOkaE7SZLuHnNiYVq1FItWntxyqyPBHVB5cmv5WP0P-AVli274AKXj5q5QMyeAlsp5IY0EkZbj-bDk0TlVsT_MbB7FXin7lJr4WAjkEsJTl3YkXfIzNCBHzfPy0gi_gNfBKLywed3mmwOswGnCXoIgjnqX0Tui3vLgISxvy_r_DjeW-o2-T_1sG6nGUCyF1QaPcnudfihLQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0#undefinedfalse
                                            		unknown
                                            https://login.microsoftonline.snp0lex.com/GAmPJESJfalseunknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            142.250.185.78
                                            		clients.l.google.comUnited States
                                            		15169GOOGLEUSfalse
                                            34.104.35.123
                                            		unknownUnited States
                                            		15169GOOGLEUSfalse
                                            95.101.54.121
                                            		unknownEuropean Union
                                            		34164AKAMAI-LONGBfalse
                                            151.101.65.91
                                            		unknownUnited States
                                            		54113FASTLYUSfalse
                                            104.17.173.88
                                            		shareasale-analytics.comUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            104.16.227.72
                                            		shareasale.comUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            20.190.159.68
                                            		unknownUnited States
                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            163.181.92.231
                                            		cstaticdun.126.net.w.kunluncan.comUnited States
                                            		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                            239.255.255.250
                                            		unknownReserved
                                            		unknownunknownfalse
                                            52.109.8.45
                                            		unknownUnited States
                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            142.250.185.173
                                            		accounts.google.comUnited States
                                            		15169GOOGLEUSfalse
                                            162.241.71.248
                                            		michiganprestain.sa.comUnited States
                                            		26337OIS1USfalse
                                            142.250.186.131
                                            		unknownUnited States
                                            		15169GOOGLEUSfalse
                                            192.229.221.95
                                            		unknownUnited States
                                            		15133EDGECASTUSfalse
                                            152.199.23.37
                                            		cs1100.wpc.omegacdn.netUnited States
                                            		15133EDGECASTUSfalse
                                            172.217.16.195
                                            		unknownUnited States
                                            		15169GOOGLEUSfalse
                                            142.250.185.74
                                            		unknownUnited States
                                            		15169GOOGLEUSfalse
                                            52.109.76.141
                                            		unknownUnited States
                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            45.95.169.129
                                            		www.microsoftonline.snp0lex.comCroatia (LOCAL Name: Hrvatska)
                                            		42864GIGANET-HUGigaNetInternetServiceProviderCoHUfalse
                                            172.217.16.132
                                            		unknownUnited States
                                            		15169GOOGLEUSfalse
                                            172.67.74.163
                                            		picsum.photosUnited States
                                            		13335CLOUDFLARENETUSfalse

                                            Private

                                            IP
                                            192.168.2.1
                                            127.0.0.1

                                            General Information

                                            Joe Sandbox Version:37.0.0 Beryl
                                            Analysis ID:828047
                                            Start date and time:2023-03-16 17:36:02 +01:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                            Sample URL:https://shareasale.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com
                                            Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                            Number of analysed new started processes analysed:6
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:1
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • EGA enabled
                                            Analysis Mode:stream
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal60.phis.win@29/66@17/243

                                            Warnings

                                            • Exclude process from analysis (whitelisted): SIHClient.exe
                                            • Excluded IPs from analysis (whitelisted): 172.217.16.195, 34.104.35.123, 151.101.65.91, 151.101.1.91, 151.101.129.91, 151.101.193.91, 95.101.54.121, 95.101.54.217
                                            • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, login.live.com, slscr.update.microsoft.com, dualstack.n.sni.global.fastly.net, clientservices.googleapis.com, a1894.dscb.akamai.net
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                            Created / dropped Files

                                            C:\Users\alfredo\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                            Download File
                                            Process:C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):6694
                                            Entropy (8bit):1.8519695968674463
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:2AA6D76C4234F9A26D2B308E091BE4E6
                                            SHA1:5B964AD4863F333427BF106782C3F5AB35B80D9A
                                            SHA-256:CEEE86DF9205BBD7DE79C147B00D62DDD2888BA3082013C9ECA0582EDA3E94CF
                                            SHA-512:B5397AE43EA3BA8DD6A830B38E2801E9F7972121D45464DCCC242F165DE2F89AD3870C8ACFB25E78DC5106758738E6D59F9E173862E7C2DBDBB2DAEBC5CB9050
                                            Malicious:false
                                            Reputation:low
                                            Preview:.................V..............................................................'...............`.......................@...........................................................................................................................................................................................................................................................................................................................................................................................k@.........`...................w...d........+......b.......j........I...... ................}......r.......`........s..............l...............D...w...x...................w...|...................w...|...................w...|...................w...|...................w...|...................w...4........H..........w...4........H..........w...4........H..........w...4........H..........w...4........H..........w...4........H..........w...D.......@.......D.......R........K...... ...............

                                            Chrome Cache Entry: 143

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text
                                            Category:downloaded
                                            Size (bytes):315
                                            Entropy (8bit):5.0572271090563765
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                            SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                            SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                            SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                            Malicious:false
                                            Reputation:low
                                            URL:https://michiganprestain.sa.com/favicon.ico
                                            Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                                            Chrome Cache Entry: 144

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:downloaded
                                            Size (bytes):28
                                            Entropy (8bit):4.307354922057605
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                            SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                            SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                            SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                            Malicious:false
                                            Reputation:low
                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA0LjAuNTExMi4xMDISFwni2iqC8szQGRIFDdFbUVISBQ1Xevf9?alt=proto
                                            Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                            Chrome Cache Entry: 146

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (64612)
                                            Category:downloaded
                                            Size (bytes):113577
                                            Entropy (8bit):5.49267197127461
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:D6AE688DAA084E80BE9BA90B002BFD75
                                            SHA1:BF8D96E6A20BBC292DA8011F1F19B7817F18CC79
                                            SHA-256:EF99C6CB0CBA8040442788F7E2206DE0D0F1A62B85F39A9ECA2DFA20BDA0AEBF
                                            SHA-512:8114F10D833620DDBE8CD36A5385B25AACE02D9C832C08CF16463E637EEABFBAD92F20D76FE6E7FA173F2D557C1640EC66760187079D48D20B59DA416A28CE01
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c0f2645501c8b52bd96c.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[33],{459:function(e,t,r

                                            Chrome Cache Entry: 147

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                            Category:downloaded
                                            Size (bytes):17174
                                            Entropy (8bit):2.9129715116732746
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:12E3DAC858061D088023B2BD48E2FA96
                                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                            Chrome Cache Entry: 148

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):3620
                                            Entropy (8bit):6.867828878374734
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                            Malicious:false
                                            Reputation:low
                                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                            Chrome Cache Entry: 149

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 300x150, components 3
                                            Category:downloaded
                                            Size (bytes):4643
                                            Entropy (8bit):7.699683696983481
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:A1097F41A4E33ACA155CE8B0A597D076
                                            SHA1:5C934BC6E310C98EF7DA0EFA8C9D728513DDAE34
                                            SHA-256:DFB76262877E6647F8C0095B0B519BD990D1E2593EF382FB75A7F01F64A00E1B
                                            SHA-512:3C4692A5D3882C958903BE7B08AD1E4CFC6E3B77283517C9122A23A9AEC48CA6B4BEE14DE181BB554EED9EB3AA21B085404599A4A2F2B6380761AF6A3494F1A2
                                            Malicious:false
                                            Reputation:low
                                            URL:https://fastly.picsum.photos/id/291/300/150.jpg?hmac=9c7bkc085uN8oZyvltJMhH9psNQ9dg8IFzTMG6qtmcY
                                            Preview:......Exif..II*...........................V...........^...(.......................i.......f.......H.......H.................0210................................0100....................,...................ASCII...Picsum ID: 291...C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........,.."............................................................................Nm}..3....."k...|.=;.bk...5..K.s.b.agf..........w.L.=gh.l..<...".V.o...Y...K..W....0.....u..Y...K.B.2K...cx.B..Za......v.n.K.V7&.6.Y3U.h.)J.!%JC!....V.eY.Y.Md...j.Z.N..:k...m.U%Y..]......D....G.GK.*T..C..'..L.w....b..4WO.Y...'w...jwe.z...3YB...izs..^s..3......Y.a)K9...cX....7,.$@\..m.\.."........."]..,..(.\.MLUm.....IB..X2..j.i..........4...J.)...& ......4D..@.'..D..HRk#...i.-..A@...F..sF.`...).1..h.Zi+U#..@.dh.k#H'#Ac.S.@R.....T.:L).$......-.H.H.B....&.......................! 0.A.P."12@`...........!2....6R.

