Edit tour

Windows Analysis Report
https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753

Overview

General Information

Sample URL:	https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753
Analysis ID:	1517216
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=1940,i,13434837305207668078,1596451000190815801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=b720a3b7-4d38-45e8-9574-cfa084d133e3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=ouuhe336Xuva4TdKvRlJrHq81FcmQLUeFe8qVO-tijY&code_challenge_method=S256&nonce=d00eb0a8-87a2-4ad7-b224-9fbf173bfe99&state=eyJpZCI6ImYwYmJiMTQyLThmMGItNGU1OC04NWI2LTk2ZTU3ZTVhMTZhNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/illustration?ts=637145429326126917 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/bannerlogo?ts=637145433474602723 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/bannerlogo?ts=637145433474602723 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/illustration?ts=637145429326126917 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msauthimages.net

Source: chromecache_101.2.dr, chromecache_85.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_101.2.dr, chromecache_85.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_101.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_105.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_105.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE
Source: chromecache_79.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_122.2.dr, chromecache_106.2.dr	String found in binary or memory: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/discovery/v2.0/keys
Source: chromecache_122.2.dr, chromecache_106.2.dr	String found in binary or memory: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/token
Source: chromecache_122.2.dr, chromecache_106.2.dr	String found in binary or memory: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/v2.0
Source: chromecache_82.2.dr, chromecache_113.2.dr	String found in binary or memory: https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/v2.0/.well-known/openid-confi
Source: chromecache_79.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/73@18/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=1940,i,13434837305207668078,1596451000190815801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=1940,i,13434837305207668078,1596451000190815801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_102.2.dr, chromecache_115.2.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_102.2.dr, chromecache_115.2.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://login.microsoftonline.com	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php)	0%	URL Reputation	safe
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/v2.0/.well-known/openid-confi	0%	Avira URL Cloud	safe
https://aadcdn.msauthimages.net/dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/bannerlogo?ts=637145433474602723	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js	0%	Avira URL Cloud	safe
https://aadcdn.msauthimages.net/dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/illustration?ts=637145429326126917	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/token	0%	Avira URL Cloud	safe
https://github.com/douglascrockford/JSON-js	0%	Avira URL Cloud	safe
http://knockoutjs.com/	0%	Avira URL Cloud	safe
https://login.windows-ppe.net	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/discovery/v2.0/keys	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/v2.0	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true	false	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
sni1gl.wpc.upsiloncdn.net	152.199.21.175	true	false	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
aadcdn.msauthimages.net	unknown	unknown	false	unknown
identity.nel.measure.office.net	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msauthimages.net/dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/bannerlogo?ts=637145433474602723	false	Avira URL Cloud: safe	unknown
https://aadcdn.msauthimages.net/dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/illustration?ts=637145429326126917	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://login.microsoftonline.com	chromecache_79.2.dr	false	URL Reputation: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_101.2.dr, chromecache_85.2.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/v2.0/.well-known/openid-confi	chromecache_82.2.dr, chromecache_113.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js	chromecache_105.2.dr, chromecache_103.2.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/discovery/v2.0/keys	chromecache_122.2.dr, chromecache_106.2.dr	false	Avira URL Cloud: safe	unknown
http://knockoutjs.com/	chromecache_101.2.dr, chromecache_85.2.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/oauth2/v2.0/token	chromecache_122.2.dr, chromecache_106.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/douglascrockford/JSON-js	chromecache_101.2.dr, chromecache_85.2.dr	false	Avira URL Cloud: safe	unknown
https://login.windows-ppe.net	chromecache_79.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE	chromecache_105.2.dr, chromecache_103.2.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/652337df-160d-4078-b508-ef6f12d0d753/v2.0	chromecache_122.2.dr, chromecache_106.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.upsiloncdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1517216
Start date and time:	2024-09-24 21:14:53 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/73@18/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.78, 64.233.167.84, 142.250.185.131, 34.104.35.123, 20.190.152.23, 40.126.24.16, 20.190.152.80, 20.190.152.144, 40.126.24.145, 40.126.32.129, 40.126.32.131, 40.126.32.6, 40.126.32.66, 40.126.32.140, 40.126.32.68, 20.190.160.20, 20.190.160.14, 40.126.32.136, 20.190.160.22, 40.126.32.74, 40.126.32.72, 20.50.73.4, 40.126.31.67, 20.190.159.73, 20.190.159.71, 40.126.31.71, 20.190.159.23, 40.126.31.69, 20.190.159.75, 20.190.159.0, 40.126.32.76, 40.126.32.134, 40.126.32.138, 40.126.32.133, 20.190.160.17, 20.50.201.205, 95.101.54.226, 95.101.54.225, 20.190.159.4, 40.126.31.73, 20.190.159.68, 52.165.165.26, 216.58.212.170, 142.250.185.74, 142.250.186.138, 142.250.184.202, 142.250.184.234, 142.250.186.106, 142.250.185.138, 172.217.18.106, 142.250.186.170, 142.250.185.202, 142.250.185.234, 142.250.186.74, 142.250.185.106, 172.217.16.202, 142.250.185.170, 142.250.181.234, 199.232.214.172, 192.229.221.95, 20.3.187.198, 20.242.39.171, 216.58.206.67
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443
Category:	downloaded
Size (bytes):	16326
Entropy (8bit):	7.987374325584103
Encrypted:	false
SSDEEP:	384:GTwafLJjHlgnek9V15z6Brrwb9tYt3skOUAQC1:GTtTJjHlgneqTz658ht/eAQw
MD5:	C217AE35B8592DC9F1E680487DAD094F
SHA1:	2E642562C2BFD8968629317FF212684C7EB59193
SHA-256:	D41992E79D7BCFCC1F32597208DD99033D99C04882EAFCC8508F2FA0EE728C6B
SHA-512:	EAF3BF49BCF58A7F7C39CBF35FD75862FEE98F611536080DFC794D288274CB9D67E95D0299679F7981E110B2577A47579D3623C7F11A6AC2A0CFA56AAEA2CAB0
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
Preview:	...........}Ms#.......\.@..'F.........C)$....`.......Q.x7...}..'.}..?e#...QU]....Vo.................?........w!......=.G...P.../......8z....q._5....g..}g..31......l...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.>............4....F,&c.)n.[.pcQp...4...6...i.............CkL=....'.\..L......2.A..o.u..."p.. Xx.......'l.[w..'c/^.FP.....q.h4.R+X.x...d..M.}.Z,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.\|..........JAs.j.7.....?.)..t.z.-..m.]..3y...3@.3YO.KSz]...4.b........V..+.%.[.&........l.H>G.^<..{.$"..-.i.........`qcw...`.[....as[.+.X...n..X..%,:......am."a....^o@@.`].....( (b...k..B.0.....AX.D.?...,..-<@k.;..(*..C.]...:.nn..8..s...."4.. ...J...P.n....F.3G..u..;9&.{.2.80.XB.....@.qw.:../.`.P?.+t..w6.a~..7...8k..U._......k,..o.....yQ..r.....}.E...B.r......?{...\fB....-.).Fb.;.p.N?(..P.?..p....F........)p..,`l...o@.;.x.....:..f.E....<0..#K\...K(?K/OX

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 24, 2024 21:15:53.835083008 CEST	53	56023	1.1.1.1	192.168.2.4
Sep 24, 2024 21:15:53.835175037 CEST	53	57267	1.1.1.1	192.168.2.4
Sep 24, 2024 21:15:55.016437054 CEST	53	58454	1.1.1.1	192.168.2.4
Sep 24, 2024 21:15:55.186093092 CEST	53	63268	1.1.1.1	192.168.2.4
Sep 24, 2024 21:15:57.420403004 CEST	49257	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:15:57.421885967 CEST	52231	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:15:57.428843021 CEST	53	49257	1.1.1.1	192.168.2.4
Sep 24, 2024 21:15:57.430253029 CEST	53	52231	1.1.1.1	192.168.2.4
Sep 24, 2024 21:15:59.101241112 CEST	62752	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:15:59.101596117 CEST	52260	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:00.641431093 CEST	61931	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:00.641932964 CEST	52717	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:01.926958084 CEST	50025	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:01.927288055 CEST	60857	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:03.161210060 CEST	58648	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:03.161358118 CEST	58098	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:03.167964935 CEST	53	58098	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:03.168529987 CEST	53	58648	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:04.614403963 CEST	52356	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:04.614783049 CEST	58792	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:04.621507883 CEST	53	52356	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:04.622579098 CEST	53	58792	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:05.164858103 CEST	56739	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:05.165467024 CEST	63300	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:07.472248077 CEST	52946	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:07.472389936 CEST	56789	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:07.563438892 CEST	53	53009	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:07.647037029 CEST	138	138	192.168.2.4	192.168.2.255
Sep 24, 2024 21:16:09.513581038 CEST	55575	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:09.514081955 CEST	64524	53	192.168.2.4	1.1.1.1
Sep 24, 2024 21:16:12.529383898 CEST	53	51147	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:31.340104103 CEST	53	52409	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:53.100625992 CEST	53	63980	1.1.1.1	192.168.2.4
Sep 24, 2024 21:16:53.973706007 CEST	53	60029	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:00 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-24 19:16:00 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=250214 Date: Tue, 24 Sep 2024 19:16:00 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:01 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-24 19:16:01 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=250159 Date: Tue, 24 Sep 2024 19:16:01 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-24 19:16:01 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:03 UTC	635	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:04 UTC	750	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4111587 Cache-Control: public, max-age=31536000 Content-MD5: bedopN8eDQBhzbUu8GNGxA== Content-Type: application/x-javascript Date: Tue, 24 Sep 2024 19:16:04 GMT Etag: 0x8DCB563C85A43C4 Last-Modified: Mon, 05 Aug 2024 15:32:14 GMT Server: ECAcc (lhc/78A8) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: fb594470-e01e-0006-2151-e9b2d8000000 x-ms-version: 2009-09-19 Content-Length: 141866 Connection: close
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 22 5d 2c 5b 22 23 32 30 32 30 32 30 22 5d 29 2c 73 3d 65 28 72 2c 5b 22 34 35 2c 35 30 2c 35 34 22 5d 2c 5b 22 23 32 64 33 32 33 36 22 5d 29 2c 75 3d 65 28 72 2c 5b 22 32 35 35 2c 32 35 30 2c 32 33 39 22 5d 2c 5b 22 23 66 66 66 61 65 66 22 5d 29 3b 69 66 28 6f 7c 7c 61 7c 7c 73 29 72 65 74 75 72 6e 22 62 6c 61 63 6b 22 3b 69 66 28 69 7c 7c 75 29 72 65 74 75 72 6e 22 77 68 69 74 65 22 7d 7d 7d 2c 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 26 26 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f Data Ascii: "],["#202020"]),s=e(r,["45,50,54"],["#2d3236"]),u=e(r,["255,250,239"],["#fffaef"]);if(o\|\|a\|\|s)return"black";if(i\|\|u)return"white"}}},getComputedStyle:function(e){return document.defaultView&&document.defaultView.getComputedStyle?document.defaultView.getCo
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 33 35 35 37 22 2c 50 50 5f 45 5f 4f 54 54 5f 44 41 54 41 5f 49 4e 56 41 4c 49 44 3a 22 38 30 30 34 33 34 38 46 22 2c 50 50 5f 45 5f 4f 54 54 5f 41 4c 52 45 41 44 59 5f 43 4f 4e 53 55 4d 45 44 3a 22 38 30 30 34 33 34 39 30 22 2c 50 50 5f 45 5f 4f 54 54 5f 49 4e 56 41 4c 49 44 5f 50 55 52 50 4f 53 45 3a 22 38 30 30 34 33 34 39 36 22 2c 50 50 5f 45 5f 50 50 53 41 5f 52 50 54 5f 4e 4f 54 4f 41 44 44 52 45 53 53 3a 22 38 30 30 34 38 31 32 30 22 2c 50 50 5f 45 5f 53 54 52 4f 4e 47 50 52 4f 43 45 53 53 5f 42 41 44 44 45 56 49 43 45 4e 41 4d 45 3a 22 38 30 30 34 39 43 32 32 22 2c 50 50 5f 45 5f 49 4e 4c 49 4e 45 4c 4f 47 49 4e 5f 49 4e 56 41 4c 49 44 5f 53 4d 53 3a 22 38 30 30 34 33 34 45 31 22 2c 50 50 5f 45 5f 49 4e Data Ascii: _PASSWORD:"80043557",PP_E_OTT_DATA_INVALID:"8004348F",PP_E_OTT_ALREADY_CONSUMED:"80043490",PP_E_OTT_INVALID_PURPOSE:"80043496",PP_E_PPSA_RPT_NOTOADDRESS:"80048120",PP_E_STRONGPROCESS_BADDEVICENAME:"80049C22",PP_E_INLINELOGIN_INVALID_SMS:"800434E1",PP_E_IN
2024-09-24 19:16:04 UTC	3	IN	Data Raw: 2e 2a 29 Data Ascii: .*)
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 3f 24 2f 5d 2c 44 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 2c 6f 3d 65 2e 6c 65 6e 67 74 68 3b 72 3c 6f 3b 72 2b 2b 29 74 2e 63 61 6c 6c 28 6e 2c 65 5b 72 5d 2c 72 2c 65 29 7d 2c 41 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 65 2c 74 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 4c 62 3a 66 Data Ascii: ?$/],D:function(e,t,n){for(var r=0,o=e.length;r<o;r++)t.call(n,e[r],r,e)},A:"function"==typeof Array.prototype.indexOf?function(e,t){return Array.prototype.indexOf.call(e,t)}:function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},Lb:f
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 71 62 28 74 29 2c 53 2e 61 2e 41 62 28 74 2c 50 29 2c 53 2e 6f 70 74 69 6f 6e 73 2e 64 65 66 65 72 55 70 64 61 74 65 73 26 26 53 2e 54 61 2e 64 65 66 65 72 72 65 64 28 74 2c 21 30 29 2c 74 7d 3b 76 61 72 20 50 3d 7b 65 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 3a 6e 2c 76 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 5b 77 5d 7d 2c 78 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 74 68 69 73 5b 77 5d 2c 22 73 70 65 63 74 61 74 65 22 29 2c 74 68 69 73 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 74 68 69 73 5b 77 5d 29 7d 2c 79 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 74 68 69 73 5b 77 5d 2c Data Ascii: qb(t),S.a.Ab(t,P),S.options.deferUpdates&&S.Ta.deferred(t,!0),t};var P={equalityComparer:n,v:function(){return this[w]},xa:function(){this.notifySubscribers(this[w],"spectate"),this.notifySubscribers(this[w])},ya:function(){this.notifySubscribers(this[w],
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 6f 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 61 2e 47 61 28 53 2e 75 2e 47 28 65 29 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 29 5b 6e 5d 7d 7d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 65 2c 74 2c 72 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 3f 6f 28 65 2e 62 69 6e 64 28 6e 75 6c 6c 2c 74 2c 72 29 29 3a 53 2e 61 2e 47 61 28 65 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6f 28 74 68 69 73 2e 67 65 74 42 69 6e 64 69 6e 67 73 2e 62 69 6e 64 28 74 68 69 73 2c 65 2c 74 29 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 76 61 72 20 6e 3d 53 2e 68 2e 66 69 72 73 74 43 68 69 6c 64 28 74 29 3b 69 Data Ascii: o(e){return S.a.Ga(S.u.G(e),(function(t,n){return function(){return e()[n]}}))}function i(e,t,r){return"function"==typeof e?o(e.bind(null,t,r)):S.a.Ga(e,n)}function c(e,t){return o(this.getBindings.bind(this,e,t))}function d(e,t){var n=S.h.firstChild(t);i
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 28 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 28 30 2c 74 29 2c 53 2e 75 2e 47 28 6e 2e 67 65 74 28 22 6f 70 74 69 6f 6e 73 41 66 74 65 72 52 65 6e 64 65 72 22 29 2c 6e 75 6c 6c 2c 5b 74 5b 30 5d 2c 65 21 3d 3d 44 3f 65 3a 61 5d 29 7d 29 2c 53 2e 61 2e 65 63 28 65 2c 66 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 69 29 7b 72 65 74 75 72 6e 20 69 2e 6c 65 6e 67 74 68 26 26 28 70 3d 21 6c 26 26 69 5b 30 5d 2e 73 65 6c 65 63 74 65 64 3f 5b 53 2e 77 2e 4d 28 69 5b 30 5d 29 5d 3a 5b 5d 2c 68 3d 21 30 29 2c 72 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 2c 74 3d 3d 3d 44 3f 28 53 2e 61 2e 42 62 28 72 2c 6e 2e 67 65 74 28 22 6f 70 74 69 6f 6e 73 43 61 70 74 69 6f 6e 22 29 29 2c Data Ascii: (c=function(e,t){i(0,t),S.u.G(n.get("optionsAfterRender"),null,[t[0],e!==D?e:a])}),S.a.ec(e,f,(function(t,r,i){return i.length&&(p=!l&&i[0].selected?[S.w.M(i[0])]:[],h=!0),r=e.ownerDocument.createElement("option"),t===D?(S.a.Bb(r,n.get("optionsCaption")),
2024-09-24 19:16:04 UTC	16383	IN	Data Raw: 3b 22 7d 2c 6c 2e 74 6d 70 6c 2e 74 61 67 2e 6b 6f 5f 77 69 74 68 3d 7b 6f 70 65 6e 3a 22 77 69 74 68 28 24 31 29 20 7b 22 2c 63 6c 6f 73 65 3a 22 7d 20 22 7d 29 7d 2c 53 2e 24 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6e 65 77 20 53 2e 63 61 2c 53 2e 24 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 53 2e 24 61 3b 76 61 72 20 65 3d 6e 65 77 20 53 2e 24 61 3b 30 3c 65 2e 48 64 26 26 53 2e 67 63 28 65 29 2c 53 2e 62 28 22 6a 71 75 65 72 79 54 6d 70 6c 54 65 6d 70 6c 61 74 65 45 6e 67 69 6e 65 22 2c 53 2e 24 61 29 7d 28 29 7d 29 29 7d 28 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 28 72 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 Data Ascii: ;"},l.tmpl.tag.ko_with={open:"with($1) {",close:"} "})},S.$a.prototype=new S.ca,S.$a.prototype.constructor=S.$a;var e=new S.$a;0<e.Hd&&S.gc(e),S.b("jqueryTmplTemplateEngine",S.$a)}()}))}()},function(e,t,n){function r(e){return(r="function"==typeof Symbol&
2024-09-24 19:16:04 UTC	10799	IN	Data Raw: 67 69 66 79 28 6e 29 7d 72 65 74 75 72 6e 20 74 26 26 28 74 3d 74 2e 72 65 70 6c 61 63 65 28 2f 5c 3f 2f 67 2c 22 5c 5c 75 30 30 33 46 22 29 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 53 28 65 29 7b 65 2e 68 65 61 64 65 72 73 3d 62 28 29 2c 65 2e 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 3d 61 2c 65 2e 62 72 65 61 6b 43 61 63 68 65 3d 73 2c 65 2e 72 65 73 70 6f 6e 73 65 54 79 70 65 3d 68 7d 66 75 6e 63 74 69 6f 6e 20 45 28 65 2c 74 2c 6e 2c 72 2c 6f 2c 69 29 7b 76 61 72 20 61 3d 6e 75 6c 6c 3b 69 66 28 74 29 7b 76 61 72 20 73 3d 74 2e 65 76 65 6e 74 4f 70 74 69 6f 6e 73 7c 7c 7b 7d 3b 69 66 28 73 2e 65 76 65 6e 74 49 64 3d 74 2e 65 76 65 6e 74 49 64 7c 7c 73 2e 65 76 65 6e 74 49 64 2c 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 68 69 64 69 6e 67 Data Ascii: gify(n)}return t&&(t=t.replace(/\?/g,"\\u003F")),t}function S(e){e.headers=b(),e.withCredentials=a,e.breakCache=s,e.responseType=h}function E(e,t,n,r,o,i){var a=null;if(t){var s=t.eventOptions\|\|{};if(s.eventId=t.eventId\|\|s.eventId,s.hasOwnProperty("hiding

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:05 UTC	410	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:05 UTC	750	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4111588 Cache-Control: public, max-age=31536000 Content-MD5: bedopN8eDQBhzbUu8GNGxA== Content-Type: application/x-javascript Date: Tue, 24 Sep 2024 19:16:05 GMT Etag: 0x8DCB563C85A43C4 Last-Modified: Mon, 05 Aug 2024 15:32:14 GMT Server: ECAcc (lhc/78A8) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: fb594470-e01e-0006-2151-e9b2d8000000 x-ms-version: 2009-09-19 Content-Length: 141866 Connection: close
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 22 5d 2c 5b 22 23 32 30 32 30 32 30 22 5d 29 2c 73 3d 65 28 72 2c 5b 22 34 35 2c 35 30 2c 35 34 22 5d 2c 5b 22 23 32 64 33 32 33 36 22 5d 29 2c 75 3d 65 28 72 2c 5b 22 32 35 35 2c 32 35 30 2c 32 33 39 22 5d 2c 5b 22 23 66 66 66 61 65 66 22 5d 29 3b 69 66 28 6f 7c 7c 61 7c 7c 73 29 72 65 74 75 72 6e 22 62 6c 61 63 6b 22 3b 69 66 28 69 7c 7c 75 29 72 65 74 75 72 6e 22 77 68 69 74 65 22 7d 7d 7d 2c 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 26 26 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f Data Ascii: "],["#202020"]),s=e(r,["45,50,54"],["#2d3236"]),u=e(r,["255,250,239"],["#fffaef"]);if(o\|\|a\|\|s)return"black";if(i\|\|u)return"white"}}},getComputedStyle:function(e){return document.defaultView&&document.defaultView.getComputedStyle?document.defaultView.getCo
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 33 35 35 37 22 2c 50 50 5f 45 5f 4f 54 54 5f 44 41 54 41 5f 49 4e 56 41 4c 49 44 3a 22 38 30 30 34 33 34 38 46 22 2c 50 50 5f 45 5f 4f 54 54 5f 41 4c 52 45 41 44 59 5f 43 4f 4e 53 55 4d 45 44 3a 22 38 30 30 34 33 34 39 30 22 2c 50 50 5f 45 5f 4f 54 54 5f 49 4e 56 41 4c 49 44 5f 50 55 52 50 4f 53 45 3a 22 38 30 30 34 33 34 39 36 22 2c 50 50 5f 45 5f 50 50 53 41 5f 52 50 54 5f 4e 4f 54 4f 41 44 44 52 45 53 53 3a 22 38 30 30 34 38 31 32 30 22 2c 50 50 5f 45 5f 53 54 52 4f 4e 47 50 52 4f 43 45 53 53 5f 42 41 44 44 45 56 49 43 45 4e 41 4d 45 3a 22 38 30 30 34 39 43 32 32 22 2c 50 50 5f 45 5f 49 4e 4c 49 4e 45 4c 4f 47 49 4e 5f 49 4e 56 41 4c 49 44 5f 53 4d 53 3a 22 38 30 30 34 33 34 45 31 22 2c 50 50 5f 45 5f 49 4e Data Ascii: _PASSWORD:"80043557",PP_E_OTT_DATA_INVALID:"8004348F",PP_E_OTT_ALREADY_CONSUMED:"80043490",PP_E_OTT_INVALID_PURPOSE:"80043496",PP_E_PPSA_RPT_NOTOADDRESS:"80048120",PP_E_STRONGPROCESS_BADDEVICENAME:"80049C22",PP_E_INLINELOGIN_INVALID_SMS:"800434E1",PP_E_IN
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 2e 2a 29 3f 24 2f 5d 2c 44 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 2c 6f 3d 65 2e 6c 65 6e 67 74 68 3b 72 3c 6f 3b 72 2b 2b 29 74 2e 63 61 6c 6c 28 6e 2c 65 5b 72 5d 2c 72 2c 65 29 7d 2c 41 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 65 2c 74 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 4c Data Ascii: .*)?$/],D:function(e,t,n){for(var r=0,o=e.length;r<o;r++)t.call(n,e[r],r,e)},A:"function"==typeof Array.prototype.indexOf?function(e,t){return Array.prototype.indexOf.call(e,t)}:function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},L
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 66 6e 2e 71 62 28 74 29 2c 53 2e 61 2e 41 62 28 74 2c 50 29 2c 53 2e 6f 70 74 69 6f 6e 73 2e 64 65 66 65 72 55 70 64 61 74 65 73 26 26 53 2e 54 61 2e 64 65 66 65 72 72 65 64 28 74 2c 21 30 29 2c 74 7d 3b 76 61 72 20 50 3d 7b 65 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 3a 6e 2c 76 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 5b 77 5d 7d 2c 78 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 74 68 69 73 5b 77 5d 2c 22 73 70 65 63 74 61 74 65 22 29 2c 74 68 69 73 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 74 68 69 73 5b 77 5d 29 7d 2c 79 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 74 68 69 73 5b Data Ascii: fn.qb(t),S.a.Ab(t,P),S.options.deferUpdates&&S.Ta.deferred(t,!0),t};var P={equalityComparer:n,v:function(){return this[w]},xa:function(){this.notifySubscribers(this[w],"spectate"),this.notifySubscribers(this[w])},ya:function(){this.notifySubscribers(this[
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 61 2e 47 61 28 53 2e 75 2e 47 28 65 29 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 29 5b 6e 5d 7d 7d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 65 2c 74 2c 72 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 3f 6f 28 65 2e 62 69 6e 64 28 6e 75 6c 6c 2c 74 2c 72 29 29 3a 53 2e 61 2e 47 61 28 65 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6f 28 74 68 69 73 2e 67 65 74 42 69 6e 64 69 6e 67 73 2e 62 69 6e 64 28 74 68 69 73 2c 65 2c 74 29 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 76 61 72 20 6e 3d 53 2e 68 2e 66 69 72 73 74 43 68 69 6c 64 28 74 Data Ascii: on o(e){return S.a.Ga(S.u.G(e),(function(t,n){return function(){return e()[n]}}))}function i(e,t,r){return"function"==typeof e?o(e.bind(null,t,r)):S.a.Ga(e,n)}function c(e,t){return o(this.getBindings.bind(this,e,t))}function d(e,t){var n=S.h.firstChild(t
2024-09-24 19:16:05 UTC	16383	IN	Data Raw: 29 26 26 28 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 28 30 2c 74 29 2c 53 2e 75 2e 47 28 6e 2e 67 65 74 28 22 6f 70 74 69 6f 6e 73 41 66 74 65 72 52 65 6e 64 65 72 22 29 2c 6e 75 6c 6c 2c 5b 74 5b 30 5d 2c 65 21 3d 3d 44 3f 65 3a 61 5d 29 7d 29 2c 53 2e 61 2e 65 63 28 65 2c 66 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 69 29 7b 72 65 74 75 72 6e 20 69 2e 6c 65 6e 67 74 68 26 26 28 70 3d 21 6c 26 26 69 5b 30 5d 2e 73 65 6c 65 63 74 65 64 3f 5b 53 2e 77 2e 4d 28 69 5b 30 5d 29 5d 3a 5b 5d 2c 68 3d 21 30 29 2c 72 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 2c 74 3d 3d 3d 44 3f 28 53 2e 61 2e 42 62 28 72 2c 6e 2e 67 65 74 28 22 6f 70 74 69 6f 6e 73 43 61 70 74 69 6f 6e 22 Data Ascii: )&&(c=function(e,t){i(0,t),S.u.G(n.get("optionsAfterRender"),null,[t[0],e!==D?e:a])}),S.a.ec(e,f,(function(t,r,i){return i.length&&(p=!l&&i[0].selected?[S.w.M(i[0])]:[],h=!0),r=e.ownerDocument.createElement("option"),t===D?(S.a.Bb(r,n.get("optionsCaption"
2024-09-24 19:16:06 UTC	16383	IN	Data Raw: 27 27 29 3b 22 7d 2c 6c 2e 74 6d 70 6c 2e 74 61 67 2e 6b 6f 5f 77 69 74 68 3d 7b 6f 70 65 6e 3a 22 77 69 74 68 28 24 31 29 20 7b 22 2c 63 6c 6f 73 65 3a 22 7d 20 22 7d 29 7d 2c 53 2e 24 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6e 65 77 20 53 2e 63 61 2c 53 2e 24 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 53 2e 24 61 3b 76 61 72 20 65 3d 6e 65 77 20 53 2e 24 61 3b 30 3c 65 2e 48 64 26 26 53 2e 67 63 28 65 29 2c 53 2e 62 28 22 6a 71 75 65 72 79 54 6d 70 6c 54 65 6d 70 6c 61 74 65 45 6e 67 69 6e 65 22 2c 53 2e 24 61 29 7d 28 29 7d 29 29 7d 28 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 28 72 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 Data Ascii: '');"},l.tmpl.tag.ko_with={open:"with($1) {",close:"} "})},S.$a.prototype=new S.ca,S.$a.prototype.constructor=S.$a;var e=new S.$a;0<e.Hd&&S.gc(e),S.b("jqueryTmplTemplateEngine",S.$a)}()}))}()},function(e,t,n){function r(e){return(r="function"==typeof Symb
2024-09-24 19:16:06 UTC	10802	IN	Data Raw: 72 69 6e 67 69 66 79 28 6e 29 7d 72 65 74 75 72 6e 20 74 26 26 28 74 3d 74 2e 72 65 70 6c 61 63 65 28 2f 5c 3f 2f 67 2c 22 5c 5c 75 30 30 33 46 22 29 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 53 28 65 29 7b 65 2e 68 65 61 64 65 72 73 3d 62 28 29 2c 65 2e 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 3d 61 2c 65 2e 62 72 65 61 6b 43 61 63 68 65 3d 73 2c 65 2e 72 65 73 70 6f 6e 73 65 54 79 70 65 3d 68 7d 66 75 6e 63 74 69 6f 6e 20 45 28 65 2c 74 2c 6e 2c 72 2c 6f 2c 69 29 7b 76 61 72 20 61 3d 6e 75 6c 6c 3b 69 66 28 74 29 7b 76 61 72 20 73 3d 74 2e 65 76 65 6e 74 4f 70 74 69 6f 6e 73 7c 7c 7b 7d 3b 69 66 28 73 2e 65 76 65 6e 74 49 64 3d 74 2e 65 76 65 6e 74 49 64 7c 7c 73 2e 65 76 65 6e 74 49 64 2c 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 68 69 64 Data Ascii: ringify(n)}return t&&(t=t.replace(/\?/g,"\\u003F")),t}function S(e){e.headers=b(),e.withCredentials=a,e.breakCache=s,e.responseType=h}function E(e,t,n,r,o,i){var a=null;if(t){var s=t.eventOptions\|\|{};if(s.eventId=t.eventId\|\|s.eventId,s.hasOwnProperty("hid

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:05 UTC	658	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:05 UTC	781	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:05 GMT Content-Type: text/css Content-Length: 20414 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 03 Jul 2024 21:48:08 GMT ETag: 0x8DC9BA9D4131BFD x-ms-request-id: 4811dcaa-f01e-0021-2a5b-0ed880000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191605Z-185ffdfffcf4vgx7mk9kg8y7cg00000001vg0000000055yg x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:05 UTC	15603	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-09-24 19:16:06 UTC	4811	IN	Data Raw: e7 bc b1 e2 92 61 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 Data Ascii: a}h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:05 UTC	635	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:05 UTC	798	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:05 GMT Content-Type: application/x-javascript Content-Length: 122194 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 28 Aug 2024 14:52:34 GMT ETag: 0x8DCC7710D0FB909 x-ms-request-id: a4575eed-701e-0013-55ff-0de75a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191605Z-185ffdfffcf7vprwfdk4ugq18800000001m000000000hsdb x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:05 UTC	15586	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd 7b 77 e3 38 8e 38 fa ff fd 14 8e 66 6e da ee 28 2e cb 6f 2b ad ce 3a 4e 52 95 e9 24 ce c4 a9 ea 9e 4d 65 72 64 89 76 d4 91 25 af 24 e7 31 8e f7 b3 ff 00 90 94 28 5b 4e 55 cd ee b9 f7 dc 73 e7 51 b1 48 f0 05 82 20 00 82 e0 87 9f 77 fe af d2 cf a5 fd ef ff 4f 69 74 d3 bf be 29 0d 4f 4b 37 9f ce ae 8f 4b 57 f0 f5 8f d2 e5 f0 e6 6c 70 f2 fd f5 60 a3 f8 ff 9b 07 2f 2e 4d 3c 9f 95 e0 ef d8 8e 99 5b 0a 83 52 18 95 bc c0 09 a3 79 18 d9 09 8b 4b 33 f8 37 f2 6c bf 34 89 c2 59 29 79 60 a5 79 14 fe c9 9c 24 2e f9 5e 9c 40 a1 31 f3 c3 e7 52 19 aa 8b dc d2 95 1d 25 af a5 b3 ab 4a 15 ea 67 50 9b 37 f5 02 28 ed 84 f3 57 f8 fd 90 94 82 30 f1 1c 56 b2 03 97 6a f3 e1 23 88 59 69 11 b8 2c 2a 3d 3f 78 ce 43 e9 c2 73 a2 30 0e 27 49 29 62 0e Data Ascii: {w88fn(.o+:NR$Merdv%$1([NUsQH wOit)OK7KWlp`/.M<[RyK37l4Y)y`y$.^@1R%JgP7(W0Vj#Yi,*=?xCs0'I)b
2024-09-24 19:16:06 UTC	16384	IN	Data Raw: 40 01 48 3f 65 7e fe 9d 70 17 86 b2 5a 68 ce d8 63 99 2b af 38 61 68 21 9b cd f1 76 06 77 2f b1 8a f6 1c e0 29 00 38 cc 06 c3 b2 0a 2b df 30 39 1d 64 f6 0d 4f 7a e2 be 37 6d 3a 9a 00 0c 34 01 08 95 1f a4 6f 71 e1 37 9b b1 78 ad 1c ea ef e8 81 02 0a d3 b1 1d 3d 66 57 f3 d1 f7 33 e7 1d 77 84 3e 5b e4 6f 88 37 0e d6 73 7f 47 df 2d 25 77 a3 3e cb 46 b1 09 fd 59 e9 9a c6 25 5e 69 86 3d a4 ea 02 54 96 92 e8 0a dd c2 1a 8f b6 b8 e8 31 2b aa 16 b9 42 96 2b ef f5 5b f8 9d e1 36 fa de 00 84 23 1a 82 ad d0 a8 e4 55 1d 39 d3 31 2c 3a 0c 18 07 db b4 66 53 10 09 0c e7 b8 ef e1 00 b8 8f 67 e8 6b fa f2 c9 63 cf 68 1b f4 cd 25 5f 49 5f d2 84 a2 d5 ed 6d f2 4c d4 f3 44 d8 0b 44 4c 5c 78 f3 82 ab 26 01 e4 a3 c7 f5 2a bb 60 81 8c 06 67 3a 21 1f 45 b4 1c 02 ad c9 fa cc a4 dc Data Ascii: @H?e~pZhc+8ah!vw/)8+09dOz7m:4oq7x=fW3w>[o7sG-%w>FY%^i=T1+B+[6#U91,:fSgkch%_I_mLDDL\x&*`g:!E
2024-09-24 19:16:06 UTC	16384	IN	Data Raw: 5d c0 aa e1 e4 44 83 38 41 6b f0 2e e4 ca f0 e6 f7 c4 c6 49 8c 98 e6 37 22 ad 08 64 de 27 ef 03 e7 49 c4 fe 07 ae 9c e9 f4 ab f7 e1 78 f7 e0 f0 0d 99 43 71 3f 57 67 58 01 2a ea b1 cc 4b 55 f7 e6 54 95 27 36 d1 62 a4 9f 02 25 58 b4 46 49 0f d3 e9 99 98 1b 05 75 0f 71 37 65 02 de c0 60 2c 26 23 a6 3e 11 99 70 42 0e e3 5e 84 44 c0 2d a1 34 da c2 8f 90 ce 90 e7 8d ba d9 47 84 a5 74 e6 82 37 58 0c 9b 81 df 07 d8 4b f9 ca 06 d7 90 5a 77 65 83 3b 73 1a 57 69 c2 47 49 67 2d db 3d af 58 04 ad 30 a1 60 6a 51 e6 55 3d 4b 27 7a 31 0e b8 a1 cf 69 5e c5 e2 a2 95 2a 50 13 19 3b 6f cc ea 6a 9b 87 db c6 30 77 d1 7b 38 d3 00 22 0f b2 0f ac 7f 4e 8d 94 57 72 de 50 76 b4 72 35 d5 a8 ad 3b 71 17 ea da d8 01 4c 9f e9 1c 6d 77 99 ae 5c a8 de 37 db a9 bf bf b5 97 13 39 64 a5 db Data Ascii: ]D8Ak.I7"d'IxCq?WgXKUT'6b%XFIuq7e`,&#>pB^D-4Gt7XKZwe;sWiGIg-=X0`jQU=K'z1i^P;oj0w{8"NWrPvr5;qLmw\79d
2024-09-24 19:16:06 UTC	16384	IN	Data Raw: 4c 42 3d 45 0d 98 b3 bc 3f ba 46 ee 78 92 bc 09 c7 c3 47 91 7b 4a 77 f7 2c 0c 48 89 2c cf 87 51 59 16 ed c9 8c 37 28 36 61 5b e3 44 fa 5e 46 3f 4b 8a 46 fe c1 7e c2 cd 84 47 e0 eb 38 ce b5 86 e2 6f b0 cd 33 b4 ad 10 5f 27 05 38 f4 7b 32 c6 50 53 f1 5d 5c d6 9d a3 21 b8 a9 3b 6e 5b c9 e4 ae 1b 8d 75 71 2f 8c cd 47 5c 9f 42 ca a2 67 ff 34 48 84 d4 0a 69 ea f7 e8 5a 02 9e 88 1a 6c 39 ed c0 cb 9f a4 79 3c 78 fc 7c 13 25 6c 06 98 9d e6 e9 08 ca a4 9d d0 8f 31 a2 4d d7 ae 51 6a c0 d8 23 ae 50 26 99 b9 64 74 06 d8 7a 8d 0a 57 93 3c e0 55 74 93 7e 94 55 7e 6c b0 44 02 95 db 10 a5 0a 7b e8 f8 3c 6b 00 11 da 20 e1 55 e3 47 f4 1b f4 a3 0b 78 42 2f 9c e0 53 9b 37 e2 ac 81 12 5c e5 f3 1f 11 2f b6 15 a7 56 c3 61 23 1d c0 f4 50 be 2a cc c9 3d 52 fc 79 df 25 7b d0 f7 c2 Data Ascii: LB=E?FxG{Jw,H,QY7(6a[D^F?KF~G8o3_'8{2PS]\!;n[uq/G\Bg4HiZl9y<x\|%l1MQj#P&dtzW<Ut~U~lD{<k UGxB/S7\/Va#P*=Ry%{
2024-09-24 19:16:06 UTC	16384	IN	Data Raw: c9 01 c9 4f 59 48 56 58 39 0c 4c 0f 13 2c 26 ab 06 78 03 3f 2d f5 d6 8a ac 0b cb 37 8b 5a 9b a4 80 fc 4c 9f 67 a3 22 ce 6f 38 df 06 8f 42 ff 99 f6 43 83 5f 3c 32 21 d1 01 5f d1 07 c9 70 a5 39 7d 04 8d 1a ff 9c 5f 47 4e 4d 1a 4a 24 84 9e c6 d8 d6 0c 4b b3 1d 95 55 57 30 42 d6 5f 3a 1d 59 82 34 07 d2 38 75 36 35 7b 5e 51 7d b5 f0 0c 94 a0 79 a0 84 bf 95 db 10 88 82 9c 86 0e 3e f3 76 7b 97 34 ee 3f 89 a2 68 04 fc 0e d8 e5 20 11 33 70 73 e6 9d 34 30 0e cd 43 98 49 e0 08 6d 96 42 4a ac 30 83 0c c5 1e c2 61 54 a2 0c b3 9a 4e 71 93 11 cb 89 aa 4b 98 8c 29 a2 4d 3c 7d be 2f 65 56 33 79 b4 c1 79 5c 84 48 28 b8 b3 00 74 1b 68 ab c0 ac 53 8f 78 6d 21 df 63 e8 fa e5 d0 41 fa 0d 46 3c ae 3e d2 ed 15 20 61 b2 a0 a2 69 47 9c 6c da 26 a4 9d a7 a2 20 0c d1 61 43 8d e2 dc Data Ascii: OYHVX9L,&x?-7ZLg"o8BC_<2!_p9}_GNMJ$KUW0B_:Y48u65{^Q}y>v{4?h 3ps40CImBJ0aTNqK)M<}/eV3yy\H(thSxm!cAF<> aiGl& aC
2024-09-24 19:16:06 UTC	16384	IN	Data Raw: 8c 5a fe ef dc 59 ca a2 c0 f5 b3 38 f2 62 69 4b 91 24 2c ca 65 26 58 14 e7 30 b1 78 7e 37 cb 79 b5 9b 9a 83 a6 0c 48 07 1b 1d f8 06 4e 95 c0 8e 96 8c 27 02 6f 20 60 31 93 fb 41 73 2f 05 96 09 90 66 ee f1 40 26 98 43 c7 c9 6d 99 05 ae c8 63 2f 0f bd fd e0 5e cd f1 53 3f 91 ae ef 24 dc 65 2c 96 9e e3 4b db e6 49 16 38 81 88 6d cc eb 7e c8 c9 4f 9d 04 ec 26 f0 7d 91 27 51 1c 04 09 26 2c 4b a2 30 49 92 3c e0 e0 12 7b e9 a6 96 50 a9 0d 12 ca 1d 57 80 62 73 2f b1 fd c4 0d 3c 0c 27 48 44 1e d8 2c bb 9b f7 69 ad b3 34 76 38 8b 5c 1e b8 ea 5f df 63 1c 44 95 c4 b9 6f 03 29 1c f7 6e 0e bb d5 6e 42 c3 23 b2 08 5c 3b cf c0 55 a5 1d da e0 14 32 f6 02 11 32 9b 09 9f c7 fb 21 de 30 4d 78 28 6c 70 51 5b c8 24 03 47 05 1b ca c1 da b1 78 a1 1f 89 60 3f dd 44 06 f7 dc 40 44 Data Ascii: ZY8biK$,e&X0x~7yHN'o `1As/f@&Cmc/^S?$e,KI8m~O&}'Q&,K0I<{PWbs/<'HD,i4v8\_cDo)nnB#\;U22!0Mx(lpQ[$Gx`?D@D
2024-09-24 19:16:06 UTC	16384	IN	Data Raw: 89 e7 3f 3d 79 d0 47 6c f5 ec cd 5f 76 6e 07 59 c3 e8 ee e7 8d 34 57 e9 43 90 9d 79 aa 5f 6e f4 1c 4c c9 ef cd f4 56 7d ab 5e fb c3 a6 fe ea 84 95 3f 30 da 8c 5e ae ab 31 7f bb 70 7c a2 f0 a6 75 2b e7 67 e5 c2 f0 cc 35 23 7f fd f3 97 e3 71 f8 7c 5e 95 2f d3 97 a1 ed e5 6f 97 84 b6 c9 36 fe f6 13 54 a7 33 d3 aa 7d a1 5e 19 be fc bc 7f af 8a 4a 83 fb bc d9 67 6f 7b 36 eb 97 7f 6f 26 68 59 70 b3 4a f2 0d e3 6f b4 3a ad 24 59 db 25 bf 94 f9 9d 22 bf 9a 7a f3 69 43 e4 a4 fa db fc 71 29 e4 f3 02 93 5e 6f 2e ed 64 80 34 cd fd 46 ca cf 3f 29 a0 40 c8 43 ba 45 ec cb d2 7f fe a9 66 e6 c9 2a 17 5e be be 03 cd ef 4c 47 77 c2 df 5f 5f a3 d6 3e 6d a2 c5 5f 15 ad b4 cc 50 0a f5 17 86 4c 77 52 a6 67 15 cb 65 7a 17 9d ba ae 7a 77 d5 7a 57 d5 f5 6e ca 5d 51 bd 64 97 24 e7 Data Ascii: ?=yGl_vnY4WCy_nLV}^?0^1p\|u+g5#q\|^/o6T3}^Jgo{6o&hYpJo:$Y%"ziCq)^o.d4F?)@CEf*^LGw__>m_PLwRgezzwzWn]Qd$
2024-09-24 19:16:06 UTC	8304	IN	Data Raw: 89 ba 96 5a 24 3d 84 82 2f 63 16 62 1d 54 2a 78 9e d0 c7 74 aa e8 b2 12 5e 68 21 3e c6 55 7b 0b 6a 0e de c6 a4 08 cf 5f 3a 24 87 d3 21 12 df 42 8b c9 6c 67 87 4a 5f cf 43 3f ce 4d e9 5a 42 72 c0 01 3d 41 61 27 b9 d1 52 c2 40 80 0b 07 53 c2 90 54 9a c7 9f fd 18 66 2f ae 5d 7c e2 8b 27 71 7c b1 20 f8 64 c1 9f 3c 77 3c e2 c2 78 f0 d9 35 7f 76 c2 51 98 61 aa 06 ea 4d 8f 0e 87 22 f9 d3 04 fe 4d 34 78 f0 06 08 81 24 07 69 1a 7b 21 d2 3e 80 04 16 81 01 fc 35 35 73 05 d8 60 f8 86 47 42 e2 d1 b2 28 d9 5e e0 1b e0 a0 8a 77 8c 2a ae 38 10 f0 30 99 21 19 9e 1f b2 19 9d 44 8b 9b 93 08 cb bf 01 6d 04 06 e3 2a 0b 23 f4 4e 22 81 5c 48 cf 8f 1e 31 b8 22 56 7d 20 e2 94 82 c7 c0 d5 3e 4a ad 9c 04 01 1e 49 72 c2 79 49 9c 24 42 9f 00 ed 92 ae fc bb c8 b9 ce 2e 45 66 f1 67 da Data Ascii: Z$=/cbTxt^h!>U{j_:$!BlgJ_C?MZBr=Aa'R@STf/]\|'q\| d<w<x5vQaM"M4x$i{!>55s`GB(^w80!Dm*#N"\H1"V} >JIryI$B.Efg

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:05 UTC	654	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:05 UTC	791	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:05 GMT Content-Type: application/x-javascript Content-Length: 16326 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Aug 2024 20:17:04 GMT ETag: 0x8DCC6D537C7BF24 x-ms-request-id: 5d620f6a-001e-003e-4ef2-0d2396000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191605Z-185ffdfffcfz5grlzzbq70z81000000001yg00000000h1bv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:05 UTC	15593	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d 4d 73 23 c7 92 d8 dd bf 02 0f cf f1 86 5c f5 40 f8 e0 27 46 d0 18 04 c0 19 ec 90 00 04 80 43 29 24 19 d1 04 8a 60 bf 01 ba b1 dd 8d e1 f0 51 e3 78 37 1f f6 e0 ab 7d f3 c1 27 1f 7d f1 dd 3f 65 23 d6 bf c3 f9 51 55 5d d5 dd 00 c8 91 56 6f d7 0a c5 10 dd f5 95 95 95 95 95 99 95 99 fd 87 db b5 3f 8d bd c0 df 13 fb 8f ea 77 21 d8 f3 f7 1f bd db 3d ef 47 ff e7 fd 50 c4 eb d0 2f e0 ef 92 f8 b4 0a c2 38 7a f5 d1 0d 0b 71 03 5f 35 1e e5 bb fa e3 67 c7 9b d5 7d 67 11 b8 33 31 ab ff a1 f2 f9 95 6c 2a b0 e9 d4 5d 2c f6 62 d5 83 13 3b c9 ef 60 1f 1e b8 59 e3 0f e5 a4 e0 33 0e e3 35 1e 75 47 41 69 d9 10 4e 50 9a 36 3c f8 77 d5 28 16 9d 60 af bc ff 79 ef c7 64 1a 4e e0 78 00 fc 5e 75 9f a0 f4 1b de 5e 05 fa 87 3f 87 fb 4e 08 7f 8e f6 Data Ascii: }Ms#\@'FC)$`Qx7}'}?e#QU]Vo?w!=GP/8zq_5g}g31l*],b;`Y35uGAiNP6<w(`ydNx^u^?N
2024-09-24 19:16:05 UTC	733	IN	Data Raw: c0 f5 c3 79 67 55 de 72 6e 30 47 45 07 e2 e0 a1 a2 03 90 e8 a9 c6 72 0b fd 96 e1 b7 f4 fb 30 27 7d 00 6e 0b 06 59 a2 2f a7 1c 41 90 d7 5b 39 85 15 c9 af 0c df e0 d5 1a c3 7b 00 1d 0f 96 cc 31 14 f8 fd 00 92 38 f0 07 26 68 1f 8a 8f 02 83 09 f8 cc cc 8d 10 e1 e4 34 aa 0f 19 70 c2 8e cc 1c 39 82 4b ab 1f 9a f8 7d 5e 19 dd 82 51 6d 02 c8 68 0d cb 82 19 3d e0 68 3d 30 aa b2 07 f1 03 a3 85 32 be c1 a2 68 3c 24 e9 d6 00 eb 78 77 f8 c7 f3 e6 f9 e9 f9 49 d1 16 aa f8 dc e2 69 8e a0 fd 42 2a 87 f5 62 64 3c c1 2e c0 ac c9 aa 68 99 3c f0 39 1d 83 58 1d 4b 3a 00 96 ae dc 70 b4 e4 a7 ce 65 58 05 b4 fb 8e bc bf 10 3f 36 46 40 70 c5 0c 77 b9 d3 3a eb 0f b1 16 fb 6f 13 4b 51 87 90 96 0d 41 58 63 98 25 73 3f 2c 27 3c fd b0 42 76 1c 0c 01 29 d3 64 e9 c3 21 1c b1 69 b0 ed 3a Data Ascii: ygUrn0GEr0'}nY/A[9{18&h4p9K}^Qmh=h=02h<$xwIiB*bd<.h<9XK:peX?6F@pw:oKQAXc%s?,'<Bv)d!i:

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:07 UTC	649	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:07 UTC	738	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:07 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: 59c65698-801e-0059-4f88-0b7b78000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191607Z-185ffdfffcf9tjr4mpaa7d936g00000001x000000000rtf8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:07 UTC	15646	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-09-24 19:16:07 UTC	1528	IN	Data Raw: 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:07 UTC	618	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:07 UTC	792	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:07 GMT Content-Type: application/x-javascript Content-Length: 116365 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Aug 2024 17:52:54 GMT ETag: 0x8DCBD5317046A2F x-ms-request-id: eb2a5ad8-801e-0038-3ee3-0d6796000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191607Z-185ffdfffcfvr4sskpe0rr80ew00000001z000000000esuq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:07 UTC	15592	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 5b db 48 b6 28 fc 7d ff 0a 5b bb c7 2d b5 0b 63 19 30 44 46 78 48 42 7a 98 49 02 07 c8 f4 f4 10 4f 1e 61 97 b1 12 23 79 74 e1 d2 d8 fb b7 bf 6b ad aa 92 4a b2 0c 26 dd fb 9c 0f ef f4 d3 c1 ba 94 ea 5e eb 7e d9 fc a9 fe 5f b5 9f 6a 1b eb ff 57 3b bf 38 3c bb a8 9d bc ab 5d fc e5 f8 ec 6d ed 14 ee 7e ad 7d 3c b9 38 7e 73 b4 7e 3d d8 28 fe bb 98 f8 71 6d ec 4f 79 0d 7e af bc 98 8f 6a 61 50 0b a3 9a 1f 0c c3 68 16 46 5e c2 e3 da 0d fc 8d 7c 6f 5a 1b 47 e1 4d 2d 99 f0 da 2c 0a bf f2 61 12 d7 a6 7e 9c c0 47 57 7c 1a de d5 4c a8 2e 1a d5 4e bd 28 79 a8 1d 9f 5a 2d a8 9f 43 6d fe b5 1f c0 d7 c3 70 f6 00 d7 93 a4 16 84 89 3f e4 35 2f 18 51 6d 53 b8 09 62 5e 4b 83 11 8f 6a 77 13 7f 38 a9 7d f0 87 51 18 87 e3 a4 16 f1 21 f7 6f Data Ascii: k[H(}[-c0DFxHBzIOa#ytkJ&^~_jW;8<]m~}<8~s~=(qmOy~jaPhF^\|oZGM-,a~GW\|L.N(yZ-Cmp?5/QmSb^Kjw8}Q!o
2024-09-24 19:16:07 UTC	16384	IN	Data Raw: 49 83 69 74 84 3e 47 59 80 42 9b b2 59 ca d8 88 5e 36 a7 24 f7 af 17 38 0d 53 1c 3e 97 dc 17 24 8a 0d 4a a7 01 95 4d e2 5c ba e4 61 91 1d cc fc 76 23 bb 17 d9 47 55 e3 fb 1d 24 72 d5 75 be 53 62 b7 c3 d2 4d f8 e3 e1 9f 08 fe 94 d8 cb 4c b2 60 93 73 a2 08 7c dd c2 cc 73 9f 8e 83 c4 ee be 3e 32 f9 4f b1 b5 a0 9d 4a e3 1e bb 1b c2 d1 c8 77 a3 9e bf 9f 52 28 74 4a 36 90 30 df 82 5a d0 d6 7a 03 ab 1b c3 71 f0 37 c6 a2 a7 e2 09 4c c4 d8 f5 2d 06 8f 9b b6 66 12 5d 1b ff 14 d3 96 df 40 63 44 2c e6 6f b8 f8 2d c3 e6 72 5b e7 a8 e9 1d a4 c2 f9 71 c3 23 61 49 cf 47 27 27 7f 63 23 57 e2 4e 51 f5 3a 81 a7 93 7d af 37 d1 7a d7 44 92 9b fa 37 81 4e 4d 11 fd 88 ec b6 68 ac 96 e7 17 55 b3 97 4f d5 55 ce e4 46 ae d0 47 c2 99 47 5b 6a a1 db c9 ce 2d d0 71 08 5a 64 11 58 a4 Data Ascii: Iit>GYBY^6$8S>$JM\av#GU$ruSbML`s\|s>2OJwR(tJ60Zzq7L-f]@cD,o-r[q#aIG''c#WNQ:}7zD7NMhUOUFGG[j-qZdX
2024-09-24 19:16:07 UTC	16384	IN	Data Raw: 69 33 da 9c 35 38 fc d6 d6 60 90 eb 41 a0 12 7b 42 d2 a3 7c 11 42 9b 34 a2 89 fa ac 50 54 6d 90 84 ac 5a 8e c0 f6 f8 15 ad ba d6 15 90 17 54 c3 6f b0 8f f9 f7 1b 9e 4f e9 71 33 74 f5 c0 fd e6 30 a7 21 7d a1 5d 47 f8 42 c3 4d be f3 4f 41 ba 44 02 66 76 07 a0 26 a7 28 74 99 e0 3b c9 b0 c7 62 54 65 49 f7 30 01 73 38 73 93 6f be 83 38 82 66 ee ce ce 1e 6e 0d f8 b1 f5 0c 45 5a dc 2d bb 1e b9 c6 a8 1c a5 3d e7 d3 a7 01 cc 63 fd e7 fc 53 3e 06 6a 35 fc f4 09 4b f4 c5 6e dd 03 86 b1 25 2e c8 49 20 ba c1 d7 11 55 f4 05 62 8b c7 b5 5e f7 e2 9e ef 6c 35 b7 f6 9a 6d 87 5d 61 90 56 d2 75 a6 25 9c a5 be 73 39 49 2f c2 89 c3 06 e9 f4 2e 8b 2f c7 85 ef 7c bc 0d 9f ad 6c b6 da db eb 9b ad cd ed 95 17 51 82 39 5e a0 b7 cf f0 f1 eb 15 f7 97 49 1a 67 29 5a 32 4a cf 61 c8 54 Data Ascii: i358`A{B\|B4PTmZToOq3t0!}]GBMOADfv&(t;bTeI0s8so8fnEZ-=cS>j5Kn%.I Ub^l5m]aVu%s9I/./\|lQ9^Ig)Z2JaT
2024-09-24 19:16:07 UTC	16384	IN	Data Raw: c2 e6 08 96 6a d0 1c 75 d2 c3 bc a3 a2 68 ef 40 82 32 1c 1c 7b 39 fa ab 83 34 35 ee 0e dd d2 bd c6 a3 e3 da f3 7c fa 79 15 5c ca 3e 2f 40 6c be 3a bc e8 78 20 98 f4 2e e0 1d e4 fd 56 63 77 ca ae d9 1d 3a bf 64 68 0d bf 86 7f 8c a4 17 fe f8 eb 7d 5b d4 06 df ab e2 2b 59 bc 90 fa 71 8c 6d 52 7e a4 58 f9 fa 23 e9 ab 86 4c d4 b9 ba f0 c4 a4 6a a5 37 fb c1 26 5b c5 f2 30 9b 42 1c ab 21 ec 3a 8a cc 58 07 52 57 12 27 53 82 ac c7 c9 ad f0 1a cb f1 c6 54 45 5c 89 e4 5c bd 7e 67 7a 48 3c 46 dc 1b 4a 50 ba e3 2e 79 86 a5 3e ca 8a 99 87 ca 6b 17 98 cf 6e 0f 3e 00 68 d3 f7 f1 5f 4f 3b 19 98 1a 87 7b c1 08 f8 63 17 4f 7f ce 0c e0 45 fb 8b 27 9e ee 44 80 27 ce ab 3e 29 12 46 c4 b8 b4 78 ad c9 f6 06 5c b6 37 22 bf 58 45 07 fb 68 b5 36 b5 cb 52 b6 2d b7 eb c7 d3 70 f8 10 Data Ascii: juh@2{945\|y\>/@l:x .Vcw:dh}[+YqmR~X#Lj7&[0B!:XRW'STE\\~gzH<FJP.y>kn>h_O;{cOE'D'>)Fx\7"XEh6R-p
2024-09-24 19:16:07 UTC	16384	IN	Data Raw: b8 ea f0 0c 5e b3 3c ed 39 82 c4 c7 f0 e9 f8 a9 11 fd ee 03 1a 02 ec ec bc 1e bd 0c cf 82 8f 18 b1 2f f9 88 f8 f5 23 27 ed f9 c8 49 92 e1 1d 56 8c 6e 6f f1 cf 94 ff 2c 77 76 ec 2f 77 7a 98 3c 16 d9 f0 ed 93 db db 13 5b d5 13 9e a8 98 80 40 5f 4f 91 e3 3d 11 94 39 fa 19 ba 7f ca ac ef 0d d6 09 1c 92 46 38 e2 5f c7 49 80 9e 8b 38 eb 6c 85 09 b4 62 9d 5b 1d 47 92 f1 80 12 5a 18 ff 2c 54 bd 88 98 d9 ee e6 6f 4b a0 df 82 eb 90 1a 8e 00 5a 51 5c b0 c2 e5 84 de 2e 50 30 f1 df 6e 0c 8b a6 ae c5 6b 1f 27 c6 89 07 4e c3 78 68 cd f9 b4 db 43 45 68 31 f4 4e bb b0 17 d0 fc 82 4d ac e3 d0 7d d5 09 af 3d bd d4 fe 19 1c c3 e9 22 e3 50 a5 b2 47 17 b0 3f bc 0a d5 2e 75 7a b8 4f b2 1e 67 34 d9 4e 63 97 9f 7b d6 02 d4 b7 02 3a c1 61 cd 3d bd 16 ca 31 da 5e 8c 95 df 45 cb 01 Data Ascii: ^<9/#'IVno,wv/wz<[@_O=9F8_I8lb[GZ,ToKZQ\.P0nk'NxhCEh1NM}="PG?.uzOg4Nc{:a=1^E
2024-09-24 19:16:07 UTC	16384	IN	Data Raw: 93 bc 81 d3 83 bc d1 d3 83 6f 9c 02 6a e3 fb cf 03 ef f3 c6 93 51 af 57 f8 d0 5e 5b 41 b8 f6 c6 e1 d5 bf ff 20 b0 d5 6f 1c 43 7a 51 d7 1b c8 5f b4 24 71 d3 9b 0f a9 c9 b3 dd 0b f2 21 90 e4 43 24 09 25 4b 50 0d cf 8c 6f 62 e5 88 72 b3 63 51 46 52 e9 a5 cc 3b 9c 98 a6 0a 38 4d 85 3e df 95 f8 88 93 19 59 81 f6 42 13 0b 3c a8 2b 2c 2d 59 af b6 22 6e 07 b3 d5 11 28 e7 e0 30 d6 1d 1f c9 39 a8 6e 32 07 6f ac 59 1e 59 61 06 62 7c 2e 46 48 49 7c f6 91 70 d4 91 9b 81 f1 18 46 32 48 1c 20 d2 22 15 56 dd 08 24 98 bd d5 e8 1b 4f 8d 4c 62 15 e0 46 85 7d 25 72 e1 38 5e 7e 87 07 db e6 9f 6c e6 7d 32 ab ec c2 0d 57 35 d2 59 01 79 ee 6f 72 13 0d 85 da 8b c2 83 6c d0 0b 34 66 a5 dd 0c f0 9d ab f8 24 00 73 8c 07 b4 02 92 4b d5 b1 75 17 96 0e b3 72 50 0e 90 16 c6 12 14 96 41 Data Ascii: ojQW^[A oCzQ_$q!C$%KPobrcQFR;8M>YB<+,-Y"n(09n2oYYab\|.FHI\|pF2H "V$OLbF}%r8^~l}2W5Yyorl4f$sKurPA
2024-09-24 19:16:07 UTC	16384	IN	Data Raw: 36 60 5b ac 09 30 f3 65 fb ce f6 e7 38 a2 0d 16 84 de c9 87 1f 4f 4a f8 36 33 60 db bc f3 8d 03 e9 66 d1 90 42 cf a6 8c fd 73 20 33 13 e0 aa f5 a5 40 6e 98 1e 23 65 91 c8 1f 22 65 95 88 25 a6 ed 09 b2 32 48 8d e5 00 61 76 8c 6d 19 c2 5e e8 e8 5e 3a 68 05 64 8e e3 55 ad b0 7d a3 83 90 da 2a 86 89 ff 9d c7 b5 4c 3e b3 9f 90 23 3f b5 f8 ac 9f a3 69 ac a8 c9 d7 f0 d0 a1 31 ea b0 ea 38 1e fd 81 54 43 6a 1c c9 64 bf 17 8b 88 be 28 f5 24 4f 23 ba 05 68 c1 47 42 db e7 a1 13 f6 2b fb 9b 6e 7b fe 7a ee ac 7b ca 26 59 1f ca 92 10 03 1c 99 6d 00 76 75 8c 2b c5 8d 05 8e f2 dd 2e 95 2d ec ca 58 d9 6b fb 4e 66 a6 cd 1d 6c b8 21 f1 95 ff f2 7e 8c bb ce 0d 00 36 ef 3f bd f7 5f 1e 44 1d cd 79 b1 33 af ad 20 dc 62 0c f8 da ff d2 10 b6 5d 8b f8 dd ff 09 a0 f2 fc 73 ab 3f de Data Ascii: 6`[0e8OJ63`fBs 3@n#e"e%2Havm^^:hdU}*L>#?i18TCjd($O#hGB+n{z{&Ymvu+.-XkNfl!~6?_Dy3 b]s?
2024-09-24 19:16:07 UTC	2469	IN	Data Raw: 15 78 3c 32 d3 c9 17 b6 63 68 f2 5e 3e ca 38 c7 fa da b4 a6 b7 c9 4e e7 6b eb eb 52 5a e4 a3 63 e0 52 22 d0 e9 eb e5 b4 39 64 8c cb 89 81 6f d5 ca 69 80 28 8f c7 e5 c4 31 24 e6 e5 c4 29 24 a6 e5 c4 89 0f 04 77 29 6d e6 03 81 5d 4a 1b f9 40 80 97 d2 6e 7c 20 c6 4b 69 97 3e 50 1b a5 b4 73 1f 48 9c 52 da 85 0f a4 51 29 ed cc b7 9e 94 d3 ae d0 e1 5d 29 ed da b7 be 2d a7 1d c9 68 79 e3 e3 b4 66 7d f1 b5 ed ac f7 28 1c df ed 02 dd 2b ec 9b 9f eb f4 dd eb 7d 2b 33 dc 1d af db 7d ff f8 89 03 39 df f8 eb ad c1 71 0a 93 ff b5 bd 0e 9f d7 dd 17 14 4f 10 e3 02 ae 47 0f d8 5e 7f 74 4f dd e7 ee a1 fb d6 fd d5 7d e5 be 73 0f 7e 87 46 f4 ed c2 7d 89 4a 7c 59 a6 83 dc bb ef fd 83 56 74 1e 03 cf f7 82 63 43 7f e7 bf 94 24 d3 33 bf ed be 46 3e eb 7b 14 3a 2b 1d a6 4f fa be Data Ascii: x<2ch^>8NkRZcR"9doi(1$)$w)m]J@n\| Ki>PsHRQ)])-hyf}(+}+3}9qOG^tO}s~F}J\|YVtcC$3F>{:+O

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (61934), with no line terminators
Category:	downloaded
Size (bytes):	406953
Entropy (8bit):	5.47296429321884
Encrypted:	false
SSDEEP:	6144:Gtv45ROwlj95E2lp4+oCq4OwvNrKZMnHI+Y7O:GaAMn+q
MD5:	7101A8AAF9A5254C220E4EDA49A59F8D
SHA1:	99E73B4FD2273187C07B868A9A1059A23135B8C2
SHA-256:	CD91E5CB1719CB3E852E88D0724AC37A1AFBD0BB987A0B097E668C81A4F0DFB8
SHA-512:	5E7D832BBD343A4E32B9378F0E9F21B31ADF0648642C83545A4CE5F150CC5DB88809922ED3541EBFB1AC8021AD0ED67B6BBEC6456C6677193B396BAFC2C4BEC6
Malicious:	false
Reputation:	low
URL:	https://myapplications.microsoft.com/bundle/fluent.da77279e.js
Preview:	"use strict";(self.webpackChunkapps=self.webpackChunkapps\|\|[]).push([[778],{95562:function(e,t,n){n.d(t,{t:function(){return r}});var o=n(52651);function r(e,t,n){void 0===n&&(n=!0);var r=!1;if(e&&t)if(n)if(e===t)r=!0;else for(r=!1;t;){var i=(0,o.G)(t);if(i===e){r=!0;break}t=i}else e.contains&&(r=e.contains(t));return r}},89236:function(e,t,n){n.d(t,{X:function(){return r}});var o=n(52651);function r(e,t){return e&&e!==document.body?t(e)?e:r((0,o.G)(e),t):null}},52651:function(e,t,n){function o(e,t){return void 0===t&&(t=!0),e&&(t&&function(e){var t,n;return e&&(n=e)&&n._virtual&&(t=e._virtual.parent),t}(e)\|\|e.parentNode&&e.parentNode)}n.d(t,{G:function(){return o}})},2899:function(e,t,n){n.d(t,{w:function(){return i}});var o=n(89236),r=n(73100);function i(e,t){var n=(0,o.X)(e,(function(e){return t===e\|\|e.hasAttribute(r.Y)}));return null!==n&&n.hasAttribute(r.Y)}},73100:function(e,t,n){n.d(t,{U:function(){return r},Y:function(){return o}});var o="data-portal-element";function r(e){e.se

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65446)
Category:	downloaded
Size (bytes):	675512
Entropy (8bit):	5.517813770179539
Encrypted:	false
SSDEEP:	6144:KGgbyWkDa1RGJaR6oALvCE4wn8PvxDPcRMzMxOdI9CQuhbrDmwPO0Iu7P4KOR2nY:/gby3j38HEu6g4KOAY
MD5:	15149A12CC042DCA2B5976D704D58AF4
SHA1:	5882D2DBF2EE0D7FA9B193F114AEE7FD2EB00939
SHA-256:	5F74C854DC6B97753AFA0C34C3715EB9A5DB6F4DF519BFC9CA82BE403DAD9510
SHA-512:	CE40888380272684FA60769C129CE7EBED75585709E39A027E36078783CC88E13981D8333922749529254F0896E7183F442C13DEB719BA343140A0BDFC7F2A94
Malicious:	false
Reputation:	low
URL:	https://myapplications.microsoft.com/bundle/low-change-freq-vendors.791ea13a.js
Preview:	/! For license information please see low-change-freq-vendors.791ea13a.js.LICENSE.txt /.(self.webpackChunkapps=self.webpackChunkapps\|\|[]).push([[557],{74844:function(t,n,e){"use strict";Object.defineProperty(n,"__esModule",{value:!0}),n.isUnicodeLanguageSubtag=n.isUnicodeScriptSubtag=n.isUnicodeRegionSubtag=n.isStructurallyValidLanguageTag=n.parseUnicodeLanguageId=n.parseUnicodeLocaleId=n.getCanonicalLocales=void 0;var a=e(22970),r=e(77116),o=e(76214),i=e(46389);n.getCanonicalLocales=function(t){return function(t){if(void 0===t)return[];var n=[];"string"==typeof t&&(t=[t]);for(var e=0,a=t;e<a.length;e++){var s=a[e],u=(0,o.emitUnicodeLocaleId)((0,i.canonicalizeUnicodeLocaleId)((0,r.parseUnicodeLocaleId)(s)));n.indexOf(u)<0&&n.push(u)}return n}(t)};var s=e(77116);Object.defineProperty(n,"parseUnicodeLocaleId",{enumerable:!0,get:function(){return s.parseUnicodeLocaleId}}),Object.defineProperty(n,"parseUnicodeLanguageId",{enumerable:!0,get:function(){return s.parseUnicodeLanguageId}}),Ob

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65464)
Category:	downloaded
Size (bytes):	382676
Entropy (8bit):	5.241158512530426
Encrypted:	false
SSDEEP:	6144:apotiSu+09qisQFXR6uCSB1DkCXWsFqIfI6xYCFrjWO33wv:FRQaSB1DkCXWsFSaN3gv
MD5:	C2BB805FC8B25BF3FE5B5C1865BD1155
SHA1:	6FA491DDB5CD48A75D32AB474D2BF08477C34860
SHA-256:	F22C0E077993BC20AEC1A2EF52B37D64C653A663529D087D2DE78EC3B54FAA0A
SHA-512:	4C6B2C66C5D105DAC5471D9BABABB19A57671BD9FDDAE6B938C47113BAE01AAC401FC8F6BEF8EE2BDE34F595CCF93F43D40F6D04F4ABE08E20F0B6102FE62372
Malicious:	false
Reputation:	low
URL:	https://myapplications.microsoft.com/bundle/azure.e9a30734.js
Preview:	/! For license information please see azure.e9a30734.js.LICENSE.txt /."use strict";(self.webpackChunkapps=self.webpackChunkapps\|\|[]).push([[196],{93218:function(e,t,r){r.d(t,{L:function(){return wr}});var n,o,i=function(e,t){return i=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},i(e,t)},a=function(){return a=Object.assign\|\|function(e){for(var t,r=1,n=arguments.length;r<n;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},a.apply(this,arguments)},s=r(41601);!function(e){e.AcquireTokenByCode="acquireTokenByCode",e.AcquireTokenByRefreshToken="acquireTokenByRefreshToken",e.AcquireTokenSilent="acquireTokenSilent",e.AcquireTokenSilentAsync="acquireTokenSilentAsync",e.AcquireTokenPopup="acquireTokenPopup",e.CryptoOptsGetPublicKeyThumbprint="cryptoOptsGetPublicKeyThumbprint",e.CryptoOptsSignJwt="cryptoOptsSignJwt",e.SilentCa

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65446)
Category:	dropped
Size (bytes):	675512
Entropy (8bit):	5.517813770179539
Encrypted:	false
SSDEEP:	6144:KGgbyWkDa1RGJaR6oALvCE4wn8PvxDPcRMzMxOdI9CQuhbrDmwPO0Iu7P4KOR2nY:/gby3j38HEu6g4KOAY
MD5:	15149A12CC042DCA2B5976D704D58AF4
SHA1:	5882D2DBF2EE0D7FA9B193F114AEE7FD2EB00939
SHA-256:	5F74C854DC6B97753AFA0C34C3715EB9A5DB6F4DF519BFC9CA82BE403DAD9510
SHA-512:	CE40888380272684FA60769C129CE7EBED75585709E39A027E36078783CC88E13981D8333922749529254F0896E7183F442C13DEB719BA343140A0BDFC7F2A94
Malicious:	false
Reputation:	low
Preview:	/! For license information please see low-change-freq-vendors.791ea13a.js.LICENSE.txt /.(self.webpackChunkapps=self.webpackChunkapps\|\|[]).push([[557],{74844:function(t,n,e){"use strict";Object.defineProperty(n,"__esModule",{value:!0}),n.isUnicodeLanguageSubtag=n.isUnicodeScriptSubtag=n.isUnicodeRegionSubtag=n.isStructurallyValidLanguageTag=n.parseUnicodeLanguageId=n.parseUnicodeLocaleId=n.getCanonicalLocales=void 0;var a=e(22970),r=e(77116),o=e(76214),i=e(46389);n.getCanonicalLocales=function(t){return function(t){if(void 0===t)return[];var n=[];"string"==typeof t&&(t=[t]);for(var e=0,a=t;e<a.length;e++){var s=a[e],u=(0,o.emitUnicodeLocaleId)((0,i.canonicalizeUnicodeLocaleId)((0,r.parseUnicodeLocaleId)(s)));n.indexOf(u)<0&&n.push(u)}return n}(t)};var s=e(77116);Object.defineProperty(n,"parseUnicodeLocaleId",{enumerable:!0,get:function(){return s.parseUnicodeLocaleId}}),Object.defineProperty(n,"parseUnicodeLanguageId",{enumerable:!0,get:function(){return s.parseUnicodeLanguageId}}),Ob

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:08 UTC	433	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:08 UTC	798	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:08 GMT Content-Type: application/x-javascript Content-Length: 116365 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Aug 2024 17:52:54 GMT ETag: 0x8DCBD5317046A2F x-ms-request-id: 8686368f-701e-0061-4559-0ee015000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191608Z-185ffdfffcfkntdlfpu7e4aw3400000000yg00000000g24u x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:08 UTC	15586	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 5b db 48 b6 28 fc 7d ff 0a 5b bb c7 2d b5 0b 63 19 30 44 46 78 48 42 7a 98 49 02 07 c8 f4 f4 10 4f 1e 61 97 b1 12 23 79 74 e1 d2 d8 fb b7 bf 6b ad aa 92 4a b2 0c 26 dd fb 9c 0f ef f4 d3 c1 ba 94 ea 5e eb 7e d9 fc a9 fe 5f b5 9f 6a 1b eb ff 57 3b bf 38 3c bb a8 9d bc ab 5d fc e5 f8 ec 6d ed 14 ee 7e ad 7d 3c b9 38 7e 73 b4 7e 3d d8 28 fe bb 98 f8 71 6d ec 4f 79 0d 7e af bc 98 8f 6a 61 50 0b a3 9a 1f 0c c3 68 16 46 5e c2 e3 da 0d fc 8d 7c 6f 5a 1b 47 e1 4d 2d 99 f0 da 2c 0a bf f2 61 12 d7 a6 7e 9c c0 47 57 7c 1a de d5 4c a8 2e 1a d5 4e bd 28 79 a8 1d 9f 5a 2d a8 9f 43 6d fe b5 1f c0 d7 c3 70 f6 00 d7 93 a4 16 84 89 3f e4 35 2f 18 51 6d 53 b8 09 62 5e 4b 83 11 8f 6a 77 13 7f 38 a9 7d f0 87 51 18 87 e3 a4 16 f1 21 f7 6f Data Ascii: k[H(}[-c0DFxHBzIOa#ytkJ&^~_jW;8<]m~}<8~s~=(qmOy~jaPhF^\|oZGM-,a~GW\|L.N(yZ-Cmp?5/QmSb^Kjw8}Q!o
2024-09-24 19:16:08 UTC	16384	IN	Data Raw: 72 48 0c 1b 29 1f 49 83 69 74 84 3e 47 59 80 42 9b b2 59 ca d8 88 5e 36 a7 24 f7 af 17 38 0d 53 1c 3e 97 dc 17 24 8a 0d 4a a7 01 95 4d e2 5c ba e4 61 91 1d cc fc 76 23 bb 17 d9 47 55 e3 fb 1d 24 72 d5 75 be 53 62 b7 c3 d2 4d f8 e3 e1 9f 08 fe 94 d8 cb 4c b2 60 93 73 a2 08 7c dd c2 cc 73 9f 8e 83 c4 ee be 3e 32 f9 4f b1 b5 a0 9d 4a e3 1e bb 1b c2 d1 c8 77 a3 9e bf 9f 52 28 74 4a 36 90 30 df 82 5a d0 d6 7a 03 ab 1b c3 71 f0 37 c6 a2 a7 e2 09 4c c4 d8 f5 2d 06 8f 9b b6 66 12 5d 1b ff 14 d3 96 df 40 63 44 2c e6 6f b8 f8 2d c3 e6 72 5b e7 a8 e9 1d a4 c2 f9 71 c3 23 61 49 cf 47 27 27 7f 63 23 57 e2 4e 51 f5 3a 81 a7 93 7d af 37 d1 7a d7 44 92 9b fa 37 81 4e 4d 11 fd 88 ec b6 68 ac 96 e7 17 55 b3 97 4f d5 55 ce e4 46 ae d0 47 c2 99 47 5b 6a a1 db c9 ce 2d d0 71 Data Ascii: rH)Iit>GYBY^6$8S>$JM\av#GU$ruSbML`s\|s>2OJwR(tJ60Zzq7L-f]@cD,o-r[q#aIG''c#WNQ:}7zD7NMhUOUFGG[j-q
2024-09-24 19:16:08 UTC	16384	IN	Data Raw: 29 8c 92 ca 92 96 69 33 da 9c 35 38 fc d6 d6 60 90 eb 41 a0 12 7b 42 d2 a3 7c 11 42 9b 34 a2 89 fa ac 50 54 6d 90 84 ac 5a 8e c0 f6 f8 15 ad ba d6 15 90 17 54 c3 6f b0 8f f9 f7 1b 9e 4f e9 71 33 74 f5 c0 fd e6 30 a7 21 7d a1 5d 47 f8 42 c3 4d be f3 4f 41 ba 44 02 66 76 07 a0 26 a7 28 74 99 e0 3b c9 b0 c7 62 54 65 49 f7 30 01 73 38 73 93 6f be 83 38 82 66 ee ce ce 1e 6e 0d f8 b1 f5 0c 45 5a dc 2d bb 1e b9 c6 a8 1c a5 3d e7 d3 a7 01 cc 63 fd e7 fc 53 3e 06 6a 35 fc f4 09 4b f4 c5 6e dd 03 86 b1 25 2e c8 49 20 ba c1 d7 11 55 f4 05 62 8b c7 b5 5e f7 e2 9e ef 6c 35 b7 f6 9a 6d 87 5d 61 90 56 d2 75 a6 25 9c a5 be 73 39 49 2f c2 89 c3 06 e9 f4 2e 8b 2f c7 85 ef 7c bc 0d 9f ad 6c b6 da db eb 9b ad cd ed 95 17 51 82 39 5e a0 b7 cf f0 f1 eb 15 f7 97 49 1a 67 29 5a Data Ascii: )i358`A{B\|B4PTmZToOq3t0!}]GBMOADfv&(t;bTeI0s8so8fnEZ-=cS>j5Kn%.I Ub^l5m]aVu%s9I/./\|lQ9^Ig)Z
2024-09-24 19:16:08 UTC	16384	IN	Data Raw: 43 68 1e b4 61 d1 c2 e6 08 96 6a d0 1c 75 d2 c3 bc a3 a2 68 ef 40 82 32 1c 1c 7b 39 fa ab 83 34 35 ee 0e dd d2 bd c6 a3 e3 da f3 7c fa 79 15 5c ca 3e 2f 40 6c be 3a bc e8 78 20 98 f4 2e e0 1d e4 fd 56 63 77 ca ae d9 1d 3a bf 64 68 0d bf 86 7f 8c a4 17 fe f8 eb 7d 5b d4 06 df ab e2 2b 59 bc 90 fa 71 8c 6d 52 7e a4 58 f9 fa 23 e9 ab 86 4c d4 b9 ba f0 c4 a4 6a a5 37 fb c1 26 5b c5 f2 30 9b 42 1c ab 21 ec 3a 8a cc 58 07 52 57 12 27 53 82 ac c7 c9 ad f0 1a cb f1 c6 54 45 5c 89 e4 5c bd 7e 67 7a 48 3c 46 dc 1b 4a 50 ba e3 2e 79 86 a5 3e ca 8a 99 87 ca 6b 17 98 cf 6e 0f 3e 00 68 d3 f7 f1 5f 4f 3b 19 98 1a 87 7b c1 08 f8 63 17 4f 7f ce 0c e0 45 fb 8b 27 9e ee 44 80 27 ce ab 3e 29 12 46 c4 b8 b4 78 ad c9 f6 06 5c b6 37 22 bf 58 45 07 fb 68 b5 36 b5 cb 52 b6 2d b7 Data Ascii: Chajuh@2{945\|y\>/@l:x .Vcw:dh}[+YqmR~X#Lj7&[0B!:XRW'STE\\~gzH<FJP.y>kn>h_O;{cOE'D'>)Fx\7"XEh6R-
2024-09-24 19:16:08 UTC	16384	IN	Data Raw: 50 d0 d5 39 aa fa b8 ea f0 0c 5e b3 3c ed 39 82 c4 c7 f0 e9 f8 a9 11 fd ee 03 1a 02 ec ec bc 1e bd 0c cf 82 8f 18 b1 2f f9 88 f8 f5 23 27 ed f9 c8 49 92 e1 1d 56 8c 6e 6f f1 cf 94 ff 2c 77 76 ec 2f 77 7a 98 3c 16 d9 f0 ed 93 db db 13 5b d5 13 9e a8 98 80 40 5f 4f 91 e3 3d 11 94 39 fa 19 ba 7f ca ac ef 0d d6 09 1c 92 46 38 e2 5f c7 49 80 9e 8b 38 eb 6c 85 09 b4 62 9d 5b 1d 47 92 f1 80 12 5a 18 ff 2c 54 bd 88 98 d9 ee e6 6f 4b a0 df 82 eb 90 1a 8e 00 5a 51 5c b0 c2 e5 84 de 2e 50 30 f1 df 6e 0c 8b a6 ae c5 6b 1f 27 c6 89 07 4e c3 78 68 cd f9 b4 db 43 45 68 31 f4 4e bb b0 17 d0 fc 82 4d ac e3 d0 7d d5 09 af 3d bd d4 fe 19 1c c3 e9 22 e3 50 a5 b2 47 17 b0 3f bc 0a d5 2e 75 7a b8 4f b2 1e 67 34 d9 4e 63 97 9f 7b d6 02 d4 b7 02 3a c1 61 cd 3d bd 16 ca 31 da 5e Data Ascii: P9^<9/#'IVno,wv/wz<[@_O=9F8_I8lb[GZ,ToKZQ\.P0nk'NxhCEh1NM}="PG?.uzOg4Nc{:a=1^
2024-09-24 19:16:08 UTC	16384	IN	Data Raw: 74 72 fb 31 53 f0 93 bc 81 d3 83 bc d1 d3 83 6f 9c 02 6a e3 fb cf 03 ef f3 c6 93 51 af 57 f8 d0 5e 5b 41 b8 f6 c6 e1 d5 bf ff 20 b0 d5 6f 1c 43 7a 51 d7 1b c8 5f b4 24 71 d3 9b 0f a9 c9 b3 dd 0b f2 21 90 e4 43 24 09 25 4b 50 0d cf 8c 6f 62 e5 88 72 b3 63 51 46 52 e9 a5 cc 3b 9c 98 a6 0a 38 4d 85 3e df 95 f8 88 93 19 59 81 f6 42 13 0b 3c a8 2b 2c 2d 59 af b6 22 6e 07 b3 d5 11 28 e7 e0 30 d6 1d 1f c9 39 a8 6e 32 07 6f ac 59 1e 59 61 06 62 7c 2e 46 48 49 7c f6 91 70 d4 91 9b 81 f1 18 46 32 48 1c 20 d2 22 15 56 dd 08 24 98 bd d5 e8 1b 4f 8d 4c 62 15 e0 46 85 7d 25 72 e1 38 5e 7e 87 07 db e6 9f 6c e6 7d 32 ab ec c2 0d 57 35 d2 59 01 79 ee 6f 72 13 0d 85 da 8b c2 83 6c d0 0b 34 66 a5 dd 0c f0 9d ab f8 24 00 73 8c 07 b4 02 92 4b d5 b1 75 17 96 0e b3 72 50 0e 90 Data Ascii: tr1SojQW^[A oCzQ_$q!C$%KPobrcQFR;8M>YB<+,-Y"n(09n2oYYab\|.FHI\|pF2H "V$OLbF}%r8^~l}2W5Yyorl4f$sKurP
2024-09-24 19:16:08 UTC	16384	IN	Data Raw: 63 4d 91 32 d6 52 36 60 5b ac 09 30 f3 65 fb ce f6 e7 38 a2 0d 16 84 de c9 87 1f 4f 4a f8 36 33 60 db bc f3 8d 03 e9 66 d1 90 42 cf a6 8c fd 73 20 33 13 e0 aa f5 a5 40 6e 98 1e 23 65 91 c8 1f 22 65 95 88 25 a6 ed 09 b2 32 48 8d e5 00 61 76 8c 6d 19 c2 5e e8 e8 5e 3a 68 05 64 8e e3 55 ad b0 7d a3 83 90 da 2a 86 89 ff 9d c7 b5 4c 3e b3 9f 90 23 3f b5 f8 ac 9f a3 69 ac a8 c9 d7 f0 d0 a1 31 ea b0 ea 38 1e fd 81 54 43 6a 1c c9 64 bf 17 8b 88 be 28 f5 24 4f 23 ba 05 68 c1 47 42 db e7 a1 13 f6 2b fb 9b 6e 7b fe 7a ee ac 7b ca 26 59 1f ca 92 10 03 1c 99 6d 00 76 75 8c 2b c5 8d 05 8e f2 dd 2e 95 2d ec ca 58 d9 6b fb 4e 66 a6 cd 1d 6c b8 21 f1 95 ff f2 7e 8c bb ce 0d 00 36 ef 3f bd f7 5f 1e 44 1d cd 79 b1 33 af ad 20 dc 62 0c f8 da ff d2 10 b6 5d 8b f8 dd ff 09 a0 Data Ascii: cM2R6`[0e8OJ63`fBs 3@n#e"e%2Havm^^:hdU}*L>#?i18TCjd($O#hGB+n{z{&Ymvu+.-XkNfl!~6?_Dy3 b]
2024-09-24 19:16:08 UTC	2475	IN	Data Raw: de 2c 30 3f 34 26 15 78 3c 32 d3 c9 17 b6 63 68 f2 5e 3e ca 38 c7 fa da b4 a6 b7 c9 4e e7 6b eb eb 52 5a e4 a3 63 e0 52 22 d0 e9 eb e5 b4 39 64 8c cb 89 81 6f d5 ca 69 80 28 8f c7 e5 c4 31 24 e6 e5 c4 29 24 a6 e5 c4 89 0f 04 77 29 6d e6 03 81 5d 4a 1b f9 40 80 97 d2 6e 7c 20 c6 4b 69 97 3e 50 1b a5 b4 73 1f 48 9c 52 da 85 0f a4 51 29 ed cc b7 9e 94 d3 ae d0 e1 5d 29 ed da b7 be 2d a7 1d c9 68 79 e3 e3 b4 66 7d f1 b5 ed ac f7 28 1c df ed 02 dd 2b ec 9b 9f eb f4 dd eb 7d 2b 33 dc 1d af db 7d ff f8 89 03 39 df f8 eb ad c1 71 0a 93 ff b5 bd 0e 9f d7 dd 17 14 4f 10 e3 02 ae 47 0f d8 5e 7f 74 4f dd e7 ee a1 fb d6 fd d5 7d e5 be 73 0f 7e 87 46 f4 ed c2 7d 89 4a 7c 59 a6 83 dc bb ef fd 83 56 74 1e 03 cf f7 82 63 43 7f e7 bf 94 24 d3 33 bf ed be 46 3e eb 7b 14 3a Data Ascii: ,0?4&x<2ch^>8NkRZcR"9doi(1$)$w)m]J@n\| Ki>PsHRQ)])-hyf}(+}+3}9qOG^tO}s~F}J\|YVtcC$3F>{:

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:08 UTC	701	OUT	GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/illustration?ts=637145429326126917 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:09 UTC	654	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Cache-Control: public, max-age=86400 Content-MD5: iE6og3NQEImkIfPhgelpbQ== Content-Type: image/* Date: Tue, 24 Sep 2024 19:16:08 GMT Etag: 0x8D79864698C0ECE Last-Modified: Mon, 13 Jan 2020 20:08:53 GMT Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 X-Content-Type-Options: nosniff x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 862c8db8-501e-005c-16b6-0e16ba000000 x-ms-version: 2009-09-19 Content-Length: 254710 Connection: close
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: ff d8 ff e1 05 5e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 22 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 94 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 0a fc 80 00 00 27 10 00 0a fc 80 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 43 20 32 30 31 38 20 28 57 69 6e 64 6f 77 73 29 00 32 30 31 38 3a 31 30 3a 30 34 20 30 38 3a 32 31 3a 35 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00 Data Ascii: ^ExifMM*bj(1"r2i''Adobe Photoshop CC 2018 (Windows)2018:10:04 08:21:508"
2024-09-24 19:16:09 UTC	1	IN	Data Raw: bf Data Ascii:
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: 75 a0 2b d7 2f 7a ea e0 53 af 7b f7 5b eb de f4 48 1d 7b af 7b a7 5b 02 bd 77 6f 7a ea e0 53 ae c0 f7 ae ac 05 7a e5 ef 5d 5b 87 5d fb f7 5e eb 98 16 f7 52 6b d5 49 af 5d db de ba f0 04 f5 cb de ba bf 5d 81 ef 5d 58 0f 5e bb f7 52 7a b7 5e f7 5a f5 be bd ef dd 7b af 01 ef 5d 6c 0a f5 cb de ba b0 14 eb de fd d6 c0 af 5c ad ef 55 ea c1 7a ec 0f e9 ef dd 6f 03 ae 5a 7d d6 bd 6a bd 72 f7 ae b5 d7 bd fb af 75 dd bd fa bd 6c 2f af 5d fb d7 56 a0 eb bf 7e eb 7d 77 6f 7a af 5b d3 d7 76 f7 ee ac 05 3a ec 29 ff 00 5b de ab d6 aa 3a e4 14 7f af ef 55 eb 55 eb 97 bd 75 ae bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ba 1e bb b7 bd 57 ad e9 3d 7a de fd d6 e8 3a ef df ba df 0e bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba Data Ascii: u+/zS{[H{{[wozSz][]^RkI]]]X^Rz^Z{]l\UzoZ}jrul/]V~}woz[v:)[:UUu{{^uW=z:{{^u{{^
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: d7 7e fd 41 d6 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee ba 2a 0f bf 50 75 ba 9e b8 e9 fe 9e f7 8e b7 ab af 69 3e f7 8e bd ab ae 3e fd 41 d5 ba f7 bd d0 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb d6 1e fd 41 d6 a8 3a e3 6f 7e a0 ea b4 3d 7b de e8 3a d7 5e f7 ea 0e bd d7 bd fa 83 af 75 ef 7e a0 eb dd 71 23 de c0 1d 50 8e bd ef 7d 57 af 7b f7 5e eb de Data Ascii: ~APu{{^APu{{^APu{{^APu{{^APu{{^APu*Pui>>Au{{^APu{{^APu{{^A:o~={:^u~q#P}W{^
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e Data Ascii: Ci?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: f7 5e f7 ea 1e bd d7 ad ef 74 3d 6a 82 b5 eb 8f bf 50 f5 53 f3 eb 89 03 9e 3f 1f 5f 76 a1 eb dd 70 f7 ba 1e ad d7 bd fa 87 af 75 ef 7e a1 eb dd 7b df a8 7a f7 5e f7 ea 1e bd d7 ff d1 d7 5f df 74 7a c0 9e bd ef dd 7b af 7b f7 5e eb bf 7e eb dd 77 6f 7a af 56 d3 d7 7e fd d5 ba f7 bd 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 3f 5f 7e eb df 2e b2 0f a7 ba f5 43 d7 7e fd d7 ba f7 bf 75 be bb fa fb d7 5b a0 3d 77 ef 5d 5b ae 60 fd 07 e3 e9 ef 44 75 5a 75 93 dd 3a b7 5e f7 ee b7 d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5c bd eb ab f5 c9 47 bd 1e b4 7a ca 3d d3 ad 8e 1d 7b df ba df 5c d4 7e 7d e8 f5 a2 7c ba e7 ee bd 68 64 f5 df bd 75 7e bb 1e fd d6 c7 1e b9 7b d7 57 eb 92 fd 7d e8 f5 a3 c3 ac a3 dd 3a d8 e1 d7 bd fb ad f5 df bd 75 e0 2b d7 35 fa fb d1 ea e7 Data Ascii: ^t=jPS?_vpu~{z^_tz{{^~wozV~u{{^?_~.C~u[=w][`DuZu:^u~{\Gz={\~}\|hdu~{W}:u+5
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: 75 61 c3 ae fd eb ad f5 ef 7e eb dd 73 02 fe ea 4f 57 38 1d 64 f7 e0 3c fa a7 5d fb b7 5e eb 9a 7e 7d d5 ba f7 59 3d d7 af 75 ef 7e eb dd 78 7b f7 5b 02 bd 72 f7 ae af d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 76 05 cf fa de f4 7a d1 3d 64 f7 5e ab d7 63 de ba b0 1e 7d 77 ef dd 5b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee Data Ascii: ua~sOW8d<]^~}Y=u~x{[ru~{^u~vz=d^c}w[{^u{{^u{{^u{{^u{{^u{{^u{{^u{{^u{{^u
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: ac 2c 39 3f 8f 77 00 d3 ad 50 1e b0 b0 e7 dd c0 34 eb d4 eb 81 51 fd 07 bd e4 75 a2 3a e3 61 fd 07 bf 57 aa 9c f5 8e de ef 5e ad a4 75 85 c7 3f eb 7b ba f5 a2 31 d6 32 a0 fb f5 0f 55 e3 d7 5a 47 bf 50 f5 aa 75 84 8f 77 a1 eb c7 3d 70 65 e3 dd 80 3d 6a 94 eb 1d bd de 87 af 50 75 c7 48 fe 83 df a8 7a d1 1e 9d 75 61 fd 07 bd d0 f5 5a f5 c1 c7 3e ec a0 f5 ee b1 e9 1e ed 43 d5 69 d7 5a 47 bf 50 f5 ea 75 d1 00 7e 3d ea a7 ad 1c 75 eb 0f e8 3d ef ad 54 f5 c4 da df 4f f0 f7 e1 c7 ad 8c f5 85 80 fc 0f cf d7 db 83 ab 05 eb 81 f7 6e bc 47 5d 7b f7 5a eb de fd d7 ba e2 40 fe 83 de eb d5 4d 47 5d 58 7f 41 ef 7d 6a a7 af 58 7f 41 ef dd 7a a7 af 58 7f 41 ef dd 7b ac 6c bc f1 fd 3d ef 27 af 01 8e b1 b0 20 5b fd 87 bd 79 f5 bf 9f 5c 7f d8 5b fa 7f 5b fb df 5e eb af 7b eb Data Ascii: ,9?wP4Qu:aW^u?{12UZGPuw=pe=jPuHzuaZ>CiZGPu~=u=TOnG]{Z@MG]XA}jXAzXA{l=' [y\[[^{
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b ac 06 3b 70 4f fb c7 b7 35 75 ae bd a3 fc 7f de 3d fb 57 5e eb da 3f c7 fd e3 df b5 75 ee bd a3 fc 7f de 3d fb 57 5e eb da 3f c7 fd e3 df b5 75 ee bd a3 fc 7f de 3d fb 57 5e eb da 3f c7 fd e3 de 89 a8 eb dd 75 a3 fc 7f de 3d d3 57 5b eb 83 47 c7 d7 fd e3 de c3 75 53 c7 ac 7a 3f c7 fd e3 dd f5 75 be b8 14 fa f3 fe f1 ef 61 ba a9 e3 d6 3d 1f e3 fe f1 ee fa ba df 5e d1 fe 3f ef 1e fd Data Ascii: {h~x]{h~x]{h~x]{h~x]{h~x]{h~x]{;pO5u=W^?u=W^?u=W^?u=W[GuSz?ua=^?
2024-09-24 19:16:09 UTC	16383	IN	Data Raw: 08 ea 87 87 58 59 4f d7 8f f7 c3 dd c1 1d 78 0e b0 95 3f d4 7b b8 23 ad 9f 4e b1 b2 91 fd 3d d8 10 7a 6c 8c f5 85 97 eb f4 b7 bd d7 3d 5c 75 87 41 ff 00 0f 76 d4 3a d7 58 dd 4f d2 e3 8f af d7 dd 94 8e bd d6 12 a7 eb c7 bb d4 74 d9 c9 eb 13 29 e7 e9 ee e0 f5 6f 91 eb 03 a9 3f 9e 3d d8 9e aa 46 3a c6 54 8f 7e af 5a a5 7a c0 ca 45 fe 9e dc 07 af 7c fa c0 50 ff 00 87 bf 12 2b d6 ba c6 79 07 de c7 1e bd d6 12 a4 8f 6e 03 d6 c0 a6 7a c4 c2 c7 dd c7 5a 26 bd 62 28 7f 16 b7 fb cf fb 1f 77 af 55 eb 81 04 7b dd 6b d6 ba c2 e0 5f df 87 1e b5 4a f5 84 a9 3f d2 df ec 7d d8 11 d7 80 a7 5c 0a 9f 76 a8 eb c4 f5 1d f9 3f 8f 7b 07 ad 50 9e b1 95 27 fa 7b d8 3d 78 0a 75 c7 49 ff 00 0f 76 af 5e a8 eb 8b 02 3f a7 bd 83 d7 b8 f5 83 fd f7 fa de dc eb 7d 74 79 1c fb f0 eb 5d 62 Data Ascii: XYOx?{#N=zl=\uAv:XOt)o?=F:T~ZzE\|P+ynzZ&b(wU{k_J?}\v?{P'{=xuIv^?}ty]b

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:08 UTC	663	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:08 UTC	784	IN	HTTP/1.1 200 OK Date: Tue, 24 Sep 2024 19:16:08 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49ED96E0 x-ms-request-id: ce3ba5d7-301e-004f-2800-0eb202000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240924T191608Z-185ffdfffcfvr4sskpe0rr80ew000000020g00000000972u x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-09-24 19:16:08 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:10 UTC	454	OUT	GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/bannerlogo?ts=637145433474602723 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:10 UTC	646	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 2 Cache-Control: public, max-age=86400 Content-MD5: EpuQZiginrhQBeN3wi4RuA== Content-Type: image/* Date: Tue, 24 Sep 2024 19:16:10 GMT Etag: 0x8D7986560AD23EC Last-Modified: Mon, 13 Jan 2020 20:15:47 GMT Server: ECAcc (lhc/7918) X-Cache: HIT X-Content-Type-Options: nosniff x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: e986dc9f-e01e-003b-80b6-0e0646000000 x-ms-version: 2009-09-19 Content-Length: 4412 Connection: close
2024-09-24 19:16:10 UTC	4412	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 04 00 00 00 23 08 06 00 00 00 72 d6 74 30 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 05 d1 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR#rt0pHYs+iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RD

Timestamp	Bytes transferred	Direction	Data
2024-09-24 19:16:11 UTC	456	OUT	GET /dbd5a2dd-1iyfigbmuzmv84vwmj7t5enil7pqv6q-xxaumspgawc/logintenantbranding/0/illustration?ts=637145429326126917 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-24 19:16:12 UTC	648	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 3 Cache-Control: public, max-age=86400 Content-MD5: iE6og3NQEImkIfPhgelpbQ== Content-Type: image/* Date: Tue, 24 Sep 2024 19:16:11 GMT Etag: 0x8D79864698C0ECE Last-Modified: Mon, 13 Jan 2020 20:08:53 GMT Server: ECAcc (lhc/790E) X-Cache: HIT X-Content-Type-Options: nosniff x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 862c8db8-501e-005c-16b6-0e16ba000000 x-ms-version: 2009-09-19 Content-Length: 254710 Connection: close
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: ff d8 ff e1 05 5e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 22 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 94 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 0a fc 80 00 00 27 10 00 0a fc 80 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 43 20 32 30 31 38 20 28 57 69 6e 64 6f 77 73 29 00 32 30 31 38 3a 31 30 3a 30 34 20 30 38 3a 32 31 3a 35 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00 Data Ascii: ^ExifMM*bj(1"r2i''Adobe Photoshop CC 2018 (Windows)2018:10:04 08:21:508"
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: bf 75 a0 2b d7 2f 7a ea e0 53 af 7b f7 5b eb de f4 48 1d 7b af 7b a7 5b 02 bd 77 6f 7a ea e0 53 ae c0 f7 ae ac 05 7a e5 ef 5d 5b 87 5d fb f7 5e eb 98 16 f7 52 6b d5 49 af 5d db de ba f0 04 f5 cb de ba bf 5d 81 ef 5d 58 0f 5e bb f7 52 7a b7 5e f7 5a f5 be bd ef dd 7b af 01 ef 5d 6c 0a f5 cb de ba b0 14 eb de fd d6 c0 af 5c ad ef 55 ea c1 7a ec 0f e9 ef dd 6f 03 ae 5a 7d d6 bd 6a bd 72 f7 ae b5 d7 bd fb af 75 dd bd fa bd 6c 2f af 5d fb d7 56 a0 eb bf 7e eb 7d 77 6f 7a af 5b d3 d7 76 f7 ee ac 05 3a ec 29 ff 00 5b de ab d6 aa 3a e4 14 7f af ef 55 eb 55 eb 97 bd 75 ae bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ba 1e bb b7 bd 57 ad e9 3d 7a de fd d6 e8 3a ef df ba df 0e bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 Data Ascii: u+/zS{[H{{[wozSz][]^RkI]]]X^Rz^Z{]l\UzoZ}jrul/]V~}woz[v:)[:UUu{{^uW=z:{{^u{{^
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: 53 d7 7e fd 41 d6 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee ba 2a 0f bf 50 75 ba 9e b8 e9 fe 9e f7 8e b7 ab af 69 3e f7 8e bd ab ae 3e fd 41 d5 ba f7 bd d0 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb de fd 41 d7 ba f7 bf 50 75 ee bd ef d4 1d 7b af 7b f5 07 5e eb d6 1e fd 41 d6 a8 3a e3 6f 7e a0 ea b4 3d 7b de e8 3a d7 5e f7 ea 0e bd d7 bd fa 83 af 75 ef 7e a0 eb dd 71 23 de c0 1d 50 8e bd ef 7d 57 af 7b f7 5e eb Data Ascii: S~APu{{^APu{{^APu{{^APu{{^APu{{^APu*Pui>>Au{{^APu{{^APu{{^A:o~={:^u~q#P}W{^
2024-09-24 19:16:12 UTC	3	IN	Data Raw: 75 ed 43 Data Ascii: uC
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a f6 93 fe 1e fd d7 b5 0e bd a4 ff 00 87 bf 75 ed 43 af 69 3f e1 ef dd 7b 50 eb da 4f f8 7b f7 5e d4 3a Data Ascii: i?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:uCi?{PO{^:
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: f7 ea 1e bd d7 ad ef 74 3d 6a 82 b5 eb 8f bf 50 f5 53 f3 eb 89 03 9e 3f 1f 5f 76 a1 eb dd 70 f7 ba 1e ad d7 bd fa 87 af 75 ef 7e a1 eb dd 7b df a8 7a f7 5e f7 ea 1e bd d7 ff d1 d7 5f df 74 7a c0 9e bd ef dd 7b af 7b f7 5e eb bf 7e eb dd 77 6f 7a af 56 d3 d7 7e fd d5 ba f7 bd 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 3f 5f 7e eb df 2e b2 0f a7 ba f5 43 d7 7e fd d7 ba f7 bf 75 be bb fa fb d7 5b a0 3d 77 ef 5d 5b ae 60 fd 07 e3 e9 ef 44 75 5a 75 93 dd 3a b7 5e f7 ee b7 d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5c bd eb ab f5 c9 47 bd 1e b4 7a ca 3d d3 ad 8e 1d 7b df ba df 5c d4 7e 7d e8 f5 a2 7c ba e7 ee bd 68 64 f5 df bd 75 7e bb 1e fd d6 c7 1e b9 7b d7 57 eb 92 fd 7d e8 f5 a3 c3 ac a3 dd 3a d8 e1 d7 bd fb ad f5 df bd 75 e0 2b d7 35 fa fb d1 ea e7 ac a3 Data Ascii: t=jPS?_vpu~{z^_tz{{^~wozV~u{{^?_~.C~u[=w][`DuZu:^u~{\Gz={\~}\|hdu~{W}:u+5
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: c3 ae fd eb ad f5 ef 7e eb dd 73 02 fe ea 4f 57 38 1d 64 f7 e0 3c fa a7 5d fb b7 5e eb 9a 7e 7d d5 ba f7 59 3d d7 af 75 ef 7e eb dd 78 7b f7 5b 02 bd 72 f7 ae af d7 bd fb af 75 ef 7e eb dd 7b df ba f7 5e f7 ee bd d7 bd fb af 75 ef 7e eb dd 76 05 cf fa de f4 7a d1 3d 64 f7 5e ab d7 63 de ba b0 1e 7d 77 ef dd 5b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef dd 7b af 7b f7 5e eb de fd d7 ba f7 bf 75 ee bd ef Data Ascii: ~sOW8d<]^~}Y=u~x{[ru~{^u~vz=d^c}w[{^u{{^u{{^u{{^u{{^u{{^u{{^u{{^u{{^u
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: 39 3f 8f 77 00 d3 ad 50 1e b0 b0 e7 dd c0 34 eb d4 eb 81 51 fd 07 bd e4 75 a2 3a e3 61 fd 07 bf 57 aa 9c f5 8e de ef 5e ad a4 75 85 c7 3f eb 7b ba f5 a2 31 d6 32 a0 fb f5 0f 55 e3 d7 5a 47 bf 50 f5 aa 75 84 8f 77 a1 eb c7 3d 70 65 e3 dd 80 3d 6a 94 eb 1d bd de 87 af 50 75 c7 48 fe 83 df a8 7a d1 1e 9d 75 61 fd 07 bd d0 f5 5a f5 c1 c7 3e ec a0 f5 ee b1 e9 1e ed 43 d5 69 d7 5a 47 bf 50 f5 ea 75 d1 00 7e 3d ea a7 ad 1c 75 eb 0f e8 3d ef ad 54 f5 c4 da df 4f f0 f7 e1 c7 ad 8c f5 85 80 fc 0f cf d7 db 83 ab 05 eb 81 f7 6e bc 47 5d 7b f7 5a eb de fd d7 ba e2 40 fe 83 de eb d5 4d 47 5d 58 7f 41 ef 7d 6a a7 af 58 7f 41 ef dd 7a a7 af 58 7f 41 ef dd 7b ac 6c bc f1 fd 3d ef 27 af 01 8e b1 b0 20 5b fd 87 bd 79 f5 bf 9f 5c 7f d8 5b fa 7f 5b fb df 5e eb af 7b eb 7d 75 Data Ascii: 9?wP4Qu:aW^u?{12UZGPuw=pe=jPuHzuaZ>CiZGPu~=u=TOnG]{Z@MG]XA}jXAzXA{l=' [y\[[^{}u
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b af 68 ff 00 1f f7 8f 7e d5 d7 ba f6 8f f1 ff 00 78 f7 ed 5d 7b ac 06 3b 70 4f fb c7 b7 35 75 ae bd a3 fc 7f de 3d fb 57 5e eb da 3f c7 fd e3 df b5 75 ee bd a3 fc 7f de 3d fb 57 5e eb da 3f c7 fd e3 df b5 75 ee bd a3 fc 7f de 3d fb 57 5e eb da 3f c7 fd e3 de 89 a8 eb dd 75 a3 fc 7f de 3d d3 57 5b eb 83 47 c7 d7 fd e3 de c3 75 53 c7 ac 7a 3f c7 fd e3 dd f5 75 be b8 14 fa f3 fe f1 ef 61 ba a9 e3 d6 3d 1f e3 fe f1 ee fa ba df 5e d1 fe 3f ef 1e fd ab ad Data Ascii: h~x]{h~x]{h~x]{h~x]{h~x]{h~x]{;pO5u=W^?u=W^?u=W^?u=W[GuSz?ua=^?
2024-09-24 19:16:12 UTC	16383	IN	Data Raw: 87 87 58 59 4f d7 8f f7 c3 dd c1 1d 78 0e b0 95 3f d4 7b b8 23 ad 9f 4e b1 b2 91 fd 3d d8 10 7a 6c 8c f5 85 97 eb f4 b7 bd d7 3d 5c 75 87 41 ff 00 0f 76 d4 3a d7 58 dd 4f d2 e3 8f af d7 dd 94 8e bd d6 12 a7 eb c7 bb d4 74 d9 c9 eb 13 29 e7 e9 ee e0 f5 6f 91 eb 03 a9 3f 9e 3d d8 9e aa 46 3a c6 54 8f 7e af 5a a5 7a c0 ca 45 fe 9e dc 07 af 7c fa c0 50 ff 00 87 bf 12 2b d6 ba c6 79 07 de c7 1e bd d6 12 a4 8f 6e 03 d6 c0 a6 7a c4 c2 c7 dd c7 5a 26 bd 62 28 7f 16 b7 fb cf fb 1f 77 af 55 eb 81 04 7b dd 6b d6 ba c2 e0 5f df 87 1e b5 4a f5 84 a9 3f d2 df ec 7d d8 11 d7 80 a7 5c 0a 9f 76 a8 eb c4 f5 1d f9 3f 8f 7b 07 ad 50 9e b1 95 27 fa 7b d8 3d 78 0a 75 c7 49 ff 00 0f 76 af 5e a8 eb 8b 02 3f a7 bd 83 d7 b8 f5 83 fd f7 fa de dc eb 7d 74 79 1c fb f0 eb 5d 62 28 7f Data Ascii: XYOx?{#N=zl=\uAv:XOt)o?=F:T~ZzE\|P+ynzZ&b(wU{k_J?}\v?{P'{=xuIv^?}ty]b(

Target ID:	0
Start time:	15:15:48
Start date:	24/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	15:15:51
Start date:	24/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=1940,i,13434837305207668078,1596451000190815801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	15:15:54
Start date:	24/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Windows Analysis Report
https://myapplications.microsoft.com/?tenantid=652337df-160d-4078-b508-ef6f12d0d753

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre