Edit tour

Windows Analysis Report
Paper Extension tax filing Update.eml

Overview

General Information

Sample name:	Paper Extension tax filing Update.eml
Analysis ID:	1427018
MD5:	50886a951b615d33426822bd4baa4899
SHA1:	a4cb2f165af9d6a0f1363db33e520b88f8cb7ace
SHA256:	d1c96dca83b679d49ddde83e71a33d445cef686fa7258fa1dfee0bf5f7835f71
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Found iframes

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6212 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Paper Extension tax filing Update.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 3924 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CC6732E0-2F50-4934-9466-D3DA2EABDCED" "CE0FD662-5B9A-482F-BB4E-645EEF8AB9E8" "6212" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 3436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://u2355257.ct.sendgrid.net/ls/click?upn=u001.4YkCuNYTF3S1epm9KijHzHFfZe6RGn3F0umQQjG6fIb5h6U0n3Lap6J1hKqXi7Fiss-2Fnjz-2BcFRXpypvRmmfgWgS9YOA42mWEN6Q3lVKaoWq5kCFdgptgm12P2ITf3ZI5OC4x_ovuZeGJ-2FF3ZygvyEwlCpf4K-2FBT4P5dS9YDsilIX8zOjQKrVBMLDIxfLrWhy3JYWFj2al1ZQrpyrA0-2BroCDjJz26Xz7Hx1WPMrLManVR20bZ1gyqnIrq3pxy4IB2wbo1xSju1t4x-2FaWM3jIeyKNTVrWWNKsqBDy7zf-2B1GVEjDVd-2Fl7OBuSEf1BtAssX-2B5owIdCVialP-2BmTac8GicUOMuWMg-3D-3D MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,807967279535096577,10075747481210455159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.1.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6212, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://cklglhcewevsqdgaemswijeahkgbsv.cfd	Matcher: Template: microsoft matched with high similarity
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	Matcher: Template: microsoft matched
Source: https://portal.cklglhcewevsqdgaemswijeahkgbsv.cfd/Prefetch/Prefetch.aspx	Matcher: Template: microsoft matched

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true

HTTP Parser: eprifti@stonhard.com

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: Iframe src: https://portal.cklglhcewevsqdgaemswijeahkgbsv.cfd/Prefetch/Prefetch.aspx
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: Iframe src: https://portal.cklglhcewevsqdgaemswijeahkgbsv.cfd/Prefetch/Prefetch.aspx

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com	HTTP Parser: Number of links: 0
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com	HTTP Parser: No favicon
Source: https://portal.cklglhcewevsqdgaemswijeahkgbsv.cfd/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com	HTTP Parser: No <meta name="author".. found
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.60.84.144:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.60.84.144:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49764 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 167.89.123.16 167.89.123.16
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 13.107.213.70 13.107.213.70

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.84.144
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.12

