Edit tour

Windows Analysis Report
https://edw.sharepoint.com/edw-cda/aprile

Overview

General Information

Sample URL:	https://edw.sharepoint.com/edw-cda/aprile
Analysis ID:	1428814
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edw.sharepoint.com/edw-cda/aprile" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /edw-cda/aprile HTTP/1.1Host: edw.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile HTTP/1.1Host: edw.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie HTTP/1.1Host: edw.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRmVkdyUyRGNkYSUyRmFwcmlsZQ==
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_Opi7194S1KGfLCIZE3SR9A2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: edw.sharepoint.com

Source: chromecache_64.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_64.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_64.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_60.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_60.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/61@22/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edw.sharepoint.com/edw-cda/aprile"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2608,i,7567364878806503750,9601146945844721184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	unknown
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
sni1gl.wpc.upsiloncdn.net	152.195.19.97	true	false	unknown
www.google.com	173.194.219.104	true	false	high
cs1227.wpc.alphacdn.net	192.229.211.199	true	false	unknown
part-0029.t-0009.t-msedge.net	13.107.246.57	true	false	unknown
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
autologon.microsoftazuread-sso.com	40.126.29.11	true	false	unknown
aadcdn.msauthimages.net	unknown	unknown	false	unknown
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
logincdn.msftauth.net	unknown	unknown	false	unknown
edw.sharepoint.com	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	high
account.live.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://aadcdn.msauthimages.net/c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490	false	unknown
https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47&sso_reload=true	false	high
https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fb4fe3a7f-5de7-4d27-8066-1d5728a1b3ea%2freprocess%3fctx%3drQQIARAAlVE9bNNQGLTr1DShpVEnBobKqoTU4Pg9-_kvUocXJ-6fUKkoVVsEwfZ7JqZJHGyXtKkqVUiIiiljxQYSSybUCXWCtVPmMgBiqTog1KkjiVgYyw2nG77vdLqb5mAeFqbAXyjigEXg-1D06ED9g2gik3032Xlyq8fsH5w9Dn9cfJvtsvlqkjTjgiRR0srHVSeizTBoJHkvrEsVP4zqsUSo72zVkrwTN7c_sWyPZc9Ytjv03ISWbGNgmYYtl4plXMYmgsjEFpYB1DUdQc0ybcVWgGlrJaUsYmgBiPofdlEDCMtIh4qplg1dMy0DqVC1NFUzgVbS9P6ZKevYKOJy0SwiiEEJaadD40t4K6nKAwqjoE0vhtKDjJVmGCdvudRSCbS63JXaOOKmXORTxdF9USVUFxGRddEAmiZCouqy4UBXoc4Jx4dN2ghIL8Wep0YBVxgZyWSZm8wkc5li3w_3O8Xj8PD7l4Wlo-7i7fkP-8zJsLR8N9ppJ9GC1ApyAJfqq8mGIpFca-2pRZ7ttNt2aN5H8QNam12fUQqww7Mdnj_m0yNclhE46x78zbMH15jj9H-u07vOno7CTNoL3chpkIBMTEHoEgMYimjoFIgIuqrourohAtdDimc4BjWc01GU4b2aE9TjieldISCVJNykDaGwK2zX44rnDdQLp7ZFY6HwUOjnEx7t7e29HLuS--cx5vLG11dvfr7uHP6aOx-_k7TiaD6Xo7S2s5Isz29W8crc-qI5q0prBFel1TUSrSi2W3R8NPMxy_wB0&mkt=en-US	false	high
https://login.microsoftonline.com/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47	false	high
https://edw.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile	false	unknown
https://edw.sharepoint.com/edw-cda/aprile	false	unknown
https://edw.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie	false	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://login.microsoftonline.com	chromecache_60.2.dr	false	high
http://www.opensource.org/licenses/mit-license.php)	chromecache_64.2.dr	false	high
http://knockoutjs.com/	chromecache_64.2.dr	false	high
https://github.com/douglascrockford/JSON-js	chromecache_64.2.dr	false	high
https://login.windows-ppe.net	chromecache_60.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	sni1gl.wpc.upsiloncdn.net	United States	15133	EDGECASTUS	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.57	part-0029.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
173.194.219.104	www.google.com	United States	15169	GOOGLEUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428814
Start date and time:	2024-04-19 16:52:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://edw.sharepoint.com/edw-cda/aprile
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@18/61@22/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.105.100, 142.250.105.139, 142.250.105.101, 142.250.105.102, 142.250.105.113, 142.250.105.138, 142.250.105.84, 142.250.9.94, 34.104.35.123, 40.126.29.12, 40.126.29.14, 40.126.29.8, 40.126.29.10, 20.190.157.11, 40.126.29.13, 40.126.29.5, 40.126.29.15, 96.7.225.26, 96.7.225.35, 40.126.28.18, 40.126.7.35, 40.126.28.20, 40.126.28.11, 40.126.28.21, 40.126.28.22, 40.126.28.14, 40.126.28.12, 108.177.122.95, 172.217.215.95, 142.251.15.95, 172.253.124.95, 74.125.136.95, 142.250.9.95, 64.233.177.95, 64.233.176.95, 64.233.185.95, 142.250.105.95, 74.125.138.95, 173.194.219.95, 40.126.29.11, 40.126.29.9, 40.126.29.7, 40.68.123.157, 23.40.205.35, 23.40.205.9, 23.40.205.48, 23.40.205.49, 23.40.205.43, 23.40.205.74, 23.40.205.41, 23.40.205.58, 23.40.205.56, 192.229.211.108, 13.95.31.18, 13.107.42.22, 20.189.173.17, 52.182.143.213, 64.233.177.94
Excluded domains from analysis (whitelisted): lgincdnmsftuswe2.azureedge.net, slscr.update.microsoft.com, onedscolprdwus22.westus.cloudapp.azure.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, a767.dspw65.akamai.net, ak.privatelink.msidentity.com, clients2.google.com, onedscolprdcus16.centralus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, aadcdn.ec.azureedge.net, update.googleapis.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, lgincdnvzeuno.ec.azureedge.net, aadcdn.msauth.net, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, aadcdnoriginwus2.afd.azureedge.net, account.msa.msidentity.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net, logincdn.msauth.net, a1894.dscb.akamai.net, acctcdn.msauth.net, 190112-ipv4v6w.farm.dprodmgd104.sharepointonline.com.akadns.net, aadcdn.azureedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://edw.sharepoint.com/edw-cda/aprile

