Windows Analysis Report
https://edw.sharepoint.com/edw-cda/aprile

Overview

General Information

Sample URL:	https://edw.sharepoint.com/edw-cda/aprile
Analysis ID:	1428814
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /edw-cda/aprile HTTP/1.1Host: edw.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile HTTP/1.1Host: edw.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie HTTP/1.1Host: edw.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRmVkdyUyRGNkYSUyRmFwcmlsZQ==
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_Opi7194S1KGfLCIZE3SR9A2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: edw.sharepoint.com

Source: chromecache_64.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_64.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_64.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_60.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_60.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/61@22/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edw.sharepoint.com/edw-cda/aprile"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	sni1gl.wpc.upsiloncdn.net	United States	15133	EDGECASTUS	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.57	part-0029.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
173.194.219.104	www.google.com	United States	15169	GOOGLEUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
part-0013.t-0009.t-msedge.net	13.107.213.41	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
sni1gl.wpc.upsiloncdn.net	152.195.19.97	true
www.google.com	173.194.219.104	true
cs1227.wpc.alphacdn.net	192.229.211.199	true
part-0029.t-0009.t-msedge.net	13.107.246.57	true
part-0012.t-0009.t-msedge.net	13.107.213.40	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
autologon.microsoftazuread-sso.com	40.126.29.11	true
aadcdn.msauthimages.net	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
edw.sharepoint.com	unknown	unknown
login.microsoftonline.com	unknown	unknown
account.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://aadcdn.msauthimages.net/c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490	false	unknown
https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	false	high
https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	false	high
https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	false	high
https://edw.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile	false	unknown
https://edw.sharepoint.com/edw-cda/aprile	false	unknown
https://edw.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie	false	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 58	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 59	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 60	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 61	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 62	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379	847A4212B99B9076EE39328B24CD30AF	73F15078CF1D396485F644A79B6E25EF0637685D	29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
Chrome Cache Entry: 63	PNG image data, 191 x 61, 8-bit/color RGBA, non-interlaced	72C36648088C2FE7B9B4CCFAFEE54113	59BE588964828F273A846E2B6CF12FA2C1122733	9B84F50BA79AF1A11C46B03702084893D3C58A807C131BCF843221559F8B1F3D
Chrome Cache Entry: 64	ASCII text, with very long lines (45563)	0A1A5BA009FB1F25E3F3D036D8CF26CE	8E9E6A11CED0807252C34DCA1D8C7C2390D1A5CA	94153F2A6DAAE35DFCB61DC987E2D4310B7CA021E36375E87D8B8C641C0C6121
Chrome Cache Entry: 65	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15708	98421BE6893CF3AA929C5F6C4A0C5C67	2BB411BB6B6C31AE02B81F199C90219717F718AF	019D26044CCF18F979DFBB8677828FA36BF5CBFC529CECD942644CFE86D90D04
Chrome Cache Entry: 66	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4730	6B0D2BCDD2E39B2CB0BDAB6597E44505	C7199742BB5F63AEC0FD2DE7003A8B1C795D78A1	9BCEC3FDDE9BED6ABFDA1A875B596571E3DEFD078E2050DC1B2D85F4483CCAE0
Chrome Cache Entry: 67	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 68	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378	6F68E9881DF18F8E251AB57D5786239B	C0F7A01A288752833390FC330995F25488BCE8EC	B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
Chrome Cache Entry: 69	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90690	1E5B765B32C5F65973D835E9EE3EBF20	2AE4B7B8E6303DBB2424730062C2FB1D752219B5	D443B4A9F2542CAAD44E23D0D3917456E781BAB47CD000CDAB5A2AA571395379
Chrome Cache Entry: 70	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 71	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227	0868DA2DD5EFFED92904047439E49D48	D760173E5E6B25461B0D2A0B32D384FE659B2338	8C41E973CB5EE0194EBF3BAA0716EEEB57EED53552F042E200190E3C37F08CFD
Chrome Cache Entry: 72	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378	6F68E9881DF18F8E251AB57D5786239B	C0F7A01A288752833390FC330995F25488BCE8EC	B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
Chrome Cache Entry: 73	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 74	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 75	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379	847A4212B99B9076EE39328B24CD30AF	73F15078CF1D396485F644A79B6E25EF0637685D	29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
Chrome Cache Entry: 76	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 77	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 78	PNG image data, 191 x 61, 8-bit/color RGBA, non-interlaced	72C36648088C2FE7B9B4CCFAFEE54113	59BE588964828F273A846E2B6CF12FA2C1122733	9B84F50BA79AF1A11C46B03702084893D3C58A807C131BCF843221559F8B1F3D
Chrome Cache Entry: 79	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 80	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759	799F880143F17E47C4EFDBB3FF35A54C	8CECC74EB422322F78EDE1111F175A28725CCA9F	EA70CC2977F4DEB5236041A7A0628FA671FB8AD20A5E9E3FD6885A11359EF2FE
Chrome Cache Entry: 81	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 82	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 83	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 84	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 611582	667562F3F8787E8B89A2A9D8CCE17112	38A5AD4CB43DB47D02D7E847DDB191BABA949873	5658ABD7E0601E5A7A2C3747B1CBD06198C5586F97A34841D556151C122B8AAD
Chrome Cache Entry: 85	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 86	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 87	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071	978A6C1AA934E5B1C5320D515FD25662	64636EF3E1AD607F095DBA6CB01447AC133B483D	D1963B1837F4087E988FD18BB4CF25B38D61D675C4B6A6FC01158BD39945F10A
Chrome Cache Entry: 88	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 89	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 90	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 91	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084	92A840DC3D177339DAE03FEDF22A22B5	C1C9A6E6442388D07A9D9D72C12DA25094D6920F	4A986BA8875F22A0EABC356112A6790F90E114ADB72EAEC4632E03812EC1EDE4
Chrome Cache Entry: 92	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 93	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657	57911010756C90D58754C91EF1EE2765	BAA48FEF4866D7DAFD9F59417745EE838F0E63CA	87C5385BA17F84CC25FB7BBE1EDB4169BC702842BD74B758ACDC130986D55BC2
Chrome Cache Entry: 94	ASCII text, with no line terminators	7F6C2F2EC0AC79AF93AC42E55601E0D8	8DE377E67C5B4919C767A044051BFD52C77A985E	5F1077DECBD2768AD99AF5D592C4DDE934F19682BB8BAD05599F9D403344DA27

HTML body contains low number of good links

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /edw-cda/aprile HTTP/1.1Host: edw.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile HTTP/1.1Host: edw.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie HTTP/1.1Host: edw.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRmVkdyUyRGNkYSUyRmFwcmlsZQ==
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_Opi7194S1KGfLCIZE3SR9A2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: edw.sharepoint.com

Source: chromecache_64.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_64.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_64.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_60.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_60.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/61@22/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edw.sharepoint.com/edw-cda/aprile"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1428814
Product:	CloudBasic
Start time:	16:52:33
Start date:	19.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://edw.sharepoint.com/edw-cda/aprile

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://edw.sharepoint.com/edw-cda/aprile

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://edw.sharepoint.com/edw-cda/aprile