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.4YkCuNYTF3S1epm9KijHzHFfZe6RGn3F0umQQjG6fIb5h6U0n3Lap6J1hKqXi7Fiss-2Fnjz-2BcFRXpypvRmmfgWgS9YOA42mWEN6Q3lVKaoWq5kCFdgptgm12P2ITf3ZI5OC4x_ovuZeGJ-2FF3ZygvyEwlCpf4K-2FBT4P5dS9YDsilIX8zOjQKrVBMLDIxfLrWhy3JYWFj2al1ZQrpyrA0-2BroCDjJz26Xz7Hx1WPMrLManVR20bZ1gyqnIrq3pxy4IB2wbo1xSju1t4x-2FaWM3jIeyKNTVrWWNKsqBDy7zf-2B1GVEjDVd-2Fl7OBuSEf1BtAssX-2B5owIdCVialP-2BmTac8GicUOMuWMg-3D-3D HTTP/1.1Host: u2355257.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?9UWK56or=eprifti@stonhard.com HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_3b4rnVNi70Sso4_c42_ImQ2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ZGHTKAPuFtOSnun5nCW3lul6rNpBpYnnNC_J_Mj44sDNeaV_DwuLkcVMK02tXZLo7fg7Q1RvUmCBbYjkk-ERp4-WgLu1sfVsYQbIhlUdS8PE0mYneSrUwFbsvcQsMlSS_mtxOKq62bVbRIuvDOyu7zJhytclFlND5pITkXbW_lsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ZGHTKAPuFtOSnun5nCW3lul6rNpBpYnnNC_J_Mj44sDNeaV_DwuLkcVMK02tXZLo7fg7Q1RvUmCBbYjkk-ERp4-WgLu1sfVsYQbIhlUdS8PE0mYneSrUwFbsvcQsMlSS_mtxOKq62bVbRIuvDOyu7zJhytclFlND5pITkXbW_lsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3wSlooz11uTnbb2&MD=4VnD6nrg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?9UWK56or=eprifti@stonhard.com&sso_reload=true HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ZGHTKAPuFtOSnun5nCW3lul6rNpBpYnnNC_J_Mj44sDNeaV_DwuLkcVMK02tXZLo7fg7Q1RvUmCBbYjkk-ERp4-WgLu1sfVsYQbIhlUdS8PE0mYneSrUwFbsvcQsMlSS_mtxOKq62bVbRIuvDOyu7zJhytclFlND5pITkXbW_lsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ZGHTKAPuFtOSnun5nCW3lul6rNpBpYnnNC_J_Mj44sDNeaV_DwuLkcVMK02tXZLo7fg7Q1RvUmCBbYjkk-ERp4-WgLu1sfVsYQbIhlUdS8PE0mYneSrUwFbsvcQsMlSS_mtxOKq62bVbRIuvDOyu7zJhytclFlND5pITkXbW_lsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/8756d639df5607d2 HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ZGHTKAPuFtOSnun5nCW3lul6rNpBpYnnNC_J_Mj44sDNeaV_DwuLkcVMK02tXZLo7fg7Q1RvUmCBbYjkk-ERp4-WgLu1sfVsYQbIhlUdS8PE0mYneSrUwFbsvcQsMlSS_mtxOKq62bVbRIuvDOyu7zJhytclFlND5pITkXbW_lsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; cf_clearance=ziDwSyEIq1onuYl6DSGRFcdX1vty69Rsc_tRvIBJ4Fg-1713298420-1.0.1.1-e6yvAtr02sXuphr6QGn2q70GGKxpcCDMY4kL.h.PQcB5BvcPfZQ18GUWu74SFir10ztSr2c2IBXI.6uKpJkExQ
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfdsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/?9UWK56or=eprifti@stonhard.com&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; cf_clearance=ziDwSyEIq1onuYl6DSGRFcdX1vty69Rsc_tRvIBJ4Fg-1713298420-1.0.1.1-e6yvAtr02sXuphr6QGn2q70GGKxpcCDMY4kL.h.PQcB5BvcPfZQ18GUWu74SFir10ztSr2c2IBXI.6uKpJkExQ; buid=0.AVkAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_kDRnZ_vtGuYw3w7NLh4eglgI2XHllmFVH7M0eQThi8JyS5L52YBW-lGbEvYfIOiFsaJXDAC7w5VpxLi2feuwE2DudAg4DkHOfpwum8bFPMgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8mXIES4KmamlP95JNP7Q1vHO-sgfi9XEgHxnIqLbF9v5444dVGZW3Y_ih3uh2PzXOyEKGwHk8ihihPTuTJKYoHpoKZH9AErNvYm4HGFJLFxEALs2gaU7O9O_qiIqU1F368iu-xeKBkxjlX0WuYj8kdHsvQwq5K-94ypW81VlLrF8gAA; esctx-HO381SMsIYw=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8jlDIlAvy-nFD8fDDXbKOphwSk4wh2VdFjrTG-iNZB_GltjYSBN71X1o9-_qeEFlDyfrmHYpwgpp2bMWWXMhgaZmWkgWqSDS3p3HCmY2wru_MrSB09H3jtaRvXQyJM-0ArnKC4Ysb9pvY6ff5F87wwiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h24vjNwAQAAAPXSsN0OAAAA
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: portal.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ziDwSyEIq1onuYl6DSGRFcdX1vty69Rsc_tRvIBJ4Fg-1713298420-1.0.1.1-e6yvAtr02sXuphr6QGn2q70GGKxpcCDMY4kL.h.PQcB5BvcPfZQ18GUWu74SFir10ztSr2c2IBXI.6uKpJkExQ