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:53:28.100786924 CEST	53	52934	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:28.159595966 CEST	53	49245	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:28.717479944 CEST	53	53204	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:29.416651964 CEST	54952	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:29.416860104 CEST	56920	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:30.954122066 CEST	58723	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:30.954193115 CEST	64049	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:31.058928967 CEST	53	58723	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:31.059470892 CEST	53	64049	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:31.116323948 CEST	61213	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:31.116760969 CEST	57201	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:32.186510086 CEST	63332	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:32.186845064 CEST	61784	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:32.292562008 CEST	53	63332	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:32.293168068 CEST	53	61784	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:34.366817951 CEST	63649	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:34.366981030 CEST	49304	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:37.202769041 CEST	58109	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:37.203223944 CEST	58460	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:37.286478996 CEST	61141	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:37.286622047 CEST	50629	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:37.391275883 CEST	53	61141	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:37.392538071 CEST	53	50629	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:38.387001038 CEST	65184	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:38.387193918 CEST	60340	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:39.132257938 CEST	53	57169	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:39.700093031 CEST	63827	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:39.700490952 CEST	50249	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:45.901827097 CEST	53	56536	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:47.039707899 CEST	138	138	192.168.2.4	192.168.2.255
Apr 19, 2024 16:53:52.234127045 CEST	63294	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:52.234286070 CEST	62556	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:53.185959101 CEST	53929	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:53.186199903 CEST	53587	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:53:53.290577888 CEST	53	53929	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:53.291765928 CEST	53	53587	1.1.1.1	192.168.2.4
Apr 19, 2024 16:53:55.691919088 CEST	53	52594	1.1.1.1	192.168.2.4
Apr 19, 2024 16:54:05.019007921 CEST	53	53029	1.1.1.1	192.168.2.4
Apr 19, 2024 16:54:27.185128927 CEST	53	51834	1.1.1.1	192.168.2.4
Apr 19, 2024 16:54:28.040993929 CEST	53	55183	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 16:53:29.620846987 CEST	1.1.1.1	192.168.2.4	0xb63d	No error (0)	edw.sharepoint.com	8603-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:29.620846987 CEST	1.1.1.1	192.168.2.4	0xb63d	No error (0)	8603-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com	190112-ipv4v6e.farm.dprodmgd104.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:29.620846987 CEST	1.1.1.1	192.168.2.4	0xb63d	No error (0)	190112-ipv4v6e.farm.dprodmgd104.aa-rt.sharepoint.com	190112-ipv4v6w.farm.dprodmgd104.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:29.620846987 CEST	1.1.1.1	192.168.2.4	0xb63d	No error (0)	190112-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:29.620846987 CEST	1.1.1.1	192.168.2.4	0xb63d	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:29.620846987 CEST	1.1.1.1	192.168.2.4	0xb63d	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:29.631658077 CEST	1.1.1.1	192.168.2.4	0xe7bd	No error (0)	edw.sharepoint.com	8603-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:29.631658077 CEST	1.1.1.1	192.168.2.4	0xe7bd	No error (0)	8603-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com	190112-ipv4v6e.farm.dprodmgd104.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:29.631658077 CEST	1.1.1.1	192.168.2.4	0xe7bd	No error (0)	190112-ipv4v6e.farm.dprodmgd104.aa-rt.sharepoint.com	190112-ipv4v6w.farm.dprodmgd104.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:31.058928967 CEST	1.1.1.1	192.168.2.4	0x7a3	No error (0)	www.google.com		173.194.219.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:31.058928967 CEST	1.1.1.1	192.168.2.4	0x7a3	No error (0)	www.google.com		173.194.219.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:31.058928967 CEST	1.1.1.1	192.168.2.4	0x7a3	No error (0)	www.google.com		173.194.219.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:31.058928967 CEST	1.1.1.1	192.168.2.4	0x7a3	No error (0)	www.google.com		173.194.219.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:31.058928967 CEST	1.1.1.1	192.168.2.4	0x7a3	No error (0)	www.google.com		173.194.219.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:31.058928967 CEST	1.1.1.1	192.168.2.4	0x7a3	No error (0)	www.google.com		173.194.219.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:31.059470892 CEST	1.1.1.1	192.168.2.4	0xefca	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 19, 2024 16:53:31.221220016 CEST	1.1.1.1	192.168.2.4	0x9354	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:31.222359896 CEST	1.1.1.1	192.168.2.4	0xc057	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:32.292562008 CEST	1.1.1.1	192.168.2.4	0xb100	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:32.292562008 CEST	1.1.1.1	192.168.2.4	0xb100	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:32.293168068 CEST	1.1.1.1	192.168.2.4	0x7fa4	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:34.472542048 CEST	1.1.1.1	192.168.2.4	0x1c6f	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:34.472901106 CEST	1.1.1.1	192.168.2.4	0x59e2	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:34.501873016 CEST	1.1.1.1	192.168.2.4	0x53e2	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:34.501873016 CEST	1.1.1.1	192.168.2.4	0x53e2	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:34.501873016 CEST	1.1.1.1	192.168.2.4	0x53e2	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:36.868957996 CEST	1.1.1.1	192.168.2.4	0x6e82	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:36.868957996 CEST	1.1.1.1	192.168.2.4	0x6e82	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:36.868957996 CEST	1.1.1.1	192.168.2.4	0x6e82	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.309237003 CEST	1.1.1.1	192.168.2.4	0x5c02	No error (0)	aadcdn.msauthimages.net	aadcdn.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:37.309237003 CEST	1.1.1.1	192.168.2.4	0x5c02	No error (0)	scdn3514c.wpc.9e730.upsiloncdn.net	sni1gl.wpc.upsiloncdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:37.309237003 CEST	1.1.1.1	192.168.2.4	0x5c02	No error (0)	sni1gl.wpc.upsiloncdn.net		152.195.19.97	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.309531927 CEST	1.1.1.1	192.168.2.4	0x7686	No error (0)	aadcdn.msauthimages.net	aadcdn.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:37.309531927 CEST	1.1.1.1	192.168.2.4	0x7686	No error (0)	scdn3514c.wpc.9e730.upsiloncdn.net	sni1gl.wpc.upsiloncdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.12	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.9	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.8	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.14	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.13	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.7	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:37.391275883 CEST	1.1.1.1	192.168.2.4	0x3049	No error (0)	autologon.microsoftazuread-sso.com		40.126.29.5	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:38.492024899 CEST	1.1.1.1	192.168.2.4	0x807f	No error (0)	aadcdn.msauthimages.net	aadcdn.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:38.492024899 CEST	1.1.1.1	192.168.2.4	0x807f	No error (0)	scdn3514c.wpc.9e730.upsiloncdn.net	sni1gl.wpc.upsiloncdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:38.493046999 CEST	1.1.1.1	192.168.2.4	0x1334	No error (0)	aadcdn.msauthimages.net	aadcdn.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:38.493046999 CEST	1.1.1.1	192.168.2.4	0x1334	No error (0)	scdn3514c.wpc.9e730.upsiloncdn.net	sni1gl.wpc.upsiloncdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:38.493046999 CEST	1.1.1.1	192.168.2.4	0x1334	No error (0)	sni1gl.wpc.upsiloncdn.net		152.195.19.97	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:39.805041075 CEST	1.1.1.1	192.168.2.4	0x24b9	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:39.805233002 CEST	1.1.1.1	192.168.2.4	0x90ce	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:45.147666931 CEST	1.1.1.1	192.168.2.4	0xfb91	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:45.147666931 CEST	1.1.1.1	192.168.2.4	0xfb91	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:52.340331078 CEST	1.1.1.1	192.168.2.4	0x94f8	No error (0)	account.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:52.340394974 CEST	1.1.1.1	192.168.2.4	0x7dee	No error (0)	account.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:53.289664030 CEST	1.1.1.1	192.168.2.4	0xf16d	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:53.289664030 CEST	1.1.1.1	192.168.2.4	0xf16d	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:53.289664030 CEST	1.1.1.1	192.168.2.4	0xf16d	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:53.290577888 CEST	1.1.1.1	192.168.2.4	0xa22	No error (0)	logincdn.msftauth.net	cs1227.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:53.290577888 CEST	1.1.1.1	192.168.2.4	0xa22	No error (0)	cs1227.wpc.alphacdn.net		192.229.211.199	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:53.291765928 CEST	1.1.1.1	192.168.2.4	0x589c	No error (0)	logincdn.msftauth.net	cs1227.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:53.415342093 CEST	1.1.1.1	192.168.2.4	0xc9ec	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:53.415342093 CEST	1.1.1.1	192.168.2.4	0xc9ec	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:53.415342093 CEST	1.1.1.1	192.168.2.4	0xc9ec	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:53.427530050 CEST	1.1.1.1	192.168.2.4	0xf1c5	No error (0)	cs1227.wpc.alphacdn.net		192.229.211.199	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:55.740685940 CEST	1.1.1.1	192.168.2.4	0x9769	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:55.740685940 CEST	1.1.1.1	192.168.2.4	0x9769	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:55.740685940 CEST	1.1.1.1	192.168.2.4	0x9769	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:56.344582081 CEST	1.1.1.1	192.168.2.4	0x2d3a	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:56.344582081 CEST	1.1.1.1	192.168.2.4	0x2d3a	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:56.344582081 CEST	1.1.1.1	192.168.2.4	0x2d3a	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:57.131474018 CEST	1.1.1.1	192.168.2.4	0x21af	No error (0)	shed.dual-low.part-0029.t-0009.t-msedge.net	part-0029.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:57.131474018 CEST	1.1.1.1	192.168.2.4	0x21af	No error (0)	part-0029.t-0009.t-msedge.net		13.107.246.57	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:57.131474018 CEST	1.1.1.1	192.168.2.4	0x21af	No error (0)	part-0029.t-0009.t-msedge.net		13.107.213.57	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:53:57.435673952 CEST	1.1.1.1	192.168.2.4	0x393	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:53:57.435673952 CEST	1.1.1.1	192.168.2.4	0x393	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:54:20.153587103 CEST	1.1.1.1	192.168.2.4	0x95ec	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:54:20.153587103 CEST	1.1.1.1	192.168.2.4	0x95ec	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:54:40.624500036 CEST	1.1.1.1	192.168.2.4	0x59b1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:54:40.624500036 CEST	1.1.1.1	192.168.2.4	0x59b1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:29 UTC	675	OUT	GET /edw-cda/aprile HTTP/1.1 Host: edw.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:30 UTC	1897	IN	HTTP/1.1 302 Found Content-Length: 202 Content-Type: text/html; charset=utf-8 Location: https://edw.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,285,384053,0,240307 X-SharePointHealthScore: 0 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 5f9020a1-50e7-8000-7d24-a729f058f9b8 request-id: 5f9020a1-50e7-8000-7d24-a729f058f9b8 MS-CV: oSCQX+dQAIB9JKcp8Fj5uA.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-ATL33r5b&frontEnd=AFD&RemoteIP=81.181.57.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 20 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.24727 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F462859B3DD54BE3832D2C1A315A67A2 Ref B: ATL331000104053 Ref C: 2024-04-19T14:53:30Z Date: Fri, 19 Apr 2024 14:53:29 GMT Connection: close
2024-04-19 14:53:30 UTC	202	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 64 77 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 41 75 74 68 65 6e 74 69 63 61 74 65 2e 61 73 70 78 3f 53 6f 75 72 63 65 3d 25 32 46 65 64 77 25 32 44 63 64 61 25 32 46 61 70 72 69 6c 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://edw.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile">here</a>.</h2></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:30 UTC	719	OUT	GET /_layouts/15/Authenticate.aspx?Source=%2Fedw%2Dcda%2Faprile HTTP/1.1 Host: edw.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:30 UTC	1685	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 241 Content-Type: text/html; charset=utf-8 Location: /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: RpsContextCookie=U291cmNlPSUyRmVkdyUyRGNkYSUyRmFwcmlsZQ==; expires=Fri, 19-Apr-2024 15:03:30 GMT; path=/; SameSite=None; secure; HttpOnly X-NetworkStatistics: 0,525568,0,0,209874,0,90601 X-SharePointHealthScore: 3 X-AspNet-Version: 4.0.30319 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 5f9020a1-10f6-8000-807a-f682e03a62b0 request-id: 5f9020a1-10f6-8000-807a-f682e03a62b0 MS-CV: oSCQX/YQAICAevaC4DpisA.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-ATL33r5b&frontEnd=AFD&RemoteIP=81.181.57.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 SPRequestDuration: 12 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.24727 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 0FAC23A1B51841819FA2047C4C308C4A Ref B: ATL331000103017 Ref C: 2024-04-19T14:53:30Z Date: Fri, 19 Apr 2024 14:53:30 GMT Connection: close
2024-04-19 14:53:30 UTC	241	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 5f 66 6f 72 6d 73 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 52 65 74 75 72 6e 55 72 6c 3d 25 32 66 5f 6c 61 79 6f 75 74 73 25 32 66 31 35 25 32 66 41 75 74 68 65 6e 74 69 63 61 74 65 2e 61 73 70 78 25 33 66 53 6f 75 72 63 65 25 33 64 25 32 35 32 46 65 64 77 25 32 35 32 44 63 64 61 25 32 35 32 46 61 70 72 69 6c 65 26 61 6d 70 3b 53 6f 75 72 63 65 3d 63 6f 6f 6b 69 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie">here</a>.</h2></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:30 UTC	847	OUT	GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fedw%252Dcda%252Faprile&Source=cookie HTTP/1.1 Host: edw.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: RpsContextCookie=U291cmNlPSUyRmVkdyUyRGNkYSUyRmFwcmlsZQ==
2024-04-19 14:53:31 UTC	3544	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 874 Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.microsoftonline.com:443/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E%2DA1C014A0CFB604A2471395E8769C84515C656906D6714A927A8BAEB9B41A0D46&redirect%5Furi=https%3A%2F%2Fedw%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: nSGt-91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E=gYEwMjMyODUzRjdBMkREQTA2REVDRjQ5MTk5N0Y4MDQ0QTlGMzFFNzEyRkMzNzI1Q0E0MDkxQzJGQTBDOThGMkRCRUFFQTk0MTQ5QUNBMjAxNzY3NDE2QzlGM0YzMDlGNkQzRRIxMzM1ODAxMjI1MDk3MjcxMTESZWR3LnNoYXJlcG9pbnQuY29tUGzIADG5zbsHokSHznM5ZUgTOVrPloje5R6Tq68bBHh/URnz4pOcRmkd3KIPUxmoKLmKALJBuSRBtoCKRkNTxYA3YvA7PxTRXO+UmCJ91cLQiDm4o88bi+nID6nk8fQ2f2KKjzX2FGm8GHAXwrhPZsSPjzfOgt+UwRS5bjPNUrCoZPra6S5ePsnWIVOoMhsHAcwSWNDWY5GtAafduCWN+ANiERbVypzjMus7XawSZTlFA8vnt8Wr6wpKTtmmS2JJw4mCc5DLPgVXGNJhitmXDxybH3b4H7sal6VD/WAULKbTn8uBIYuYTUPlYb8AAxE5YqKtXro5Xpm0ViWPA/hAX4oAAAA=; expires=Fri, 19-Apr-2024 14:57:30 GMT; path=/; SameSite=None; secure; HttpOnly Set-Cookie: nSGt-91C2FA0C98F2DBEAEA94149ACA201767416C9F3F309F6D3E=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly Set-Cookie: RpsContextCookie=U291cmNlPSUyRmVkdyUyRGNkYSUyRmFwcmlsZSZQcmV2aW91c1JlcXVlc3RDb3JyZWxhdGlvbklkPTYwOTAyMGExJTJEZDAxYyUyRDgwMDAlMkQ4OGU4JTJENWU2ZmUxZjJkZjQ3JlJldHVyblVybD0lMkYlNUZsYXlvdXRzJTJGMTUlMkZBdXRoZW50aWNhdGUlMkVhc3B4JTNGU291cmNlJTNEJTI1MkZlZHclMjUyRGNkYSUyNTJGYXByaWxl; expires=Fri, 19-Apr-2024 15:03:30 GMT; path=/; SameSite=None; secure; HttpOnly Set-Cookie: RpsContextCookie=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly X-NetworkStatistics: 0,525568,0,0,653714,0,103931 X-SharePointHealthScore: 0 X-AspNet-Version: 4.0.30319 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 609020a1-d01c-8000-88e8-5e6fe1f2df47 request-id: 609020a1-d01c-8000-88e8-5e6fe1f2df47 MS-CV: oSCQYBzQAICI6F5v4fLfRw.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea&destinationEndpoint=Edge-Prod-ATL33r5d&frontEnd=AFD&RemoteIP=81.181.57.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 SPRequestDuration: 41 SPIisLatency: 29 Include-Referred-Token-Binding-ID: true X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.24727 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 9B4B53FCC5F843CD8CF85BEF1CCBDF4B Ref B: ATL331000107051 Ref C: 2024-04-19T14:53:30Z Date: Fri, 19 Apr 2024 14:53:30 GMT Connection: close
2024-04-19 14:53:31 UTC	626	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 3a 34 34 33 2f 62 34 66 65 33 61 37 66 2d 35 64 65 37 2d 34 64 32 37 2d 38 30 36 36 2d 31 64 35 37 32 38 61 31 62 33 65 61 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 25 35 46 69 64 3d 30 30 30 30 30 30 30 33 25 32 44 30 30 30 30 25 32 44 30 66 66 31 25 32 44 63 65 30 30 25 32 44 30 30 30 30 30 30 30 30 30 30 30 30 26 61 6d 70 3b 72 65 73 70 6f 6e 73 65 25 35 46 6d 6f 64 65 3d 66 6f 72 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.microsoftonline.com:443/b4fe3a7f-5de7-4d27-8066-1d5728a1b3ea/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=for
2024-04-19 14:53:31 UTC	248	IN	Data Raw: 6b 65 6e 25 32 32 25 33 41 25 37 42 25 32 32 78 6d 73 25 35 46 63 63 25 32 32 25 33 41 25 37 42 25 32 32 76 61 6c 75 65 73 25 32 32 25 33 41 25 35 42 25 32 32 43 50 31 25 32 32 25 35 44 25 37 44 25 37 44 25 37 44 26 61 6d 70 3b 77 73 75 63 78 74 3d 31 26 61 6d 70 3b 63 6f 62 72 61 6e 64 69 64 3d 31 31 62 64 38 30 38 33 25 32 44 38 37 65 30 25 32 44 34 31 62 35 25 32 44 62 62 37 38 25 32 44 30 62 63 34 33 63 38 61 38 65 38 61 26 61 6d 70 3b 63 6c 69 65 6e 74 25 32 44 72 65 71 75 65 73 74 25 32 44 69 64 3d 36 30 39 30 32 30 61 31 25 32 44 64 30 31 63 25 32 44 38 30 30 30 25 32 44 38 38 65 38 25 32 44 35 65 36 66 65 31 66 32 64 66 34 37 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=609020a1%2Dd01c%2D8000%2D88e8%2D5e6fe1f2df47">here</a>.</h2></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:32 UTC	635	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:32 UTC	749	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 680910 Cache-Control: public, max-age=31536000 Content-MD5: 2vlVvyES905PeLIYeo1r7w== Content-Type: application/x-javascript Date: Fri, 19 Apr 2024 14:53:32 GMT Etag: 0x8DC4DBF5E20DC85 Last-Modified: Tue, 26 Mar 2024 18:05:49 GMT Server: ECAcc (agc/7F29) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 0776f3ba-701e-0068-1d37-8c4015000000 x-ms-version: 2009-09-19 Content-Length: 141339 Connection: close
2024-04-19 14:53:32 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-04-19 14:53:32 UTC	1	IN	Data Raw: 75 Data Ascii: u
2024-04-19 14:53:32 UTC	16383	IN	Data Raw: 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3a 65 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3f 65 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3a 7b 7d 7d 2c 68 69 73 74 6f 72 79 3a 7b 70 75 73 68 53 74 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 5f 2e 69 73 48 69 73 74 6f 72 79 53 75 70 70 6f 72 74 65 64 28 29 26 26 64 2e 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 28 65 2c 6e 29 7d 2c 72 65 70 6c 61 63 65 53 74 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 5f 2e 69 73 48 69 73 74 6f 72 79 53 75 70 70 6f 72 74 65 64 28 29 26 26 64 2e 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 65 2c 6e 29 7d 7d 2c 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 2c 72 29 7b 65 2e 61 64 64 Data Ascii: tedStyle(e,null):e.currentStyle?e.currentStyle:{}},history:{pushState:function(e,n){_.isHistorySupported()&&d.history.pushState(e,n)},replaceState:function(e,n){_.isHistorySupported()&&d.history.replaceState(e,n)}},addEventListener:function(e,n,t,r){e.add
2024-04-19 14:53:33 UTC	16383	IN	Data Raw: 53 4d 53 3a 22 38 30 30 34 33 34 45 31 22 2c 50 50 5f 45 5f 49 4e 4c 49 4e 45 4c 4f 47 49 4e 5f 49 4e 56 41 4c 49 44 5f 41 4c 54 3a 22 38 30 30 34 33 34 45 32 22 2c 50 50 5f 45 5f 50 52 45 56 49 4f 55 53 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 31 30 31 33 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 57 52 4f 4e 47 3a 22 38 30 30 34 35 35 30 35 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 45 52 52 4f 52 5f 46 41 54 41 4c 3a 22 38 30 30 34 35 35 33 37 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 45 52 52 4f 52 5f 55 4e 41 55 54 48 45 4e 54 49 43 41 54 45 44 3a 22 38 30 30 34 35 35 33 38 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 45 52 52 4f 52 5f 4f 54 48 45 52 3a 22 Data Ascii: SMS:"800434E1",PP_E_INLINELOGIN_INVALID_ALT:"800434E2",PP_E_PREVIOUS_PASSWORD:"80041013",PP_E_HIP_VALIDATION_WRONG:"80045505",PP_E_HIP_VALIDATION_ERROR_FATAL:"80045537",PP_E_HIP_VALIDATION_ERROR_UNAUTHENTICATED:"80045538",PP_E_HIP_VALIDATION_ERROR_OTHER:"
2024-04-19 14:53:33 UTC	16383	IN	Data Raw: 5b 5d 3b 69 66 28 65 29 66 6f 72 28 76 61 72 20 6f 3d 30 2c 69 3d 65 2e 6c 65 6e 67 74 68 3b 6f 3c 69 3b 6f 2b 2b 29 72 2e 70 75 73 68 28 6e 2e 63 61 6c 6c 28 74 2c 65 5b 6f 5d 2c 6f 29 29 3b 72 65 74 75 72 6e 20 72 7d 2c 6a 62 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 72 3d 5b 5d 3b 69 66 28 65 29 66 6f 72 28 76 61 72 20 6f 3d 30 2c 69 3d 65 2e 6c 65 6e 67 74 68 3b 6f 3c 69 3b 6f 2b 2b 29 6e 2e 63 61 6c 6c 28 74 2c 65 5b 6f 5d 2c 6f 29 26 26 72 2e 70 75 73 68 28 65 5b 6f 5d 29 3b 72 65 74 75 72 6e 20 72 7d 2c 4e 62 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 65 2e 70 75 73 68 2e 61 70 70 6c 79 28 65 2c 6e 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 74 3d 30 2c 72 3d Data Ascii: [];if(e)for(var o=0,i=e.length;o<i;o++)r.push(n.call(t,e[o],o));return r},jb:function(e,n,t){var r=[];if(e)for(var o=0,i=e.length;o<i;o++)n.call(t,e[o],o)&&r.push(e[o]);return r},Nb:function(e,n){if(n instanceof Array)e.push.apply(e,n);else for(var t=0,r=
2024-04-19 14:53:33 UTC	16383	IN	Data Raw: 72 65 74 75 72 6e 21 21 65 7d 2c 53 2e 5a 61 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 65 5b 54 5d 3d 3d 3d 50 5b 54 5d 7c 7c 65 5b 54 5d 3d 3d 3d 53 2e 6f 2e 66 6e 5b 54 5d 26 26 65 2e 4e 63 29 7d 2c 53 2e 62 28 22 6f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 74 61 29 2c 53 2e 62 28 22 69 73 4f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 4f 29 2c 53 2e 62 28 22 69 73 57 72 69 74 65 61 62 6c 65 4f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 5a 61 29 2c 53 2e 62 28 22 69 73 57 72 69 74 61 62 6c 65 4f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 5a 61 29 2c 53 2e 62 28 22 6f 62 73 65 72 76 61 62 6c 65 2e 66 6e 22 2c 50 29 2c 53 2e 4c 28 50 2c 22 70 65 65 6b 22 2c 50 2e 76 29 2c 53 2e 4c 28 50 Data Ascii: return!!e},S.Za=function(e){return"function"==typeof e&&(e[T]===P[T]\|\|e[T]===S.o.fn[T]&&e.Nc)},S.b("observable",S.ta),S.b("isObservable",S.O),S.b("isWriteableObservable",S.Za),S.b("isWritableObservable",S.Za),S.b("observable.fn",P),S.L(P,"peek",P.v),S.L(P
2024-04-19 14:53:33 UTC	16383	IN	Data Raw: 75 6c 6c 2c 65 29 2e 62 69 6e 64 69 6e 67 43 6f 6e 74 65 78 74 46 6f 72 44 65 73 63 65 6e 64 61 6e 74 73 29 2c 74 26 26 21 62 5b 53 2e 61 2e 52 28 6e 29 5d 26 26 64 28 74 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 6e 2c 74 29 7b 76 61 72 20 6f 2c 69 3d 53 2e 61 2e 67 2e 55 62 28 65 2c 45 2c 7b 7d 29 2c 73 3d 69 2e 68 64 3b 69 66 28 21 6e 29 7b 69 66 28 73 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 59 6f 75 20 63 61 6e 6e 6f 74 20 61 70 70 6c 79 20 62 69 6e 64 69 6e 67 73 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 20 74 6f 20 74 68 65 20 73 61 6d 65 20 65 6c 65 6d 65 6e 74 2e 22 29 3b 69 2e 68 64 3d 21 30 7d 69 66 28 73 7c 7c 28 69 2e 63 6f 6e 74 65 78 74 3d 74 29 2c 69 2e 5a 62 7c 7c 28 69 2e 5a 62 3d 7b 7d 29 2c 6e 26 26 22 66 75 6e 63 74 69 6f Data Ascii: ull,e).bindingContextForDescendants),t&&!b[S.a.R(n)]&&d(t,n)}function p(e,n,t){var o,i=S.a.g.Ub(e,E,{}),s=i.hd;if(!n){if(s)throw Error("You cannot apply bindings multiple times to the same element.");i.hd=!0}if(s\|\|(i.context=t),i.Zb\|\|(i.Zb={}),n&&"functio
2024-04-19 14:53:33 UTC	16383	IN	Data Raw: 6c 6c 2c 5b 65 2c 22 63 68 61 6e 67 65 22 5d 29 2c 28 6c 7c 7c 53 2e 53 2e 59 61 28 29 29 26 26 53 2e 69 2e 6d 61 28 65 2c 53 2e 69 2e 48 29 2c 53 2e 61 2e 77 64 28 65 29 2c 75 26 26 32 30 3c 4d 61 74 68 2e 61 62 73 28 75 2d 65 2e 73 63 72 6f 6c 6c 54 6f 70 29 26 26 28 65 2e 73 63 72 6f 6c 6c 54 6f 70 3d 75 29 7d 7d 2c 53 2e 63 2e 6f 70 74 69 6f 6e 73 2e 24 62 3d 53 2e 61 2e 67 2e 5a 28 29 2c 53 2e 63 2e 73 65 6c 65 63 74 65 64 4f 70 74 69 6f 6e 73 3d 7b 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 29 7b 76 61 72 20 72 3d 6e 28 29 2c 6f 3d 5b 5d 3b 53 2e 61 2e 44 28 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 6f 70 74 69 6f 6e 22 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 Data Ascii: ll,[e,"change"]),(l\|\|S.S.Ya())&&S.i.ma(e,S.i.H),S.a.wd(e),u&&20<Math.abs(u-e.scrollTop)&&(e.scrollTop=u)}},S.c.options.$b=S.a.g.Z(),S.c.selectedOptions={init:function(e,n,t){function r(){var r=n(),o=[];S.a.D(e.getElementsByTagName("option"),(function(e){e
2024-04-19 14:53:33 UTC	6	IN	Data Raw: 65 72 2c 64 3d 6f Data Ascii: er,d=o
2024-04-19 14:53:33 UTC	16383	IN	Data Raw: 2e 4b 65 79 43 6f 64 65 3b 66 75 6e 63 74 69 6f 6e 20 66 28 65 29 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 3f 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3a 65 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 21 31 7d 6e 2e 61 70 70 6c 79 45 78 74 65 6e 73 69 6f 6e 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 74 3d 31 2c 6f 3d 7b 7d 3b 65 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2e 6c 6f 61 64 65 72 73 2e 75 6e 73 68 69 66 74 28 7b 6c 6f 61 64 43 6f 6d 70 6f 6e 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 72 29 7b 65 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2e 64 65 66 61 75 6c 74 4c 6f 61 64 65 72 2e 6c 6f 61 64 43 6f 6d 70 6f 6e 65 6e 74 28 6e 2c 74 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 69 3b 74 2e 65 6e 61 62 6c 65 45 78 Data Ascii: .KeyCode;function f(e){e.preventDefault?e.preventDefault():e.returnValue=!1}n.applyExtensions=function(e){var n,t=1,o={};e.components.loaders.unshift({loadComponent:function(n,t,r){e.components.defaultLoader.loadComponent(n,t,(function(n){var i;t.enableEx

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 14:53:33 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=144588 Date: Fri, 19 Apr 2024 14:53:33 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 14:53:33 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=144609 Date: Fri, 19 Apr 2024 14:53:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 14:53:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:34 UTC	658	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:35 UTC	781	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:35 GMT Content-Type: text/css Content-Length: 20314 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT ETag: 0x8DC07082FBB8D2B x-ms-request-id: 6a723b12-001e-000e-0a60-924783000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145335Z-r1f585c6b65wz25qmu1zxatpy800000000k0000000007e9g x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:35 UTC	15603	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-04-19 14:53:35 UTC	4711	IN	Data Raw: e7 bc b1 e2 92 61 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 Data Ascii: a}h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:34 UTC	635	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:35 UTC	798	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:35 GMT Content-Type: application/x-javascript Content-Length: 121212 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 27 Mar 2024 20:03:18 GMT ETag: 0x8DC4E98F25B224F x-ms-request-id: 7d609d05-001e-0076-4c94-91ed92000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145335Z-15497cdd9fdh4jhjwefk8z750000000001u0000000001112 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:35 UTC	15586	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd 6d 7b e3 38 8e 00 f8 fd 7e 85 a3 99 cb d8 1d c5 25 f9 dd 4a ab b3 ae bc 54 65 3b 89 33 71 aa bb 77 53 99 3c b2 44 3b ea c8 92 57 92 f3 32 8e f7 b7 1f 00 92 12 65 cb a9 aa d9 bd bb e7 9e eb 9d ad 58 24 48 82 20 08 82 20 08 7e f8 69 e7 ff a8 fc 54 d9 ff fe ff 2a a3 9b c1 f5 4d 65 78 5a b9 f9 7c 76 7d 5c b9 82 af ff a8 5c 0e 6f ce 8e 4e be bf 1e 6c 14 ff ff e6 c1 4f 2a 13 3f 60 15 f8 3b 76 12 e6 55 a2 b0 12 c5 15 3f 74 a3 78 1e c5 4e ca 92 ca 0c fe 8d 7d 27 a8 4c e2 68 56 49 1f 58 65 1e 47 7f 32 37 4d 2a 81 9f a4 50 68 cc 82 e8 b9 52 85 ea 62 af 72 e5 c4 e9 6b e5 ec aa 56 87 fa 19 d4 e6 4f fd 10 4a bb d1 fc 15 7e 3f a4 95 30 4a 7d 97 55 9c d0 a3 da 02 f8 08 13 56 59 84 1e 8b 2b cf 0f be fb 50 b9 f0 dd 38 4a a2 49 5a 89 99 Data Ascii: m{8~%JTe;3qwS<D;W2eX$H ~iTMexZ\|v}\\oNlO?`;vU?txN}'LhVIXeG27M*PhRbrkVOJ~?0J}UVY+P8JIZ
2024-04-19 14:53:35 UTC	16384	IN	Data Raw: b0 ef 62 55 51 a0 e9 cb 27 9f 3d a3 6d 30 b0 96 7c 26 fd 96 25 94 cd 6e 7f 53 66 e2 3e 4f 84 75 40 c2 24 a5 97 0f f8 d6 24 84 7c 74 3a 5e e5 77 0c 50 d0 e0 48 a7 e4 a8 89 96 43 e0 35 59 9f 95 56 9b 2d 34 b0 bd 86 78 37 2c c4 37 73 77 22 75 f3 e1 5f 38 2f 74 af 05 16 86 5f 43 fe 3c 3d 39 b2 67 1c 9f bc bd 49 de aa 97 df 9b a9 fe 68 8d 30 ef 14 1b 60 52 e4 74 98 9b 75 8a ef 91 f0 a7 31 48 37 d3 fe f2 df 7f b9 60 a8 33 a1 2e 75 7f 3e 82 6f 1e 4f 8c 79 f6 52 04 b2 e2 af 08 43 ce 9c 3f 54 ca 0f 32 10 12 63 4c 89 fd 03 e6 67 01 0a f2 87 0f 44 95 f2 8d d3 22 98 48 5c 6b 9a 42 5e 70 61 84 28 5c 46 29 86 d1 a3 bd 16 05 99 a2 9f 57 bf 1f 5b 26 de 65 7f c0 58 1c f8 ec 2e 8f 58 26 6d 0a 32 b0 08 46 e5 c8 43 8b 90 d6 78 01 6b ee 20 f0 9d 84 82 72 cd c6 e8 57 cf 9f 5b Data Ascii: bUQ'=m0\|&%nSf>Ou@$$\|t:^wPHC5YV-4x7,7sw"u_8/t_C<=9gIh0`Rtu1H7`3.u>oOyRC?T2cLgD"H\kB^pa(\F)W[&eX.X&m2FCxk rW[
2024-04-19 14:53:35 UTC	16384	IN	Data Raw: 31 80 37 9e 6f 95 62 00 67 7f 3b 0e f0 ad 2d 3e 8d 03 4c e7 25 87 ea 49 53 05 7d 91 d4 77 88 1c 5b f5 7b 53 3c f7 93 52 d4 97 70 ed 39 16 a9 0f f6 14 9e ad 6e f9 ab 6b cf b7 ce a1 08 89 38 c2 07 32 dd 4e a2 51 e0 a8 5f 6f 98 2b 47 5e 43 39 3c 36 3c 3e 00 d7 be 8c 05 0a 76 15 8f 21 70 9e 2a e1 3c 42 bc af 55 85 42 84 da 64 d2 d5 39 7a 3e df d8 20 df e7 12 c9 41 d5 10 64 fb e1 44 01 fd a8 86 aa 1e 57 90 19 62 73 47 65 d4 24 b5 91 9c 7e c8 5e 41 a1 84 24 bb 94 97 d7 01 23 26 9f 51 70 06 ff e4 57 80 e6 50 90 22 e9 15 56 47 25 ff c0 82 3b 40 7a 52 f2 44 2c ef 09 85 9d 40 3c 3c 43 d9 95 76 bf 03 08 0f 24 a1 c2 43 cc 8e 5f 7b dc 2a 20 38 f0 57 7b 5d 2f 26 76 45 97 04 b9 6d 28 10 45 41 67 52 3f 62 77 69 51 86 02 01 72 64 32 d7 64 5b 5f d4 74 32 50 b3 a0 41 b9 bd Data Ascii: 17obg;->L%IS}w[{S<Rp9nk82NQ_o+G^C9<6<>v!p<BUBd9z> AdDWbsGe$~^A$#&QpWP"VG%;@zRD,@<<Cv$C_{ 8W{]/&vEm(EAgR?bwiQrd2d[_t2PA
2024-04-19 14:53:35 UTC	16384	IN	Data Raw: 64 f0 28 03 b4 9b e4 f7 00 90 14 f2 82 3d 01 00 46 7d 9c b9 cf 35 2a 47 52 fc 3e 8d 46 71 7e bf c3 da ab b0 8f d1 e8 2e ba cf 1c 34 d6 c4 43 09 38 08 73 c8 77 c2 07 ad 32 15 b4 fd 5e 9a 22 35 0a bf f8 c8 c0 0f 46 07 83 36 d9 35 52 80 79 5a 78 ba 59 27 74 b3 e2 7e c5 1c 91 e4 bf 83 28 94 86 98 a3 be 72 87 73 d3 0f 73 fe b5 47 47 8c 7e 0e 7b 6c e3 f9 63 8f 81 d6 71 73 9f 15 4a 1d e9 1d d7 e1 72 99 57 cd c2 33 88 2f ef 5e c6 b2 8c 81 2c 3b 22 62 20 ee 9b bc 7f 13 b4 ca 31 28 43 d2 61 8f 11 21 e4 6d b8 72 30 6a 70 5e 31 e0 96 9a 85 f2 de 03 73 54 33 d4 f3 93 53 51 53 93 a0 ad 34 98 91 c5 e6 56 75 84 a9 60 69 ad 4d c6 d6 eb f8 db a3 d6 4e cc d9 10 4f 92 07 ee df 79 fe 5d f3 77 fe 90 72 90 bb f0 e1 77 1b 88 8b e6 69 f8 20 ed df ce ce 31 bc 78 d6 0f db 73 3f 53 Data Ascii: d(=F}5*GR>Fq~.4C8sw2^"5F65RyZxY't~(rssGG~{lcqsJrW3/^,;"b 1(Ca!mr0jp^1sT3SQS4Vu`iMNOy]wrwi 1xs?S
2024-04-19 14:53:35 UTC	16384	IN	Data Raw: 57 ee db 91 a4 65 5b fb 6e 83 b4 3b 96 d2 db 35 84 0e 7c 7d 7f 2e ec 22 48 f2 75 1f d6 18 85 c9 a1 b2 1f 7f a3 8a 39 6c 2d 74 7a 4e 14 50 e5 31 6a 69 9a 2d 97 43 d5 70 c6 6c 11 21 17 76 e4 96 7a ff 42 e3 58 37 18 24 e6 cf 14 ba 51 1b ef 5d c3 1a 65 90 14 40 cd 2a 32 6f a4 54 88 c0 49 10 06 eb 03 46 9c 4e 5e 96 92 86 37 3e 0d cf dc c1 da 5a 28 89 fc 60 1a 28 48 88 cd ce e8 5e 06 98 c5 5c 19 5d 03 12 69 44 6f 7f 9f f7 71 28 41 c6 e1 c3 95 38 6c b9 ce d5 75 aa 00 2b 68 a1 6c 60 d1 a0 52 e6 e5 17 c9 1a 92 16 89 ab c6 e8 71 1b 86 d9 b1 22 fe 30 10 14 7b d4 5f 13 a1 9c ab 9f e1 17 e2 25 68 4f 4c 4c b4 0f 9d c7 ba cf de 75 70 f1 7c f2 f0 b0 e1 d1 a7 d6 2e d6 36 06 ba 87 d9 cb 60 c2 66 0f dc 88 82 c2 9b 89 50 0b 20 61 80 73 4c 1d 12 a9 d7 ae c1 07 ce 9d 75 2f 7b Data Ascii: We[n;5\|}."Hu9l-tzNP1ji-Cpl!vzBX7$Q]e@*2oTIFN^7>Z(`(H^\]iDoq(A8lu+hl`Rq"0{_%hOLLup\|.6`fP asLu/{
2024-04-19 14:53:35 UTC	16384	IN	Data Raw: 51 e8 d8 49 1a c5 7e e0 d9 16 67 96 07 dd 24 06 a6 67 2e 3a 13 22 4e b9 73 c3 7d 82 d5 6e 0c ea d9 91 1f 4a 28 29 42 84 10 bd 29 34 59 91 49 cb 71 33 c8 8f cc 8f f8 6e 3a 4b 3c 1b aa 5e ec 0a 88 73 a8 c7 2e 70 1b 4c 50 30 61 b9 01 0b 63 77 37 eb 64 34 23 cb 0f 33 61 45 71 04 25 c5 b1 53 c9 5c 11 3b 99 6b 5b 8e c3 3d 58 06 bb e9 2c b1 21 16 dc 14 aa 44 c8 05 38 b8 25 18 83 25 e0 07 a4 b2 40 4f be d9 36 cb 6a 37 46 33 8a 63 d8 a3 2e 4c 98 48 78 31 73 1d c1 63 c9 a5 6b 65 41 40 42 72 37 f4 e4 25 16 68 34 62 69 e6 63 4d 2c 1f 82 c9 e1 2c f6 3c d2 9e 03 08 f6 dd 4c 9d d1 8c 52 1f e4 93 49 2f b2 c0 c6 dd d0 b2 bd c8 66 98 4d b0 58 61 59 ce 4e 38 b9 e3 27 8e 23 20 f3 32 32 0b 6d 2b 86 24 77 98 b0 3d 3b 82 7c 8f bc 30 0e 77 d2 8d d1 8c 62 e1 87 91 6d 05 ae 13 79 Data Ascii: QI~g$g.:"Ns}nJ()B)4YIq3n:K<^s.pLP0acw7d4#3aEq%S\;k[=X,!D8%%@O6j7F3c.LHx1sckeA@Br7%h4bicM,,<LRI/fMXaYN8'# 22m+$w=;\|0wbmy
2024-04-19 14:53:35 UTC	16384	IN	Data Raw: fa 8d 62 92 ff 9a 3b 5e 4f df 33 30 3a ba 6c ef 2b 3a 09 a6 ef 19 71 32 ea e5 2b 63 f2 57 d2 2a 7f b7 60 96 9b 2d 2a c8 61 5b 2e 04 2d e7 db e7 41 5b 04 47 33 d3 7e 65 e5 34 a3 a2 f1 6d 39 81 97 d9 3d 37 d1 47 77 c7 cf ae ac a3 7e b9 fe 73 95 9a 79 cd 32 ea 2c f1 d5 f7 5f 84 2c df 2e 8a b3 a3 b2 78 fc 41 f2 f3 c5 8a 57 68 fd f3 97 db d1 19 9b 37 35 a3 bf 7e 25 fe ff 55 a8 db 34 7e 33 ba 36 60 7f 6d 8a fe a6 f0 b3 59 b6 ba f3 64 63 5b d5 f7 3f 22 46 1c 9d 49 29 d2 f3 d3 b3 9d 8b f3 16 e6 94 a6 9b 6f 50 9e ff e1 f1 6e 87 12 f2 3f 5e ab 2d 0e d9 fc 01 6c d8 df 20 f2 e7 9b 30 53 5e e6 53 59 5e 47 da 2d a8 c2 37 e6 26 ff ed dc 97 3b 54 32 4b 9a fa 6a 5d ab 55 6e 9f 44 a2 bc 68 8d 32 0f e9 00 50 ef 6f 3d eb 4b 1c e9 3a 79 71 fe 9a b6 39 21 77 9d e0 b2 46 7e 54 Data Ascii: b;^O30:l+:q2+cW`-a[.-A[G3~e4m9=7Gw~sy2,_,.xAWh75~%U4~36`mYdc[?"FI)oPn?^-l 0S^SY^G-7&;T2Kj]UnDh2Po=K:yq9!wF~T
2024-04-19 14:53:35 UTC	7322	IN	Data Raw: 1f 07 4f 53 d4 c5 c3 63 98 d0 fe fd 26 b7 b8 5e e2 81 fb 3e 31 42 65 52 c6 b5 42 41 83 fd 4b 62 cc fd 28 d8 9f 11 23 a5 e4 6b ff 86 18 3e a7 51 fb 1f a1 7e 99 70 ed bf 03 f0 97 a9 d6 fe 29 d4 bf a6 3b f1 d0 9d cf d1 74 b5 1f 1b 21 13 9e f2 27 d9 dd 53 1c fb 65 27 ea f6 30 8e 31 9f 72 87 4d 36 ee 76 7b c0 00 e3 4e 16 1b 6e dc bd cb 57 3c 93 27 8f f3 04 ec d9 f9 0d 56 87 a0 f0 0c fb 60 81 44 01 57 00 16 8c 4c 2b 4f 31 d3 d5 57 3e ba fd 1d d3 40 89 80 66 59 20 bd f7 fc 2b 30 6a a4 3d fc e9 8b fc c7 ed 2d e9 71 60 bd 02 66 7d bd f8 91 dc dc 15 23 73 63 ee 41 c1 47 45 07 85 e3 a2 c1 6f bb e9 e7 28 f3 2f 3b fc 67 0f 6f f0 75 bf fa 6e 4a 5a 1f 7b 07 b0 0c 5c b8 dc 8f a9 90 82 e4 16 49 90 97 7c e1 15 60 83 bf 49 e2 e7 f3 c4 ff 88 31 b4 f1 59 e7 97 de e1 bb d9 e9 Data Ascii: OSc&^>1BeRBAKb(#k>Q~p);t!'Se'01rM6v{NnW<'V`DWL+O1W>@fY +0j=-q`f}#scAGEo(/;gounJZ{\I\|`I1Y

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Category:	downloaded
Size (bytes):	2347
Entropy (8bit):	5.290031538794594
Encrypted:	false
SSDEEP:	48:gCgF0+kNL5iQ6+GhB+SYWzGuesAFcsGJOzgO6FIEv+sj+M++sx+suse+swsosmC0:gC3Na5+GX+Ti2XsYE2sqAsosushswsoB
MD5:	E86EF8B6111E5FB1D1665BCDC90888C9
SHA1:	994BF7651CB967CD9053056AF2D69ACB74DB7F29
SHA-256:	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
SHA-512:	2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
Malicious:	false
Reputation:	low
URL:	https://login.live.com/Me.htm?v=3
Preview:	<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f\|\|e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("\|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/images/favicon.ico?v=2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 191 x 61, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8580
Entropy (8bit):	7.926443190918766
Encrypted:	false
SSDEEP:	192:iIZ0cNEqjFjI2aipsG8A+dgnVE5rhyyWjUbAzy9kM/BhC0bAnrFy3ws:iIZ0gEb2aG/E5VydUJjLbKrUws
MD5:	72C36648088C2FE7B9B4CCFAFEE54113
SHA1:	59BE588964828F273A846E2B6CF12FA2C1122733
SHA-256:	9B84F50BA79AF1A11C46B03702084893D3C58A807C131BCF843221559F8B1F3D
SHA-512:	0E0A9C442F464810458643D8011278F652E7713211E1E888CF97C9D393C38B7E4162756672CE6EB1189297ACF38842A4BA883D7EABF80374ADCDC340CF4332C8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......=.............tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:A60BA2996A44E4119CF0F4D43805B8ED" xmpMM:DocumentID="xmp.did:7C6C428A543311E4A600F3676C0CA446" xmpMM:InstanceID="xmp.iid:7C6C4289543311E4A600F3676C0CA446" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1CA9554F4DE511E4A4B39A9DEA81F097" stRef:documentID="xmp.did:1CA955504DE511E4A4B39A9DEA81F097"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> ......IDATx..=..U.sn.l.v...A.."J...AM.Yb....X.}F.