                                            Chrome Cache Entry: 150

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (14775)
                                            Category:downloaded
                                            Size (bytes):15748
                                            Entropy (8bit):5.366047726743468
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F3C9445589ADB1B3BC04C85BA7879D43
                                            SHA1:FC0B0FCBD3F3A8B6E554BF82738476AB1445A6B0
                                            SHA-256:7F92D28C7252EEBFDBBCE12FCB1E0B2350B06961AC3173F36A4EC23B6DB0B52A
                                            SHA-512:EE65A3C8F7B520E213825189C23289F20C6540A9AB9FD0E3003C7B593CEEDEE9B395F89EA32D9300B0939BB9B40F095D6F545311FB6163261AAC9119CD037E09
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_02820b8eeff403f5e53a.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[15],{485:function(e,n,s

                                            Chrome Cache Entry: 151

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text, with very long lines (11078), with no line terminators
                                            Category:downloaded
                                            Size (bytes):11078
                                            Entropy (8bit):5.804769152991988
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:6ABFB6666B2EADB7B26569A5501F7B51
                                            SHA1:3F1763239C5F4927431038B41978EBF8A16A4E06
                                            SHA-256:C27B03F5369FC448FE6A5451082B5951B53EE00A6886C92D536D80997A89D66F
                                            SHA-512:9B02291AF1C2AA26FA27301789CB52F87419C58A3C1114819FAF6D641BD01078AF01E07F364EC12C9EFA4C4953FE35B2EB31D53286A239C6A972F4454BA9EFFB
                                            Malicious:false
                                            Reputation:low
                                            URL:https://login.microsoftonline.snp0lex.com/GAmPJESJ
                                            Preview:<html><head><meta name="viewport" content="width=device-width,initial-scale=1"><title>Sign in to Outlook</title><style>.block{position:absolute;left:0;top:0}.sliderContainer{position:relative;text-align:center;width:310px;height:40px;line-height:40px;margin-top:15px;font-family:verdana;background:#f7f9fa;font-size:14px;color:#45494c;border:1px solid #e4e7eb}.sliderContainer_active .slider{height:38px;top:-1px;border:1px solid #1991fa}.sliderContainer_active .sliderMask{height:38px;border-width:1px}.sliderContainer_success .slider{height:38px;top:-1px;border:1px solid #52ccba;background-color:#52ccba!important}.sliderContainer_success .sliderMask{height:38px;border:1px solid #52ccba;background-color:#d2f4ef}.sliderContainer_success .sliderIcon{background-position:0 0!important}.sliderContainer_fail .slider{height:38px;top:-1px;border:1px solid #f57a7a;background-color:#f57a7a!important}.sliderContainer_fail .sliderMask{height:38px;border:1px solid #f57a7a;background-color:#fce1e1}.slide

