Windows Analysis Report
https://insacentre-my.sharepoint.com/:o:/g/personal/christel_chevereau_insa-cvl_fr/EiRzYlzmtGdJoxpcLidnoqABdW_125MBX4mxznGrm93yrA?e=ErmP6W

Overview

General Information

Sample URL: https://insacentre-my.sharepoint.com/:o:/g/personal/christel_chevereau_insa-cvl_fr/EiRzYlzmtGdJoxpcLidnoqABdW_125MBX4mxznGrm93yrA?e=ErmP6W
Analysis ID: 715053
Infos:

Detection

HTMLPhisher
Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish10
Antivirus detection for URL or domain
Invalid 'forgot password' link found
HTML body contains low number of good links
Invalid T&C link found
No HTML title found

Classification

AV Detection

barindex
Source: https://byzo.pages.dev/ SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

barindex
Source: Yara match File source: 79553.3.pages.csv, type: HTML
Source: https://byzo.pages.dev/ HTTP Parser: Invalid link: Forgot your password?
Source: https://byzo.pages.dev/ HTTP Parser: Number of links: 0
Source: https://byzo.pages.dev/ HTTP Parser: Invalid link: Privacy & Cookies
Source: https://byzo.pages.dev/ HTTP Parser: HTML title missing
Source: https://byzo.pages.dev/ HTTP Parser: No <meta name="author".. found
Source: https://byzo.pages.dev/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: unknown DNS traffic detected: queries for: insacentre-my.sharepoint.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /:o:/g/personal/christel_chevereau_insa-cvl_fr/EiRzYlzmtGdJoxpcLidnoqABdW_125MBX4mxznGrm93yrA?e=ErmP6W HTTP/1.1Host: insacentre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/christel_chevereau_insa-cvl_fr/_layouts/15/Doc.aspx?sourcedoc=%7B5c627324-b4e6-4967-a31a-5c2e2767a2a0%7D&action=default&slrid=e6036ba0-60ed-5000-3b56-ec6f32cafafb&originalPath=aHR0cHM6Ly9pbnNhY2VudHJlLW15LnNoYXJlcG9pbnQuY29tLzpvOi9nL3BlcnNvbmFsL2NocmlzdGVsX2NoZXZlcmVhdV9pbnNhLWN2bF9mci9FaVJ6WWx6bXRHZEpveHBjTGlkbm9xQUJkV18xMjVNQlg0bXh6bkdybTkzeXJBP3J0aW1lPTNTSGZoa1NsMmtn&cid=b4d974bd-1cf6-430c-b9ae-4dde6b87b7da HTTP/1.1Host: insacentre-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEyLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjMmJkZTNkYzZmMWJkZDkyYjE0NmZlZDdhNmQyNjczYmU2YWJhMzhlODJkYTBmMzc4ZTAzZjgwM2ExNjE2NGMsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YywxMzMwOTI3ODE5NjAwMDAwMDAsMCwxMzMwOTM2NDI5NjUxNjMyOTksMC4wLjAuMCwyNTgsMjJhNzdhYTQtYjFkNS00MDJiLTkxZmItYmI2MThhM2I4YmVhLCwsZTYwMzZiYTAtNjBlZC01MDAwLTNiNTYtZWM2ZjMyY2FmYWZiLGU2MDM2YmEwLTYwZWQtNTAwMC0zYjU2LWVjNmYzMmNhZmFmYixZM20reUttZ0FrdUhLK2xRY1oyUi93LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCxtaHFjWnNqWUxCRjRjcGo3UDlReDhkdHFmOWVLMlp0d3B5NnNPVjF5OTJockVHVTM2M3pVZ0xLeVI4S0JjK3lpeVkxbmhWQ3EvOTRJbVRlV2pObkpNM3lRM29sUHJpcm1GTGJyTk9JUzZPRnBhNFUrNGV6T0xhMjNLOGdlTUc2Um5pUVVTOFp4YWNtVjJlMWEwNkNmamZ1VmljR1lXNnRZZVREdVlHZnF6Sy8zTFZsQ2dPWlQ1eUdJM2EyK1VTczBuK3BTQk1neFBRLzZzRnEvYW1WTlp3MXNDRHZiaXZzajFsNjQwdFFjV3NVQUJRbnJTUk0rdThJbEljNC9GUDh5QjUrUjJ1RXZYTUlyM21SdGxXTTRmV1l4SzNGeFYxVW8rZTZlb1pVVEhGU25jR1NIUU92NmFhc3g3SjNieEhxTXJPMlVKUXh4V01pSkhXa2hqR292b0E9PTwvU1A+
