Windows Analysis Report
https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc

Overview

General Information

Sample URL:	https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc
Analysis ID:	1432192
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49765 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc HTTP/1.1Host: esantegouv.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sites/GED-Calypso/espace-projets/_layouts/15/Authenticate.aspx?Source=%2Fsites%2FGED%2DCalypso%2Fespace%2Dprojets%3Fe%3D1%253A89e0ab13bf664a7a934564dea0253fdc HTTP/1.1Host: esantegouv.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2fsites%2fGED-Calypso%2fespace-projets%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252FGED%252DCalypso%252Fespace%252Dprojets%253Fe%253D1%25253A89e0ab13bf664a7a934564dea0253fdc&Source=cookie HTTP/1.1Host: esantegouv.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRnNpdGVzJTJGR0VEJTJEQ2FseXBzbyUyRmVzcGFjZSUyRHByb2pldHMlM0ZlJTNEMSUyNTNBODllMGFiMTNiZjY2NGE3YTkzNDU2NGRlYTAyNTNmZGM=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+YGPeomb2VsMfUU&MD=SOTdARar HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/illustration?ts=637787140288729782 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/bannerlogo?ts=637719609708651854 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/bannerlogo?ts=637719609708651854 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/illustration?ts=637787140288729782 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_f7fbb7540d7be2ae771b.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_G9nzWSnqBfHRIaMd4FEm5g2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+YGPeomb2VsMfUU&MD=SOTdARar HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: esantegouv.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global traffic	DNS traffic detected: DNS query: account.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714143234053&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: chromecache_99.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_100.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_100.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_100.2.dr, chromecache_116.2.dr, chromecache_107.2.dr, chromecache_99.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_86.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_86.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49765 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/67@26/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2224,i,15247115325435003209,870430601353658888,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2224,i,15247115325435003209,870430601353658888,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
142.250.64.164	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
part-0013.t-0009.t-msedge.net	13.107.246.41	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
www.google.com	142.250.64.164	true
cs1227.wpc.alphacdn.net	192.229.211.199	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
account.live.com	unknown	unknown
acctcdn.msftauth.net	unknown	unknown
esantegouv.sharepoint.com	unknown	unknown
aadcdn.msftauthimages.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_f7fbb7540d7be2ae771b.js	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/js/reset-password-signinname_en_G9nzWSnqBfHRIaMd4FEm5g2.js	false	Avira URL Cloud: safe	unknown
https://esantegouv.sharepoint.com/_forms/default.aspx?ReturnUrl=%2fsites%2fGED-Calypso%2fespace-projets%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252FGED%252DCalypso%252Fespace%252Dprojets%253Fe%253D1%25253A89e0ab13bf664a7a934564dea0253fdc&Source=cookie	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimages.net/c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/illustration?ts=637787140288729782	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauthimages.net/c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/bannerlogo?ts=637719609708651854	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/images/favicon.ico?v=2	false	URL Reputation: safe	unknown
https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	false		high
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js	false	Avira URL Cloud: safe	unknown
https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets/_layouts/15/Authenticate.aspx?Source=%2Fsites%2FGED%2DCalypso%2Fespace%2Dprojets%3Fe%3D1%253A89e0ab13bf664a7a934564dea0253fdc	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	false		high
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	false	URL Reputation: safe	unknown
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg	false	URL Reputation: safe	unknown
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:54:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	90D6608543AA67F21F468534A672BC8D	13A54CF687AF6ECCED12785BDA70854F26BEB559	0953BBB044F8CA44B06EF3EC78C90AA38894D7D2760AF84B751E3999F1688576
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:54:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	413B10953288D7D6F9E6283E90EA8142	5718E4FB61813AD8AABC3B2151C0F058F598EAD7	21EE3EADBD59398624AFDBBF0C7DA121DE13554135CD46AB336FB556655B37E2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	928353C93B4D318B8036F2C5015875E0	7DFA96C95EEA8560D2D107375BE636F0745E3FEC	859A293CBB19BF6BFE21F09EC3A38D9E09C37224E9C1553D9A6DC6F5A5EC236E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:54:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AD0A6F021396B320A438D2729483DD3A	5F96330848D4E60F3C73FEBEDFA9C21FF7DEF48A	49D0398A13EB8649413961BFCCE586FBC35425904007ABFC1C95D6B63E7E2A0B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:54:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CF20EE45B51B282A0787094C1EBA172C	89D1058142E164770C132B168D484F46ACD4C878	03C8821646889661774CEBF8CFE364E03B23E83291EFEF14C56C6145E52A2EC7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:54:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BFA47D7DC65C011EC8F068B6D3F97D1F	FDE3C94736CADF9D21BA4AA803D838AFEAC78EB2	9DF6792B38C92CDBAD4BE1C156DB1F864AA3956527E85EC6E7B7E02E100A9FE6
Chrome Cache Entry: 100	ASCII text, with very long lines (64616)	E1A045E1C764CBEF88DC2A5C87B2683F	84EF9C034E98D0295AF6039028304C9EDDB638CA	FA449B79237B05BC9CDBEDBB7879082EE80F1AF5FB423C5E18408B0167A67505
Chrome Cache Entry: 101	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 102	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced	5FB3137E735878A6DE49F9EC57958B3A	A5E79DDBC57B554F22B3582853A8C68AB5CCE749	696B479178E098D33AA32052A0B28922961E7EA5844FF2B435FC292E6A4EBF30
Chrome Cache Entry: 103	ASCII text, with very long lines (65450)	1BD9F35929EA05F1D121A31DE05126E6	B79777B9D4E02290AB13CF998D28D5086C2CD665	337AB3867F27F04F36A3121BB7C5322D6FCFE734B28899FDF1833C866974BFA4
Chrome Cache Entry: 104	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 105	ASCII text, with very long lines (65436)	D390AA6A6D257834D807D8E7DDC90968	6A6EFD105DBBEB099D25998A38875808D83AF5C8	D755D7CE744425DEE51A3BD8CBA9B2A789D96C584C9958082B557FEB70F226D9
Chrome Cache Entry: 106	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 107	ASCII text, with very long lines (3757)	3631AA6B55B811946DE4FC289031778B	8CD792280A0594585289DBA2748D51FE81904AC7	3957106AD7B920D6D8E73EF7B9DE532CAE05E78DF5DB847777F73193AA4086A8
Chrome Cache Entry: 108	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced	5FB3137E735878A6DE49F9EC57958B3A	A5E79DDBC57B554F22B3582853A8C68AB5CCE749	696B479178E098D33AA32052A0B28922961E7EA5844FF2B435FC292E6A4EBF30
Chrome Cache Entry: 109	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 110	ASCII text, with very long lines (61177)	D62B4EDEB512B07ABEF4688E27ECDDE3	981A7825DA5E29938AB6FE0CBFE2DB622F7B8333	4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41
Chrome Cache Entry: 111	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 112	ASCII text, with very long lines (65536), with no line terminators	4877EFC88055D60953886EC55B04DE34	2341B026A3E2A3B01AFA1A39D1706840D75E09B3	8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0
Chrome Cache Entry: 113	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 114	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 115	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 116	ASCII text, with very long lines (64612)	B6783C7717E4042517138D9C9A48C867	7A7D6B0F36C2A3B557F1A75461630D433E5F4942	4BE11C075187615ADAF493D54CB7B05556E76806AED2B3B082D72952D0025BE5
Chrome Cache Entry: 117	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 118	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 119	SVG Scalable Vector Graphics image	F83EBFF69A4A1685E4DC9650CDAB8886	FD21658884945B00157557AE06803DAA6A9F10C6	7B1669DA90261CDB1483950BB480AD96875F84B09BC48D1055303CE94821BF64
Chrome Cache Entry: 120	PNG image data, 275 x 60, 8-bit/color RGBA, non-interlaced	28E61D2C069911C8E9898202D86C3E9C	820798AFF16B80DCE4DB6D744E6C8F9C3A1890BD	F82B7E5219B5CC01D69CB9A5BBAE72B05624B58577AE8032BC8DC78F6CF9D3BA
Chrome Cache Entry: 121	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 122	ASCII text, with no line terminators	7F6C2F2EC0AC79AF93AC42E55601E0D8	8DE377E67C5B4919C767A044051BFD52C77A985E	5F1077DECBD2768AD99AF5D592C4DDE934F19682BB8BAD05599F9D403344DA27
Chrome Cache Entry: 86	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 87	SVG Scalable Vector Graphics image	2D8F86059BE176833897099EE6DDEDEB	93A2E327027DEED53076E86BFA7D9EEBBF0CC4B9	34D8DA073F47030EE94B99D84FBE68E3345BD8AAA37EA909FF2DA00238447486
Chrome Cache Entry: 88	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 89	SVG Scalable Vector Graphics image	F83EBFF69A4A1685E4DC9650CDAB8886	FD21658884945B00157557AE06803DAA6A9F10C6	7B1669DA90261CDB1483950BB480AD96875F84B09BC48D1055303CE94821BF64
Chrome Cache Entry: 90	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 91	Unicode text, UTF-8 text, with very long lines (32153)	D0BAE222726165C1EB13D010782BCC3E	96224469F74A5B6EC8677953BDBCE9A880837C8F	1121CA08C71EC80299176C89AEC37F6D35F6A77C0D6C2F08EA25F034F057C3A6
Chrome Cache Entry: 92	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 93	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 94	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 95	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 96	PNG image data, 275 x 60, 8-bit/color RGBA, non-interlaced	28E61D2C069911C8E9898202D86C3E9C	820798AFF16B80DCE4DB6D744E6C8F9C3A1890BD	F82B7E5219B5CC01D69CB9A5BBAE72B05624B58577AE8032BC8DC78F6CF9D3BA
Chrome Cache Entry: 97	SVG Scalable Vector Graphics image	2D8F86059BE176833897099EE6DDEDEB	93A2E327027DEED53076E86BFA7D9EEBBF0CC4B9	34D8DA073F47030EE94B99D84FBE68E3345BD8AAA37EA909FF2DA00238447486
Chrome Cache Entry: 98	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141305	39D9433B35E581765AD76E19ECED2394	9A7D10B60067EF8B4F91519428B2D0A934A45966	9834FA7CFC5ABB48CE82A9A57027CDD5F9958B21B3048D6E497D87B414E0A55C
Chrome Cache Entry: 99	ASCII text, with very long lines (43896)	764E526CEF65C9F062BB8E83D8EBCE0B	F5166F7B003CBE1B171BE88AA65D2E3FD2331366	474CE0790CEB18A100CEBAF1AC0915A51389FCAE0830C3B44BFA1E365D40B2B4