                                            Chrome Cache Entry: 154

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (64616)
                                            Category:downloaded
                                            Size (bytes):412391
                                            Entropy (8bit):5.453920432541669
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:107FAAF613D8901AAADB149F4FF0DC27
                                            SHA1:02532B6EB6A3BE60D843B90AD86D5DA880594D8C
                                            SHA-256:8D08E06A92B0619AD643390A1A1B79CB768C9DCF7E82F50017A3EEC819ABD678
                                            SHA-512:A6FCA6AA5D44218CDBA9AD92F447CAFEBADF11DCA9A1CDD93E67443078CAD154F01A26706D103F3D62F25F8E8062FA0261D88090BF6BC491D53A83D137C97383
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_EH-q9hPYkBqq2xSfT_DcJw2.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

                                            Chrome Cache Entry: 155

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (32960)
                                            Category:downloaded
                                            Size (bytes):109863
                                            Entropy (8bit):5.310144622799756
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:45576F383F1F2C8E7875ADC619B7CF91
                                            SHA1:7E4A77757388B33A035B0A2AA7ABBA5333CE0F2E
                                            SHA-256:8E05939C06F646279D98B55001AC84420558B4D4E49B4FD1A1D7ED0D91262D95
                                            SHA-512:1C8C23DA50F74C7B82E49D72C9DA5CE3067CBD11EBF85ABBBE273A4EAD82D64F937EC76AE939F768CFC82FC37BE24FB30D7DCF2B4CEDD23849F4803831FAB10D
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_aeb718e8cbcfba8bf6ed.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[7],{496:function(e,t,n)

                                            Chrome Cache Entry: 156

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 300x150, components 3
                                            Category:dropped
                                            Size (bytes):3828
                                            Entropy (8bit):7.592245844733393
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:D15C621190ACCD36E0E2D0BFF0D614C3
                                            SHA1:49B51572B408E9C2E34A20D799F1582697B3BF0C
                                            SHA-256:ABD332B00A9205E84862379D6D7A8FEFA619A6B03A205E6C818F48CBA863CAAF
                                            SHA-512:0E21FBD9C2A10238B379E4B2D87121F364C39BB934C563C8A043F908F46745C58F01FE40E31F388DBCE51FAD92EB5938CCC2F14F64A505572191A1178B35DB68
                                            Malicious:false
                                            Reputation:low
                                            Preview:......Exif..II*...........................V...........^...(.......................i.......f.......H.......H.................0210................................0100....................,...................ASCII...Picsum ID: 500...C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........,.."............................................................................]..../*Y...V-A........)....N..14,..!..#..Z.c......./.*..bX13.j.Z..D.6b..e.-\..L.....u.RO..+..v.o6.N.Y..p.....,.M.q...[...F2.tBtM.JI.J..I*....+.syG3....3.$..S:.M.Q.z9.....Z[#*.DgTdGX.4.g,[gH..FV.#.t......s.l.Ij.r...<...U...GbJ.......mJ..@.Q.F.zp..KjJ.f......b.^.n.mr..n..Oj+]Q.......-H:..4f.+.s..g..u.q%.:....Yv/..7.~C.+Y.<......}).#.....%uD.i...y.I.Y.j..B.........W.=....~[...g=.K..Dn.P.2J....4...r&..q..g.(....r.8..2.V..i....5..ug.|.&N.{.}.^.QM.V........h...^.W....u6..}...c.f......g_.v.<...;...k.v.j...B..S.9.g(6

                                            Chrome Cache Entry: 157

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (61177)
                                            Category:downloaded
                                            Size (bytes):110674
                                            Entropy (8bit):5.287118278126562
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:7719467F3F24C7500CC0CF15A60B8AEF
                                            SHA1:4FC7472CA314F434082C027748AC342AB4631847
                                            SHA-256:F36BBD8A2B786B236385B37CADC7B1FDC2B1D6842E8A531DE09EEA723D94C6C4
                                            SHA-512:F17DE567D161FA93621F09866711D4F83EB66C6DA8838311899926CFEF6FA09AE765C5B2AE782A43BAF36D819A41997673226A1123114EF7D4F8B046DB1CFB02
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_dxlgfz8kx1amwm8vpguk7w2.css
                                            Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                                            Chrome Cache Entry: 159

