Windows Analysis Report
https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2

Overview

General Information

Sample URL:	https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2
Analysis ID:	1431670
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.18:49777 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.35
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.35
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /8DC6524B7BA4BE6-3-2 HTTP/1.1Host: urlshortener.teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+3LuncmL5GvGc6o&MD=ofF4+heM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+3LuncmL5GvGc6o&MD=ofF4+heM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAWtQnwbmX7VUoIL0A/0tuvmSMZ%2BUrAnALtIsyGvaqn6qiETbPN0SqiXClK1ON7nmG5huWfeacitoN9verPGjadPlbqSuFx/IlcU8VZniYn%2BjduDxGw29/39CJ8ex/eMHqeEJ3Uvh/hOEXKeozkjY3zO%2BW0tg5mv070rrp%2B1oqJqrpi5/5rqctXDElUyF7BBNvmOBevoKEqS5WQaW7xF4%2Bw8YSl9O82jw%2B6HIalQw8Aoq6Viy7ymyYKRg4Kyd8jwSd14lpuWubgVPxp33TymrpIuqYqeZpwaI1TeeVG8mEWSvYABLtZTJSjs0MzrrKorNjYM3UUjrPKWXEm3IU8kNsi8DZgAACM1847Xs3kD3qAHaU97LFBxO6d9AtzDDDxCglyNcSvu/TsIJFiWE02vohY9Tf5UHNE/vaa45XWFlcPqPJnRMgNVE7Z27Qfo4NzmZzvrZQmEpedh/CMCF9q5fQ2jQBZW3xUpHtwAwEv1PGLr4av8XqL7E1rGsiXSz2nEXC2ej8x7Btb1TYqEdgv0R7Kyz1iGJB8bnKSVEei9XsCLkZszBqgyw5VM7w00ciM0bdV3lWRSHzMMev2p6rbOX7AcfE54xFJf2HidiYcC3%2BvQCh6VwHG3lr2OgdMpQlErZ34YwFhzkLA/pgWsKmIbXXBEJdrDd1/V%2B2Imu6qaVtG2ISAPpDfWH%2BVPh9sJ6w8r7HwMqiKHLhBiHH6qgBNvxuQUx0iWZVNp9GTY2tMSds1V2%2BkAZUMphZmn1CjFjxgeE3vhHI/0ycKk6UEJIL8bkLRthkXgiGg8wXSbJ9CpY4XRF1RTkdE3CmGN9zPY3IcB7mpP0cSyxJgeO1tobr1MsA%2BpWgBLEYY4inl4W/SyR3KNSXMMfKYoVPWPqENW3uskui0DIXCaCN9HVaVNyoCK/%2BsUnlmbHSTDz2gE%3D%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1714053490User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: B3ADC63356A4439E878B0AB53C27ABEAX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C

Source: global traffic	DNS traffic detected: DNS query: urlshortener.teams.cloud.microsoft
Source: global traffic	DNS traffic detected: DNS query: teams.live.com
Source: global traffic	DNS traffic detected: DNS query: statics.teams.cdn.live.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: chromecache_92.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_83.2.dr	String found in binary or memory: http://rock.mit-license.org
Source: chromecache_83.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_92.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_102.2.dr	String found in binary or memory: https://api.spaces.skype.com/.default
Source: chromecache_92.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_83.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_102.2.dr	String found in binary or memory: https://local.teams.office.com/#/calendar?meetingId=AA
Source: chromecache_84.2.dr, chromecache_91.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_115.2.dr, chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: chromecache_115.2.dr, chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/discovery/v2.0/keys
Source: chromecache_115.2.dr, chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/token
Source: chromecache_95.2.dr, chromecache_87.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Source: chromecache_84.2.dr, chromecache_91.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedcss-launcher/launcher.d6cd10b8b26b2130799c.css
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedjs-launcher/launcher.3c5b23498b3a051ad013.js
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedjs-launcher/polyfills.1f5a03d113c6ac7b91f5.js
Source: chromecache_102.2.dr	String found in binary or memory: https://teams.live.com/api/mt

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.18:49777 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/75@22/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1972,i,12641275858175302215,10052665692327869527,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1972,i,12641275858175302215,10052665692327869527,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
52.123.129.14	s-0005.dual-s-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.147	www.google.com	United States	15169	GOOGLEUS	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.18

Contacted Domains

Name	IP	Active
part-0013.t-0009.t-msedge.net	13.107.246.41	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
www.google.com	64.233.177.147	true
s-0005.dual-s-msedge.net	52.123.129.14	true
urlshortener.teams.cloud.microsoft	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
statics.teams.cdn.live.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
teams.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	false		high
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	false		high
https://teams.live.com/dl/launcher/launcher.html?url=%2F_%23%2Fl%2Fchat%2F19%3Auni01_2hqxtwyf57dbz2miswffeciw5d4epfpr7i4h5u5gvnh7pqd4slpq%40thread.v2%2Fconversations%3FtenantId%3D9188040d-6c67-4c5b-b112-36a304b66dad%26launchAgent%3DES%26laEntry%3DMAE%26v%3DMAE5%26lm%3Ddeeplink%26lmsrc%3Demail%26emltid%3D10459c8b-4325-4997-8dae-4b4abe8055d7%26linkpos%3D1%26emltype%3DNew_Activities_TFL%26linktype%3DNew_ChatActivity_TFL&type=chat&deeplinkId=bda27838-9a4c-4bf2-b95e-469b509bf49f&directDl=true&msLaunch=true&enableMobilePage=true&suppressPrompt=true	false		high
https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2	false		unknown
https://teams.live.com/?tenantId=9188040d-6c67-4c5b-b112-36a304b66dad#/l/chat/19:uni01_2hqxtwyf57dbz2miswffeciw5d4epfpr7i4h5u5gvnh7pqd4slpq@thread.v2/conversations?tenantId=9188040d-6c67-4c5b-b112-36a304b66dad&launchAgent=ES&laEntry=MAE&v=MAE5&lm=deeplink&lmsrc=email&emltid=10459c8b-4325-4997-8dae-4b4abe8055d7&linkpos=1&emltype=New_Activities_TFL&linktype=New_ChatActivity_TFL&deeplinkId=46105036-5060-4449-b6d3-8dc1b42e2e8b	false		high
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:57:18 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	24A350E9023CE06D3416BB22586E0168	303FDB8E3979933F7ABDC959AE6F3C8116F6DE50	1DFBEB21430233E59ADC7BF20B2E35C982D92D99DFB266A181D775744F362BC6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:57:18 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	76552F7F13D2608602D3E29682602992	6F9F9478597D8B71BAADB3D3429D86EFAEED18A0	C1D47FA5A5B75A45E825CB96596FD596E31CE4BF1BB06D9E1832BDB4A2391B8C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	E1C802EE6D54A2A0295805F5B62ABDD7	8EE3CC0CCDD809BB5E253FCA5060EECE34E89F30	8B6B1919287737FF05A44E7597B6ED0172BE339B2E46A79213E9513F1C8C9DEC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:57:18 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	AFB3BF3712D12027D675DA2B751289A0	8FB6551893838DABE9193E6B674322B7814275A8	A2BF7471A27E5CE7355F7F92D754DC9B5D9E2299CABBFE8F76856E6D88F08FC9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:57:18 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	8A4D683B4CD5DC84C56EEAC9F3FCCBBA	D199071DDED8CFC2C36F83CAC2AA61C6C197A6C3	CFF0E3A6C0EA9DCD253B766D9DFECE09548534FB7A1218F7B616045CD55A2012
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:57:18 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	38169EB2EA636E684EAC43F9B3F1817F	A3E0AADC9E6C611879FA67A7D281216A18D7A5C8	60B51A900EC50BFAD5E5ACD10BCBDD37FCB92DABF69BA261D5110AEBCE19371F
Chrome Cache Entry: 100	JSON data	3E2129EC7EE0D22D5874D661893921C0	E6B20A5603F8B9292D46E2A74E32D1DDC6229196	C45868384DFD77121A6D62BA32304628C211FDC6D471CB985348D731890B6E96
Chrome Cache Entry: 101	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 102	ASCII text, with very long lines (412)	949453D1480A64378AD4536FB876114F	0D1858ADA65AAF0B993D253220DC5B5F6AFB04FE	F76C464631DA0535CD4669C03BE3A08F9D4BA74520F1C4C0D4FC91C1CEFDA027
Chrome Cache Entry: 103	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227	0868DA2DD5EFFED92904047439E49D48	D760173E5E6B25461B0D2A0B32D384FE659B2338	8C41E973CB5EE0194EBF3BAA0716EEEB57EED53552F042E200190E3C37F08CFD
Chrome Cache Entry: 104	SVG Scalable Vector Graphics image	570F11D9E530B70ED3FCC44B355C1D64	824EF8F872B2E7F86CF5AD2F6FFC6D2EE4018FDE	DCDA18533910157B38C266C465CE4E099C77DAC8F2DB94C21BEDE074A5A7583C
Chrome Cache Entry: 105	ASCII text, with very long lines (65449)	1C620C053F64B1CC6580EB0976B03CF1	CE0F97846637599FDBA6C151FE37CF5B932DFCE0	DE1C3258200DE22E0EB2850183FBC4EA15A1E39C4C5D979B88015D4EEA549F3B
Chrome Cache Entry: 106	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 107	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 108	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 109	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 110	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759	799F880143F17E47C4EFDBB3FF35A54C	8CECC74EB422322F78EDE1111F175A28725CCA9F	EA70CC2977F4DEB5236041A7A0628FA671FB8AD20A5E9E3FD6885A11359EF2FE
Chrome Cache Entry: 111	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 112	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 113	HTML document, Unicode text, UTF-8 text, with very long lines (16913), with no line terminators	5125FEC98454804FDF6FFBF4F41DADF0	0DC560C437FA2D16530E59BD90328E41CAD7AF33	BA1F5F0A795411C9E3EBBA6F38F44E93EAEE918F23E52315858FBAC841B8D0B3
Chrome Cache Entry: 114	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 115	JSON data	3E2129EC7EE0D22D5874D661893921C0	E6B20A5603F8B9292D46E2A74E32D1DDC6229196	C45868384DFD77121A6D62BA32304628C211FDC6D471CB985348D731890B6E96
Chrome Cache Entry: 116	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 117	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 118	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 119	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071	978A6C1AA934E5B1C5320D515FD25662	64636EF3E1AD607F095DBA6CB01447AC133B483D	D1963B1837F4087E988FD18BB4CF25B38D61D675C4B6A6FC01158BD39945F10A
Chrome Cache Entry: 120	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 121	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 122	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 123	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084	92A840DC3D177339DAE03FEDF22A22B5	C1C9A6E6442388D07A9D9D72C12DA25094D6920F	4A986BA8875F22A0EABC356112A6790F90E114ADB72EAEC4632E03812EC1EDE4
Chrome Cache Entry: 124	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657	57911010756C90D58754C91EF1EE2765	BAA48FEF4866D7DAFD9F59417745EE838F0E63CA	87C5385BA17F84CC25FB7BBE1EDB4169BC702842BD74B758ACDC130986D55BC2
Chrome Cache Entry: 83	Unicode text, UTF-8 text, with very long lines (32062)	6F216E8CCC75B0546E4C6B08EF6B315D	9197148E5BF973F64E0FF23CABB413A014424A5D	BADD4EEE14E40C55248444F234FED775A1A813EEDC98FFFE3A01C0420064562D
Chrome Cache Entry: 84	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 85	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 86	SVG Scalable Vector Graphics image	EE0F7622A71A597595C5A8FB2F89A097	0D9768FDBA8B1D89A6DBA27D5CECC27737BF5CDD	433388EFC4567EF14D3FED6F2DA976D457D43D09F6753E289C7FE544E0175281
Chrome Cache Entry: 87	JSON data	9FCE93410EB828E0EDF41D3F021D93E2	1584BC813F34E9B7356C6BD05CB2A14EC52E1590	F463580C98FD336D4E69E7DCA36CF345A81A5E402F61D9F870EAE9D8C4E59DE9
Chrome Cache Entry: 88	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 89	MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	2B4509D8A869917BBC5CE10982956619	DC21BD40ED9B873779F855026F253BDD3322723D	397EDDF44E1BF7E557B0B4F5173DA95D8FD832B6F2F10D6E41C17DC539D5A822
Chrome Cache Entry: 90	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 91	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 92	ASCII text, with very long lines (45563)	0A1A5BA009FB1F25E3F3D036D8CF26CE	8E9E6A11CED0807252C34DCA1D8C7C2390D1A5CA	94153F2A6DAAE35DFCB61DC987E2D4310B7CA021E36375E87D8B8C641C0C6121
Chrome Cache Entry: 93	SVG Scalable Vector Graphics image	570F11D9E530B70ED3FCC44B355C1D64	824EF8F872B2E7F86CF5AD2F6FFC6D2EE4018FDE	DCDA18533910157B38C266C465CE4E099C77DAC8F2DB94C21BEDE074A5A7583C
Chrome Cache Entry: 94	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15708	98421BE6893CF3AA929C5F6C4A0C5C67	2BB411BB6B6C31AE02B81F199C90219717F718AF	019D26044CCF18F979DFBB8677828FA36BF5CBFC529CECD942644CFE86D90D04
Chrome Cache Entry: 95	JSON data	9FCE93410EB828E0EDF41D3F021D93E2	1584BC813F34E9B7356C6BD05CB2A14EC52E1590	F463580C98FD336D4E69E7DCA36CF345A81A5E402F61D9F870EAE9D8C4E59DE9
Chrome Cache Entry: 96	ASCII text, with very long lines (4212)	62624B374594C5B37AC2840166D36869	4F1ED0D897D0A729DB319A914DDC0607875C39C6	80270CC751ED1DE7959C538CD7032E811207AF63B73477A446865AA3870ED3F8
Chrome Cache Entry: 97	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 98	SVG Scalable Vector Graphics image	EE0F7622A71A597595C5A8FB2F89A097	0D9768FDBA8B1D89A6DBA27D5CECC27737BF5CDD	433388EFC4567EF14D3FED6F2DA976D457D43D09F6753E289C7FE544E0175281
Chrome Cache Entry: 99	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=4b3e8f46-56d3-427f-b1e2-d239b2ea6bca&redirect_uri=https%3A%2F%2Fteams.live.com%2Fgo&state=eyJpZCI6ImEyMDY2NDE4LTcyNjQtNGNmNC1iYTRjLTc4ZThiY2VlMjZiMyIsInRzIjoxNzE0MDUzNDUxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=539c480e-d8b2-40c4-9d3c-3d892a76377c&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&nopa=2&client-request-id=786f855e-c771-495a-ac7f-188dfe5e225c&response_mode=fragment&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.18:49777 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.200.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.35
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.35
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /8DC6524B7BA4BE6-3-2 HTTP/1.1Host: urlshortener.teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+3LuncmL5GvGc6o&MD=ofF4+heM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+3LuncmL5GvGc6o&MD=ofF4+heM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAWtQnwbmX7VUoIL0A/0tuvmSMZ%2BUrAnALtIsyGvaqn6qiETbPN0SqiXClK1ON7nmG5huWfeacitoN9verPGjadPlbqSuFx/IlcU8VZniYn%2BjduDxGw29/39CJ8ex/eMHqeEJ3Uvh/hOEXKeozkjY3zO%2BW0tg5mv070rrp%2B1oqJqrpi5/5rqctXDElUyF7BBNvmOBevoKEqS5WQaW7xF4%2Bw8YSl9O82jw%2B6HIalQw8Aoq6Viy7ymyYKRg4Kyd8jwSd14lpuWubgVPxp33TymrpIuqYqeZpwaI1TeeVG8mEWSvYABLtZTJSjs0MzrrKorNjYM3UUjrPKWXEm3IU8kNsi8DZgAACM1847Xs3kD3qAHaU97LFBxO6d9AtzDDDxCglyNcSvu/TsIJFiWE02vohY9Tf5UHNE/vaa45XWFlcPqPJnRMgNVE7Z27Qfo4NzmZzvrZQmEpedh/CMCF9q5fQ2jQBZW3xUpHtwAwEv1PGLr4av8XqL7E1rGsiXSz2nEXC2ej8x7Btb1TYqEdgv0R7Kyz1iGJB8bnKSVEei9XsCLkZszBqgyw5VM7w00ciM0bdV3lWRSHzMMev2p6rbOX7AcfE54xFJf2HidiYcC3%2BvQCh6VwHG3lr2OgdMpQlErZ34YwFhzkLA/pgWsKmIbXXBEJdrDd1/V%2B2Imu6qaVtG2ISAPpDfWH%2BVPh9sJ6w8r7HwMqiKHLhBiHH6qgBNvxuQUx0iWZVNp9GTY2tMSds1V2%2BkAZUMphZmn1CjFjxgeE3vhHI/0ycKk6UEJIL8bkLRthkXgiGg8wXSbJ9CpY4XRF1RTkdE3CmGN9zPY3IcB7mpP0cSyxJgeO1tobr1MsA%2BpWgBLEYY4inl4W/SyR3KNSXMMfKYoVPWPqENW3uskui0DIXCaCN9HVaVNyoCK/%2BsUnlmbHSTDz2gE%3D%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1714053490User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: B3ADC63356A4439E878B0AB53C27ABEAX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C

Source: global traffic	DNS traffic detected: DNS query: urlshortener.teams.cloud.microsoft
Source: global traffic	DNS traffic detected: DNS query: teams.live.com
Source: global traffic	DNS traffic detected: DNS query: statics.teams.cdn.live.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: chromecache_92.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_83.2.dr	String found in binary or memory: http://rock.mit-license.org
Source: chromecache_83.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_92.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_102.2.dr	String found in binary or memory: https://api.spaces.skype.com/.default
Source: chromecache_92.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_83.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_102.2.dr	String found in binary or memory: https://local.teams.office.com/#/calendar?meetingId=AA
Source: chromecache_84.2.dr, chromecache_91.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_115.2.dr, chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: chromecache_115.2.dr, chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/discovery/v2.0/keys
Source: chromecache_115.2.dr, chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/token
Source: chromecache_95.2.dr, chromecache_87.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Source: chromecache_84.2.dr, chromecache_91.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedcss-launcher/launcher.d6cd10b8b26b2130799c.css
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedjs-launcher/launcher.3c5b23498b3a051ad013.js
Source: chromecache_113.2.dr	String found in binary or memory: https://statics.teams.cdn.live.net/hashedjs-launcher/polyfills.1f5a03d113c6ac7b91f5.js
Source: chromecache_102.2.dr	String found in binary or memory: https://teams.live.com/api/mt

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.200.91:443 -> 192.168.2.18:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.18:49777 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/75@22/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1972,i,12641275858175302215,10052665692327869527,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1972,i,12641275858175302215,10052665692327869527,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1431670
Product:	CloudBasic
Start time:	15:56:45
Start date:	25.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://urlshortener.teams.cloud.microsoft/8DC6524B7BA4BE6-3-2