HTML body contains low number of good links

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/508449d3-d632-429b-97ce-f8ad22b3a7e7/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=B1F249E7919ACE9BAD2671FDCEF78793C0DFC4489A39E2D7%2DD6F34C44ECEC0B6161755B6ECA4640BC06A193FD5F57951A71D5213F074AE60C&redirect%5Furi=https%3A%2F%2Fesantegouv%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=35d122a1%2Df0f7%2D8000%2D9f00%2D9b0014cd2e9c&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f508449d3-d632-429b-97ce-f8ad22b3a7e7%2freprocess%3fctx%3drQQIARAAnVFNa9RQAEyabeyurV2KoBdBQk-t2X0vecnLW-ghmw9av2oXFesHy0vy1k27m2yTbO0HBfHkoYde_QDRg0I9KJ6kp-KxINRrf4FU0OLFerOLF4_FOQzDHIZhZkyAJVgZBX-hyj2WQaMBZZ_11D9IRgrFl9IX7dcB9_AF94w7_bn0fJPXmlnWSSvlMktplLH7cXexlDZpwjpxGGUlP26X6404aaflgDVot5WVaNpZ-sjzuzz_lec3-xaq0FUQcTCBxLQcUjVtRcfQtS3HxQYmqgVs10LIIKZKHMXGsq27KjpyHMuxQFWHOsSaVtUdy0Q6AlUL6CYkqmtrroaJBk0MbU2BqgswMh0dWHt9w9NmN2sqPYqTcIX97Mv3OtY7cZo9FXLTNniwKRxrlA_CqAYMhEigyoGuKjJSiCcT7DO5YdBAUTyVYoZ3BDHusCgMdnP8fm4QCJWBgUKRO8ud5w5z_Kv-o2nPrS9bb-Mz7jswd_fN72lup788F2be1djLWGZ2HYSJQS8hOJka5sxluxYnN2_PTjWntJmLdmJMKBW4IfIborgl5geEIicJ1jV4IPKPT3Bb-f87afckvzcIC3k_9hIaBWEwMgqhFxjAUGUDMyAj6Gmy52FDBp6PVN-gBjPo3iAqiH6Lhu10ZGxVCoN6Fs-zSKqsSkvttO77PbVIW12WSpU70lFN6d7a2tqjoWOlbw9xh6def_vxaX37yffJ_eELk2ltfCkN0ZXOcnCLRE2dZrWV6xTd8Fut2RkLRVptvLpw01_w5yfeF7k_0&mkt=en-US	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49765 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc HTTP/1.1Host: esantegouv.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sites/GED-Calypso/espace-projets/_layouts/15/Authenticate.aspx?Source=%2Fsites%2FGED%2DCalypso%2Fespace%2Dprojets%3Fe%3D1%253A89e0ab13bf664a7a934564dea0253fdc HTTP/1.1Host: esantegouv.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2fsites%2fGED-Calypso%2fespace-projets%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252FGED%252DCalypso%252Fespace%252Dprojets%253Fe%253D1%25253A89e0ab13bf664a7a934564dea0253fdc&Source=cookie HTTP/1.1Host: esantegouv.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRnNpdGVzJTJGR0VEJTJEQ2FseXBzbyUyRmVzcGFjZSUyRHByb2pldHMlM0ZlJTNEMSUyNTNBODllMGFiMTNiZjY2NGE3YTkzNDU2NGRlYTAyNTNmZGM=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+YGPeomb2VsMfUU&MD=SOTdARar HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/illustration?ts=637787140288729782 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/bannerlogo?ts=637719609708651854 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/bannerlogo?ts=637719609708651854 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-nowj-am0fesmo29ge-ccj9qvhqktmypdk17lvyq-tu/logintenantbranding/0/illustration?ts=637787140288729782 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_f7fbb7540d7be2ae771b.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_G9nzWSnqBfHRIaMd4FEm5g2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+YGPeomb2VsMfUU&MD=SOTdARar HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: esantegouv.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global traffic	DNS traffic detected: DNS query: account.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net

Source: unknown

Source: chromecache_99.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_100.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_100.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_100.2.dr, chromecache_116.2.dr, chromecache_107.2.dr, chromecache_99.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_86.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_86.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49765 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/67@26/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2224,i,15247115325435003209,870430601353658888,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2224,i,15247115325435003209,870430601353658888,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1432192
Product:	CloudBasic
Start time:	16:53:20
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://esantegouv.sharepoint.com/sites/GED-Calypso/espace-projets?e=1%3A89e0ab13bf664a7a934564dea0253fdc