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/8756d6564f446783 HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVkAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_kDRnZ_vtGuYw3w7NLh4eglgI2XHllmFVH7M0eQThi8JyS5L52YBW-lGbEvYfIOiFsaJXDAC7w5VpxLi2feuwE2DudAg4DkHOfpwum8bFPMgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8mXIES4KmamlP95JNP7Q1vHO-sgfi9XEgHxnIqLbF9v5444dVGZW3Y_ih3uh2PzXOyEKGwHk8ihihPTuTJKYoHpoKZH9AErNvYm4HGFJLFxEALs2gaU7O9O_qiIqU1F368iu-xeKBkxjlX0WuYj8kdHsvQwq5K-94ypW81VlLrF8gAA; esctx-HO381SMsIYw=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8jlDIlAvy-nFD8fDDXbKOphwSk4wh2VdFjrTG-iNZB_GltjYSBN71X1o9-_qeEFlDyfrmHYpwgpp2bMWWXMhgaZmWkgWqSDS3p3HCmY2wru_MrSB09H3jtaRvXQyJM-0ArnKC4Ysb9pvY6ff5F87wwiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h24vjNwAQAAAPXSsN0OAAAA; brcap=0; cf_clearance=.0mt.WMV7jZnmeaqzOUjOL_Llu2pUDT4FpJPXoRx8SA-1713298424-1.0.1.1-HALtSKAQOPhJx1luuUwzGDNpgHyYlEVjtoLUZwZfFFkbFDU3GYa..OWdbcMsYyak_zHO4mt0qIQuXMWB7UZIMg
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.cklglhcewevsqdgaemswijeahkgbsv.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-TUhAM83BWqM=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd81wE6KXGYTE6U0DQuUzRcgsZI8AMPm8HnmEavqNN9IMAFlYxj1SGOKHNjKaao-_YSQwj8XwJSCUntdaUGe6gEz3tsgHGm7YISXf70XWYx6uPb9KxifoHfxcz8UATKvGErPiOVa4F5tirM8O5-4pIaIiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVkAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_kDRnZ_vtGuYw3w7NLh4eglgI2XHllmFVH7M0eQThi8JyS5L52YBW-lGbEvYfIOiFsaJXDAC7w5VpxLi2feuwE2DudAg4DkHOfpwum8bFPMgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8mXIES4KmamlP95JNP7Q1vHO-sgfi9XEgHxnIqLbF9v5444dVGZW3Y_ih3uh2PzXOyEKGwHk8ihihPTuTJKYoHpoKZH9AErNvYm4HGFJLFxEALs2gaU7O9O_qiIqU1F368iu-xeKBkxjlX0WuYj8kdHsvQwq5K-94ypW81VlLrF8gAA; esctx-HO381SMsIYw=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8jlDIlAvy-nFD8fDDXbKOphwSk4wh2VdFjrTG-iNZB_GltjYSBN71X1o9-_qeEFlDyfrmHYpwgpp2bMWWXMhgaZmWkgWqSDS3p3HCmY2wru_MrSB09H3jtaRvXQyJM-0ArnKC4Ysb9pvY6ff5F87wwiAA; fpc=ApjW1mnnS5hOtpGhR0aR5h24vjNwAQAAAPXSsN0OAAAA; brcap=0; cf_clearance=.0mt.WMV7jZnmeaqzOUjOL_Llu2pUDT4FpJPXoRx8SA-1713298424-1.0.1.1-HALtSKAQOPhJx1luuUwzGDNpgHyYlEVjtoLUZwZfFFkbFDU3GYa..OWdbcMsYyak_zHO4mt0qIQuXMWB7UZIMg; uaid=da5c7a60668c4a59ba43c50645355e44; MSPRequ=id=N&lt=1713298424&co=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_beba75e58c98af016c6f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3wSlooz11uTnbb2&MD=4VnD6nrg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: u2355257.ct.sendgrid.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 20:13:42 GMTContent-Length: 0Connection: closeCache-Control: privateStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: d7de6fb3-16d4-4797-81fb-799ae90c0800x-ms-ests-server: 2.1.17789.7 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originX-XSS-Protection: 0CF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyServer: cloudflareCF-RAY: 8756d6569850184b-ATLalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 20:13:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: no-store, no-cacheSet-Cookie: s.SessID=b65c3977-5fdd-4394-a6d5-ce906551e0b8; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: s.SessID=b65c3977-5fdd-4394-a6d5-ce906551e0b8; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: x-portal-routekey=eus; path=/; secure; HttpOnlyX-Content-Type-Options: nosniffX-UA-Compatible: IE=EdgeX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: FE1E51AEACB946F4A0FDEAC36A9E5FC1 Ref B: EWR311000108025 Ref C: 2024-04-16T20:13:45ZCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b49AA%2FOhy9LUtrTkQnPJ5thXuo9bLyN4ENqybTG6ddLCdaJGTlfRoBijdPhwW3W7cRyvOE0QOoWVVKedtg0RzEdyeocRi%2FuA5URcXMvd9DAVBmYpdDt5cfs6DKwrq%2B4kfCaI94SrVEHkOerGThiYLLWYtN%2FZf%2Bs%2FdF0gNQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8756d671798fadb9-ATLalt-svc: h3=":443"; ma=86400

Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.aadrm.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.aadrm.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.cortana.ai
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.microsoftstream.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.office.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.onedrive.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://api.scheduler.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://augloop.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://augloop.office.com/v2
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cdn.entity.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://config.edge.skype.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cortana.ai
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cortana.ai/api
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://cr.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://d.docs.live.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dev.cortana.ai
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://devnull.onenote.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://directory.services.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ecs.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://edge.skype.com/rps
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://graph.windows.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://graph.windows.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ic3.teams.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://invites.office.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://lifecycle.office.com
Source: chromecache_78.13.dr	String found in binary or memory: https://login.cklglhcewevsqdgaemswijeahkgbsv.cfd
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: chromecache_78.13.dr	String found in binary or memory: https://login.windows-ppe.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr, OUTLOOK_16_0_16827_20130-20240416T2213240411-6212.etl.1.dr	String found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20240416T2213240411-6212.etl.1.dr	String found in binary or memory: https://login.windows.localffiR
Source: OUTLOOK_16_0_16827_20130-20240416T2213240411-6212.etl.1.dr	String found in binary or memory: https://login.windows.localnullD
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://make.powerautomate.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://management.azure.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://management.azure.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.action.office.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://messaging.office.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ncus.contentsync.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://officeapps.live.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://officepyservice.office.net/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://onedrive.live.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office365.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office365.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://powerlift.acompli.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://res.cdn.office.net
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.39
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://settings.outlook.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://staging.cortana.ai
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://substrate.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://tasks.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: Paper Extension tax filing Update.eml	String found in binary or memory: https://u2355257.ct.se=
Source: ~WRS{BFC0B54A-8775-40A0-B1BE-A30591683D7A}.tmp.1.dr	String found in binary or memory: https://u2355257.ct.sendgrid.net/ls/click?upn=u001.4YkCuNYTF3S1epm9KijHzHFfZe6RGn3F0umQQjG6fIb5h6U0n
Source: Paper Extension tax filing Update.eml	String found in binary or memory: https://u2355257.ct.sendgrid.net/wf/open?upn=3Du001.P=
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://webshell.suite.office.com
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://wus2.contentsync.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: 3CEDFC9C-9059-4584-BF97-B95471D71D48.1.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.60.84.144:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.60.84.144:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49764 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.winEML@18/63@20/8