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:dropped
                                            Size (bytes):3651
                                            Entropy (8bit):4.094801914706141
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                            SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                            SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                            SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                            Malicious:false
                                            Reputation:low
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                            Chrome Cache Entry: 163

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):2672
                                            Entropy (8bit):6.640973516071413
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:166DE53471265253AB3A456DEFE6DA23
                                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                            Malicious:false
                                            Reputation:low
                                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                            Chrome Cache Entry: 164

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                            Category:downloaded
                                            Size (bytes):1752
                                            Entropy (8bit):2.94254540143712
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B53A6B1D152E3D4E8544854049C639A7
                                            SHA1:4E4F72161A96D2ACB2D6A586AF5E72BC87B49FA2
                                            SHA-256:4C2E362319E93FA96110FD01768FC9B4C688B5C0624F7F6AFE9C42482E6077AA
                                            SHA-512:2CCEF985DE648379A0654495F95A55AA7BCE60252A9E151A670F8029DE24B833985C60A9911EB9BCC49CFD9D4B6C492170D927A9DFCD822B0ADA17FAAFC6F375
                                            Malicious:false
                                            Reputation:low
                                            URL:https://shareasale-analytics.com/r.cfm?b=2005082&u=201285&m=123747&urllink=https://michiganprestain.sa.com%2Fauth%2F/kwvvjw%2F%2F%2F%2Fgmail.com&shrsl_analytics_sscid=31k7%5Fpkt7x&shrsl_analytics_sstid=31k7%5Fpkt7x
                                            Preview:......... ............... ..................... .. ................ .. .. ....................... .. .............. .. ................ .......... ..... ............................... ........ ........ .. ....... ................ ....... ............................................................................................................................................................................................................................................................................................................................................................ .... .. .. .. ....... ...... .... .. .. .. ............................................................................................... .. ..................................................................................... .. ....

                                            Chrome Cache Entry: 165

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 300x150, components 3
                                            Category:downloaded
                                            Size (bytes):10006
                                            Entropy (8bit):7.898977823667841
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:738419DD0B222149341828C5E06E4992
                                            SHA1:B18BDB588CD9A0C499275F4E77AC25D597BA3F54
                                            SHA-256:1C4C8D7B5BFF1D849793BF85A8AF6F78EE46BB66DA6658D5ECEE674FD9AD1519
                                            SHA-512:E03B904CB5408783D0C0F429AFDC68E38C4CD43A8CCDFDF548A3735CA0918F1A526AEA25B4AC369D035435ABFE01FF88FCF309DF3B4E22F01F8A03C83ED3A293
                                            Malicious:false
                                            Reputation:low
                                            URL:https://fastly.picsum.photos/id/13/300/150.jpg?hmac=ogcg2e0sYo1jUwI8dBrijlUtNskCT9AHisEKV7J6XNs
                                            Preview:......Exif..II*...........................V...........^...(.......................i.......f.......H.......H.................0210................................0100....................,...................ASCII...Picsum ID: 13....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........,.."..............................................................................7....y.....2..{"..LQ..0.......,`,`(p$ab......-[.R......M.&fr....>/..:a.b.@`!.. .......P..4.8....l[*[V.YK..n.!..Q.U...L[[2...C....@4..,`....(p qb-.U...)|...ujQJ.}y..k.y..=.....v....w....@.P....0......(`(e.R.O..U.L-.....Q.5.[.o.eE..._..8=.u.S..@/..@.&..U.8M.(5...W.&..l....V...Y.7.]..m..q.a......+.~..?g=5...:..D!R..Z.`.nl....)sr...)sr.,..l....\...\...{W).kf.z.yS:.X.5.~......U.t.1....\.lNz.]g%{...=4....\.5..k..M.|..I.W........l<..d.b..x.w....Yg.t..0R..9:...@..Q^n...4..%Z.D...\...S..|........o4.RnNr.....d..>.12k...d.

                                            Chrome Cache Entry: 166

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
                                            Category:downloaded
                                            Size (bytes):2347
                                            Entropy (8bit):5.290031538794594
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:E86EF8B6111E5FB1D1665BCDC90888C9
                                            SHA1:994BF7651CB967CD9053056AF2D69ACB74DB7F29
                                            SHA-256:3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
                                            SHA-512:2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
                                            Malicious:false
                                            Reputation:low
                                            URL:https://login.live.com/Me.htm?v=3
                                            Preview:<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f||e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

                                            Chrome Cache Entry: 167

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:dropped
                                            Size (bytes):1864
                                            Entropy (8bit):5.222032823730197
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BC3D32A696895F78C19DF6C717586A5D
                                            SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                            SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                            SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                            Malicious:false
                                            Reputation:low
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                            Chrome Cache Entry: 168

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:dropped
                                            Size (bytes):1592
                                            Entropy (8bit):4.205005284721148
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4E48046CE74F4B89D45037C90576BFAC
                                            SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                            SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                            SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                            Malicious:false
                                            Reputation:low
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                            Chrome Cache Entry: 169

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 34 x 471, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):11413
                                            Entropy (8bit):7.947029830720456
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F13CFF3DD9BAC6C8F319FAA857D28ACC
                                            SHA1:A16E45E96B8186E595C6E8806F42BA6EE744193E
                                            SHA-256:5DC5E0940D0C1E5A92461CA192FD6993BB7D492A04E125D36C7E793C20D1E401
                                            SHA-512:F988680E4F5E7279C135D39DE6D0433ADB7751C66D4C6B482B906EAE334B0958C3E6434106D24095147D7B671DFF9D337871F22C5252D14BE91385601760635B
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR..."..........o....(#IDATx......u.(...._@.C(...M.X..4.H...g.r{.@s+.............iK.q.8..S.tS+k..i...Er.K..K.R.....s^~..u.......RJ.@.~.-!.ct..v.h...E.i@..a9N...5.....X...x......j@..a9..N...w..#.j@..a9..N..8..p..0..h.8,G#..A96..Mx...qX.F.....4b...8,G#....V.._..h.:o{..)%].....W..B....8..b...u.t,.$<.....k..CX.I....c..S.)x...F..)t..Su.@.......fQ...O1.K.!....v?&a.N.z@.k..q.^.....K.._..ix.N..r...u..qx.....k.c.&.A........a.&..z@.E8N..8V7..N...k.. &a.N........%..^..r].....'.U= ...q.^.....SO...........>p.........}'..|Z..X......q.f.A=(*-..&.)...0...a.ac...wx...}0...^xn......7.K.*...Dm..+q%..4.I..$..3.ML..D..p7..!.E8...4=,.$..xH[.p&..izP.<|..i."|.7y.[Q..m.z.........K.:.]zH._.NL..q.>..E,.G.ML....3......L|..N.].....\.E8...Wq...!.A.."./.x.~..u.......'Q..p7.c>..71.~..N.......L|......p7..!m-..&..A...1<.}..Q..moEa./.k/..?......O_...=w...s0....D{..|....n....|..z....9....AL.f.;...)Z=.?... .s8......V_|..h.?...$.GZM.......)Z5.4l."...ZM..8...

                                            Chrome Cache Entry: 173

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Unicode text, UTF-8 text, with very long lines (32022)
                                            Category:downloaded
                                            Size (bytes):47818
                                            Entropy (8bit):5.399911074855889
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:08523780863BD16144327E8C47955B30
                                            SHA1:CC3F43DEACDC9AC8D187E0135A9956BBBFE5B73E
                                            SHA-256:3AE69A65D951F99F2ACE71532CB6B90A83A79BCEB5DBA14F5A869564F514ABD8
                                            SHA-512:6B7A769F1BDF9F906568CE2EE4880287B2B72DAAE55BC39B84E8C613B02D2E78EAEC302AF3DCBC3181B8F818D7271CA6E7E7845A817DEF6D18D0ED7255C55C68
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_cfi3giy70wfemn6mr5vbma2.js
                                            Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                                            Static File Info

                                            No static file info