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:34 UTC	654	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:35 UTC	797	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:35 GMT Content-Type: application/x-javascript Content-Length: 15799 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 28 Mar 2024 02:23:53 GMT ETag: 0x8DC4ECE1D0444D4 x-ms-request-id: 49429fb1-001e-000e-2590-914783000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145335Z-15497cdd9fdhv4vv3fyv74385c00000001zg000000009q8x x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:35 UTC	15587	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7 Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57\|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sB
2024-04-19 14:53:35 UTC	212	IN	Data Raw: 4c d9 50 88 3d 11 31 a3 82 91 44 92 9b ac 27 fa 55 71 d0 e8 52 b2 83 36 27 fc b6 dc 23 94 e3 1e 80 37 6e 69 ad 92 7b 01 76 8e 29 d0 a4 f3 81 4e a5 61 fe e9 d7 44 09 47 be c4 aa 78 02 e5 da 24 f0 cf 03 17 6f 15 81 0e 9b 57 59 59 50 76 65 74 81 91 0e 08 e2 ca 8f 9f d0 09 e6 cc 63 f5 01 0c 1d b1 ff ac b6 da 7e a0 7c 70 78 3f 7a 67 ef 29 ac ad fb a8 08 00 af bb ab 0b 46 ef 41 74 8a 4c fb 39 f7 de 8d 28 4c 4b db fa 95 7d d4 f5 b7 b4 b4 70 4f 6e 04 ef ef ec d2 6a c8 b3 29 ad 7d 6c 5b d9 81 ae 31 dc 64 9c fb e5 ea ce 71 1a 0d 53 9d 56 9f d3 e9 b7 17 a3 2e 37 aa 7e fa f4 f3 9e c3 b9 43 4b 93 49 e3 0f e5 d7 ff 0f de d8 74 96 1f d7 00 00 Data Ascii: LP=1D'UqR6'#7ni{v)NaDGx$oWYYPvetc~\|px?zg)FAtL9(LK}pOnj)}l[1dqSV.7~CKIt

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:35 UTC	618	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:36 UTC	818	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:36 GMT Content-Type: application/x-javascript Content-Length: 54325 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Feb 2024 19:13:15 GMT ETag: 0x8DC2E5A2998EB1D x-ms-request-id: 26b6b65d-801e-0052-7058-92d0a9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145336Z-r1f585c6b65zhjrka46ymarxgw00000000d0000000007amf x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:36 UTC	15566	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 7b db 46 92 30 fa 7d 7f 05 85 67 46 06 4c 90 22 a9 8b 65 52 10 c7 76 92 79 bd 4f 12 fb d8 ce bc 67 8f cc c9 03 81 a0 84 98 02 b8 b8 d8 d6 88 dc df 7e aa aa ef 40 83 92 af c9 66 3c bb b1 88 46 a3 2f d5 dd d5 75 af bd fb 3b ff d1 b9 df e9 dd fd 7f 9d 97 af 1e bd 78 d5 79 f6 43 e7 d5 ff 79 fa e2 bb ce 73 78 fa af ce cf cf 5e 3d 7d f2 fd dd db c1 4e f1 bf 57 97 49 d1 59 24 cb b8 03 7f cf c3 22 9e 77 b2 b4 93 e5 9d 24 8d b2 7c 95 e5 61 19 17 9d 2b f8 37 4f c2 65 67 91 67 57 9d f2 32 ee ac f2 ec b7 38 2a 8b ce 32 29 4a f8 e8 3c 5e 66 ef 3a 2e 34 97 cf 3b cf c3 bc bc ee 3c 7d ee f5 a1 fd 18 5a 4b 2e 92 14 be 8e b2 d5 35 fc be 2c 3b 69 56 26 51 dc 09 d3 39 b5 b6 84 87 b4 88 3b 55 3a 8f f3 ce bb cb 24 ba ec fc 94 44 79 56 64 Data Ascii: k{F0}gFL"eRvyOg~@f<F/u;xyCysx^=}NWIY$"w$\|a+7OeggW28*2)J<^f:.4;<}ZK.5,;iV&Q9;U:$DyVd
2024-04-19 14:53:36 UTC	16384	IN	Data Raw: d7 26 f4 e5 ac f2 e9 76 8f df 7e 95 fe 7a ac bf f3 e6 46 fc 20 af 2c 68 22 6c ec af 0f f1 58 23 9c 57 4f 85 29 04 a2 a6 af 99 30 b3 14 9a 61 1d 83 94 a6 41 a5 e1 ba 40 8e 69 4d 84 c0 0c 7a ee 60 3d 99 b6 58 4f 32 bb c9 b1 51 33 f7 d0 cc 59 d4 64 3d a8 ea f4 ac 64 83 78 6e c2 77 d6 2c 2b 64 ba 9c e8 88 be 66 c5 8c df 66 99 b1 37 5b 0c 65 ed c6 b0 84 1d b8 27 9d b1 78 9f d1 85 0e f7 b3 61 34 de 22 6c a6 2f 35 ab 02 8b c7 89 b8 f8 6d be 19 44 1a 30 db e7 98 94 60 dc 01 03 75 61 53 a0 c6 87 a8 0e 1b 7a e3 5c 73 c0 60 ee 51 be 50 27 6e f4 b1 3e be 6e 52 fc db 7d 60 b6 9b e9 5b 3d 60 f2 fa ac ed ce 08 79 ab 13 40 ae a4 cc 80 81 49 2c 6b 50 9f d5 16 d2 7d b4 9d 74 bf 2b 55 8b fe 30 c4 64 10 31 bb 9d c9 e0 96 d3 e6 5e 6f 10 6f 75 1b 48 73 4a c9 96 29 ed 37 a6 64 Data Ascii: &v~zF ,h"lX#WO)0aA@iMz`=XO2Q3Yd=dxnw,+dff7[e'xa4"l/5mD0`uaSz\s`QP'n>nR}`[=`y@I,kP}t+U0d1^oouHsJ)7d
2024-04-19 14:53:36 UTC	16384	IN	Data Raw: 4d 1b 87 df 42 87 3b 7d 41 91 56 ce 68 80 92 6a 27 33 9a 06 05 0e 6a ee 80 44 c4 66 f1 6a 1b d6 a5 51 f4 e0 d1 11 ad 3c 3a ae a2 1c fd f7 9b 24 c3 f6 61 2e 2f 03 95 db 1a db 11 47 1c 6c 89 73 db 4d aa 52 da b0 57 db 32 bf 29 5f 14 77 2f 6b 5d 29 40 84 dd b9 1c e4 35 e5 58 be 7e cb 47 b9 bb 2a af 2e 8c 24 e3 da 82 16 69 69 c9 e0 a5 e4 f7 2e 25 75 e6 0a b6 d4 ed 8d c5 7c aa 50 dc 9c bf f5 32 fa f9 9a a1 fb 5b 8c 97 74 e1 59 21 ca 81 0c 11 73 4a 13 f3 55 f6 45 f9 3a bc a4 72 e9 69 3b 21 8d ae e3 f7 5e 42 e7 ce 71 21 e7 6f 59 7c ee e8 9b 5f a1 85 a7 01 59 7a 29 5e da 20 4b 2f c5 13 5d da b4 de 7b e9 8b e3 e6 74 04 65 da 5b 0f ca e4 1a c9 19 bf b1 7f 1f 64 ff df c5 f6 ba 6e 26 a0 b8 dd de 5a 6b db e4 cb ad 6d bf c0 ce 96 da d2 60 6a ab 5a e3 58 dc 52 e6 5f 6e Data Ascii: MB;}AVhj'3jDfjQ<:$a./GlsMRW2)_w/k])@5X~G*.$ii.%u\|P2[tY!sJUE:ri;!^Bq!oY\|_Yz)^ K/]{te[dn&Zkm`jZXR_n
2024-04-19 14:53:36 UTC	5991	IN	Data Raw: 39 35 50 78 6e 18 8b 9a 2f af 01 ef 75 bf ab b7 ae 01 f2 5d ff de 98 b0 b0 3e 49 0e 7e 63 40 3c 29 b8 d4 80 14 aa 30 32 c0 a4 8e 42 d4 35 3d 5f 18 b8 a3 11 36 4f 9a 57 c3 d9 74 ef a4 b8 f7 97 0d 0d bb 85 3e 8b 58 ca db be e7 c3 1b 78 bd b3 c3 96 68 64 69 85 5f 70 17 50 83 d8 fd 33 ab 3f bf a4 b3 1d 87 c9 32 e6 91 0b 6c 50 5a 4a f6 5c 2d 1d b3 22 79 95 55 3b 8d 66 e7 4b 13 fe f9 05 af ed 06 6b ab 90 17 34 34 0c 28 2d 2a bd f3 be c0 75 de d3 f6 02 7a 2f e0 69 a9 24 cb 5c ef 0f ef 5e 3c cd 2e 67 59 4a b6 fe 6a 52 34 68 93 b4 86 af 7e e1 84 3e d1 43 fe ac 88 cb 70 5e 4e 3a fd c3 de 59 54 c4 07 f7 85 be 29 16 8b 95 25 ab 59 35 e6 6f a8 db f0 2e 3e 7f fe 69 46 a2 81 57 38 17 aa 49 22 ed a7 b4 13 d1 92 8d eb 69 f9 16 09 1b 5c 25 e9 38 bb da 86 23 f6 4c d9 de 66 Data Ascii: 95Pxn/u]>I~c@<)02B5=_6OWt>Xxhdi_pP3?2lPZJ\-"yU;fKk44(-*uz/i$\^<.gYJjR4h~>Cp^N:YT)%Y5o.>iFW8I"i\%8#Lf

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:36 UTC	649	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:36 UTC	744	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:36 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: dab893a0-a01e-0038-0d8e-919c9e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145336Z-15497cdd9fdhjpjlhekg1m67uc0000000230000000002edv x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:36 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-19 14:53:36 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:36 UTC	620	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:37 UTC	817	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:37 GMT Content-Type: application/x-javascript Content-Length: 5512 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Feb 2024 19:13:16 GMT ETag: 0x8DC2E5A29A25668 x-ms-request-id: a60136fb-a01e-006c-5399-9153a5000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145337Z-15497cdd9fd7zlxcshs1xwhzsn00000001t000000000gy8t x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-19 14:53:37 UTC	5512	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ad 5b 7d 77 da 46 d6 ff bf 9f 42 68 f7 10 69 33 96 4d 9a b6 cf e2 aa 3e 0e 2f 09 ad 1d bb 06 b7 9b 26 39 1c 81 06 50 2c 24 55 23 8c a9 e1 bb ef ef ce 48 48 80 c0 4e 9f ed 49 0d 9a b9 73 e7 ce 9d fb 7e c5 f1 bf 2a df 68 ff d2 8e 9e ff 9f d6 ed 9d df f4 b4 ab b6 d6 7b d7 b9 69 6a d7 78 fa a0 bd bf ea 75 1a ad e7 e3 a1 4d e9 ff de c4 13 da c8 f3 b9 86 cf 81 23 b8 ab 85 81 16 c6 9a 17 0c c3 38 0a 63 27 e1 42 9b e2 6f ec 39 be 36 8a c3 a9 96 4c b8 16 c5 e1 17 3e 4c 84 e6 7b 22 c1 a2 01 f7 c3 b9 66 00 5d ec 6a d7 4e 9c 2c b4 ce b5 69 01 3f 07 36 6f ec 05 58 3d 0c a3 05 be 4f 12 2d 08 13 6f c8 35 27 70 25 36 1f 0f 81 e0 da 2c 70 79 ac cd 27 de 70 a2 5d 7a c3 38 14 e1 28 d1 62 3e e4 de 3d 36 11 33 8c 6f 6e c1 34 27 e6 9a e0 89 36 0a Data Ascii: [}wFBhi3M>/&9P,$U#HHNIs~*h{ijxuM#8c'Bo96L>L{"f]jN,i?6oX=O-o5'p%6,py'p]z8(b>=63on4'6

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:36 UTC	668	OUT	GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:37 UTC	740	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:37 GMT Content-Type: image/gif Content-Length: 2672 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 24 May 2023 10:11:47 GMT ETag: 0x8DB5C3F48EC4154 x-ms-request-id: e098ad9f-c01e-0002-3857-92b39a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145337Z-r1f585c6b65d5vlswtrybzxgus00000000g0000000006cw3 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:37 UTC	2672	IN	Data Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21 Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL&!,0<[\K8jtrg!,3^;\UK]\%Vc!,7`lo[a*Rw~i!

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:37 UTC	662	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:37 UTC	805	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:37 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: bffe64de-301e-0039-187d-91b79c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145337Z-15497cdd9fd7zlxcshs1xwhzsn00000001pg00000000s49q x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-19 14:53:37 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:37 UTC	699	OUT	GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:38 UTC	688	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control: public, max-age=86400 Content-MD5: csNmSAiML+e5tMz6/uVBEw== Content-Type: image/* Date: Fri, 19 Apr 2024 14:53:37 GMT Etag: 0x8D45FC70F77D2F3 Last-Modified: Tue, 28 Feb 2017 10:46:32 GMT Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 495cb702-601e-0014-2869-92ef56000000 x-ms-version: 2009-09-19 Content-Length: 8580 Connection: close
2024-04-19 14:53:38 UTC	8580	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 bf 00 00 00 3d 08 06 00 00 00 fc 92 b8 d5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 31 20 36 34 2e 31 34 30 39 34 39 2c 20 32 30 31 30 2f 31 32 2f 30 37 2d 31 30 3a 35 37 3a 30 31 20 20 Data Ascii: PNGIHDR=tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:38 UTC	454	OUT	GET /c1c6b6c8-a7c7ntowsa-f0zajkifoge-duabsrlwlo4ci-zdd1fg/logintenantbranding/0/bannerlogo?ts=636238755929423490 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:39 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 0 Cache-Control: public, max-age=86400 Content-MD5: csNmSAiML+e5tMz6/uVBEw== Content-Type: image/* Date: Fri, 19 Apr 2024 14:53:38 GMT Etag: 0x8D45FC70F77D2F3 Last-Modified: Tue, 28 Feb 2017 10:46:32 GMT Server: ECAcc (agc/7F07) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 495cb702-601e-0014-2869-92ef56000000 x-ms-version: 2009-09-19 Content-Length: 8580 Connection: close
2024-04-19 14:53:39 UTC	8580	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 bf 00 00 00 3d 08 06 00 00 00 fc 92 b8 d5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 31 20 36 34 2e 31 34 30 39 34 39 2c 20 32 30 31 30 2f 31 32 2f 30 37 2d 31 30 3a 35 37 3a 30 31 20 20 Data Ascii: PNGIHDR=tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:39 UTC	663	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:39 UTC	784	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:39 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49ED96E0 x-ms-request-id: 7290830d-901e-000f-258f-916c81000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145339Z-15497cdd9fdtp976bg8q1vzk2g00000001u000000000ec3v x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:39 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:40 UTC	418	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:40 UTC	784	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:40 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49ED96E0 x-ms-request-id: 7290830d-901e-000f-258f-916c81000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145340Z-15497cdd9fdzv8m91k02e66pvs00000001t000000000rm31 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:40 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://edw.sharepoint.com/edw-cda/aprile

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Windows Analysis Report
https://edw.sharepoint.com/edw-cda/aprile

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:48 UTC	620	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:49 UTC	797	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:49 GMT Content-Type: application/x-javascript Content-Length: 1664 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Feb 2024 19:13:16 GMT ETag: 0x8DC2E5A2A09A4B0 x-ms-request-id: bb541aaf-901e-005b-6069-92a3ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145348Z-r1f585c6b654pwmnf439dcuuhs00000000b0000000006xm4 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-19 14:53:49 UTC	1664	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 57 ed 73 da 36 18 ff de bf 42 f1 3e 00 8d 6d de 42 02 b4 ec ae 4d d2 25 5d d3 70 81 75 b7 0b 39 4e d8 02 2b b1 25 9f 24 43 58 c2 ff be 47 c2 06 4c 48 97 b6 b7 bb ed 96 bb 60 90 9e 97 df f3 f2 7b 24 97 5f ef bd 42 af 91 f3 f2 3f d4 eb bf bb ea a3 cb 0f a8 7f 76 7e 75 82 ba f0 eb 0f f4 f9 b2 7f 7e 7c fa 72 3b da a9 fe ef 07 54 a2 31 0d 09 82 e7 08 4b e2 23 ce 10 17 88 32 8f 8b 98 0b ac 88 44 11 7c 0a 8a 43 34 16 3c 42 2a 20 28 16 fc 96 78 4a a2 90 4a 05 4a 23 12 f2 19 2a 82 39 e1 a3 2e 16 6a 8e ce bb 25 17 ec 13 b0 46 27 94 81 b6 c7 e3 39 7c 0f 14 62 5c 51 8f 20 cc 7c 63 2d 84 1f 4c 12 94 30 9f 08 34 0b a8 17 a0 0b ea 09 2e f9 58 21 41 3c 42 a7 e0 44 26 b0 9e 77 61 23 2c 08 92 44 a1 31 17 2a 58 e2 70 51 4f 4b a6 56 a5 71 b3 Data Ascii: Ws6B>mBM%]pu9N+%$CXGLH`{$_B?v~u~\|r;T1K#2D\|C4<B* (xJJJ#9.j%F'9\|b\Q \|c-L04.X!A<BD&wa#,D1XpQOKVq

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:49 UTC	667	OUT	GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:50 UTC	785	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:50 GMT Content-Type: image/svg+xml Content-Length: 254 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F496CFFA1 x-ms-request-id: 70f439e7-c01e-002e-6d69-92d6b0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145350Z-r1f585c6b659cdz28g4n6wfx0400000000a0000000007kk1 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-19 14:53:50 UTC	254	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 50 cb 6e c3 20 10 fc 15 44 af 78 59 30 06 5c d9 96 d2 7b 7f 20 37 cb a1 06 c9 79 c8 46 21 fd fb 9a 90 f6 54 0d 9a 59 98 59 ad 96 6e bb cf e4 71 5e 2e 5b 4f 7d 8c b7 77 ce 53 4a 90 6a b8 ae 33 97 88 c8 f7 04 25 29 9c a2 ef a9 b2 94 78 17 66 1f 4b 7d 0f 2e 7d 5c 1f 3d 45 82 44 d9 fd d0 a1 8b 21 2e 6e 18 b7 cd c5 ad e3 e5 d6 4d 61 9d 16 47 a6 3d 2b 15 25 d3 77 d1 b5 c8 57 58 96 9e be 39 9d 41 f9 d0 dd c6 e8 c9 a9 a7 9f a2 06 a5 58 ad bd 80 56 8e 16 b4 62 4f 42 26 32 0c 48 cb b0 98 02 a1 31 35 7b 09 66 54 1a 1a dd 56 2d 18 23 98 01 6d 0b e5 66 ac 0c b4 56 32 3c fc d3 c7 7e c7 1e cf 0a 6c 25 34 d4 f2 d0 80 d1 ec 49 65 b8 54 4c 36 39 96 df f4 8b b1 98 16 76 57 b4 fb b0 e3 df 76 0a 33 f2 76 f9 4f 87 1f 7d d7 81 14 7b 01 00 00 Data Ascii: mPn DxY0\{ 7yF!TYYnq^.[O}wSJj3%)xfK}.}\=ED!.nMaG=+%wWX9AXVbOB&2H15{fTV-#mfV2<~l%4IeTL69vWv3vO}{

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:50 UTC	422	OUT	GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:51 UTC	805	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:51 GMT Content-Type: image/svg+xml Content-Length: 254 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F496CFFA1 x-ms-request-id: 24090a82-501e-0013-6dea-9128ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145351Z-15497cdd9fdjss27kvz4y54h1c00000001v000000000mpa5 x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-19 14:53:51 UTC	254	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 50 cb 6e c3 20 10 fc 15 44 af 78 59 30 06 5c d9 96 d2 7b 7f 20 37 cb a1 06 c9 79 c8 46 21 fd fb 9a 90 f6 54 0d 9a 59 98 59 ad 96 6e bb cf e4 71 5e 2e 5b 4f 7d 8c b7 77 ce 53 4a 90 6a b8 ae 33 97 88 c8 f7 04 25 29 9c a2 ef a9 b2 94 78 17 66 1f 4b 7d 0f 2e 7d 5c 1f 3d 45 82 44 d9 fd d0 a1 8b 21 2e 6e 18 b7 cd c5 ad e3 e5 d6 4d 61 9d 16 47 a6 3d 2b 15 25 d3 77 d1 b5 c8 57 58 96 9e be 39 9d 41 f9 d0 dd c6 e8 c9 a9 a7 9f a2 06 a5 58 ad bd 80 56 8e 16 b4 62 4f 42 26 32 0c 48 cb b0 98 02 a1 31 35 7b 09 66 54 1a 1a dd 56 2d 18 23 98 01 6d 0b e5 66 ac 0c b4 56 32 3c fc d3 c7 7e c7 1e cf 0a 6c 25 34 d4 f2 d0 80 d1 ec 49 65 b8 54 4c 36 39 96 df f4 8b b1 98 16 76 57 b4 fb b0 e3 df 76 0a 33 f2 76 f9 4f 87 1f 7d d7 81 14 7b 01 00 00 Data Ascii: mPn DxY0\{ 7yF!TYYnq^.[O}wSJj3%)xfK}.}\=ED!.nMaG=+%wWX9AXVbOB&2H15{fTV-#mfV2<~l%4IeTL69vWv3vO}{

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:53 UTC	617	OUT	GET /shared/5/js/reset-password-signinname_en_Opi7194S1KGfLCIZE3SR9A2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:54 UTC	793	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:54 GMT Content-Type: application/x-javascript Content-Length: 162398 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 11 Apr 2024 00:19:06 GMT ETag: 0x8DC59BCFFEC4889 x-ms-request-id: 69571915-c01e-002e-1969-92d6b0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145353Z-15497cdd9fdjjjvzcbyxy9ybew00000001q000000000nm6h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-19 14:53:54 UTC	15591	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6d 77 d3 48 b3 28 fa fd fe 8a c4 97 95 25 ed 74 8c 9d f0 2a a3 f1 01 92 0c cc 00 61 08 cc 0c 93 27 27 4b b1 db 89 c0 96 8c 24 27 84 c4 ff fd d6 4b bf 4a 72 80 67 9f 7d ce be 87 b5 88 5b ad 56 77 75 75 75 77 55 75 55 f5 dd ff 58 5f db cf 8b b5 69 3a 92 59 29 d7 d2 6c 92 17 b3 a4 4a f3 6c 6d 3e 95 09 64 95 52 ae 15 b2 94 d5 d6 3c 29 cb cb bc 18 6f 95 e9 59 96 66 59 32 93 27 32 eb 7e 2a bb af 5e 3e df 7b 73 b8 d7 ad be 56 6b ff 71 f7 ff 59 9f 2c b2 11 d6 11 84 d7 17 49 b1 26 45 25 32 51 88 3c be 7e fc 70 bb f7 20 32 ef e9 4d 78 dd 59 60 43 55 91 8e aa ce 00 bf 28 e2 2c 78 bc f3 e8 5e 88 df 8c ce d3 e9 f8 79 9e 55 f2 6b f5 fe 6a 2e cb 68 bd 27 46 f6 b9 f6 48 af c7 72 92 2c a6 d5 db 22 9f f3 73 5a ce a7 c9 d5 1b 80 19 1f cf Data Ascii: mwH(%ta''K$'KJrg}[VwuuuwUuUX_i:Y)lJlm>dR<)oYfY2'2~^>{sVkqY,I&E%2Q<~p 2MxY`CU(,x^yUkj.h'FHr,"sZ
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: 4f 1d b1 dd 8b 30 08 57 c9 90 6c 3f b4 48 db d9 26 74 ed ec 60 d9 33 b4 bd 17 3b f7 38 cd 68 d8 b9 8f 2d 02 33 b6 03 ed bd c8 67 f8 cd 43 0f b3 3b 8f 1c cc ee 3c f6 d1 7a af e7 21 f5 1e d4 f6 32 2b 25 da 5a dc 7b 60 f1 db c7 3e ee f7 31 01 90 ec 6f 63 02 c0 d8 df c1 04 7c b3 7f 0f 13 f0 c1 fe 7d 4c 00 00 fb 0f 30 01 4d ef 3f c4 04 34 bb ff 08 51 05 ed ed 3f c6 44 1f 2b ec 61 8a aa c6 ba b7 b1 ee 3e 56 7e 0f 2a 7f b3 98 31 3e fa 08 95 3b 54 db db f0 1a 55 84 30 2c 89 37 13 80 ba eb 5a 1c 22 79 4d ff 79 7e 44 cf e8 c9 82 bf c4 f1 79 03 ed dd f5 a2 96 09 7b 48 69 95 38 1c 61 55 c6 34 bb c2 a1 1a f5 a8 ed 38 51 d6 8e d4 b5 3e d7 ea f6 b9 ca 54 01 87 1f 1d d3 1d f2 0e 5c 51 07 3a ab 5d 28 ff 7d 7d 60 01 4c 57 a2 34 3e 7c 50 b9 5a 4f a8 17 81 b6 b5 ab 05 23 84 Data Ascii: O0Wl?H&t`3;8h-3gC;<z!2+%Z{`>1oc\|}L0M?4Q?D+a>V~*1>;TU0,7Z"yMy~Dy{Hi8aU48Q>T\Q:](}}`LW4>\|PZO#
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: 62 e3 4d ae ea b5 c5 64 19 ac bc 9d e3 48 39 7a 58 77 cd 9f 66 de 95 6a a7 56 94 83 d5 35 6c c6 73 73 bb 9a 3f 35 5a fd 21 bf 3a 9d ea c7 3c 6f 59 a9 18 01 d0 90 27 08 e0 da 50 61 e5 5d ea 6d 3d 63 e6 fa 56 56 ac 29 64 a3 c2 b9 9a 35 7e 5c 9a b1 74 a5 d1 fb 87 70 6d 63 a4 d7 fa 20 59 d9 c3 b6 45 0a 1b 75 30 6e 2d 4d 40 25 a1 be fc c0 0b 77 45 42 25 6f 54 9a 28 e9 d8 e8 8c 6c 91 a2 03 0c 4e da 63 67 55 bf 92 ea 58 ce 04 46 83 13 8a 8a 04 7b 46 7f 25 52 d7 bd 4e 07 21 25 4f 53 5c a5 48 d7 66 59 d5 8c 63 a8 66 24 fb 7b 32 2f 29 28 95 10 57 75 bc 7b 46 45 eb ff 0d 36 1b b6 4a d3 d9 13 b9 d1 61 3f 53 4f 0e df b6 a5 05 19 cb 9f 37 69 50 47 a2 ad 75 b3 a9 e1 2a d3 5a d0 f3 a9 e7 7a 2f 1a e2 ed 8e f2 27 7d 4f 8f 46 eb 48 15 22 30 d4 a6 3d a3 a5 a1 a6 d2 38 43 df Data Ascii: bMdH9zXwfjV5lss?5Z!:<oY'Pa]m=cVV)d5~\tpmc YEu0n-M@%wEB%oT(lNcgUXF{F%RN!%OS\HfYcf${2/)(Wu{FE6Ja?SO7iPGu*Zz/'}OFH"0=8C
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: a8 49 a9 16 5b 71 0a 88 ab 50 60 d6 ab 88 85 29 71 2b 33 ee f7 8c 71 83 7c 55 89 0f e6 7c 04 57 3e 06 19 71 12 30 27 5d 09 63 ad 0f 9e c1 47 d6 4d 7a 28 21 fc 6b 1c 62 cd 5d 44 82 0e 50 02 79 79 20 4b c0 d4 bb 49 dd 67 03 8a 33 e9 89 18 94 1e ff 23 7e f1 67 fd cd 55 21 27 bc ba 38 0f 3c 19 0b eb 38 61 9b 4d 8e 6d 36 39 b2 79 86 f8 25 a7 00 8d 09 fe dc 42 6d 01 fc dd 41 6d 01 fc 7d 86 da 47 72 5a 61 e7 42 b9 7a 27 9c 09 af f1 f9 2e ca f8 f0 77 0f 05 fc dc dd dd f2 50 c4 67 c7 70 8d 05 72 ce f0 2f 7c ea 08 ff 42 df 1f f0 2f 7c eb 9b 50 ba be c2 df f0 ad 03 fc 0b df fa 84 7d f7 e0 c5 af 40 07 78 74 ba c3 f6 83 03 54 dd 1e 7f fa f8 f9 d5 a7 0f 1f d9 21 fc fe 78 f0 f3 c1 ab 4f 87 1f de 9f 1d fc 76 f0 fe 13 7b 0b f7 8e 3f bf 7c f5 76 ff f8 f8 f0 fd 8f ec 63 f0 Data Ascii: I[qP`)q+3q\|U\|W>q0']cGMz(!kb]DPyy KIg3#~gU!'8<8aMm69y%BmAm}GrZaBz'.wPgpr/\|B/\|P}@xtT!xOv{?\|vc
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: 81 8e a8 bb cd ea ee ac 8b 88 16 6f 8c 57 d2 e2 65 db a2 b3 0d 91 b1 c9 9f 15 1b 3c a1 25 12 1a 62 37 d4 b3 f1 3f 53 31 0e 2c 76 b1 d4 cf 10 56 2e a0 0c 5a f1 7d 45 7d ee 81 5a 82 76 81 8a 7e 7e 56 53 01 af c3 14 ec a7 d5 86 fd 6b 6a 6e 90 53 ce 9e 5f 69 3a ed 3a 0f 36 1c df 52 65 94 3e a5 e2 f9 7d d3 84 15 83 f3 6e ad ac ec a4 8f 5a ad 4d eb 65 66 98 89 cd db e3 e6 ed 2d 04 76 52 eb 71 0b 15 42 50 e2 28 93 f6 51 10 e1 66 b5 0a ab 0b cb af ac 2c 43 fe 47 ed f5 db db 9d f4 71 a3 de a4 df ce 1a 35 d2 ed d0 d7 5a 9d be 36 d6 ac 4d d9 1e 2d 25 5c 67 15 13 f2 ad ac b4 9a 2e f5 8e 85 b0 66 75 18 bf 66 c3 a0 4e 5b 7c 81 ed a4 7c 85 f9 8e 5c ae 85 69 6d b5 99 3d f9 d6 06 fb fd 95 46 b8 79 1c fb de d9 a6 98 f3 76 c3 15 89 be 96 b6 d1 74 b0 c9 79 c9 76 f8 a0 42 84 Data Ascii: oWe<%b7?S1,vV.Z}E}Zv~~VSkjnS_i::6Re>}nZMef-vRqBP(Qf,CGq5Z6M-%\g.fufN[\|\|\im=FyvtyvB
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: 99 f8 85 4f 44 fc fa 4f 40 fc da 94 f8 01 71 72 d0 2f ef 2a 73 a4 95 72 1d 8e 4c 0d b4 ae 51 60 97 8e 06 81 d8 53 40 01 55 61 b3 eb 0c a9 b3 3c 13 43 ef e5 eb 41 2e 0c 6a c1 8a 8a 1d 47 d2 7b a1 59 4a 4b f2 1e da 0e bd 7e 87 02 a6 89 97 b6 a2 b6 a4 84 98 ab a7 55 cb 30 62 68 00 dc 2e 31 fd 42 fd 72 45 31 88 6e a6 66 58 0d a4 61 ae 7f 69 68 6e b9 a9 87 99 89 46 8d b8 af 04 19 1e d8 b2 ac 0d 29 d7 a8 64 2e 4b 49 0e ce ca c9 57 82 33 84 bd 96 88 19 d1 9b 58 13 6a 88 26 ab 5c f2 5f 58 f0 16 0e e9 34 7a 2e be f4 56 bd 8e 33 ea 27 54 b3 c1 74 ff 74 9e 71 aa 27 7d 42 58 ad 4b 47 ca 24 ef 29 08 88 da 7d 6b 2d a8 4b 1f 5e e4 ec 8e 24 63 a0 ad 80 be 32 70 a2 cc db 49 9a b0 16 b8 2a 98 dc 75 6b d0 09 5c 60 8f f3 9b 82 e9 82 34 3b af c8 01 11 d9 62 af f4 5b 8c 96 b6 Data Ascii: ODO@qr/srLQ`S@Ua<CA.jG{YJK~U0bh.1BrE1nfXaihnF)d.KIW3Xj&\_X4z.V3'Tttq'}BXKG$)}k-K^$c2pIuk\`4;b[
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: e0 4a 1c a9 94 c5 02 3e e6 90 70 8c 2b bd 2c 33 4d e1 17 3d 29 e8 94 e4 c7 28 5e e3 1b 8a 04 e4 4e 99 69 b1 d1 6c 19 49 f1 81 04 84 87 5d 45 ac 7d 6b 7b 44 2e 62 9b 51 57 16 4b b2 cb f2 65 5d 2c 11 99 e1 28 72 da 40 ee d7 02 ee 51 39 2a e6 f9 49 5c 62 b5 89 68 26 13 23 05 c8 e4 14 94 c1 56 d1 d4 36 2c 65 e9 c0 72 f8 8d 14 a4 23 10 76 41 06 12 40 14 f2 e0 fe 42 31 63 a5 c7 e4 0c 0c 79 5e 4b 09 12 9e 25 9c 26 49 a1 d0 b7 7e 6e 1e 7c fb 61 78 f0 ad 89 78 f0 83 47 e6 c1 b7 9e 88 07 3f 78 64 1e 1c a7 6a b5 67 eb 98 68 20 79 19 fb ec f4 5d 09 f3 e3 59 15 a4 0a 16 c7 36 21 60 01 a5 6b a9 2f c9 d6 c1 10 03 0c 3a 72 76 2b a1 8f 51 7a df f0 7a 92 18 93 1f 0e fb 7e b2 18 d4 2e e5 6f 25 52 68 10 46 03 a7 2f 15 02 fc bd e4 a9 16 18 07 62 c0 be ac 31 60 5f eb 56 cd 5a Data Ascii: J>p+,3M=)(^NilI]E}k{D.bQWKe],(r@Q9*I\bh&#V6,er#vA@B1cy^K%&I~n\|axxG?xdjgh y]Y6!`k/:rv+Qzz~.o%RhF/b1`_VZ
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: 2f a2 f0 73 97 91 7f 6c d4 43 b1 9b e2 85 44 d0 03 d8 5e d2 fc e9 ac 29 5f 7e 03 c8 71 b3 eb c5 71 90 1e 6b 15 0e 3d ad aa a4 be 4b 23 d2 1d 91 3e 2a 3b 10 21 c7 53 11 68 3c 1c 36 d1 7c 39 8d 31 60 36 cc 73 d8 4b 93 2c e9 d3 d3 34 4a 6d 7c 61 28 89 9e 51 e3 c6 53 d7 2f 9f 27 84 d0 b3 1c 79 5b 2f 9e a3 66 21 43 cb bb 68 de 08 45 e4 53 a1 72 e2 07 0e 2a 35 bf f8 fc c1 36 2d 33 7c 38 00 78 11 64 f9 39 ba da 46 08 1b e5 dc 17 61 5a 97 ad a2 83 bb 96 b5 a8 ac a7 e5 87 53 8b dd f5 f0 c2 22 b6 26 6c 02 48 1c 14 b2 7b f1 36 72 e8 35 f4 2d 5c dc 12 ac 16 4b 13 5c f5 ae f8 55 b7 f2 0f 75 70 42 bd d4 d5 3a 9d f3 67 79 b0 2f ca bb b4 7d f7 d0 9c d5 98 15 ac 08 cc 73 13 83 49 90 b4 5a 37 20 2a a9 d2 f5 ab 30 be 79 a4 4f 0f 7a 1c a6 41 bf 9d e8 76 51 d7 ba e0 3b 7d c1 Data Ascii: /slCD^)_~qqk=K#>;!Sh<6\|91`6sK,4Jm\|a(QS/'y[/f!ChESr56-3\|8xd9FaZS"&lH{6r5-\K\UupB:gy/}sIZ7 *0yOzAvQ;}
2024-04-19 14:53:54 UTC	16384	IN	Data Raw: ba 91 22 68 28 bc 44 9a 22 72 c4 16 a7 37 e1 b7 09 ac 60 18 89 3c 87 10 52 30 72 8c 42 e9 6c 78 61 ec 71 17 ce 71 8f 78 5d c2 48 b1 23 0b 6e 84 46 c0 20 bc a2 cc de 6c b8 cb 7d f1 15 12 bd 74 8b 70 c6 a3 87 22 18 73 ac 4c 58 c0 65 cc 9c 88 99 19 6b 8d f6 81 4b 24 f5 15 85 3c 2f 06 c0 f3 6e 10 de 62 5a 85 d2 9e 02 64 b6 87 40 04 6e e7 21 33 1b e0 e4 88 7a ba 19 bb c3 e3 79 b4 37 10 58 1a 45 16 3c 1c 93 c2 e1 60 58 64 15 7c 0a 58 1e 54 46 81 9c 59 32 80 52 62 e2 3f cb 9b d1 c7 77 f8 f0 ab f4 2c 69 c4 e5 94 5b 39 f7 ce c2 ed df a7 dd fc ec 24 44 2b 0b 67 e0 72 e2 a1 2c 23 48 dd 84 9c 86 08 47 3e 83 04 0b c9 07 5a de 60 38 ca 68 1b c6 68 04 79 40 a6 e8 78 fc 71 58 06 13 6f 0b 23 3d 28 a9 d4 64 eb d4 72 d4 64 44 b3 68 3e 9f 39 46 90 93 78 09 18 ee 1b f3 9f 2a Data Ascii: "h(D"r7`<R0rBlxaqqx]H#nF l}tp"sLXekK$</nbZd@n!3zy7XE<`Xd\|XTFY2Rb?w,i[9$D+gr,#HG>Z`8hhy@xqXo#=(drdDh>9Fx*
2024-04-19 14:53:54 UTC	15735	IN	Data Raw: f8 fd 85 3a 22 e6 73 9a e1 bb 10 0d 13 d9 94 99 c2 0a fb 2a 4a b1 fc 2b 07 1d 7a 11 45 7d 55 99 4b d6 57 86 e0 2a c8 50 44 b1 51 87 0f fc bd f0 04 28 ee 18 c5 24 00 7f e9 47 5f aa 94 13 bb c8 8b 1d 11 54 26 96 a2 26 20 12 b7 df e7 bd fe 40 f4 9e 0a cb 3b 0b 0d e9 b5 d2 55 b1 90 84 2c c6 6a 09 49 20 55 10 7e a9 52 8e 04 2f 3c 9f b9 d8 33 76 d4 a2 07 26 5f 76 78 e6 ae ad b9 91 83 35 be 61 a3 a2 f6 8a a2 76 04 36 53 6d e4 a3 8f 1c 1f cf 5b 9f b1 1f 32 ec 6c 6d 6d 56 62 ee 71 f0 68 a0 19 82 fd ca 16 88 5f ad a8 0c c9 af 94 09 ce 86 55 7a 2c 86 91 be a7 c9 6e 48 51 bc a7 51 a4 6f 43 9d 66 74 43 82 35 44 70 75 23 ab 33 ca 50 15 35 8d 57 34 38 16 95 8c 41 a2 30 a6 ae 45 d4 7e e3 46 be f2 d3 0b 4f e9 06 ba 93 b9 32 5c 5b 7b 92 4a 75 87 28 c1 fb d1 0a a8 37 f3 38 Data Ascii: :"sJ+zE}UKWPDQ($G_T&& @;U,jI U~R/<3v&_vx5av6Sm[2lmmVbqh_Uz,nHQQoCftC5Dpu#3P5W48A0E~FO2\[{Ju(78

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:55 UTC	634	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:55 UTC	787	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:55 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: 9df0a64b-a01e-007c-5b69-92e387000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145355Z-r1f585c6b659cdz28g4n6wfx0400000000g0000000007k66 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-19 14:53:55 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:55 UTC	621	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:55 UTC	806	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:55 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 66054d5e-b01e-0059-2e90-91f5be000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145355Z-15497cdd9fdjss27kvz4y54h1c000000020g000000006vcg x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-19 14:53:55 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:55 UTC	611	OUT	GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:55 UTC	819	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:55 GMT Content-Type: application/x-javascript Content-Length: 32821 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Sat, 30 Mar 2024 01:22:56 GMT ETag: 0x8DC5057EDD0C741 x-ms-request-id: 943eab35-101e-0053-3f91-91fbab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145355Z-15497cdd9fdzv8m91k02e66pvs00000001s000000000sunt x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-19 14:53:55 UTC	15565	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 69 77 db 38 b3 3f f8 7e 3e 85 c4 e9 f1 25 db b0 22 39 4b 77 a4 30 3a 89 e3 74 9c cd ee d8 59 ba dd be 3e b4 04 d9 6c cb a4 42 52 5e 62 e9 bb 4f fd 0a 0b 41 8a 4e f2 9c ff 9d 79 71 fb 74 2c 62 21 08 14 0a 85 aa 42 55 e1 de af ed d6 cb 34 6b 4d e3 91 4c 72 d9 8a 93 49 9a 5d 44 45 9c 26 ad d9 54 46 94 95 4b d9 4a 13 39 ce 37 a2 24 9a de 14 f1 28 df f8 37 3f 7e f8 e0 a4 f7 db e6 83 68 d2 3b e9 3e 94 9b 27 d1 fd f1 c9 b1 4c 3a ff e6 9d b7 3b 5b db ef f7 b7 3b c5 75 d1 fa f5 de ff e5 cd d1 4a 91 c5 a3 c2 1b f8 b9 9c 4e 3a 57 f2 64 16 8d ce b7 ce e6 c9 f9 f1 45 1e 8f 65 52 c4 c5 cd 71 1e e7 73 4a 47 e1 4f d5 5a 2c 0e 8f 82 ce 6c 9e 9f f9 87 87 9b 0f 7b 47 e2 f6 41 ef d1 e3 47 fd c9 3c 19 61 08 7e 22 a4 28 82 db a2 93 f9 32 10 Data Ascii: iw8?~>%"9Kw0:tY>lBR^bOANyqt,b!BU4kMLrI]DE&TFKJ97$(7?~h;>'L:;[;uJN:WdEeRqsJGOZ,l{GAG<a~"(2
2024-04-19 14:53:55 UTC	16384	IN	Data Raw: a2 f4 b5 4b 71 c3 bd 9a cf ff a0 97 d4 c3 ff 5f fb 97 38 c7 e0 1a bc c6 7d 7c b5 77 72 dd d3 bd 33 7d 33 7b d2 f0 ef f8 10 27 9e 47 f6 a1 8f bf 95 e6 a9 63 ae bb 8a 8d 23 42 03 78 ba d1 1b d2 6f df c9 3d d6 b9 c7 9e 3a 29 60 36 23 0d 6b 5c 14 6d 03 e9 6c 3e 25 02 be 3b 83 d9 2d 11 cd fd 9b 9c e4 87 9d 64 92 1a 38 f3 86 57 84 26 9c 3e 73 a0 36 2a 0a 4c dd 9c 84 e7 c1 fc b4 cc 41 c0 d2 4a 15 95 a1 ae cf c8 0c f7 e3 f6 aa 7a a9 9a 4c dd 4b d5 cc 2c c2 19 95 27 ad c3 0c ac 02 34 25 6c a8 8d a2 93 aa bb 9b 3b 79 79 35 89 06 0d e5 55 ea b9 33 9a 55 79 2d 12 23 95 ab 71 4a 72 de 25 62 ed a5 b4 e9 a6 10 8e 13 de ea d5 2f 9a 4f 55 8c 92 b8 43 b8 55 e0 0e 4d 8e 1b ab de 76 32 49 62 8c 88 30 da ab e9 9c fb e8 ca b3 7b 75 5a 4d fc 90 b2 ac 4d 7f cc 9d 74 ef e0 4c b4 Data Ascii: Kq_8}\|wr3}3{'Gc#Bxo=:)`6#k\ml>%;-d8W&>s6*LAJzLK,'4%l;yy5U3Uy-#qJr%b/OUCUMv2Ib0{uZMMtL
2024-04-19 14:53:55 UTC	872	IN	Data Raw: 1b 59 16 3e ca 36 2d cf 1e 40 28 00 0d ee c5 6b b7 ad 8b 69 8d bf c2 f7 ec 36 3a 49 d3 dd 34 b9 92 6d be 29 74 42 8f a0 cd 01 10 b1 97 47 61 82 f0 9e 6f 4a 94 57 7c c0 da 4b 55 1b 7d 62 5b 69 d2 2b ea ce a0 40 8d 76 4d bf 74 c5 37 97 09 0e 26 81 b8 2c 3a 01 94 7d 00 4b 28 57 1a fa 4e 71 e5 8f 38 1f 02 6d cd 49 85 56 9a ce be 5b 39 84 d5 d4 56 8a 3b b4 a1 35 26 78 ed 18 de 60 03 5a 9a d3 6c 64 66 63 c3 12 e7 fc a2 91 90 5c b1 0e 0c 7c 1d 34 53 48 68 85 d6 67 67 60 c6 59 b3 4e 2b e7 24 59 b5 6e 90 03 e2 dd e0 48 72 d5 d7 f0 4a e1 d7 9d e4 32 3d 48 4e e9 57 0c e3 d0 92 70 82 5d 73 6c e4 2a ad 85 ed a3 61 d5 d1 32 1c 27 f1 78 0c f7 b6 9f c5 63 20 44 c2 01 4e 65 9a 01 02 b5 e7 3a 2b 22 42 b7 d2 e2 ab 11 09 47 1b 31 7a 5d f3 e5 f3 eb be d5 7d 8b 7d 96 29 90 b2 Data Ascii: Y>6-@(ki6:I4m)tBGaoJW\|KU}b[i+@vMt7&,:}K(WNq8mIV[9V;5&x`Zldfc\\|4SHhgg`YN+$YnHrJ2=HNWp]sl*a2'xc DNe:+"BG1z]}})

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:56 UTC	385	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:56 UTC	786	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:56 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: f3b32704-901e-000f-6c69-926c81000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145356Z-r1f585c6b654pwmnf439dcuuhs00000000ag000000007c5k x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-19 14:53:56 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:53:56 UTC	600	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:53:57 UTC	764	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 14:53:56 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Fri, 19 Apr 2024 05:26:17 GMT ETag: 0x8DC60313D466F6C x-ms-request-id: a064eb01-201e-0055-5829-929282000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240419T145356Z-15497cdd9fdzv8m91k02e66pvs00000001rg00000000uec9 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-19 14:53:57 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-19 14:53:57 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Target ID:	0
Start time:	16:53:23
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false