Windows Analysis Report
http://securityupdatehub-my.sharepoint.com

Overview

General Information

Sample URL:	http://securityupdatehub-my.sharepoint.com
Analysis ID:	1579320
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: securityupdatehub-my.sharepoint.com to https://login.microsoftonline.com:443/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5fid=00000003%2d0000%2d0ff1%2dce00%2d000000000000&response%5fmode=form%5fpost&response%5ftype=code%20id%5ftoken&resource=00000003%2d0000%2d0ff1%2dce00%2d000000000000&scope=openid&nonce=ade0690d93f719cf918cbb9c521182130797fdf54a0f08a1%2d03c14ecc01d987db2d5375f0f48e93b6e757ee95005239faa6916a25fd464bf3&redirect%5furi=https%3a%2f%2fsecurityupdatehub%2dmy%2esharepoint%2ecom%2f%5fforms%2fdefault%2easpx&state=od0w&claims=%7b%22id%5ftoken%22%3a%7b%22xms%5fcc%22%3a%7b%22values%22%3a%5b%22cp1%22%5d%7d%7d%7d&wsucxt=1&cobrandid=11bd8083%2d87e0%2d41b5%2dbb78%2d0bc43c8a8e8a&client%2drequest%2did=4cbd6fa1%2d7032%2d7000%2d734f%2d6c042359b170

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.238.18
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/authenticate.aspx?Source=%2F HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fauthenticate.aspx%3fSource%3d%252F&Source=cookie HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRg==
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: securityupdatehub-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: chromecache_73.2.dr, chromecache_70.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_73.2.dr, chromecache_70.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_60.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_60.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: classification engine

Classification label: clean1.win@17/42@16/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1988,i,7594917267722297499,11007387598272349058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://securityupdatehub-my.sharepoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1988,i,7594917267722297499,11007387598272349058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.138.10	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.181.100	true
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true
securityupdatehub-my.sharepoint.com	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js	false	high
https://securityupdatehub-my.sharepoint.com/_layouts/15/authenticate.aspx?Source=%2F	false	unknown
https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	false	high
https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	false	high
https://securityupdatehub-my.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fauthenticate.aspx%3fSource%3d%252F&Source=cookie	false	unknown
http://securityupdatehub-my.sharepoint.com/	false	unknown
https://securityupdatehub-my.sharepoint.com/	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 59	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 60	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 61	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 62	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 63	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 64	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142367	9B96CC09F9E89D0334BA2FBC22B5197A	B5FE69F39E9F61FEF88DF794F02DC4F4086E2592	E6331018533143C411BAE25326AB52FCED541C48674551AEA78E750855BDCD1D
Chrome Cache Entry: 65	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 450755	AC9A6ED508328361A4C9530325A94076	ADC81FAE51EB66A220539EEEDECEB96CFF390BBB	BA93F4A83BB77D32AF9AFB9B014BFD13FD497E3D8F15AF016C782ABD1D34037B
Chrome Cache Entry: 66	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 67	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 450755	AC9A6ED508328361A4C9530325A94076	ADC81FAE51EB66A220539EEEDECEB96CFF390BBB	BA93F4A83BB77D32AF9AFB9B014BFD13FD497E3D8F15AF016C782ABD1D34037B
Chrome Cache Entry: 68	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142367	9B96CC09F9E89D0334BA2FBC22B5197A	B5FE69F39E9F61FEF88DF794F02DC4F4086E2592	E6331018533143C411BAE25326AB52FCED541C48674551AEA78E750855BDCD1D
Chrome Cache Entry: 69	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 70	ASCII text, with very long lines (45797)	9083D228E539FD87EF95A94B7ABC396C	159AE950D79B4987D65F18FFBF6FF87D76C5B536	54B34EA260D9DCF6D7961A60C9B540673312A965F9DDC2F1AB9855D622BFA07C
Chrome Cache Entry: 71	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 72	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 73	ASCII text, with very long lines (45797)	9083D228E539FD87EF95A94B7ABC396C	159AE950D79B4987D65F18FFBF6FF87D76C5B536	54B34EA260D9DCF6D7961A60C9B540673312A965F9DDC2F1AB9855D622BFA07C
Chrome Cache Entry: 74	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	171A4DD9400708B88724B57D62B24A6A	9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37	EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
Chrome Cache Entry: 75	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 76	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510	187B9EBA41FDF66B2C8F7EB645D2BC17	B1C034F7F5F754F271D094FB417B9A820C1F712C	CA0FBF8421A0CF4CCDA7310B2AE74CBD92214901EC2D0F273EA3B07F12CF96EA
Chrome Cache Entry: 77	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 78	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 79	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424	3BA4D76A17ADD0A6C34EE696F28C8541	5E8A4B8334539A7EAB798A7799F6E232016CB263	17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
Chrome Cache Entry: 80	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 81	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	171A4DD9400708B88724B57D62B24A6A	9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37	EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
Chrome Cache Entry: 82	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510	187B9EBA41FDF66B2C8F7EB645D2BC17	B1C034F7F5F754F271D094FB417B9A820C1F712C	CA0FBF8421A0CF4CCDA7310B2AE74CBD92214901EC2D0F273EA3B07F12CF96EA
Chrome Cache Entry: 83	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 84	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 85	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

HTML body contains low number of good links

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/9b82a082-52f4-44b9-a6c9-d3d75128b78b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=ADE0690D93F719CF918CBB9C521182130797FDF54A0F08A1%2D03C14ECC01D987DB2D5375F0F48E93B6E757EE95005239FAA6916A25FD464BF3&redirect%5Furi=https%3A%2F%2Fsecurityupdatehub%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=4cbd6fa1%2D7032%2D7000%2D734f%2D6c042359b170&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.238.18
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/authenticate.aspx?Source=%2F HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fauthenticate.aspx%3fSource%3d%252F&Source=cookie HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRg==
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: securityupdatehub-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: securityupdatehub-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: chromecache_73.2.dr, chromecache_70.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_73.2.dr, chromecache_70.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_60.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_60.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: classification engine

Classification label: clean1.win@17/42@16/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1988,i,7594917267722297499,11007387598272349058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://securityupdatehub-my.sharepoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1988,i,7594917267722297499,11007387598272349058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1579320
Product:	CloudBasic
Start time:	15:37:30
Start date:	21.12.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://securityupdatehub-my.sharepoint.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://securityupdatehub-my.sharepoint.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://securityupdatehub-my.sharepoint.com