Windows Analysis Report
https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx

Overview

General Information

Sample URL:	https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx
Analysis ID:	1432033
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.50.112.60
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/illustration?ts=636653285771727824 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/bannerlogo?ts=636653285794869566 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /413c6f2c-219a-4692-97d3-f2b4d80281e7/winauth/ssoprobe?client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&_=1714119774446 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/bannerlogo?ts=636653285794869566 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/illustration?ts=636653285771727824 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OPO44S6P34Rep+y&MD=xWfBAnxw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OPO44S6P34Rep+y&MD=xWfBAnxw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: mtoolsrdp.cipportal.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com

Source: chromecache_84.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_83.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_83.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_89.1.dr, chromecache_76.1.dr, chromecache_84.1.dr, chromecache_83.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_70.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_70.1.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/42@20/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2016,i,14251139044072459043,17456004277073657222,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2016,i,14251139044072459043,17456004277073657222,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
40.126.29.9	autologon.microsoftazuread-sso.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
192.178.50.68	www.google.com	United States	15169	GOOGLEUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16
192.168.2.4

Contacted Domains

Name	IP	Active
part-0013.t-0009.t-msedge.net	13.107.213.41	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
www.google.com	192.178.50.68	true
autologon.microsoftazuread-sso.com	40.126.29.9	true
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
mtoolsrdp.cipportal.com	unknown	unknown
login.microsoftonline.com	unknown	unknown
aadcdn.msftauthimages.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimages.net/dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/illustration?ts=636653285771727824	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://autologon.microsoftazuread-sso.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/winauth/ssoprobe?client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&_=1714119774446	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	false		high
https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	false		high
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	URL Reputation: safe	unknown
https://aadcdn.msftauthimages.net/dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/bannerlogo?ts=636653285794869566	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:22:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	98B544026EEBB100723818A4EBCC06B8	57FB71FCF4D5204E7CF912ED8B82FF4F5B4AAFD4	3390EFFCEFFDC9C0B9F9B02465013C75E31595D24D728FCAED07B10B929EB8AA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:22:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	38559098F3BC521F52F2CC38A675C67A	42D969E07824B9D649013E18A1B87188FFD1F1A4	B67E485DCE9BB445D59FF88BD71B07B09F463D7843D8DB8C07A58E35B1D9A4C0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	09214064D6E362D165A380A1F985D09F	35303C4518A6D1EAAD07EC01545F3DA078DDAA39	47D30423EF931F86550CF5DF6EE865E490326921A9595D450A741AB7E47C72F6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:22:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CD9A979072718A579B5AF69F340C1ECA	74B0522BAD648A7BC416DD27AA6F43B0782EC16F	19DAF32FF001C873B47DFB6F7AADC544A9D5F02D018C2605A3EEAA7A7E66A8C8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:22:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FAA6B42E17CC8E5BA145CDC84A401842	C14CD48CEDDFD77416D4A8E019FA75D45F6D70FD	7805A4F55BA012AA1FCF56711319AE164CBDC0849DD07E5B780AEF002B6B74E7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 07:22:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3899C28506EC493AB3AEAF98FC546015	E51DC817B77A70116FA64F6E89A2E5BA56EDC831	BA24F20EDC4FB2214153CE122DAA4EA956CF3FA4852087239BC4B4ED28B23418
Chrome Cache Entry: 70	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 71	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 72	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 73	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 74	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 75	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 76	ASCII text, with very long lines (64612)	5B0E3778C74235B06DA49808DD8DF90A	AD25897B0870B81568412F55B19898E406CC11B3	7530B843A86F3155CE07CDA787A40DA87052664B09C22F3D4DB5E9238664DBE0
Chrome Cache Entry: 77	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 78	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 79	ASCII text, with very long lines (61177)	D62B4EDEB512B07ABEF4688E27ECDDE3	981A7825DA5E29938AB6FE0CBFE2DB622F7B8333	4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41
Chrome Cache Entry: 80	PNG image data, 113 x 30, 8-bit/color RGBA, non-interlaced	A7BC639D9B013DD64AB8A74C7EB95AF9	36F7C5D9EF6F919C856E22F6E9594C6A1DC54284	A15CCF8C9E16FDF927CB6AFD36F57214BA1C31E55DABF308FE135B5C3C2D5696
Chrome Cache Entry: 81	PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced	7055E181DF20E2676BC4590CE937B4FB	F2E80D33B0FD502CA65A36AEE7DF72D1CEDEEBF9	EA7FBD9E4DA86A0EF72FD26060646569FCB742B20879ABFB4FEE58E67A687050
Chrome Cache Entry: 82	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 83	ASCII text, with very long lines (64616)	8C74AB954A2C743D71C5B99C47F94C34	3FF62FDC7AD0AAA2D36EBA473DC28ECDD0F6D4E4	B449CE27BB6C0352DC780DBA81B4D323D4808DAEEE064DD934CEC65B67BE8D46
Chrome Cache Entry: 84	ASCII text, with very long lines (43896)	5252837FFA272234E1CBF2D3D83EF32C	CAA4E48A54A2B1CA09327E42F24F6031FDF21CDA	DF2E852C347ECF82F70A0C8A4B91713FBB0914D58F2CBAB01316BFE646ABEE7C
Chrome Cache Entry: 85	Unicode text, UTF-8 text, with very long lines (32153)	976055749170B7AF7B5F38AE857A56B2	E3D736B8BC648B97AA403A7283ED6985A6FCF6B2	190D2504B5C2EFE44DCE83474157D309A62DF8FA2B6BDF5D52B2CDDC1EB9E0D7
Chrome Cache Entry: 86	PNG image data, 113 x 30, 8-bit/color RGBA, non-interlaced	A7BC639D9B013DD64AB8A74C7EB95AF9	36F7C5D9EF6F919C856E22F6E9594C6A1DC54284	A15CCF8C9E16FDF927CB6AFD36F57214BA1C31E55DABF308FE135B5C3C2D5696
Chrome Cache Entry: 87	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 88	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141339	DAF955BF2112F74E4F78B2187A8D6BEF	231CE9BE42327A3BC1AA7F48C03ABA46740DC456	72D3BBFFAAD400572BF853223BFFD96DC0CC6A336CFA7F3452259BF468590A4D
Chrome Cache Entry: 89	ASCII text, with very long lines (14735)	82B3E71D28044021BF3BBA30A8B1B613	508FD0047F49E7965707F0B58708A59D6A62C528	49BD3382F2D2C171947474FC65B701DED717BF69A6E88505B84DA1D69B3C2F1E
Chrome Cache Entry: 90	PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced	7055E181DF20E2676BC4590CE937B4FB	F2E80D33B0FD502CA65A36AEE7DF72D1CEDEEBF9	EA7FBD9E4DA86A0EF72FD26060646569FCB742B20879ABFB4FEE58E67A687050

HTML body contains low number of good links

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/413c6f2c-219a-4692-97d3-f2b4d80281e7/oauth2/authorize?response_type=code&client_id=9c2c30ca-472d-445e-a538-c1e256abbac0&scope=openid&nonce=4acd6c6c-c1c0-4228-bbaa-067eb341aeeb&redirect_uri=https%3a%2f%2fmtoolsrdp.cipportal.com%2fRDWeb%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fmtoolsrdp.cipportal.com%5c%2fRDWeb%5c%2fPages%5c%2fen-US%5c%2fpassword.aspx%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2261dc37df-4b2a-4dea-93c8-1f746796426a%22%7d%23EndOfStateParam%23&client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.50.112.60
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/illustration?ts=636653285771727824 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/bannerlogo?ts=636653285794869566 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /413c6f2c-219a-4692-97d3-f2b4d80281e7/winauth/ssoprobe?client-request-id=61dc37df-4b2a-4dea-93c8-1f746796426a&_=1714119774446 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/bannerlogo?ts=636653285794869566 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-xoratm8w-1hsdnhw-plcslp10ux1czvjkkvg2vlitfu/logintenantbranding/0/illustration?ts=636653285771727824 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OPO44S6P34Rep+y&MD=xWfBAnxw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OPO44S6P34Rep+y&MD=xWfBAnxw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: mtoolsrdp.cipportal.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com

Source: chromecache_84.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_83.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_83.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_89.1.dr, chromecache_76.1.dr, chromecache_84.1.dr, chromecache_83.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_70.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_70.1.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/42@20/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2016,i,14251139044072459043,17456004277073657222,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2016,i,14251139044072459043,17456004277073657222,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1432033
Product:	CloudBasic
Start time:	10:22:21
Start date:	26.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://mtoolsrdp.cipportal.com/RDWeb/Pages/en-US/password.aspx