Source: global traffic HTTP traffic detected: GET /o/GetImage.ashx?&WOPIsrc=https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2F924d3cd4da7e4e62a9e70ac99fd2a5dd&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9%2EeyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTgiLCJleHAiOiIxNjY0ODQwMjk4IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjkyNGQzY2Q0ZGE3ZTRlNjJhOWU3MGFjOTlmZDJhNWRkO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDs5MDhkNGZlYWIyY2I0OWQwOTQ1ODk3MjdlYWIxYmUxYzs7VHJ1ZTs7OzE2NDUyO2U3MDM2YmEwLTcwNmUtNTAwMC00OThmLTE3NWNlNzI3YWI3ZCJ9%2EsWPE0Mi%5F9gW%5FffKnO8oq5FCtaqaFrdG7m9RJ0kI2OUcIloscTHKr52Bm2bqPxV3nAgOVmnTx98enfDYcjDeDCiTmdpNkLvz5Pnf6VPKkfv%5FbKIs%2Drbd5yUQA2Nrui2Or1BPa4YD%5FgiIPc2IM%2DuPA9Ir6q630GjwzwYZSA75ZPsah0S05fxdYbO409JtCcbuWPm9wxKF6fXuzj4a5BXymEKErX0RGpwF2EMjP87wd6ZCsbyt7Uj%5FZfliEYXMiGslCTbAsKCdwEvxJxgKuM%2DoTxwojbkKFt%2DvdVpF6s4Yko1%5FuP8G1YZ%2DuhEfXO563WQIDix6ogZ4sg4b4dLWXrpm0iw&access_token_ttl=1664840298518&ObjectDataBlobId=%7Bf163baa0-7287-46a8-a69b-124fda05d771%7D%7B1%7D&usid=f4fb35ab-872b-4831-80cd-60f1741f9c31&build=16.0.15707.41015&waccluster=GEU2&wdwacuseragent=MSWACONSync&DataUrlEnabled=true HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"haep: 1X-WacFrontEnd: AM1PEPF000094C7X-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: GEU2sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&corrid=f4fb35ab-872b-48
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-5C627324-B4E6-4967-A31A-5C2E2767A2A0&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9%2EeyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTYiLCJleHAiOiIxNjY0ODQwMjk2IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjVjNjI3MzI0YjRlNjQ5NjdhMzFhNWMyZTI3NjdhMmEwO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDsxMmNlNzM1ZTFmNGM0YjkyOTQzNGQ5Nzk4YzJmY2JiOTs7VHJ1ZTs7OzA7ZTcwMzZiYTAtNDAwNC01MDAwLTQ3MDQtOGM3OTc3Zjk2M2M5In0%2EEWb66LDcPK9or86SYiXEnS8X85go%5FGF6jrytmNe%2DVM0DP1xedkdH8%2DP7maQkiGV1uoKn2Q3P4K07W8GXPgYZ5y8fXzywqlJykkoJzCJPRAx6O%5FcBiZszwxDu1rJtgjSTldsdPBQi%2Dx4isn%5FtXs1kVY3k0U38ib%2DUTDhESo5GkrQ59aM3v5L0NqOv7JFyPd5UFya1amQrzflYMZLjlIR7Cpl8sbK80iNccduMe%5FYJ8j12fHoZippN9rN6taMKDu9wT0A9JTtAxplzwDJbTKBuRr6bA7EzroK8GpTlnMKJldwuHWyPyVYQHIAwW8osIl11pJ4nzIiwd96ynH3CffKLmQ&access_token_ttl=1664840296804 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"X-WacFrontEnd: AM1PEPF000094C7X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 1OrgIdSiteUrl: https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5FfrX-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: GEU2Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&
Source: global traffic HTTP traffic detected: GET /afhs/CloudPolicySettings.ashx HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"X-WacFrontEnd: AM1PEPF000094C7X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncx-OcpsIsEnabled: trueX-Requested-With: XMLHttpRequestX-xhr: 1x-CacheIsEnabled: falsesec-ch-ua-platform: "Windows"X-IsCoauthSession: truehaep: 1X-AccessToken: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9.eyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTYiLCJleHAiOiIxNjY0ODQwMjk2IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjVjNjI3MzI0YjRlNjQ5NjdhMzFhNWMyZTI3NjdhMmEwO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDsxMmNlNzM1ZTFmNGM0YjkyOTQzNGQ5Nzk4YzJmY2JiOTs7VHJ1ZTs7OzA7ZTcwMzZiYTAtNDAwNC01MDAwLTQ3MDQtOGM3OTc3Zjk2M2M5In0.EWb66LDcPK9or86SYiXEnS8X85go_GF6jrytmNe-VM0DP1xedkdH8-P7maQkiGV1uoKn2Q3P4K07W8GXPgYZ5y8fXzywqlJykkoJzCJPRAx6O_cBiZszwxDu1rJtgjSTldsdPBQi-x4isn_tXs1kVY3k0U38ib-UTDhESo5GkrQ59aM3v5L0NqOv7JFyPd5UFya1amQrzflYMZLjlIR7Cpl8sbK80iNccduMe_YJ8j12fHoZippN9rN6taMKDu9wT0A9JTtAxplzwDJbTKBuRr6bA7EzroK8GpTlnMKJldwuHWyPyVYQHIAwW8osIl11pJ4nzIiwd96ynH3CffKLmQx-LicensingAADIdIsEnabled: falseX-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36x-LicensingIsEnabled: truex-UserDataSignature: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImVPbU15aUItZHhmd2RnV1RuSDdhWkU0VXRNRSJ9.eyJVUE4iOiJ1cm46c3BvOmFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIlBVSUQiOiIiLCJUZW5hbnRJZCI6ImY3NDIxNDUwLWRmMTYtNDcxNC1hZGExLTM5NTM5MGNiOTFkMyIsIkZpbGVUZW5hbnRJZCI6IiIsIklzQ29uc3VtZXJVc2VyIjoiRmFsc2UiLCJJc0Fub255bW91c1VzZXIiOiJUcnVlIiwiSG9zdEVuYWJsZWRGZWF0dXJlcyI6IltdIiwiSXNPMzY1Q29uc3VtZXJIb3N0IjoiRmFsc2UiLCJJc08zNjVDb21tZXJjaWFsSG9zdCI6IlRydWUiLCJVc2VyT2JqZWN0SWQiOiIiLCJMb2NhbFN0b3JhZ2VLZXkiOiJUL1pHU2RtTndCUjljK1FhS01GVENpUnR6WU82TmZpUGQ0aWVqTmtoajVnPSIsImlzcyI6IldBQyIsImV4cCI6MTY2NDgwNTYxNywibmJmIjoxNjY0ODA0Mjk3fQ.EwlIBoEhIM5wyvm5XGu2Uxc6H0_ZS2kaSFQmRw7YYP0YqLRhWnKSwuS7EOILeWpuG5JJ5HG7TV_UEsz8vYOw9MBn5moQ8C8Ywv5n2iDy4F2xj4Isfede8ld1xEEcoXN8rap7floFnz4qxPwt8xCABKRjuGm84wYZ3wzgGe7vjb-cP34sUYMIODpegGb
Source: global traffic HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&corrid=f4fb35ab-872b-4831-80cd-60f1741f9c31&usid=f4fb35ab-872b-4831-80cd-60f1741f9c31&sftc=1&cac=1&mtf=1&sfp=1&readonly=1&wdredirectionreason=Force_SingleStepBoot&rct=Medium&ctp=LeastProtectedAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-5C627324-B4E6-4967-A31A-5C2E2767A2A0&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9%2EeyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTYiLCJleHAiOiIxNjY0ODQwMjk2IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjVjNjI3MzI0YjRlNjQ5NjdhMzFhNWMyZTI3NjdhMmEwO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDsxMmNlNzM1ZTFmNGM0YjkyOTQzNGQ5Nzk4YzJmY2JiOTs7VHJ1ZTs7OzA7ZTcwMzZiYTAtNDAwNC01MDAwLTQ3MDQtOGM3OTc3Zjk2M2M5In0%2EEWb66LDcPK9or86SYiXEnS8X85go%5FGF6jrytmNe%2DVM0DP1xedkdH8%2DP7maQkiGV1uoKn2Q3P4K07W8GXPgYZ5y8fXzywqlJykkoJzCJPRAx6O%5FcBiZszwxDu1rJtgjSTldsdPBQi%2Dx4isn%5FtXs1kVY3k0U38ib%2DUTDhESo5GkrQ59aM3v5L0NqOv7JFyPd5UFya1amQrzflYMZLjlIR7Cpl8sbK80iNccduMe%5FYJ8j12fHoZippN9rN6taMKDu9wT0A9JTtAxplzwDJbTKBuRr6bA7EzroK8GpTlnMKJldwuHWyPyVYQHIAwW8osIl11pJ4nzIiwd96ynH3CffKLmQ&access_token_ttl=1664840296804 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"X-WacFrontEnd: AM1PEPF000094C7X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 1OrgIdSiteUrl: https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5FfrX-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: GEU2Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-5C627324-B4E6-4967-A31A-5C2E2767A2A0&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9%2EeyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTYiLCJleHAiOiIxNjY0ODQwMjk2IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjVjNjI3MzI0YjRlNjQ5NjdhMzFhNWMyZTI3NjdhMmEwO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDsxMmNlNzM1ZTFmNGM0YjkyOTQzNGQ5Nzk4YzJmY2JiOTs7VHJ1ZTs7OzA7ZTcwMzZiYTAtNDAwNC01MDAwLTQ3MDQtOGM3OTc3Zjk2M2M5In0%2EEWb66LDcPK9or86SYiXEnS8X85go%5FGF6jrytmNe%2DVM0DP1xedkdH8%2DP7maQkiGV1uoKn2Q3P4K07W8GXPgYZ5y8fXzywqlJykkoJzCJPRAx6O%5FcBiZszwxDu1rJtgjSTldsdPBQi%2Dx4isn%5FtXs1kVY3k0U38ib%2DUTDhESo5GkrQ59aM3v5L0NqOv7JFyPd5UFya1amQrzflYMZLjlIR7Cpl8sbK80iNccduMe%5FYJ8j12fHoZippN9rN6taMKDu9wT0A9JTtAxplzwDJbTKBuRr6bA7EzroK8GpTlnMKJldwuHWyPyVYQHIAwW8osIl11pJ4nzIiwd96ynH3CffKLmQ&access_token_ttl=1664840296804 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"X-WacFrontEnd: AM1PEPF000094C7X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 1OrgIdSiteUrl: https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5FfrX-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: GEU2Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&
Source: global traffic HTTP traffic detected: GET /me?partner=OneNoteOnline&version=10.22108.2&market=FR-FR&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://euc-onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://euc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-5C627324-B4E6-4967-A31A-5C2E2767A2A0&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9%2EeyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTYiLCJleHAiOiIxNjY0ODQwMjk2IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjVjNjI3MzI0YjRlNjQ5NjdhMzFhNWMyZTI3NjdhMmEwO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDsxMmNlNzM1ZTFmNGM0YjkyOTQzNGQ5Nzk4YzJmY2JiOTs7VHJ1ZTs7OzA7ZTcwMzZiYTAtNDAwNC01MDAwLTQ3MDQtOGM3OTc3Zjk2M2M5In0%2EEWb66LDcPK9or86SYiXEnS8X85go%5FGF6jrytmNe%2DVM0DP1xedkdH8%2DP7maQkiGV1uoKn2Q3P4K07W8GXPgYZ5y8fXzywqlJykkoJzCJPRAx6O%5FcBiZszwxDu1rJtgjSTldsdPBQi%2Dx4isn%5FtXs1kVY3k0U38ib%2DUTDhESo5GkrQ59aM3v5L0NqOv7JFyPd5UFya1amQrzflYMZLjlIR7Cpl8sbK80iNccduMe%5FYJ8j12fHoZippN9rN6taMKDu9wT0A9JTtAxplzwDJbTKBuRr6bA7EzroK8GpTlnMKJldwuHWyPyVYQHIAwW8osIl11pJ4nzIiwd96ynH3CffKLmQ&access_token_ttl=1664840296804 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"X-WacFrontEnd: AM1PEPF000094C7X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 1OrgIdSiteUrl: https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5FfrX-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: GEU2Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&
Source: global traffic HTTP traffic detected: GET /o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=FR-FR&WOPIsrc=https%3A%2F%2Finsacentre%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristel%5Fchevereau%5Finsa%2Dcvl%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFrUFRFTzRYU0N4c3hXOTBHMl9Zd1lWRGdIYyJ9%2EeyJhdWQiOiJ3b3BpL2luc2FjZW50cmUtbXkuc2hhcmVwb2ludC5jb21AZjc0MjE0NTAtZGYxNi00NzE0LWFkYTEtMzk1MzkwY2I5MWQzIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE2NjQ4MDQyOTYiLCJleHAiOiIxNjY0ODQwMjk2IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGMyYmRlM2RjNmYxYmRkOTJiMTQ2ZmVkN2E2ZDI2NzNiZTZhYmEzOGU4MmRhMGYzNzhlMDNmODAzYTE2MTY0YyIsInNoYXJpbmdpZCI6IlkzbSt5S21nQWt1SEsrbFFjWjJSL3ciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6IjVjNjI3MzI0YjRlNjQ5NjdhMzFhNWMyZTI3NjdhMmEwO01NSW9kVHVrMnhacDRTTFIyUlQ3cU9HcTNsTT07RGVmYXVsdDsxMmNlNzM1ZTFmNGM0YjkyOTQzNGQ5Nzk4YzJmY2JiOTs7VHJ1ZTs7OzA7ZTcwMzZiYTAtNDAwNC01MDAwLTQ3MDQtOGM3OTc3Zjk2M2M5In0%2EEWb66LDcPK9or86SYiXEnS8X85go%5FGF6jrytmNe%2DVM0DP1xedkdH8%2DP7maQkiGV1uoKn2Q3P4K07W8GXPgYZ5y8fXzywqlJykkoJzCJPRAx6O%5FcBiZszwxDu1rJtgjSTldsdPBQi%2Dx4isn%5FtXs1kVY3k0U38ib%2DUTDhESo5GkrQ59aM3v5L0NqOv7JFyPd5UFya1amQrzflYMZLjlIR7Cpl8sbK80iNccduMe%5FYJ8j12fHoZippN9rN6taMKDu9wT0A9JTtAxplzwDJbTKBuRr6bA7EzroK8GpTlnMKJldwuHWyPyVYQHIAwW8osIl11pJ4nzIiwd96ynH3CffKLmQ&access_token_ttl=1664840296804 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"haep: 1X-WacFrontEnd: AM1PEPF000094C7X-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31sec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.15707.41015X-Key: 5CkbCfV/c5WRPlfo2bTVsG0FKIqu826w6sof/5159dg=,638004010975601703X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: GEU2sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=fr%2DFR&rs=fr%2DFR&wopisrc=https%3A%2F%2Finsacentre-my.sharepoint.com%2Fpersonal%2Fchristel_chevereau_insa-cvl_fr%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F5c627324b4e64967a31a5c2e2767a2a0&wdenableroaming=1&mscc=0&wdodb=1&hid=E7036BA0-4004-5000-4704-8C7977F963C9&wdorigin=Sharing&wdhostclicktime=1664836694371&jsapi=1&jsapiver=v1&newsession=1&corrid=f4fb35ab-872b-4831-80cd-60f1741f9c31&usid=f4fb35ab-872b-4831-80cd-60f1741f9c31&sftc=1&cac=1&mtf=1&sfp=1&readonly=1&wdredirectionreason=Force_SingleStepBoot&rct=Medium&ctp=L
Source: global traffic HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1664836715499 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://euc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=f4fb35ab-872b-4831-80cd-60f1741f9c31&build=16.0.15707.41015 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://insacentre-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://insacentre-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: byzo.pages.devConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: byzo.pages.devConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://byzo.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: privateContent-Length: 1233Content-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 29e95b3b-2d2c-4583-9918-7c697492702cX-UserSessionId: f4fb35ab-872b-4831-80cd-60f1741f9c31Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: AM1PEPF000094C6X-OfficeVersion: 16.0.15707.41015X-OfficeCluster: GEU2X-OFFICEFD: AM1PEPF000094C6X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5X-MSEdge-Features: tasmigration015,typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5X-MSEdge-Ref: Ref A: 22680BBB133A4FE0B994DF86C4D9566A Ref B: AMS231032603029 Ref C: 2022-10-03T13:38:35ZDate: Mon, 03 Oct 2022 13:38:35 GMTConnection: close
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
Source: classification engine Classification label: mal56.phis.win@31/0@17/13
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1788,i,15895415173541107671,4193211191602431059,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://insacentre-my.sharepoint.com/:o:/g/personal/christel_chevereau_insa-cvl_fr/EiRzYlzmtGdJoxpcLidnoqABdW_125MBX4mxznGrm93yrA?e=ErmP6W
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1788,i,15895415173541107671,4193211191602431059,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs