Edit tour

Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0

Overview

General Information

Sample URL:	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3
Analysis ID:	1654602
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Creates files inside the system directory

Deletes files inside the Windows folder

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Suricata Signatures

ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-02T12:51:20.460204+0200	2832180	1	Successful Credential Theft Detected	192.168.2.8	49741	40.126.24.81	443	TCP
2025-04-02T12:51:58.528489+0200	2832180	1	Successful Credential Theft Detected	192.168.2.8	49740	40.126.24.81	443	TCP

ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-02T12:51:20.460204+0200	2846045	1	Successful Credential Theft Detected	192.168.2.8	49741	40.126.24.81	443	TCP
2025-04-02T12:51:58.528489+0200	2846045	1	Successful Credential Theft Detected	192.168.2.8	49740	40.126.24.81	443	TCP

ETPRO PHISHING Successful Office 365 Phish 2018-08-01

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-02T12:51:20.460204+0200	2832046	1	Successful Credential Theft Detected	192.168.2.8	49741	40.126.24.81	443	TCP
2025-04-02T12:51:58.528489+0200	2832046	1	Successful Credential Theft Detected	192.168.2.8	49740	40.126.24.81	443	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=true

HTTP Parser: richard.parkinson@ocs.com

HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...	HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.64.100:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49732 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.8:49741 -> 40.126.24.81:443
Source: Network traffic	Suricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.8:49740 -> 40.126.24.81:443
Source: Network traffic	Suricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.8:49741 -> 40.126.24.81:443
Source: Network traffic	Suricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.8:49740 -> 40.126.24.81:443
Source: Network traffic	Suricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.8:49741 -> 40.126.24.81:443
Source: Network traffic	Suricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.8:49740 -> 40.126.24.81:443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: login.microsoftonline.com to https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=llvj1lktxcdgt1cqkcqxytimqw4wvbqixugs7dyj1la%253d&ver=2.0#

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVax
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ocs.com/winauth/ssoprobe?client-request-id=21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f&_=1743591063850 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDeviceId=787c672d-e892-42a7-b382-264c5337ed25; brcap=0; ai_session=GvHwnIkYwdWfKYlFoy6qyo\|1743591065117\|1743591065117
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: global traffic	DNS traffic detected: DNS query: passwordreset.microsoftonline.com

Source: unknown

HTTP traffic detected: POST /api/report?catId=GW+estsfd+bno HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 1799Content-Type: application/reports+jsonOrigin: https://login.microsoftonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: bbf35ce3-d86a-40a3-b684-87b311c22200x-ms-ests-server: 2.1.20329.5 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-MLk5HiBZ1q0VG8Lc4zEyDw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Wed, 02 Apr 2025 10:50:56 GMTConnection: closeContent-Length: 0

Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 142.250.64.100:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49732 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir2252_1989991183

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir2252_1989991183

Jump to behavior

Source: classification engine

Classification label: mal48.win@21/37@22/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
e329293.dscd.akamaiedge.net	23.209.72.9	true	false	high
www.tm.f.prd.aadg.trafficmanager.net	20.190.152.80	true	false	high
s-part-0044.t-0009.t-msedge.net	13.107.246.72	true	false	high
www.google.com	142.250.64.100	true	false	high
a1894.dscb.akamai.net	23.55.235.240	true	false	high
www.tm.a.prd.aadg.trafficmanager.net	40.126.24.81	true	false	high
autologon.microsoftazuread-sso.com	40.126.24.146	true	false	high
aadcdn.msauthimages.net	unknown	unknown	false	high
passwordreset.microsoftonline.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno	false	high
https://login.microsoftonline.com/common/instrumentation/dssostatus	false	high
http://c.pki.goog/r/gsr1.crl	false	high
http://c.pki.goog/r/r4.crl	false	high
https://aadcdn.msauthimages.net/c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122	false	high
https://autologon.microsoftazuread-sso.com/ocs.com/winauth/ssoprobe?client-request-id=21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f&_=1743591063850	false	high
https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274	false	high
https://login.microsoftonline.com/favicon.ico	false	high
https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login	false	high
https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
40.126.24.146	autologon.microsoftazuread-sso.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.209.72.9	e329293.dscd.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
40.126.24.149	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.64.100	www.google.com	United States	15169	GOOGLEUS	false
13.107.246.72	s-part-0044.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.55.235.240	a1894.dscb.akamai.net	United States	20940	AKAMAI-ASN1EU	false
40.126.24.81	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.8
192.168.2.9

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1654602
Start date and time:	2025-04-02 12:49:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@21/37@22/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.195, 172.253.63.84, 142.250.80.110, 142.250.80.14, 142.251.40.238, 142.251.32.110, 199.232.210.172, 142.250.80.78, 142.251.32.106, 142.251.40.106, 142.250.80.10, 142.251.40.234, 142.250.80.42, 142.251.40.138, 142.251.40.202, 142.251.35.170, 142.250.72.106, 142.250.80.106, 142.251.40.170, 172.217.165.138, 142.250.80.74, 142.251.41.10, 142.250.176.202, 142.250.64.74, 13.69.239.77, 40.79.141.154, 142.250.65.174, 142.250.81.234, 142.250.64.106, 142.250.72.99, 142.250.81.238, 172.217.165.142, 142.251.41.3, 142.251.40.206, 23.219.161.71, 40.126.24.82, 20.190.152.80, 13.107.246.40, 4.245.163.56, 40.126.24.147, 184.31.69.3
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
Category:	downloaded
Size (bytes):	61052
Entropy (8bit):	7.996159932827634
Encrypted:	true
SSDEEP:	1536:HQaq1Q7XOos5ZBIp+1Zr52IGmCJijm1qAxTe9wzf:fq1HoUBIpU5TG7JSmwuTe+b
MD5:	C1E82BF71ADD622AD0F3BF8572F634FC
SHA1:	6CA863D4CAB96669202548D301693B3F5F80B0D5
SHA-256:	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
SHA-512:	820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Preview:	...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..\|.-..x1.F...@...yRlG.O..5.Q.\|.gy.c.^....r.EC.....xd.oL..$./..\|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1..lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.........W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2025 12:50:40.481156111 CEST	53	62316	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:40.481584072 CEST	53	61258	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:41.317888021 CEST	53	49999	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:41.608186007 CEST	53	64789	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:44.679709911 CEST	56581	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:44.680089951 CEST	64907	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:44.809525967 CEST	53	64907	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:44.814233065 CEST	53	56581	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:45.802884102 CEST	49386	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:45.803167105 CEST	59878	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:45.943986893 CEST	53	49386	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:45.944093943 CEST	53	59878	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:57.690160990 CEST	49297	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:57.690315962 CEST	51732	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:57.800095081 CEST	53	49297	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:57.827167988 CEST	53	51732	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:57.944629908 CEST	59718	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:57.946120977 CEST	50070	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:50:58.061444044 CEST	53	50070	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:58.069864988 CEST	53	59718	1.1.1.1	192.168.2.8
Apr 2, 2025 12:50:59.510885954 CEST	53	56874	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:05.017302990 CEST	56056	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:05.018796921 CEST	65367	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:05.117275000 CEST	53	65367	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:05.117373943 CEST	53	56056	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:05.156399965 CEST	52775	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:05.156564951 CEST	59514	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:05.295547009 CEST	53	52775	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:05.297024012 CEST	53	59514	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:05.668809891 CEST	50878	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:05.668978930 CEST	51541	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:05.796857119 CEST	53	51541	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:05.802161932 CEST	53	50878	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:07.897480965 CEST	53	51330	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:08.392479897 CEST	59775	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:08.392699003 CEST	58734	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:08.503395081 CEST	53	59775	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:08.534841061 CEST	53	58734	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:17.560005903 CEST	53	60588	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:21.567827940 CEST	53	50367	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:21.723176003 CEST	50772	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:21.723337889 CEST	53363	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:21.861985922 CEST	53	50772	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:21.901071072 CEST	53	53363	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:40.145783901 CEST	53	61270	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:40.828469038 CEST	53	57706	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:43.820019960 CEST	53	56836	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:57.264386892 CEST	64231	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:57.264548063 CEST	64828	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:57.371220112 CEST	53	64231	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:57.389497995 CEST	53	64828	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:58.542973995 CEST	60644	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:58.543123960 CEST	57930	53	192.168.2.8	1.1.1.1
Apr 2, 2025 12:51:58.670893908 CEST	53	60644	1.1.1.1	192.168.2.8
Apr 2, 2025 12:51:58.673932076 CEST	53	57930	1.1.1.1	192.168.2.8

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 2, 2025 12:51:08.534926891 CEST	192.168.2.8	1.1.1.1	c29f	(Port unreachable)	Destination Unreachable
Apr 2, 2025 12:51:21.901129007 CEST	192.168.2.8	1.1.1.1	c2c7	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Apr 2, 2025 12:50:58.980839968 CEST	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 2, 2025 12:50:59.114953995 CEST	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 02 Apr 2025 10:32:01 GMT Expires: Wed, 02 Apr 2025 11:22:01 GMT Age: 1138 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Apr 2, 2025 12:50:59.120886087 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 2, 2025 12:50:59.256283998 CEST	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 02 Apr 2025 10:32:01 GMT Expires: Wed, 02 Apr 2025 11:22:01 GMT Age: 1138 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:50:46 UTC	904	OUT	GET /redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0 HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:50:46 UTC	2221	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=lLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d&ver=2.0# Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 8765b11a-7a32-48de-9c65-e2a59f5a0100 x-ms-ests-server: 2.1.20393.4 - SCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-xyMwOfX-PR6SXGFOS8t3NQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: rrc=1; expires=Wed, 02-Apr-2025 11:00:46 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P4; expires=Fri, 02-May-2025 10:50:46 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:50:45 GMT Connection: close Content-Length: 321
2025-04-02 10:50:46 UTC	321	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 76 69 74 61 74 69 6f 6e 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 72 65 64 65 65 6d 2f 3f 74 65 6e 61 6e 74 3d 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 26 61 6d 70 3b 75 73 65 72 3d 31 65 31 61 61 64 61 63 2d 66 65 34 38 2d 34 33 63 63 2d 38 30 32 32 2d 65 32 66 39 62 62 64 39 32 65 33 33 26 61 6d 70 3b 74 69 63 6b 65 74 3d 6c 4c 56 6a 31 6c 4b 54 78 43 44 47 74 31 63 71 6b 43 51 58 79 74 69 4d 71 77 34 77 76 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=lLVj1lKTxCDGt1cqkCQXytiMqw4wv

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:50:54 UTC	2345	OUT	GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-04-02 10:50:55 UTC	1855	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: f34cd41b-0c05-4521-8000-ded0272d3600 x-ms-ests-server: 2.1.20393.4 - FRC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,50168,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-7K_h3Mt_HD1wgzT77VDr8g' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P4; expires=Fri, 02-May-2025 10:50:54 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:50:53 GMT Connection: close Content-Length: 22033
2025-04-02 10:50:55 UTC	14529	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
2025-04-02 10:50:55 UTC	7504	IN	Data Raw: 72 20 64 2c 6c 2c 66 3d 77 69 6e 64 6f 77 2c 67 3d 66 2e 64 6f 63 75 6d 65 6e 74 2c 76 3d 22 2e 63 73 73 22 3b 63 2e 4f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c 6c 2e 22 7d 72 3f 63 2e 4f 6e 45 72 72 6f 72 28 65 2c 74 29 3a 63 2e 4f 6e 53 75 63 63 65 73 73 28 65 2c 74 29 7d 2c 63 2e 4f 6e 53 75 63 63 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c Data Ascii: r d,l,f=window,g=f.document,v=".css";c.On=function(e,r,t){if(!e){throw"The target element must be provided and cannot be null."}r?c.OnError(e,t):c.OnSuccess(e,t)},c.OnSuccess=function(e,t){if(!e){throw"The target element must be provided and cannot be nul

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:50:57 UTC	3998	OUT	GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-04-02 10:50:57 UTC	2682	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch X-DNS-Prefetch-Control: on P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 72ed7ed3-75ea-4739-8f69-285087861100 x-ms-ests-server: 2.1.20393.4 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-XfXxnp35NrGTW853wGPTfQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; expires=Fri, 02-May-2025 10:50:57 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; expires=Fri, 02-May-2025 10:50:57 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:50:57 GMT Connection: close Content-Length: 57726
2025-04-02 10:50:57 UTC	13702	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
2025-04-02 10:50:57 UTC	16384	IN	Data Raw: 73 41 58 59 45 4c 51 4c 68 47 4d 51 34 72 75 75 54 53 48 32 6f 37 30 72 4d 6c 32 56 4d 5f 69 46 70 48 6d 77 39 5a 37 74 58 66 44 54 66 47 35 6d 61 56 46 2d 73 76 5f 31 6f 5a 78 35 69 65 41 79 61 5a 4a 34 54 74 6c 34 59 66 4f 53 4d 6e 44 2d 44 4b 6a 6b 61 65 62 6c 5a 65 41 56 5a 35 4e 68 47 61 6b 63 6a 48 56 4e 77 32 42 39 41 42 39 41 76 49 70 4f 51 73 76 46 62 41 56 49 54 47 38 67 67 6c 32 45 39 72 42 42 31 2d 53 30 54 6c 79 36 41 4d 50 59 37 6b 6a 45 2d 73 32 74 59 61 69 4c 63 44 48 6c 4e 4d 4b 33 4f 48 73 71 30 79 67 42 69 6d 6f 62 42 61 73 38 59 36 57 31 47 6c 48 68 6b 73 6a 61 50 58 30 70 62 77 68 65 36 41 4f 4c 6b 4b 4a 69 5a 4b 4b 67 43 7a 59 43 72 43 47 78 79 51 49 4f 73 73 65 59 67 5a 69 4c 37 6d 71 72 61 36 75 6d 70 4e 45 38 73 59 45 39 7a 77 47 Data Ascii: sAXYELQLhGMQ4ruuTSH2o70rMl2VM_iFpHmw9Z7tXfDTfG5maVF-sv_1oZx5ieAyaZJ4Ttl4YfOSMnD-DKjkaeblZeAVZ5NhGakcjHVNw2B9AB9AvIpOQsvFbAVITG8ggl2E9rBB1-S0Tly6AMPY7kjE-s2tYaiLcDHlNMK3OHsq0ygBimobBas8Y6W1GlHhksjaPX0pbwhe6AOLkKJiZKKgCzYCrCGxyQIOsseYgZiL7mqra6umpNE8sYE9zwG
2025-04-02 10:50:58 UTC	16384	IN	Data Raw: 6e 64 51 69 73 54 4f 58 57 55 42 72 53 34 43 4d 31 6f 49 74 4f 35 7a 7a 74 58 63 46 32 73 43 43 4f 35 6f 6f 45 63 76 63 76 37 79 72 62 74 46 48 7a 42 70 72 71 64 4d 79 35 6f 47 33 36 44 44 2d 43 30 49 55 44 49 39 44 6f 6e 77 55 42 76 37 38 30 45 39 74 55 62 37 36 67 37 36 46 76 42 48 45 38 45 5a 79 76 6f 68 6c 66 52 37 62 68 4e 77 4f 57 58 75 54 5a 35 48 4c 46 31 74 32 62 64 39 75 62 5a 31 6b 79 52 6b 55 57 64 4f 74 39 38 57 33 56 45 73 34 55 47 64 4a 6f 46 66 66 42 42 44 79 31 6d 5a 38 4d 38 36 37 34 6a 49 5f 6c 45 72 58 5a 50 74 7a 34 6f 41 72 5f 6f 70 5a 65 6e 79 51 63 4d 35 74 4e 31 72 6f 77 74 79 38 74 47 58 62 61 68 4b 46 73 39 31 48 74 4e 38 50 67 53 4c 52 6a 65 45 43 79 78 33 63 44 75 74 6a 62 56 65 57 54 38 39 79 2d 78 76 47 4d 39 37 70 63 7a 4e Data Ascii: ndQisTOXWUBrS4CM1oItO5zztXcF2sCCO5ooEcvcv7yrbtFHzBprqdMy5oG36DD-C0IUDI9DonwUBv780E9tUb76g76FvBHE8EZyvohlfR7bhNwOWXuTZ5HLF1t2bd9ubZ1kyRkUWdOt98W3VEs4UGdJoFffBBDy1mZ8M8674jI_lErXZPtz4oAr_opZenyQcM5tN1rowty8tGXbahKFs91HtN8PgSLRjeECyx3cDutjbVeWT89y-xvGM97pczN
2025-04-02 10:50:59 UTC	11256	IN	Data Raw: 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 26 26 28 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 74 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 6e 74 65 67 72 69 74 79 22 2c 74 29 29 2c 75 7d 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 76 61 72 20 72 3d 67 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 3b 72 65 74 75 72 6e 20 72 2e 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2c 72 2e 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2c 72 2e 68 72 65 66 3d 65 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 0a 76 61 72 20 72 3d 67 2e 63 72 65 61 74 Data Ascii: ion"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){var r=g.creat

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:50:57 UTC	2529	OUT	GET /favicon.ico HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-04-02 10:50:57 UTC	1335	IN	HTTP/1.1 404 Not Found Cache-Control: private Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: bbf35ce3-d86a-40a3-b684-87b311c22200 x-ms-ests-server: 2.1.20329.5 - EUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-MLk5HiBZ1q0VG8Lc4zEyDw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Date: Wed, 02 Apr 2025 10:50:56 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:50:58 UTC	441	OUT	OPTIONS /api/report?catId=GW+estsfd+bno HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Origin: https://login.microsoftonline.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:50:58 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Wed, 02 Apr 2025 10:50:58 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-04-02 10:50:58 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:02 UTC	417	OUT	POST /api/report?catId=GW+estsfd+bno HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Content-Length: 1799 Content-Type: application/reports+json Origin: https://login.microsoftonline.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:51:02 UTC	1799	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 31 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 36 36 30 35 30 34 63 2d 34 35 62 33 2d 34 36 37 34 2d 61 37 30 39 2d 37 31 39 35 31 61 36 62 30 37 36 33 26 72 65 64 69 72 65 63 74 5f 75 72 Data Ascii: [{"age":0,"body":{"elapsed_time":1113,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_ur
2025-04-02 10:51:02 UTC	399	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Request-Context: appId=cid-v1:bdc28cee-e7d0-4fb8-ae30-555e54e91d16 Date: Wed, 02 Apr 2025 10:51:02 GMT Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:05 UTC	742	OUT	GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:51:05 UTC	715	IN	HTTP/1.1 200 OK Content-Length: 236176 Content-Type: image/jpeg Content-MD5: Go8wBlAXNasx1y0vgkhXKg== Last-Modified: Wed, 06 Sep 2017 14:57:09 GMT ETag: 0x8D4F5378C9D63D7 x-ms-request-id: 47e18ced-f01e-005e-3db8-68df31000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=72914 Date: Wed, 02 Apr 2025 10:51:05 GMT Connection: close X-Content-Type-Options: nosniff Akamai-GRN: 0.8904d217.1743591065.2d5208c
2025-04-02 10:51:05 UTC	15669	IN	Data Raw: ff d8 ff e1 09 50 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e Data Ascii: Phttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syn
2025-04-02 10:51:05 UTC	16384	IN	Data Raw: 5d 64 c0 25 03 86 54 09 72 51 4c 72 51 54 74 a8 5d aa 20 10 42 95 cb 80 41 01 12 e8 52 02 20 82 95 01 4a 28 c5 d1 a1 08 c2 94 10 52 10 82 8a 50 1c a8 2a 25 44 a8 04 a5 b9 30 a1 89 55 0b ca 9a c6 2e 0c 4e 60 85 2d 58 26 c0 b2 78 75 92 75 29 ed 6d 97 3a e9 00 41 2a 1d 02 c9 b3 09 2e 32 91 69 6e 29 64 23 37 50 b4 e7 50 04 28 21 12 82 11 12 14 ea a3 45 28 a8 d1 75 8a 55 47 c1 5c c7 83 a6 c5 74 9b 3d b6 47 aa 53 09 29 ed 12 b3 5b 80 84 8c 47 a2 7f a8 ff 00 25 69 e2 15 6c 47 a2 7f aa ff 00 24 57 98 fa 1f 3b 51 d5 aa 1c b4 da 47 17 76 27 d7 a6 71 38 ae 65 e7 a0 1b 98 81 b7 b3 e7 82 87 97 62 eb 73 23 a2 c6 dc ef 89 d9 da 7d 81 35 b7 c7 1e d6 3b cc 2a 9b 15 5b 63 69 7e 7f d2 52 f9 45 b9 8b 84 c0 cc db 9d 82 02 66 20 86 62 e9 b8 98 00 3c 93 b0 08 2a 96 3a ab 6b 30 Data Ascii: ]d%TrQLrQTt] BAR J(RP%D0U.N`-X&xuu)m:A.2in)d#7PP(!E(uUG\t=GS)[G%ilG$W;QGv'q8ebs#}5;[ci~REf b<:k0
2025-04-02 10:51:05 UTC	2571	IN	Data Raw: 9b c1 de 65 62 62 3d 3b bb bd a3 cb d9 bc 15 6a 42 da d8 9e c9 bf 0f 2f 77 da 90 40 5b 5c 99 e8 48 fc 47 c8 7c ec 1b 80 59 2d 19 47 68 d9 b6 df 0e e2 01 07 43 95 6b 72 67 a3 23 f1 1d 34 d0 69 bf 8d 92 25 75 3e b9 4f 09 0c eb 9e e4 f1 65 15 5b 1b 1c cb b8 b3 f5 04 ea bd 66 7c ec 49 c6 fa 17 0f 53 f5 b5 3a a6 ac f9 d8 ac e9 29 a8 5d a1 44 14 3b 42 a0 65 5e a1 e0 17 9f c4 7a 47 f7 58 fe f6 1f 9a c7 ec c3 a4 af 43 53 d1 f7 05 e7 f1 02 2b 38 de c6 d1 a9 27 76 d2 7b 04 18 d5 c4 59 55 80 75 9f 1b 64 74 b6 f1 fb c3 86 6c e7 ec bb 2d 95 ce 49 11 55 de ab bc c7 74 9d dd 61 f6 89 55 74 b0 b8 fc 37 10 75 d2 04 0f b7 60 07 da 6b f6 5b e4 bb 56 3d 8d 20 76 80 46 9b db da 20 6e 68 42 ac f2 a7 a1 3c 0a c2 a6 09 ed 96 cf 65 bc c7 e2 bb 06 d6 ad fe 52 f4 47 81 58 94 9a e7 Data Ascii: ebb=;jB/w@[\HG\|Y-GhCkrg#4i%u>Oe[f\|IS:)]D;Be^zGXCS+8'v{YUudtl-IUtaUt7u`k[V= vF nhB<eRGX
2025-04-02 10:51:05 UTC	16384	IN	Data Raw: ba de a0 ed 6f f4 aa 78 cb 54 c3 fa c1 6d 96 be 0c 74 cf 05 9f 8c 6e 6c 5d 31 db 53 c8 ad 1c 29 e9 77 2c 8e 56 7b 85 42 dd 1a 66 77 d8 a6 5d 98 f2 bd 85 ab 48 56 6b 1a ec ce 33 d5 b8 10 36 9f 72 c9 e5 3b 56 9d a6 57 72 4b e7 16 ce 0f fd 2a d5 7c 23 f1 55 e1 a3 a2 26 5c 74 17 58 bc b7 38 66 60 c1 e7 41 2b 74 e0 59 53 2d 6a c7 a2 05 9b a0 ef 3e e5 35 69 50 c2 52 34 99 d7 74 76 b8 df 6e e1 e0 16 66 39 f5 9e fa 6c 2f 86 b8 81 6d 83 b3 e3 aa 0d 1a 9c a0 05 46 d0 a0 24 66 6b 49 68 90 01 3e 03 bf b9 57 e5 f6 82 c0 7b 07 99 4e c2 d1 6d 2c ac 60 80 08 ed da 87 97 87 d5 f8 7b d5 d3 3b 4b 34 0a ed 7b 61 db c0 79 2a 94 fa a3 80 56 eb ff 00 0e de ef 25 bc ba 66 76 c6 c0 7a 33 eb 15 68 fd 9d f9 bd ca 9e 08 c5 32 36 e6 2a cc 10 1a e2 0c 17 01 ec 4f 4b ec ba e0 1c 5b 01 Data Ascii: oxTmtnl]1S)w,V{Bfw]HVk36r;VWrK\|#U&\tX8f`A+tYS-j>5iPR4tvnf9l/mF$fkIh>W{Nm,`{;K4{ayV%fvz3h26*OK[
2025-04-02 10:51:05 UTC	12120	IN	Data Raw: 2b 86 b5 e2 47 4b 8e c5 e7 1a 6a f2 45 69 6c 16 11 17 d1 c2 66 3b 3d c7 8a 6c d7 0f 59 54 cc 70 1e 49 54 c4 55 6f 7a 1a 15 99 88 a5 ce d3 3d 13 b3 6b 7b 0f cd c2 3a 7e 91 bd fe 4a a2 cd 4d 56 7e 24 65 70 70 e1 e1 75 a3 51 55 ae dc cd 3d 97 5b 9d 31 7b 4e 21 b0 e6 76 b0 0f 04 75 3f 86 3e aa 5b c9 75 1a 4f db 71 f3 e0 99 53 f8 63 ea fb d6 2b 6a 98 1a 40 39 ee d6 d3 07 49 8d 78 fb 93 5d b5 76 0a e1 fe af b9 73 b4 4a 81 e5 6a 62 a6 19 ad 3b c7 91 58 94 30 d9 dd 95 c2 06 77 4c 76 05 e8 31 c2 68 b7 b0 8f 24 aa 43 ea 9d da e5 67 47 b1 60 c4 3c 0d 04 1b 20 c1 e3 33 e2 2b 61 9e 7a 4c 7b cb 3b 5b 3e ef 2e 09 d8 61 15 3b 8a c2 c5 b8 8c 4d 4a 94 8c 54 65 47 c1 ed 07 de b0 d3 d4 6c 54 f1 4c 75 3f f3 34 84 be 9f 5d a3 fe e5 3f b4 de d2 35 6f ee 53 70 75 c6 22 8b 6a 83 Data Ascii: +GKjEilf;=lYTpITUoz=k{:~JMV~$eppuQU=[1{N!vu?>[uOqSc+j@9Ix]vsJjb;X0wLv1h$CgG`< 3+azL{;[>.a;MJTeGlTLu?4]?5oSpu"j
2025-04-02 10:51:05 UTC	16384	IN	Data Raw: 8e a6 04 8e c3 b7 e7 6a ba f6 07 b6 e0 10 41 99 59 6f a6 ec fc db 7d 2b 65 f4 1c 7e d3 66 f4 ce f8 f2 2d 3b 0a e9 86 5a 63 29 b5 cd 50 14 4d 21 c0 39 a6 41 12 0e f0 54 39 7a 5c 3a 0a 12 a5 42 20 14 29 21 42 0e d1 72 95 08 22 54 28 2b 90 4c ae 94 2b a5 01 4a e9 42 b9 07 4a e5 cb 90 74 a9 42 a5 07 12 8a 50 ae 40 72 ba 50 a9 40 4a 65 42 ed 50 48 32 8e 50 01 08 82 8a 30 53 98 92 d1 2a cb 1b 08 0f 2a 90 0a 21 70 b8 ac a9 65 74 a1 72 85 43 0a eb a1 06 17 4a 02 5d 08 73 2e 2e 94 04 0c 28 26 50 4a 99 40 c6 14 79 a1 27 34 28 2e 50 34 b9 0e 64 b9 51 28 19 99 46 64 b9 5d 2a 86 4c a2 4a 95 32 81 b2 a0 ba 10 02 a0 95 34 a9 25 74 a0 5c 2e a8 68 ba 6b 42 4b 53 8c b4 28 18 4c 2a ee 2a 1c f2 82 50 49 2b a5 04 ae 95 50 72 ba 50 4a e4 07 2b 90 ae 40 48 4a 89 5d 28 89 50 b9 Data Ascii: jAYo}+e~f-;Zc)PM!9AT9z\:B )!Br"T(+L+JBJtBP@rP@JeBPH2P0S*!petrCJ]s..(&PJ@y'4(.P4dQ(Fd]LJ24%t\.hkBKS(L**PI+PrPJ+@HJ](P
2025-04-02 10:51:05 UTC	16384	IN	Data Raw: 54 66 48 35 0a 1c eb 5a 4d ac e6 53 99 55 ce 88 54 29 a3 6b 39 97 66 55 f3 92 a7 32 9a 36 b0 1c 8e 52 1a 51 ca ce 9a 95 e6 03 03 9f 87 24 5f 30 56 31 c3 eb 29 7a cc f3 4a d2 a5 0f 58 27 e3 87 d6 52 f5 99 e6 82 39 4c 7d 40 ef f3 56 b1 22 29 3b 81 f2 49 e5 16 17 d2 0d 6e a6 75 30 35 45 5b 13 4e ad 37 f3 44 3b 28 be b0 82 79 3c 46 14 1f c2 ef d4 a3 93 9e d6 54 2c 2e 19 de f7 10 d1 73 11 b7 77 9a a9 c9 98 87 bc ba 94 c3 05 37 10 d0 34 39 9b df b7 69 28 79 3a d8 e0 06 99 9f e4 54 6b 48 c6 d7 7d 2a a7 29 03 6c 80 03 b5 df af 84 27 63 cc d0 11 bf de a2 b6 06 ae 2e bf 40 74 74 cc 6c 35 f6 f7 2b b9 30 fc d7 f9 82 20 13 a9 8d 38 5d 02 39 2d a4 e1 1e 00 92 5f a0 d7 46 a7 60 39 2c d1 78 ac f3 d2 17 ca 36 13 da 9c ca b3 87 73 a8 37 9b 00 80 dc cd 89 ed 84 ac 06 7a c6 Data Ascii: TfH5ZMSUT)k9fU26RQ$_0V1)zJX'R9L}@V");Inu05E[N7D;(y<FT,.sw749i(y:TkH}*)l'c.@ttl5+0 8]9-_F`9,x6s7z
2025-04-02 10:51:05 UTC	7952	IN	Data Raw: 1d 40 e1 5e a9 04 e8 c8 dc 25 be f8 51 52 ce 93 2a 0d 99 1e ab b6 83 69 52 68 68 89 00 fb 15 aa 2d b3 c4 eb 4d c8 2a 08 60 6e e1 ee 54 66 f2 bd 27 3f 11 47 2c f5 0e 86 24 ca b2 c0 ec 0e 08 9a 42 4b 5c 2d 3a ce b1 bb b1 5b c5 50 6b de c7 9d 5a c1 1d f2 aa 63 da 4e 06 a6 53 04 39 ba 6c b8 41 73 07 5d 95 da 1e c3 2d 3b 54 b6 8e 4a d9 c1 b1 cd e2 56 7f 24 d0 34 79 c7 cd cb 5c e8 3a 5b 6f 1f 72 bb 81 c5 b7 14 d0 ed 08 30 e1 f7 5d 1a 7c ea 14 54 d0 1f e6 c9 fc 4f 43 85 e8 f3 a7 f0 9f 35 6a 9d 20 da a2 a6 a6 6f de ab d1 68 02 a7 6b 5d e6 83 2b 17 4c d5 a1 94 7f e4 a7 fd 4a f0 ac d0 69 b0 9b b8 54 02 4e e2 2d f3 bb b5 04 06 d1 7f 16 7f 52 0a cc f4 2f 8b 0e 73 da 5a 82 dd 5b d4 27 79 72 9f b1 4b 8f f5 28 ad e9 1d c4 a2 fb 14 fd 6f ea 40 ac d1 4c ef 2e f8 2c 8e 5c Data Ascii: @^%QRiRhh-M`nTf'?G,$BK\-:[PkZcNS9lAs]-;TJV$4y\:[or0]\|TOC5j ohk]+LJiTN-R/sZ['yrK(o@L.,\
2025-04-02 10:51:05 UTC	16384	IN	Data Raw: fc 7d c8 2a d8 fe 66 29 6c 73 8f e3 ee 4b ac 40 3d ec 51 57 29 75 87 7a a0 1a d1 5c bd e4 35 81 b9 64 90 2f 33 17 57 a8 c6 61 75 83 8e 73 5b 58 9d b0 a4 1a b5 dc da 98 49 04 65 24 dc 5c 6d 54 db 88 c3 b1 ad a2 d0 e7 18 ca 09 80 2f ed 46 d7 4f 26 07 4f df f3 72 c7 a5 7a 8c be d0 8b a6 b6 3a bb a8 bd ae 66 51 23 52 d0 48 e1 29 fc 93 88 75 76 d5 2f 71 74 06 ea 77 e6 54 b9 50 66 73 44 ec f7 05 6f 91 e8 d4 a4 ca b9 c1 12 1b 12 3d 64 b0 8c 8a f0 d7 b8 0b 1c c5 6a d2 13 c9 ec 9f c7 e6 e4 9f f0 ea b5 5e 5c 04 49 3a db f7 5a 74 f0 47 e8 ed a0 48 04 66 b8 be a4 fc 52 8f 2f cc 93 bf 45 af 8b 64 e1 e2 62 5d f0 56 c6 1b 07 48 e5 aa f1 3f 89 e1 a8 99 88 a3 87 61 75 52 00 cc 60 c1 3a 20 c9 c2 e0 5e 6a b1 cd 04 80 e6 93 02 d6 2b 63 1f 85 75 78 0d 12 2d b9 70 e5 36 3d c1 Data Ascii: }*f)lsK@=QW)uz\5d/3Waus[XIe$\mT/FO&Orz:fQ#RH)uv/qtwTPfsDo=dj^\I:ZtGHfR/Edb]VH?auR`: ^j+cux-p6=
2025-04-02 10:51:05 UTC	8048	IN	Data Raw: 34 cc 45 e5 66 d5 d2 c6 0a b8 a1 52 a8 74 dd c0 5b bd 68 d5 a8 1f 44 41 da 7d e9 14 70 f4 99 a3 47 7d fc d5 81 61 10 a4 5a cc c3 55 7d 1a 4d 80 60 17 12 03 49 3a a6 62 83 aa d0 76 50 4b 89 26 00 bd e1 69 5f 39 20 44 85 02 b0 60 32 40 e2 40 41 97 86 0e 6b 98 e3 4d fd 17 12 6d bf e0 ad 72 93 4e 21 a5 8c b9 b6 c3 b0 ca 63 f1 74 da d3 f5 8c 9f 5c 24 bb 1b 87 69 f4 80 eb a4 95 4d 07 0b 4a ab 32 b9 c2 40 74 f6 ea 9d 8e a2 ec 53 4b 59 69 03 5f d9 07 f8 96 19 ad 8c c4 f0 61 41 fe 2d 87 07 47 1e e1 f1 40 da c1 d4 46 77 09 1d 9d aa b6 22 b6 66 ba 99 16 92 26 7b 50 62 79 5a 9d 51 01 a4 77 85 49 f8 d6 ba 60 6a 67 55 3a 55 ca 27 9b 66 50 0d 8d ba 5a 71 df ee 56 4e 24 be 93 58 47 54 44 ce ab 23 e9 c4 68 3c d4 1c 73 f6 01 e1 fb ab d2 76 6f d0 5a e1 0e 75 e5 5f c1 b9 b8 Data Ascii: 4EfRt[hDA}pG}aZU}M`I:bvPK&i_9 D`2@@AkMmrN!ct\$iMJ2@tSKYi_aA-G@Fw"f&{PbyZQwI`jgU:U'fPZqVN$XGTD#h<svoZu_

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:06 UTC	739	OUT	GET /ocs.com/winauth/ssoprobe?client-request-id=21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f&_=1743591063850 HTTP/1.1 Host: autologon.microsoftazuread-sso.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:51:06 UTC	1732	IN	HTTP/1.1 401 Unauthorized Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: image/png; charset=utf-8 Expires: -1 Vary: Origin X-Content-Type-Options: nosniff Access-Control-Allow-Origin: https://login.microsoftonline.com Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, OPTIONS P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: cb790c8a-2905-4501-8d0d-28cfeb9d5300 x-ms-ests-server: 2.1.20393.4 - EUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-mL7Gcaeb1OKv2NHBIEeR3w' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 WWW-Authenticate: Negotiate Set-Cookie: fpc=At1BRFNj0HJCoWq5tcGe-x4; expires=Fri, 02-May-2025 10:51:06 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:51:06 GMT Connection: close Content-Length: 12
2025-04-02 10:51:06 UTC	12	IN	Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 Data Ascii: Unauthorized

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:07 UTC	3539	OUT	POST /common/instrumentation/dssostatus HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive Content-Length: 67 sec-ch-ua-platform: "Windows" hpgid: 1104 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" hpgact: 1800 canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEmw4KBqIu9i6dC9o_6efAj_ux_wwsQa-oC0Lal3_3kKzHeKrQX2vW3-WII8N88QvFzVMbs3Jx6_nF6f2ZsanxUVUg5hU8oiLiSw9jIy13X4qd6zDJGOy0wxsuDPb8Fq1QQWv6pCsCszoe-JGs3y7k5raRm2fDz83CB-MMA0z27y5i-jDcFNgjId-60800chS5koc1Wh97apYAD0AYvEQk7CAA sec-ch-ua-mobile: ?0 client-request-id: 21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json hpgrequestid: 72ed7ed3-75ea-4739-8f69-285087861100 Content-type: application/json; charset=UTF-8 Origin: https://login.microsoftonline.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
2025-04-02 10:51:07 UTC	67	OUT	Data Raw: 7b 22 72 65 73 75 6c 74 43 6f 64 65 22 3a 32 2c 22 73 73 6f 44 65 6c 61 79 22 3a 30 2c 22 6c 6f 67 22 3a 22 50 72 6f 62 65 20 69 6d 61 67 65 20 65 72 72 6f 72 20 65 76 65 6e 74 20 66 69 72 65 64 22 7d Data Ascii: {"resultCode":2,"ssoDelay":0,"log":"Probe image error event fired"}
2025-04-02 10:51:07 UTC	1777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/ Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: POST, OPTIONS P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" client-request-id: 21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f x-ms-request-id: abc15bb6-ee17-4ee6-a521-229eadfd3f00 x-ms-ests-server: 2.1.20393.4 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-aQ_O8VtVpSrIFRIShLskuA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; expires=Fri, 02-May-2025 10:51:07 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:51:07 GMT Connection: close Content-Length: 265
2025-04-02 10:51:07 UTC	265	IN	Data Raw: 7b 22 61 70 69 43 61 6e 61 72 79 22 3a 22 50 41 51 41 42 44 67 45 41 41 41 42 56 72 53 70 65 75 57 61 6d 52 61 6d 32 6a 41 46 31 58 52 51 45 57 35 61 5f 75 58 78 67 36 65 73 5f 30 37 77 6a 45 72 48 72 57 64 69 33 46 33 58 66 54 7a 59 6c 63 39 73 34 5a 45 35 68 64 58 31 50 50 49 73 32 78 47 70 63 2d 37 68 43 62 4d 35 72 50 4c 63 58 32 35 63 43 52 5f 57 55 61 63 39 6d 61 42 4e 66 4c 4a 6a 63 47 48 67 49 42 4d 7a 59 46 50 55 59 70 45 31 30 63 75 71 39 67 67 2d 35 6c 4f 59 55 63 38 66 6c 4f 48 54 33 52 57 6e 43 50 79 63 59 70 38 4b 7a 33 62 58 4d 66 39 46 55 51 47 76 79 4b 78 5f 50 53 79 7a 51 33 57 72 6d 72 4a 6b 45 37 56 44 6f 38 54 4b 4a 33 6f 6a 4d 34 4f 32 65 64 68 4a 36 6c 79 36 4e 34 4a 59 4f 34 63 75 69 67 31 6c 48 43 4e 66 57 72 31 4d 57 61 76 6c 74 Data Ascii: {"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQEW5a_uXxg6es_07wjErHrWdi3F3XfTzYlc9s4ZE5hdX1PPIs2xGpc-7hCbM5rPLcX25cCR_WUac9maBNfLJjcGHgIBMzYFPUYpE10cuq9gg-5lOYUc8flOHT3RWnCPycYp8Kz3bXMf9FUQGvyKx_PSyzQ3WrmrJkE7VDo8TKJ3ojM4O2edhJ6ly6N4JYO4cuig1lHCNfWr1MWavlt

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:07 UTC	740	OUT	GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:51:08 UTC	710	IN	HTTP/1.1 200 OK Content-Length: 2889 Content-Type: image/* Content-MD5: Qjs3EBxwwYY/jZl9ZGzF7w== Last-Modified: Thu, 27 Jul 2023 13:41:16 GMT ETag: 0x8DB8EA726C19FEF x-ms-request-id: 9ccdcf94-d01e-0060-66fc-676910000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=86341 Date: Wed, 02 Apr 2025 10:51:08 GMT Connection: close X-Content-Type-Options: nosniff Akamai-GRN: 0.8904d217.1743591068.2d52289
2025-04-02 10:51:08 UTC	2889	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a fb 49 44 41 54 78 9c ed 9d 3d 6f 63 c7 15 86 87 ab d8 f0 da 06 28 03 46 dc c4 58 19 10 b0 c1 6d 48 57 29 52 2c f7 b6 2e 4c 35 42 ba a5 7e 41 b8 3f e0 42 5c 10 69 13 aa 49 15 c0 54 e7 a8 21 dd 04 09 82 d0 24 90 da 2b 36 44 82 10 b1 54 c5 71 9c 44 44 04 ac 15 87 62 30 dc 77 b4 23 f2 de f9 ba 9f 92 ce 03 10 ab 15 2f c9 c3 11 e7 e5 99 73 ce 9c 29 2d 16 0b 46 10 04 91 06 f7 68 54 09 82 48 0b 12 18 82 20 52 e3 7b 69 0f ad e7 07 55 c6 d8 16 63 ac 8a 5f d5 56 2e 39 66 8c 9d 31 c6 4e f8 6d 32 68 0f f3 fc 73 cf 76 b7 37 61 ab b0 73 0b 37 19 61 e3 d2 e6 f2 d1 34 37 9b 3d 3f 10 f6 a9 ec 15 63 7c 86 Data Ascii: PNGIHDR<pHYs~IDATx=oc(FXmHW)R,.L5B~A?B\iIT!$+6DTqDDb0w#/s)-FhTH R{iUc_V.9f1Nm2hsv7as7a47=?c\|

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:08 UTC	494	OUT	GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 10:51:09 UTC	710	IN	HTTP/1.1 200 OK Content-Length: 2889 Content-Type: image/* Content-MD5: Qjs3EBxwwYY/jZl9ZGzF7w== Last-Modified: Thu, 27 Jul 2023 13:41:16 GMT ETag: 0x8DB8EA726C19FEF x-ms-request-id: 9ccdcf94-d01e-0060-66fc-676910000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=86340 Date: Wed, 02 Apr 2025 10:51:09 GMT Connection: close X-Content-Type-Options: nosniff Akamai-GRN: 0.8904d217.1743591069.2d5233d
2025-04-02 10:51:09 UTC	2889	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a fb 49 44 41 54 78 9c ed 9d 3d 6f 63 c7 15 86 87 ab d8 f0 da 06 28 03 46 dc c4 58 19 10 b0 c1 6d 48 57 29 52 2c f7 b6 2e 4c 35 42 ba a5 7e 41 b8 3f e0 42 5c 10 69 13 aa 49 15 c0 54 e7 a8 21 dd 04 09 82 d0 24 90 da 2b 36 44 82 10 b1 54 c5 71 9c 44 44 04 ac 15 87 62 30 dc 77 b4 23 f2 de f9 ba 9f 92 ce 03 10 ab 15 2f c9 c3 11 e7 e5 99 73 ce 9c 29 2d 16 0b 46 10 04 91 06 f7 68 54 09 82 48 0b 12 18 82 20 52 e3 7b 69 0f ad e7 07 55 c6 d8 16 63 ac 8a 5f d5 56 2e 39 66 8c 9d 31 c6 4e f8 6d 32 68 0f f3 fc 73 cf 76 b7 37 61 ab b0 73 0b 37 19 61 e3 d2 e6 f2 d1 34 37 9b 3d 3f 10 f6 a9 ec 15 63 7c 86 Data Ascii: PNGIHDR<pHYs~IDATx=oc(FXmHW)R,.L5B~A?B\iIT!$+6DTqDDb0w#/s)-FhTH R{iUc_V.9f1Nm2hsv7as7a47=?c\|

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:08 UTC	1559	OUT	GET /common/instrumentation/dssostatus HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
2025-04-02 10:51:09 UTC	1723	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/ Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: POST, OPTIONS P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 543be60d-f813-4ba1-abf1-0eadd35f2b00 x-ms-ests-server: 2.1.20393.4 - NEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-R1zpBnStH3H13d78X_YgAg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; expires=Fri, 02-May-2025 10:51:09 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:51:09 GMT Connection: close Content-Length: 164
2025-04-02 10:51:09 UTC	164	IN	Data Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 36 31 30 30 2c 22 73 74 73 45 72 72 6f 72 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 2c 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 36 32 37 66 66 62 63 36 2d 39 39 35 32 2d 34 66 61 30 2d 61 65 39 39 2d 39 39 65 62 65 31 34 33 36 66 64 34 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 35 2d 30 34 2d 30 32 20 31 30 3a 35 31 3a 30 39 5a 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 7d 7d Data Ascii: {"error":{"code":6100,"stsError":"AADSTS900561","correlationId":"627ffbc6-9952-4fa0-ae99-99ebe1436fd4","timestamp":"2025-04-02 10:51:09Z","message":"AADSTS900561"}}

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:19 UTC	3540	OUT	POST /99d20d2d-8923-45d8-b9ad-5038c97582e3/login HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive Content-Length: 2704 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Origin: https://login.microsoftonline.com Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
2025-04-02 10:51:19 UTC	2704	OUT	Data Raw: 69 31 33 3d 30 26 6c 6f 67 69 6e 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 6c 6f 67 69 6e 66 6d 74 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 74 79 70 65 3d 31 31 26 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 3d 33 26 6c 72 74 3d 26 6c 72 74 50 61 72 74 69 74 69 6f 6e 3d 26 68 69 73 52 65 67 69 6f 6e 3d 26 68 69 73 53 63 61 6c 65 55 6e 69 74 3d 26 70 61 73 73 77 64 3d 67 39 38 76 25 37 44 74 25 34 30 51 58 6a 54 58 57 25 37 44 25 34 30 33 26 70 73 3d 32 26 70 73 52 4e 47 43 44 65 66 61 75 6c 74 54 79 70 65 3d 26 70 73 52 4e 47 43 45 6e 74 72 6f 70 79 3d 26 70 73 52 4e 47 43 53 4c 4b 3d 26 63 61 6e 61 72 79 3d 4b 38 64 4f 7a 45 64 6b 4c 74 47 49 63 7a 6f 51 55 35 38 34 46 30 Data Ascii: i13=0&login=richard.parkinson%40ocs.com&loginfmt=richard.parkinson%40ocs.com&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd=g98v%7Dt%40QXjTXW%7D%403&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=K8dOzEdkLtGIczoQU584F0
2025-04-02 10:51:20 UTC	2809	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch X-DNS-Prefetch-Control: on P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 7276260c-6207-4d3e-94cd-6c795ecd3700 x-ms-ests-server: 2.1.20393.4 - FRC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-dRZqo7SNs7fqUVk4UCA57g' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: esctx-LHGHrFTK27M=; domain=.login.microsoftonline.com; expires=Tue, 01-Apr-2025 10:51:19 GMT; path=/; SameSite=None Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEaqYnEE_NH-NiOYYxwtyEZbc5KyEsP9oPnfpxunSUeJQc0WqE8nuffE5EnS2WDfF5pJXMKjRPp8x_6VAOoOmTHj6Yzn7DJVR9XFjhCymUM6wgAA; expires=Fri, 02-May-2025 10:51:20 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEi3MkOUIQ2Fw79jfrIoXX6UNhMXAclAKQsHOf0CORWtc7S4FxSR7tZJuOABST9OyOwJ0UTI4sepbX41fLcMlq-QIxi3gOAJ2bW_rDQc3T9O-9cT6Mu8cGNHZ55n3BF8LliKeGdDKUt3IqQVS0id35PJgpbcmnsEn6G7XQE4SmioIgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-x5LoupbTc5Y=AQABCQEAAABVrSpeuWamRam2jAF1XRQEOLlevFSddZD8XtHHmuEG9WPLxXL3hdqJM6J7XA0kTM-z9J-H76fIWyTOaB1KMpDB63DW_PtI_C1kB13ludzLmtXk-PIa9H0355qDQ1bQCEFxzaTwSnFt4FCYXmYGPyaz3bPO5xT8cwyz_L3gPrrTFSAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAALGRsDAEAAACnDX_fDgAAAA; expires=Fri, 02-May-2025 10:51:20 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:51:20 GMT Connection: close Content-Length: 56795
2025-04-02 10:51:20 UTC	13575	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
2025-04-02 10:51:20 UTC	16384	IN	Data Raw: 69 4b 49 34 45 5a 77 32 56 55 52 46 31 49 71 69 4f 36 36 4b 67 67 69 72 59 4b 4b 43 79 6c 55 70 4b 73 75 52 4a 79 4b 62 6f 53 69 6d 77 4d 48 50 73 34 35 66 42 5f 6e 64 5f 49 34 58 51 49 6c 74 41 52 65 32 45 52 4c 36 50 35 46 53 4a 4b 41 41 4e 42 47 49 47 48 68 43 43 51 70 69 4a 67 55 59 42 41 4b 5a 51 6a 55 4a 43 31 41 6b 58 6a 36 31 4d 6e 64 54 37 2d 38 65 2d 48 6d 35 66 76 73 52 35 64 50 33 5a 7a 2d 5f 75 54 56 61 38 58 6e 68 33 6d 65 5a 50 74 37 65 33 34 30 38 33 4d 7a 39 2d 4d 6f 4b 34 31 39 4f 34 32 7a 32 4d 74 4c 64 6a 7a 65 2d 36 78 59 76 46 30 73 5f 6c 49 73 76 72 4f 78 68 51 49 63 66 32 5f 6a 58 4f 72 62 51 7a 4e 31 53 6f 6d 5a 6a 76 77 6f 69 36 4e 58 59 6a 74 37 4a 4c 36 32 63 52 46 6e 50 4e 77 6a 4d 51 77 42 44 6b 55 68 30 4d 5a 4d 78 45 4c 52 Data Ascii: iKI4EZw2VURF1IqiO66KggirYKKCylUpKsuRJyKboSimwMHPs45fB_nd_I4XQIltARe2ERL6P5FSJKAANBGIGHhCCQpiJgUYBAKZQjUJC1AkXj61MndT7-8e-Hm5fvsR5dP3Zz-_uTVa8Xnh3meZPt7e34083Mz9-MoK419O42z2MtLdjze-6xYvF0s_lIsvrOxhQIcf2_jXOrbQzN1SomZjvwoi6NXYjt7JL62cRFnPNwjMQwBDkUh0MZMxELR
2025-04-02 10:51:20 UTC	16384	IN	Data Raw: 74 48 4f 6c 54 78 30 78 33 62 75 31 54 49 37 6e 34 52 4a 6b 53 5a 76 70 57 37 78 37 50 6a 4f 7a 6e 57 63 43 66 43 41 78 44 41 45 65 42 53 46 51 42 65 7a 45 51 64 46 74 34 4a 49 41 73 55 44 7a 33 4d 59 33 48 6d 77 63 30 6c 6c 35 2d 55 59 65 7a 62 53 50 4e 7a 34 54 33 62 4f 42 57 6b 2d 74 62 4b 30 4b 44 5f 65 5f 57 70 66 7a 66 78 45 38 72 67 30 53 58 79 33 72 44 30 37 38 35 4d 79 64 50 38 53 32 4d 6e 54 7a 4d 5f 4c 30 43 39 75 6a 66 72 6c 52 42 4d 77 6f 6d 57 5a 4a 68 38 67 5a 41 38 56 4e 54 69 4b 62 49 39 77 4f 6b 68 69 2d 54 30 5a 74 48 44 57 4a 33 6f 74 53 39 43 62 63 65 6b 68 48 4f 64 34 41 35 6e 6f 6e 6d 78 4d 55 35 74 46 73 31 4e 42 70 77 4a 62 63 45 35 56 46 6c 4a 41 31 68 6f 51 7a 50 4f 4d 56 31 62 61 68 49 6b 57 56 4e 5a 6f 47 77 74 31 54 59 6c 53 Data Ascii: tHOlTx0x3bu1TI7n4RJkSZvpW7x7PjOznWcCfCAxDAEeBSFQBezEQdFt4JIAsUDz3MY3Hmwc0ll5-UYezbSPNz4T3bOBWk-tbK0KD_e_WpfzfxE8rg0SXy3rD0785MydP8S2MnTzM_L0C9ujfrlRBMwomWZJh8gZA8VNTiKbI9wOkhi-T0ZtHDWJ3otS9CbcekhHOd4A5nonmxMU5tFs1NBpwJbcE5VFlJA1hoQzPOMV1bahIkWVNZoGwt1TYlS
2025-04-02 10:51:20 UTC	10452	IN	Data Raw: 62 73 74 72 69 6e 67 28 74 5b 6e 5d 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 22 68 74 74 70 73 3a 2f 2f 22 21 3d 3d 74 5b 6e 5d 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 26 26 28 6f 3d 22 68 74 74 70 73 3a 2f 2f 22 2b 6f 2c 69 3d 69 2e 73 75 62 73 74 72 69 6e 67 28 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 29 2c 6f 2b 69 7d 7d 72 65 74 75 72 6e 20 72 7d 69 66 28 21 28 62 26 26 62 2e 6c 65 6e 67 74 68 3e 31 29 29 7b 72 65 74 75 72 6e 20 72 7d 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c 62 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 7b 69 66 28 30 3d 3d 3d 72 2e 69 6e 64 65 78 4f 66 28 62 5b 61 5d 29 29 7b 72 65 74 75 72 6e 20 62 5b 61 2b 31 3c 62 2e 6c 65 6e 67 74 68 3f 61 2b 31 3a 30 5d 2b 72 2e 73 Data Ascii: bstring(t[n].length);return"https://"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;a<b.length;a++){if(0===r.indexOf(b[a])){return b[a+1<b.length?a+1:0]+r.s

Timestamp	Bytes transferred	Direction	Data
2025-04-02 10:51:57 UTC	2414	OUT	POST /99d20d2d-8923-45d8-b9ad-5038c97582e3/login HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive Content-Length: 2797 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Origin: https://login.microsoftonline.com Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA\|NoExtension; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; MicrosoftApplicationsTelemetryDeviceId=787c672d-e892-42a7-b382-264c5337ed25; brcap=0; ai_session=GvHwnIkYwdWfKYlFoy6qyo\|1743591065117\|1743591065117; MSFPC=GUID=6acfc41a739d4a019088af90f9bc58c0&HASH=6acf&LV=202504&V=4&LU=1743591072024; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEaqYnEE_NH-NiOYYxwtyEZbc5KyEsP9oPnfpxunSUeJQc0WqE8nuffE5EnS2WDfF5pJXMKjRPp8x_6VAOoOmTHj6Yzn7DJVR9XFjhCymUM6wgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEi3MkOUIQ2Fw79jfrIoXX6UNhMXAclAKQsHOf0CORWtc7S4 [TRUNCATED]
2025-04-02 10:51:57 UTC	2797	OUT	Data Raw: 69 31 33 3d 30 26 6c 6f 67 69 6e 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 6c 6f 67 69 6e 66 6d 74 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 74 79 70 65 3d 31 31 26 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 3d 33 26 6c 72 74 3d 26 6c 72 74 50 61 72 74 69 74 69 6f 6e 3d 26 68 69 73 52 65 67 69 6f 6e 3d 26 68 69 73 53 63 61 6c 65 55 6e 69 74 3d 26 70 61 73 73 77 64 3d 62 25 33 43 56 66 55 67 41 6a 34 66 38 7a 54 74 6a 5f 26 70 73 3d 32 26 70 73 52 4e 47 43 44 65 66 61 75 6c 74 54 79 70 65 3d 26 70 73 52 4e 47 43 45 6e 74 72 6f 70 79 3d 26 70 73 52 4e 47 43 53 4c 4b 3d 26 63 61 6e 61 72 79 3d 4b 38 64 4f 7a 45 64 6b 4c 74 47 49 63 7a 6f 51 55 35 38 34 46 30 4a 44 39 63 6f 71 Data Ascii: i13=0&login=richard.parkinson%40ocs.com&loginfmt=richard.parkinson%40ocs.com&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd=b%3CVfUgAj4f8zTtj_&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=K8dOzEdkLtGIczoQU584F0JD9coq
2025-04-02 10:51:58 UTC	2809	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch X-DNS-Prefetch-Control: on P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 6191cd63-31df-45b1-bcd4-d78260973b00 x-ms-ests-server: 2.1.20393.4 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-rg20_T9NBeO1r9siVqK6Ig' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: esctx-x5LoupbTc5Y=; domain=.login.microsoftonline.com; expires=Tue, 01-Apr-2025 10:51:57 GMT; path=/; SameSite=None Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEi40WsKJiD4u_BOywE9-f2fzCx8JrIdJfRQd8qDkutWBt5u41ZlDnuJJtk1BF5hGmegakSm4axqsRcodnbvNQ116Yt8L17Hwq6DKA-E0U4u8gAA; expires=Fri, 02-May-2025 10:51:57 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEerYQadUuafcA4i_NIyhRMsJTiKlD0o6D92rBtgd4tfo-xUnkCu_bzDX7v3Gcp4PIgEYw_g9P9VhcMjIOlQEHxXituxkQDjE6L_5pAmdaWumUJLBDaBN5pCRt7yT-tJw44qf-YVEhkwMvjIj1OlekUNCRo2lVHw2V9tpJZXgzQBggAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-OpcxbYD5Hq8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEVbJ8DAeNnvsLUkv_WQMH9wzCkZl2OA0eq-7Ip-xTMrczgjflVXr4c-UJw_XfnJdJWuozg4-I21hOQKLkqwQN3VURHen2suA-UEOcypQK1M3Ln8IFRDIDTZf_55QW9B8fVLTcmYwNZReJ0FHaD2ykRiAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAALGRsDAIAAACnDX_fDgAAAA; expires=Fri, 02-May-2025 10:51:58 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 10:51:58 GMT Connection: close Content-Length: 56761
2025-04-02 10:51:58 UTC	13575	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
2025-04-02 10:51:58 UTC	16384	IN	Data Raw: 51 76 66 56 55 45 45 52 61 42 52 55 50 55 71 68 49 54 7a 32 49 4f 42 57 39 43 45 55 76 48 33 7a 77 35 5f 73 2d 5f 6e 2d 2d 33 2d 6d 54 5a 41 32 73 51 54 58 77 78 55 32 6f 42 68 31 63 52 48 45 63 78 45 44 55 42 6c 44 4d 51 67 41 55 4a 31 44 41 4a 45 41 4b 49 43 41 4b 67 30 7a 63 41 67 6b 63 79 5a 34 2d 76 66 76 70 6c 33 63 76 33 4c 78 38 76 5f 37 52 35 54 4d 33 79 39 2d 66 76 48 71 74 2d 73 4b 34 4b 4e 4c 38 59 48 5f 66 6a 32 64 2d 59 52 5a 2d 45 75 65 31 69 57 39 6e 53 5a 35 34 52 63 31 4f 4a 76 75 66 56 61 75 33 71 39 56 66 71 74 56 33 4e 72 59 67 45 45 48 65 32 7a 69 66 2d 66 62 59 7a 4a 78 61 61 6d 61 68 48 2d 64 4a 5f 45 70 69 35 34 5f 45 31 7a 59 75 49 70 53 48 65 44 67 4d 41 36 42 44 45 41 42 71 77 79 5a 67 51 64 44 36 49 42 79 44 45 4d 39 78 4c 41 Data Ascii: QvfVUEERaBRUPUqhITz2IOBW9CEUvH3zw5_s-_n--3-mTZA2sQTXwxU2oBh1cRHEcxEDUBlDMQgAUJ1DAJEAKICAKg0zcAgkcyZ4-vfvpl3cv3Lx8v_7R5TM3y9-fvHqt-sK4KNL8YH_fj2d-YRZ-Eue1iW9nSZ54Rc1OJvufVau3q9VfqtV3NrYgEEHe2zif-fbYzJxaamahH-dJ_Epi54_E1zYuIpSHeDgMA6BDEABqwyZgQdD6IByDEM9xLA
2025-04-02 10:51:58 UTC	16384	IN	Data Raw: 38 5a 2d 63 47 51 67 56 49 67 4d 4d 77 41 48 6f 45 41 61 41 75 62 41 4d 4f 42 47 30 46 34 52 69 45 42 4a 37 6e 55 49 6a 7a 63 4f 65 79 30 71 36 72 4b 66 78 38 5a 45 57 34 38 5a 5f 75 6e 41 2d 79 59 6d 62 6c 57 56 6c 39 73 76 76 31 6e 70 4c 37 4b 65 5f 52 57 5a 72 36 62 74 56 36 66 75 61 6e 56 65 6a 2d 4a 56 41 74 73 74 77 76 71 74 41 76 6a 79 66 44 4b 74 5a 59 47 4a 4d 73 30 32 51 43 41 42 39 41 6e 49 5a 4f 49 74 76 44 48 42 56 49 4c 58 38 67 67 42 4c 53 39 72 47 42 5a 4c 46 36 4c 36 6b 38 67 4b 59 64 62 79 52 67 5f 5a 4f 4e 61 57 72 7a 61 48 37 4b 36 6b 52 67 73 38 36 70 30 6b 59 4a 55 4e 43 36 4b 46 67 58 4f 53 4f 75 74 4a 69 4b 46 6b 54 65 6c 59 32 46 73 69 59 34 76 67 5f 4d 49 34 70 4b 6b 49 6d 4b 7a 70 6b 59 73 49 66 45 4f 67 39 5a 79 42 6c 6a 4a 6d Data Ascii: 8Z-cGQgVIgMMwAHoEAaAubAMOBG0F4RiEBJ7nUIjzcOey0q6rKfx8ZEW48Z_unA-yYmblWVl9svv1npL7Ke_RWZr6btV6fuanVej-JVAtstwvqtAvjyfDKtZYGJMs02QCAB9AnIZOItvDHBVILX8ggBLS9rGBZLF6L6k8gKYdbyRg_ZONaWrzaH7K6kRgs86p0kYJUNC6KFgXOSOutJiKFkTelY2FsiY4vg_MI4pKkImKzpkYsIfEOg9ZyBljJm
2025-04-02 10:51:58 UTC	10418	IN	Data Raw: 2f 2f 22 21 3d 3d 74 5b 6e 5d 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 26 26 28 6f 3d 22 68 74 74 70 73 3a 2f 2f 22 2b 6f 2c 69 3d 69 2e 73 75 62 73 74 72 69 6e 67 28 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 29 2c 6f 2b 69 7d 7d 72 65 74 75 72 6e 20 72 7d 69 66 28 21 28 62 26 26 62 2e 6c 65 6e 67 74 68 3e 31 29 29 7b 72 65 74 75 72 6e 20 72 7d 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c 62 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 7b 69 66 28 30 3d 3d 3d 72 2e 69 6e 64 65 78 4f 66 28 62 5b 61 5d 29 29 7b 72 65 74 75 72 6e 20 62 5b 61 2b 31 3c 62 2e 6c 65 6e 67 74 68 3f 61 2b 31 3a 30 5d 2b 72 2e 73 75 62 73 74 72 69 6e 67 28 62 5b 61 5d 2e 6c 65 6e 67 74 68 29 7d 7d 72 65 74 75 72 6e 20 72 7d 66 75 Data Ascii: //"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;a<b.length;a++){if(0===r.indexOf(b[a])){return b[a+1<b.length?a+1:0]+r.substring(b[a].length)}}return r}fu

Target ID:	0
Start time:	06:50:37
Start date:	02/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6ba840000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	06:50:38
Start date:	02/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3
Imagebase:	0x7ff6ba840000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	06:50:44
Start date:	02/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0"
Imagebase:	0x7ff6ba840000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre