Edit tour

Windows Analysis Report
https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779

Overview

General Information

Sample URL:	https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779
Analysis ID:	1661089
Infos:

Detection

Score:	2
Range:	0 - 100
Confidence:	100%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2124,i,7307648910549068412,10690054634076645875,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true

HTTP Parser: Number of links: 0

HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.82:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.22:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.22:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.22:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.152.24:443 -> 192.168.2.6:49765 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://myapplications.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://myapplications.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0/.well-known/openid-configuration HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://myapplications.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://myapplications.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://myapplications.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveOrigin: https://login.microsoftonline.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-SroN80k5yyo=AQABCQEAAABVrSpeuWamRam2jAF1XRQEiMOBMuIrQm02A_xgMLW1Cr8JtV3LYD4fRQ7dWH6n-NoCUTiA_ah9w_YtycgGvU66XbJ84llo0CuaH09KhC3BR83qsD8EGftC4iQzWPoZlg64KuQ_0hpQn65KXCcpNZlBXzKSQpyUE6kC7lGpgzCZoSAA; fpc=AvgNz1NAK-BIq3Umf6dJxRU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQESWPpoHzjwP2JEFX_oRSEEAGQf3Cmn_GXgtYddNEvYfmWmexH_qIXNMMyaX4kOdng3VoOc2mbKH9npRrt3Ba0g-fnZjsFveUcVXr0vnAWmXj4lJY8Fz0R7N-fFs0N5DzlGn6XRh9eaNG1nSU5ty2EwkkREIuHtpZjGRJdD5Nmk1sgAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3DAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-SroN80k5yyo=AQABCQEAAABVrSpeuWamRam2jAF1XRQEiMOBMuIrQm02A_xgMLW1Cr8JtV3LYD4fRQ7dWH6n-NoCUTiA_ah9w_YtycgGvU66XbJ84llo0CuaH09KhC3BR83qsD8EGftC4iQzWPoZlg64KuQ_0hpQn65KXCcpNZlBXzKSQpyUE6kC7lGpgzCZoSAA; fpc=AvgNz1NAK-BIq3Umf6dJxRU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQESWPpoHzjwP2JEFX_oRSEEAGQf3Cmn_GXgtYddNEvYfmWmexH_qIXNMMyaX4kOdng3VoOc2mbKH9npRrt3Ba0g-fnZjsFveUcVXr0vnAWmXj4lJY8Fz0R7N-fFs0N5DzlGn6XRh9eaNG1nSU5ty2EwkkREIuHtpZjGRJdD5Nmk1sgAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-7aefflgksp0u3dxsklzaxgim1jkwxg1wvjkcunlwbpc/logintenantbranding/0/illustration?ts=635524520434458811 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-7aefflgksp0u3dxsklzaxgim1jkwxg1wvjkcunlwbpc/logintenantbranding/0/illustration?ts=635524520434458811 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveContent-Length: 1790sec-ch-ua-platform: "Windows"hpgid: 1104sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"hpgact: 1800canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQE0OSw702sHEzh_jS31R2k5YeDWAb3Uc05J5tOK_0MQk7Ab4uI_HFaYOSNsPq22rzqgWXbxvC1iTEAMzi00dJI6GECogRzgMSepMoSNIdO9pV2TpXjYIn8xtA3a4Ik1DcW37cDpdVlTEuZjqRBh7ckZ8dXPtHOj5WIcsTbY6oR-ZwLGDMY7KUgVUFGCAwRx5ayvvodZ-49LHAdCNxk70C0iiAAsec-ch-ua-mobile: ?0client-request-id: 9cdf90f1-a73e-40af-9ce0-3a75b8b175bfUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/jsonhpgrequestid: e97e1b41-62ca-4d77-962b-ac9174db1000Content-type: application/json; charset=UTF-8Origin: https://login.microsoftonline.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-SroN80k5yyo=AQABCQEAAABVrSpeuWamRam2jAF1XRQEiMOBMuIrQm02A_xgMLW1Cr8JtV3LYD4fRQ7dWH6n-NoCUTiA_ah9w_YtycgGvU66XbJ84llo0CuaH09KhC3BR83qsD8EGftC4iQzWPoZlg64KuQ_0hpQn65KXCcpNZlBXzKSQpyUE6kC7lGpgzCZoSAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.ARIAtNlx8kzl4UaCvSXVCvo3eV6Zkyd9CtdAvTVpaLoUIZfZAQASAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEF9qDNn3xwvgRhNlh9mbJgNZLqKNzDgzXQt92nwVarUSyRIm3f8zOsamyuV84-3ThR_8xtNtfuDMfCKZBWSfYoel2MeDbFu2uwcH-PQ_ugSIgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbaGydbbkWJmSs1iLu4ky0gh1PBtWaPpN9YweQv18o8pw0K_Zq9CAHzDVucT5r7ClEUkVMmjJGxEjku4T4bcHJz8nD0iW3d_3hoBKKbDgK9Gls4nerZtUxSU0URWTAN6NjFG9_1Mdn6Tw9hHB1u9vtnJE7PcZwSgtaXFAET3UlmwgAA; esctx-bWZD2oRZl4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEHZ6MwSLh1zycLWyX8Uh_KFbiity-H3wga9dLtIpZsHzHZ6dPOLHJX7qIsmOvtIhm8cnD2cTqpL8ngjHr1jPCbeMIy-qpsgkQDLETieCORQMWa25qT6X0c4JrJXhKRwen_bXfczHOZKF9eIrLXmiHayAA; fpc=AvgNz1NAK-BIq3Umf6dJxRVSA2dqAQAAAJWyiN8OAAAA; MicrosoftApplicationsTelemetryDeviceId=6aed6f7a-2cbf-44db-b61e-2d2cb57bc3cb; brcap=0

Source: chromecache_118.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_118.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_118.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_121.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_121.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE
Source: chromecache_103.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/discovery/v2.0/keys
Source: chromecache_103.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/token
Source: chromecache_103.2.dr, chromecache_92.2.dr	String found in binary or memory: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0
Source: chromecache_89.2.dr, chromecache_113.2.dr	String found in binary or memory: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0/.well-known/openid-confi

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.82:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.22:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.22:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.22:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.152.24:443 -> 192.168.2.6:49765 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5500_1184265944

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5500_1184265944

Jump to behavior

Source: classification engine

Classification label: clean2.win@24/68@16/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2124,i,7307648910549068412,10690054634076645875,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2124,i,7307648910549068412,10690054634076645875,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_98.2.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_98.2.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
e329293.dscd.akamaiedge.net	23.209.72.9	true	false	high
www.google.com	142.251.35.164	true	false	high
a1894.dscb.akamai.net	23.204.152.24	true	false	high
www.tm.a.prd.aadg.trafficmanager.net	40.126.24.82	true	false	high
aadcdn.msauthimages.net	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js	false	high
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi	false	high
https://login.microsoftonline.com/common/GetCredentialType?mkt=en-US	false	high
https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize	false	high
https://login.microsoftonline.com/favicon.ico	false	high
https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0/.well-known/openid-configuration	false	high
http://c.pki.goog/r/gsr1.crl	false	high
http://c.pki.goog/r/r4.crl	false	high
https://aadcdn.msauthimages.net/dbd5a2dd-7aefflgksp0u3dxsklzaxgim1jkwxg1wvjkcunlwbpc/logintenantbranding/0/illustration?ts=635524520434458811	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.opensource.org/licenses/mit-license.php)	chromecache_118.2.dr	false	high
https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/discovery/v2.0/keys	chromecache_103.2.dr, chromecache_92.2.dr	false	high
https://github.com/zloirock/core-js	chromecache_121.2.dr	false	high
https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/token	chromecache_103.2.dr, chromecache_92.2.dr	false	high
https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0	chromecache_103.2.dr, chromecache_92.2.dr	false	high
http://knockoutjs.com/	chromecache_118.2.dr	false	high
https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0/.well-known/openid-confi	chromecache_89.2.dr, chromecache_113.2.dr	false	high
https://github.com/douglascrockford/JSON-js	chromecache_118.2.dr	false	high
https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE	chromecache_121.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.209.72.9	e329293.dscd.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
40.126.28.22	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.209.72.31	unknown	United States	20940	AKAMAI-ASN1EU	false
142.251.35.164	www.google.com	United States	15169	GOOGLEUS	false
23.204.152.24	a1894.dscb.akamai.net	United States	20940	AKAMAI-ASN1EU	false
40.126.24.82	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1661089
Start date and time:	2025-04-09 20:24:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@24/68@16/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.251.35.174, 142.251.32.99, 142.250.31.84, 142.250.80.14, 142.250.81.238, 20.190.152.23, 40.126.24.16, 20.190.152.144, 40.126.24.145, 20.190.152.80, 52.178.17.235, 199.232.210.172, 142.251.40.238, 142.251.35.170, 142.251.41.10, 172.217.165.138, 142.250.65.170, 142.250.65.202, 142.250.80.10, 142.250.81.234, 142.251.32.106, 142.250.65.234, 142.251.40.234, 142.250.72.106, 142.251.40.170, 142.250.64.74, 142.250.64.106, 142.251.40.106, 142.251.40.138, 142.251.41.3, 142.250.80.78, 142.251.40.174, 20.189.173.27, 20.189.173.18, 40.126.24.84, 40.126.24.81, 20.190.152.21, 40.126.24.149, 40.126.24.83, 20.190.152.19, 40.126.24.147, 20.190.152.20, 184.31.69.3, 13.107.246.38, 172.202.163.200, 13.107.246.40
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
Category:	downloaded
Size (bytes):	621
Entropy (8bit):	7.673946009263606
Encrypted:	false
SSDEEP:	12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
MD5:	4761405717E938D7E7400BB15715DB1E
SHA1:	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
SHA-256:	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
SHA-512:	E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Preview:	..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......\|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E..".......x.@..?u......../....8...

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2025 20:25:12.672445059 CEST	53	51331	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:13.756351948 CEST	53	50582	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:16.408365011 CEST	52641	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:16.408365011 CEST	60365	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:16.513711929 CEST	53	52641	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:16.513741016 CEST	53	60365	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:22.364170074 CEST	54306	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:22.364778996 CEST	61906	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:22.471079111 CEST	53	54306	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:22.472057104 CEST	53	61906	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:23.128782988 CEST	51640	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:23.128938913 CEST	60341	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:23.231934071 CEST	53	60341	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:23.232841969 CEST	53	51640	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:23.718696117 CEST	58013	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:23.719254971 CEST	59583	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:23.825181007 CEST	53	58013	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:23.827888012 CEST	53	59583	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:24.733583927 CEST	61559	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:24.733778954 CEST	52992	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:24.837485075 CEST	53	52992	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:24.840225935 CEST	53	61559	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:30.693876982 CEST	53906	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:30.694067955 CEST	56935	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:30.792881012 CEST	53	49856	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:30.796857119 CEST	53	56935	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:30.799093962 CEST	53	53906	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:30.895036936 CEST	53	53898	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:32.429797888 CEST	50245	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:32.429972887 CEST	55132	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:25:32.533212900 CEST	53	50245	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:32.533237934 CEST	53	55132	1.1.1.1	192.168.2.6
Apr 9, 2025 20:25:49.644186974 CEST	53	62153	1.1.1.1	192.168.2.6
Apr 9, 2025 20:26:12.006127119 CEST	53	53214	1.1.1.1	192.168.2.6
Apr 9, 2025 20:26:12.312932014 CEST	53	55582	1.1.1.1	192.168.2.6
Apr 9, 2025 20:26:17.071625948 CEST	138	138	192.168.2.6	192.168.2.255
Apr 9, 2025 20:26:22.174834967 CEST	53662	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:26:22.174896002 CEST	53081	53	192.168.2.6	1.1.1.1
Apr 9, 2025 20:26:22.279697895 CEST	53	53662	1.1.1.1	192.168.2.6
Apr 9, 2025 20:26:22.280194998 CEST	53	53081	1.1.1.1	192.168.2.6

Timestamp	Bytes transferred	Direction	Data
Apr 9, 2025 20:25:28.527352095 CEST	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 9, 2025 20:25:28.629112959 CEST	1254	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 1739 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 09 Apr 2025 18:04:49 GMT Expires: Wed, 09 Apr 2025 18:54:49 GMT Cache-Control: public, max-age=3000 Age: 1239 Last-Modified: Mon, 07 Apr 2025 13:58:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 06 c7 30 82 05 af 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61 6c 53 69 67 6e 20 52 6f 6f 74 20 43 41 17 0d 32 35 30 34 30 37 30 30 30 30 30 30 5a 17 0d 32 35 30 37 31 35 30 30 30 30 30 30 5a 30 82 04 f1 30 2a 02 0b 04 00 00 00 00 01 1e 44 a5 e4 04 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 29 45 c3 a8 0f 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 20 19 c1 8d 68 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2c 5e 7f 1a 88 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 15 4b 5a [TRUNCATED] Data Ascii: 000H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA250407000000Z250715000000Z00D141125000000Z00U0)E141125000000Z00U0 h141125000000Z00U0,^141125000000Z00U0KZ160107000000Z00U0/NIR170419000000Z00U0/NG170419000000Z00U0/N9191120000000Z00U0/N=k191204000000Z00U
Apr 9, 2025 20:25:28.629153013 CEST	1199	IN	Data Raw: 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2f 4e e1 3b 58 17 0d 31 39 31 32 30 34 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2d 02 0e 47 c3 0f ff 8a 61 9a 37 f5 a8 2e f0 b5 75 17 0d 32 30 30 36 33 30 30 30 30 30 30 30 5a Data Ascii: 0/N;X191204000000Z00U0-Ga7.u200630000000Z00U0-GA>ThA200630000000Z00U0-GK&TA+200630000000Z00U06::200711160000Z00U0/vSBS
Apr 9, 2025 20:25:28.633399010 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 9, 2025 20:25:28.732896090 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 09 Apr 2025 17:57:11 GMT Expires: Wed, 09 Apr 2025 18:47:11 GMT Cache-Control: public, max-age=3000 Age: 1697 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:22 UTC	743	OUT	GET /common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://myapplications.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myapplications.microsoft.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:25:23 UTC	2012	IN	HTTP/1.1 200 OK Cache-Control: max-age=86400, private Content-Type: application/json; charset=utf-8 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 3aceb9bb-9b0f-4d7e-b4fc-e2471f4abe00 x-ms-ests-server: 2.1.20465.4 - SCUS ProdSlices Access-Control-Expose-Headers: x-ms-srs report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-zLt1L_f3bPWkkbJONCwoIA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=AuxN0QXR0IVKpXMW3FBpt30; expires=Fri, 09-May-2025 18:25:23 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEfTgi1Lq0i8HNUY2Bu2Xv5iPXonjPrY3FcmiAMqGDzJuPYZwWNlFBBXeEfW_fZL739murmW1GOjRo1TX9hm3XzxWluGh6-CXUEmrUelRquk6l7pMb7hh6rrbD4CxCnFCP6HvSHmexzqL8zSFPmv9Dm64pa482phRNQy83HpKmuukgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 09 Apr 2025 18:25:22 GMT Connection: close Content-Length: 980
2025-04-09 18:25:23 UTC	980	IN	Data Raw: 7b 22 74 65 6e 61 6e 74 5f 64 69 73 63 6f 76 65 72 79 5f 65 6e 64 70 6f 69 6e 74 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 66 32 37 31 64 39 62 34 2d 65 35 34 63 2d 34 36 65 31 2d 38 32 62 64 2d 32 35 64 35 30 61 66 61 33 37 37 39 2f 76 32 2e 30 2f 2e 77 65 6c 6c 2d 6b 6e 6f 77 6e 2f 6f 70 65 6e 69 64 2d 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 2c 22 61 70 69 2d 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 7b 22 70 72 65 66 65 72 72 65 64 5f 6e 65 74 77 6f 72 6b 22 3a 22 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 22 2c 22 70 72 65 66 65 72 72 65 64 5f 63 61 63 68 65 22 3a 22 6c 6f 67 69 6e 2e 77 69 6e 64 6f 77 73 2e 6e Data Ascii: {"tenant_discovery_endpoint":"https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.n

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:23 UTC	660	OUT	GET /f271d9b4-e54c-46e1-82bd-25d50afa3779/v2.0/.well-known/openid-configuration HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://myapplications.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myapplications.microsoft.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:25:23 UTC	2013	IN	HTTP/1.1 200 OK Cache-Control: max-age=86400, private Content-Type: application/json; charset=utf-8 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: a984dfa6-eaaf-4d0e-9b37-16bf16820f00 x-ms-ests-server: 2.1.20465.4 - NCUS ProdSlices Access-Control-Expose-Headers: x-ms-srs report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-m9xsgMczcp7NlnQ5LIwfhw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=ArAlDsqK9h9LjMqv5pLA05M; expires=Fri, 09-May-2025 18:25:23 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEBUopiv60uG7bIJyLNy18mnV-z702CZ-f2eUNHoBMs1MjBSbiISDvzjE2UX6jBf5Ewwn6c5631r1yC-vnlu38kYQOrbY-amPtZrzi3coCeXbWkMOo9m2eMKJ-SOGp4ygUjHB76OkZ7l2ysn5yvzF_NaqL-4DBPOUl9sGpCkHXyvwgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 09 Apr 2025 18:25:23 GMT Connection: close Content-Length: 1753
2025-04-09 18:25:23 UTC	1753	IN	Data Raw: 7b 22 74 6f 6b 65 6e 5f 65 6e 64 70 6f 69 6e 74 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 66 32 37 31 64 39 62 34 2d 65 35 34 63 2d 34 36 65 31 2d 38 32 62 64 2d 32 35 64 35 30 61 66 61 33 37 37 39 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 74 6f 6b 65 6e 22 2c 22 74 6f 6b 65 6e 5f 65 6e 64 70 6f 69 6e 74 5f 61 75 74 68 5f 6d 65 74 68 6f 64 73 5f 73 75 70 70 6f 72 74 65 64 22 3a 5b 22 63 6c 69 65 6e 74 5f 73 65 63 72 65 74 5f 70 6f 73 74 22 2c 22 70 72 69 76 61 74 65 5f 6b 65 79 5f 6a 77 74 22 2c 22 63 6c 69 65 6e 74 5f 73 65 63 72 65 74 5f 62 61 73 69 63 22 5d 2c 22 6a 77 6b 73 5f 75 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 Data Ascii: {"token_endpoint":"https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.c

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:24 UTC	1331	OUT	GET /f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://myapplications.microsoft.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:25:24 UTC	2236	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 96c6c4ee-22a9-4f4a-bc89-fff837fc3300 x-ms-ests-server: 2.1.20465.4 - EUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,50168,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-cL28yconEUZZKnVZ94FpRg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: esctx-SroN80k5yyo=AQABCQEAAABVrSpeuWamRam2jAF1XRQEiMOBMuIrQm02A_xgMLW1Cr8JtV3LYD4fRQ7dWH6n-NoCUTiA_ah9w_YtycgGvU66XbJ84llo0CuaH09KhC3BR83qsD8EGftC4iQzWPoZlg64KuQ_0hpQn65KXCcpNZlBXzKSQpyUE6kC7lGpgzCZoSAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvgNz1NAK-BIq3Umf6dJxRU; expires=Fri, 09-May-2025 18:25:24 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQESWPpoHzjwP2JEFX_oRSEEAGQf3Cmn_GXgtYddNEvYfmWmexH_qIXNMMyaX4kOdng3VoOc2mbKH9npRrt3Ba0g-fnZjsFveUcVXr0vnAWmXj4lJY8Fz0R7N-fFs0N5DzlGn6XRh9eaNG1nSU5ty2EwkkREIuHtpZjGRJdD5Nmk1sgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 09 Apr 2025 18:25:23 GMT Connection: close Content-Length: 21292
2025-04-09 18:25:24 UTC	14148	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
2025-04-09 18:25:24 UTC	7144	IN	Data Raw: 0a 3b 64 2e 66 61 69 6c 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 46 61 69 6c 65 64 22 2c 64 2e 73 75 63 63 65 73 73 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 53 75 63 63 65 73 73 22 2c 64 2e 4c 6f 61 64 28 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6f 29 7b 74 68 72 6f 77 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 2e 20 52 65 73 6f 75 72 63 65 4c 6f 61 64 65 72 2e 4c 6f 61 64 28 29 20 66 61 69 6c 65 64 20 64 65 73 70 69 74 65 20 69 6e 69 74 69 61 6c 20 6c 6f 61 64 20 73 75 63 63 65 73 73 2e 20 5b 27 22 2b 6e 2b 22 27 5d 22 7d 73 26 26 28 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 65 72 72 6f 72 2e 61 73 70 78 3f 65 72 72 3d 35 30 34 22 29 7d 29 7d 2c 63 2e 4f 6e 45 72 72 6f 72 3d 66 75 6e Data Ascii: ;d.failMessage="Reload Failed",d.successMessage="Reload Success",d.Load(null,function(){if(o){throw"Unexpected state. ResourceLoader.Load() failed despite initial load success. ['"+n+"']"}s&&(document.location.href="/error.aspx?err=504")})},c.OnError=fun

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:25 UTC	642	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive Origin: https://login.microsoftonline.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:25:25 UTC	661	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript Content-MD5: R7Y1mgm77mqkG4LgbFphBQ== Last-Modified: Wed, 29 Jan 2025 22:54:06 GMT ETag: "0x8DD40B7D5C9F36B" x-ms-request-id: 85c571c8-901e-009a-726f-761fbe000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * Cache-Control: public, max-age=25922614 Date: Wed, 09 Apr 2025 18:25:25 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Akamai-GRN: 0.9f04d217.1744223125.89995f6
2025-04-09 18:25:25 UTC	15723	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 Data Ascii: 00006000/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyrigh
2025-04-09 18:25:25 UTC	8865	IN	Data Raw: 64 69 61 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 20 61 63 74 69 76 65 29 20 7b 20 20 2e 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 2d 64 65 74 65 63 74 69 6f 6e 3a 3a 62 65 66 6f 72 65 20 7b 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 61 63 74 69 76 65 22 3b 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 20 7d 7d 40 6d 65 64 69 61 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 20 62 6c 61 63 6b 2d 6f 6e 2d 77 68 69 74 65 29 20 7b 20 20 2e 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 2d 64 65 74 65 63 74 69 6f 6e 3a 3a 62 65 66 6f 72 65 20 7b 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 77 68 69 74 65 22 3b 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 20 7d 7d 40 6d 65 64 69 61 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f Data Ascii: dia (-ms-high-contrast: active) { .high-contrast-detection::before { content: "active"; display: none; }}@media (-ms-high-contrast: black-on-white) { .high-contrast-detection::before { content: "white"; display: none; }}@media (-ms-high-co
2025-04-09 18:25:25 UTC	16384	IN	Data Raw: 30 30 30 30 35 30 32 33 0d 0a 6c 61 73 74 49 6e 64 65 78 3d 30 2c 63 78 2e 74 65 73 74 28 74 65 78 74 29 26 26 28 74 65 78 74 3d 74 65 78 74 2e 72 65 70 6c 61 63 65 28 63 78 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 5c 5c 75 22 2b 28 22 30 30 30 30 22 2b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 29 2e 73 6c 69 63 65 28 2d 34 29 7d 29 29 29 2c 2f 5e 5b 5c 5d 2c 3a 7b 7d 5c 73 5d 2a 24 2f 2e 74 65 73 74 28 74 65 78 74 2e 72 65 70 6c 61 63 65 28 2f 5c 5c 28 3f 3a 5b 22 5c 5c 5c 2f 62 66 6e 72 74 5d 7c 75 5b 30 2d 39 61 2d 66 41 2d 46 5d 7b 34 7d 29 2f 67 2c 22 40 22 29 2e 72 65 70 6c 61 63 65 28 2f 22 5b 5e 22 5c 5c 5c 6e 5c 72 5d 2a 22 7c 74 72 75 65 7c 66 61 6c 73 65 7c 6e 75 6c 6c 7c 2d 3f 5c Data Ascii: 00005023lastIndex=0,cx.test(text)&&(text=text.replace(cx,(function(e){return"\\u"+("0000"+e.charCodeAt(0).toString(16)).slice(-4)}))),/^[\],:{}\s]$/.test(text.replace(/\\(?:["\\\/bfnrt]\|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]"\|true\|false\|null\|-?\
2025-04-09 18:25:25 UTC	4143	IN	Data Raw: 73 68 53 74 61 74 65 73 3a 7b 53 75 63 63 65 73 73 3a 30 2c 43 61 6e 63 65 6c 3a 31 2c 45 72 72 6f 72 3a 32 2c 4e 6f 74 53 75 70 70 6f 72 74 65 64 3a 33 7d 2c 55 6e 65 78 70 65 63 74 65 64 45 72 72 6f 72 43 6f 64 65 3a 39 39 39 39 2c 45 64 67 65 45 72 72 6f 72 43 6f 64 65 73 3a 7b 53 79 6e 74 61 78 45 72 72 6f 72 3a 33 2c 4e 6f 74 46 6f 75 6e 64 45 72 72 6f 72 3a 38 2c 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 72 72 6f 72 3a 39 2c 49 6e 76 61 6c 69 64 41 63 63 65 73 73 45 72 72 6f 72 3a 31 35 2c 41 62 6f 72 74 45 72 72 6f 72 3a 32 30 7d 7d 2c 74 2e 49 66 45 78 69 73 74 73 52 65 73 75 6c 74 3d 7b 55 6e 6b 6e 6f 77 6e 3a 2d 31 2c 45 78 69 73 74 73 3a 30 2c 4e 6f 74 45 78 69 73 74 3a 31 2c 54 68 72 6f 74 74 6c 65 64 3a 32 2c 45 72 72 6f 72 3a 34 2c 45 78 69 73 Data Ascii: shStates:{Success:0,Cancel:1,Error:2,NotSupported:3},UnexpectedErrorCode:9999,EdgeErrorCodes:{SyntaxError:3,NotFoundError:8,NotSupportedError:9,InvalidAccessError:15,AbortError:20}},t.IfExistsResult={Unknown:-1,Exists:0,NotExist:1,Throttled:2,Error:4,Exis
2025-04-09 18:25:25 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 65 76 65 6e 74 41 72 67 73 3a 74 2c 65 76 65 6e 74 4f 70 74 69 6f 6e 73 3a 72 7d 29 2c 6e 7d 2c 73 2e 67 65 74 50 72 6f 70 65 72 74 79 4c 6f 67 4f 70 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 74 3d 74 7c 7c 7b 7d 29 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 74 72 61 63 69 6e 67 50 72 6f 70 65 72 74 79 43 68 61 6e 67 65 22 29 7c 7c 28 74 2e 74 72 61 63 69 6e 67 50 72 6f 70 65 72 74 79 43 68 61 6e 67 65 3d 21 30 29 2c 74 2e 65 76 65 6e 74 4c 65 76 65 6c 3d 74 2e 65 76 65 6e 74 4c 65 76 65 6c 7c 7c 72 2e 45 76 65 6e 74 4c 65 76 65 6c 2e 49 6e 66 6f 2c 7b 76 69 65 77 4d 6f 64 65 6c 3a 65 2c 74 72 61 63 69 6e 67 4f 70 74 69 6f 6e 73 3a 74 7d 7d 2c 73 2e 67 65 74 44 65 66 61 75 6c 74 54 Data Ascii: 00004000eventArgs:t,eventOptions:r}),n},s.getPropertyLogOption=function(e,t){return(t=t\|\|{}).hasOwnProperty("tracingPropertyChange")\|\|(t.tracingPropertyChange=!0),t.eventLevel=t.eventLevel\|\|r.EventLevel.Info,{viewModel:e,tracingOptions:t}},s.getDefaultT
2025-04-09 18:25:25 UTC	12	IN	Data Raw: 69 7a 65 44 6f 6d 4e 6f 64 65 0d 0a Data Ascii: izeDomNode
2025-04-09 18:25:25 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 41 6e 64 44 65 73 63 65 6e 64 61 6e 74 73 22 2c 53 2e 61 61 2e 63 64 29 2c 53 2e 6e 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 69 66 28 72 29 66 6f 72 28 76 61 72 20 65 2c 74 3d 72 2c 6f 3d 30 3b 69 3c 72 3b 29 69 66 28 65 3d 6e 5b 69 2b 2b 5d 29 7b 69 66 28 69 3e 74 29 7b 69 66 28 35 65 33 3c 3d 2b 2b 6f 29 7b 69 3d 72 2c 53 2e 61 2e 47 63 28 45 72 72 6f 72 28 22 27 54 6f 6f 20 6d 75 63 68 20 72 65 63 75 72 73 69 6f 6e 27 20 61 66 74 65 72 20 70 72 6f 63 65 73 73 69 6e 67 20 22 2b 6f 2b 22 20 74 61 73 6b 20 67 72 6f 75 70 73 2e 22 29 29 3b 62 72 65 61 6b 7d 74 3d 72 7d 74 72 79 7b 65 28 29 7d 63 61 74 63 68 28 61 29 7b 53 2e 61 2e 47 63 28 61 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 29 Data Ascii: 00004000AndDescendants",S.aa.cd),S.na=function(){function e(){if(r)for(var e,t=r,o=0;i<r;)if(e=n[i++]){if(i>t){if(5e3<=++o){i=r,S.a.Gc(Error("'Too much recursion' after processing "+o+" task groups."));break}t=r}try{e()}catch(a){S.a.Gc(a)}}}function t()
2025-04-09 18:25:25 UTC	12	IN	Data Raw: 2f 2c 69 3d 7b 22 69 6e 22 3a 0d 0a Data Ascii: /,i={"in":
2025-04-09 18:25:25 UTC	13296	IN	Data Raw: 30 30 30 30 33 33 45 34 0d 0a 31 2c 22 72 65 74 75 72 6e 22 3a 31 2c 22 74 79 70 65 6f 66 22 3a 31 7d 2c 61 3d 7b 7d 3b 72 65 74 75 72 6e 7b 52 61 3a 5b 5d 2c 77 61 3a 61 2c 61 63 3a 65 2c 76 62 3a 66 75 6e 63 74 69 6f 6e 28 72 2c 6f 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 65 2c 72 29 7b 76 61 72 20 6f 3b 69 66 28 21 6c 29 7b 76 61 72 20 64 3d 53 2e 67 65 74 42 69 6e 64 69 6e 67 48 61 6e 64 6c 65 72 28 65 29 3b 69 66 28 64 26 26 64 2e 70 72 65 70 72 6f 63 65 73 73 26 26 21 28 72 3d 64 2e 70 72 65 70 72 6f 63 65 73 73 28 72 2c 65 2c 69 29 29 29 72 65 74 75 72 6e 3b 28 64 3d 61 5b 65 5d 29 26 26 28 6f 3d 72 2c 30 3c 3d 53 2e 61 2e 41 28 74 2c 6f 29 3f 6f 3d 21 31 3a 28 64 3d 6f 2e 6d 61 74 63 68 28 6e 29 2c 6f 3d 6e 75 6c 6c 21 3d 3d 64 26 26 28 64 5b 31 5d Data Ascii: 000033E41,"return":1,"typeof":1},a={};return{Ra:[],wa:a,ac:e,vb:function(r,o){function i(e,r){var o;if(!l){var d=S.getBindingHandler(e);if(d&&d.preprocess&&!(r=d.preprocess(r,e,i)))return;(d=a[e])&&(o=r,0<=S.a.A(t,o)?o=!1:(d=o.match(n),o=null!==d&&(d[1]
2025-04-09 18:25:25 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 5b 63 5d 29 6e 28 74 5b 63 5d 29 3b 65 6c 73 65 20 69 66 28 22 69 6e 73 74 61 6e 63 65 22 69 6e 20 74 29 7b 76 61 72 20 6f 3d 74 2e 69 6e 73 74 61 6e 63 65 3b 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 29 29 7d 65 6c 73 65 22 76 69 65 77 4d 6f 64 65 6c 22 69 6e 20 74 3f 72 28 65 2c 74 2e 76 69 65 77 4d 6f 64 65 6c 2c 6e 29 3a 65 28 22 55 6e 6b 6e 6f 77 6e 20 76 69 65 77 4d 6f 64 65 6c 20 76 61 6c 75 65 3a 20 22 2b 74 29 7d 28 69 28 65 29 2c 74 2c 6e 29 7d 7d 3b 76 61 72 20 63 3d 22 63 72 65 61 74 65 56 69 65 77 4d 6f 64 65 6c 22 3b 53 2e 62 28 22 63 6f 6d 70 6f 6e 65 6e 74 73 2e 72 65 67 69 73 74 65 72 22 2c 53 2e 6a 2e 72 65 67 69 73 74 65 72 29 2c 53 2e 62 28 22 63 6f 6d 70 6f 6e 65 6e 74 73 2e 69 Data Ascii: 00006000[c])n(t[c]);else if("instance"in t){var o=t.instance;n((function(){return o}))}else"viewModel"in t?r(e,t.viewModel,n):e("Unknown viewModel value: "+t)}(i(e),t,n)}};var c="createViewModel";S.b("components.register",S.j.register),S.b("components.i

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:25 UTC	2517	OUT	GET /f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-SroN80k5yyo=AQABCQEAAABVrSpeuWamRam2jAF1XRQEiMOBMuIrQm02A_xgMLW1Cr8JtV3LYD4fRQ7dWH6n-NoCUTiA_ah9w_YtycgGvU66XbJ84llo0CuaH09KhC3BR83qsD8EGftC4iQzWPoZlg64KuQ_0hpQn65KXCcpNZlBXzKSQpyUE6kC7lGpgzCZoSAA; fpc=AvgNz1NAK-BIq3Umf6dJxRU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQESWPpoHzjwP2JEFX_oRSEEAGQf3Cmn_GXgtYddNEvYfmWmexH_qIXNMMyaX4kOdng3VoOc2mbKH9npRrt3Ba0g-fnZjsFveUcVXr0vnAWmXj4lJY8Fz0R7N-fFs0N5DzlGn6XRh9eaNG1nSU5ty2EwkkREIuHtpZjGRJdD5Nmk1sgAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-04-09 18:25:26 UTC	2682	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch X-DNS-Prefetch-Control: on P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: e97e1b41-62ca-4d77-962b-ac9174db1000 x-ms-ests-server: 2.1.20465.4 - NCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-43eByWYo92fBYGj1sEOrMA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: buid=1.ARIAtNlx8kzl4UaCvSXVCvo3eV6Zkyd9CtdAvTVpaLoUIZfZAQASAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEF9qDNn3xwvgRhNlh9mbJgNZLqKNzDgzXQt92nwVarUSyRIm3f8zOsamyuV84-3ThR_8xtNtfuDMfCKZBWSfYoel2MeDbFu2uwcH-PQ_ugSIgAA; expires=Fri, 09-May-2025 18:25:25 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbaGydbbkWJmSs1iLu4ky0gh1PBtWaPpN9YweQv18o8pw0K_Zq9CAHzDVucT5r7ClEUkVMmjJGxEjku4T4bcHJz8nD0iW3d_3hoBKKbDgK9Gls4nerZtUxSU0URWTAN6NjFG9_1Mdn6Tw9hHB1u9vtnJE7PcZwSgtaXFAET3UlmwgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-bWZD2oRZl4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEHZ6MwSLh1zycLWyX8Uh_KFbiity-H3wga9dLtIpZsHzHZ6dPOLHJX7qIsmOvtIhm8cnD2cTqpL8ngjHr1jPCbeMIy-qpsgkQDLETieCORQMWa25qT6X0c4JrJXhKRwen_bXfczHOZKF9eIrLXmiHayAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvgNz1NAK-BIq3Umf6dJxRVSA2dqAQAAAJWyiN8OAAAA; expires=Fri, 09-May-2025 18:25:25 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 09 Apr 2025 18:25:25 GMT Connection: close Content-Length: 44238
2025-04-09 18:25:26 UTC	13702	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
2025-04-09 18:25:26 UTC	16384	IN	Data Raw: 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 50 49 41 2f 45 6e 64 41 75 74 68 22 2c 22 75 72 6c 53 74 61 72 74 54 6c 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 73 74 61 72 74 2f 74 6c 72 23 63 6f 6e 74 69 6e 75 61 74 69 6f 6e 54 6f 6b 65 6e 3d 25 37 62 30 25 37 64 5c 75 30 30 32 36 75 6e 64 69 72 65 63 74 65 64 52 65 63 6f 76 65 72 79 55 72 6c 3d 25 37 62 31 25 37 64 22 2c 22 66 4b 4d 53 49 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 69 4c 6f 67 69 6e 4d 6f 64 65 22 3a 31 2c 22 66 41 6c 6c 6f 77 50 68 6f 6e 65 53 69 67 6e 49 6e 22 3a 74 72 75 65 2c 22 66 41 6c 6c 6f 77 50 68 6f 6e 65 49 6e 70 75 74 22 3a 74 72 75 65 2c 22 66 41 6c 6c 6f 77 53 6b 79 70 65 4e Data Ascii: line.com/common/PIA/EndAuth","urlStartTlr":"https://login.microsoftonline.com/common/start/tlr#continuationToken=%7b0%7d\u0026undirectedRecoveryUrl=%7b1%7d","fKMSIEnabled":false,"iLoginMode":1,"fAllowPhoneSignIn":true,"fAllowPhoneInput":true,"fAllowSkypeN
2025-04-09 18:25:26 UTC	14152	IN	Data Raw: 3d 77 69 6e 64 6f 77 3b 6e 2e 24 44 6f 7c 7c 28 6e 2e 24 44 6f 3d 7b 22 71 22 3a 5b 5d 2c 22 72 22 3a 5b 5d 2c 22 72 65 6d 6f 76 65 49 74 65 6d 73 22 3a 5b 5d 2c 22 6c 6f 63 6b 22 3a 30 2c 22 6f 22 3a 5b 5d 7d 29 3b 76 61 72 20 6f 3d 6e 2e 24 44 6f 3b 6f 2e 77 68 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 72 28 65 2c 61 2c 73 29 7c 7c 6f 2e 71 2e 70 75 73 68 28 7b 22 69 64 22 3a 65 2c 22 63 22 3a 61 2c 22 61 22 3a 73 7d 29 7d 76 61 72 20 61 3d 30 2c 73 3d 5b 5d 2c 75 3d 31 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 7c 7c 28 61 3d 6e 2c 0a 75 3d 32 29 3b 66 6f 72 28 76 61 72 20 63 3d 75 3b 63 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 73 2e 70 75 73 68 28 61 72 Data Ascii: =window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n,u=2);for(var c=u;c<arguments.length;c++){s.push(ar

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:31 UTC	742	OUT	GET /dbd5a2dd-7aefflgksp0u3dxsklzaxgim1jkwxg1wvjkcunlwbpc/logintenantbranding/0/illustration?ts=635524520434458811 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:25:31 UTC	715	IN	HTTP/1.1 200 OK Content-Length: 323051 Content-Type: image/jpeg Content-MD5: hTrc/cyXc9SAMG9ZZY17mQ== Last-Modified: Mon, 24 Nov 2014 18:54:11 GMT ETag: 0x8D1D62F2B38CA97 x-ms-request-id: 051b1240-a01e-002a-5b66-679cf2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=40388 Date: Wed, 09 Apr 2025 18:25:31 GMT Connection: close X-Content-Type-Options: nosniff Akamai-GRN: 0.8904d217.1744223131.46abbc1
2025-04-09 18:25:31 UTC	15669	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff e1 0b 6e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1c 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 8e 87 69 00 04 00 00 00 01 00 00 00 a4 00 00 00 d0 00 0a fc 80 00 00 27 10 00 0a fc 80 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 34 20 57 69 6e 64 6f 77 73 00 32 30 31 30 3a 30 39 3a 32 39 20 31 35 3a 34 34 3a 30 37 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 b0 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 Data Ascii: JFIFHHnExifMM*bj(1r2i''Adobe Photoshop CS4 Windows2010:09:29 15:44:07
2025-04-09 18:25:31 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-04-09 18:25:31 UTC	1886	IN	Data Raw: cd 55 6b a2 9c f5 6e b2 aa fe 85 8f c4 72 b5 6a c2 57 96 ad 57 b6 f3 d5 aa e8 0b 73 d5 ea ea d6 e6 eb 55 ed b6 ef cd 57 ab a2 2f a7 37 5e ae 8a 83 df 9e af 57 ad cf 56 ab ad a3 9e ad d7 45 6f a7 3d 5a 8a e8 a7 87 37 5e ae b6 11 72 0f 3d 35 6a e0 15 6f 71 cd cd 6a bc 57 5f 6f 35 5a ae 1b 3b fb 39 ba dd 70 db f0 e6 eb 75 ed 9e cd 39 ea d5 71 db 62 79 ea f5 70 d9 61 f4 73 73 5e ae 99 6d cf 57 ab 89 4b e9 cf 4d 7a b8 14 e5 ab d5 c7 6f c7 9e af 57 12 83 c3 9b ad d7 02 be 1c f5 78 57 6a 82 c4 9e d6 e6 ab 75 87 65 bb 72 db 6a b5 c7 6d f4 e6 eb 75 8c a5 b9 ba f5 71 0b 73 cd cd 7a b1 32 73 75 ea e2 46 97 e6 eb 55 8f 6d b9 ed b5 ea e2 57 9b ad d7 02 97 e7 ab d5 c3 66 96 e7 ab 55 88 ae b7 3c b5 7a 2b 89 5b 69 cf 57 ab 86 cb 6b cf 56 ab 81 43 cd d6 eb 19 4f 87 37 5e Data Ascii: UknrjWWsUW/7^WVEo=Z7^r=5joqjW_o5Z;9pu9qbypass^mWKMzoWxWjuerjmuqsz2suFUmWfU<z+[iWkVCO7^
2025-04-09 18:25:31 UTC	16384	IN	Data Raw: c3 9b ad d6 36 17 e7 ab d5 84 8e 5a bd 5c 18 73 75 ea c4 47 b3 9b af 56 22 0f 37 35 ea c4 47 37 5a ac 44 5f 96 ad d7 02 3d bc dd 6a b1 30 e6 eb 75 88 8e 6e bd 58 ca f3 75 ba c4 57 d9 cf 56 ab 1b 0f 6f 2d 5e ac 67 9e af 56 22 2d cb 57 ab 19 1a fd 3c dd 6e b1 b0 f1 e6 eb d5 8d 87 3d 5a ac 44 0e 6e b7 5c 08 e5 ab d5 8c 8e 7a bd 58 88 b7 37 5e ae 04 5f 9b af 56 22 39 ba dd 63 23 c7 9b af 56 32 01 e6 eb 55 8c fb 39 ba d5 70 23 9b ad d6 26 e6 eb 75 da 26 e3 af 3d 5b 14 f9 4b 09 24 5f 89 c9 a7 85 3a 1d 78 d5 3d 5c 08 e6 eb d5 8c f3 d5 ba 87 56 db 63 db e2 78 e0 aa 1a 8d 20 20 47 7f 01 cd d5 6b 25 42 de 13 cd 0a b1 a4 b5 58 b1 3f 5f 15 8a 4c 69 b0 af 1e aa d7 02 39 6a f5 70 23 9a af 57 02 35 3c dd 7a b8 1e 78 56 ab 81 1e ce 6e b7 5c 08 b7 37 5e af 73 d5 ea f7 3d Data Ascii: 6Z\suGV"75G7ZD_=j0unXuWVo-^gV"-W<n=ZDn\zX7^_V"9c#V2U9p#&u&=[K$_:x=\Vcx Gk%BX?_Li9jp#W5<zxVn\7^s=
2025-04-09 18:25:31 UTC	12120	IN	Data Raw: b0 bc 57 6f 67 37 35 5a ed 50 29 d3 c7 9b af 01 5d f9 77 3a 73 d3 5e ae 46 14 b9 b7 8f 35 35 a8 ae c2 9f dd 3f 7f 3d 5b ae 2c 80 e9 db c0 73 d5 a3 5c 42 29 bd b9 ea ad 71 f2 c5 b6 f3 73 5b d9 5d 84 2d aa e9 cd 57 ab db 0d b4 e7 ab 55 d8 4b 1b 0e 7a 6b d5 d1 4e d7 e5 ab 75 d9 5b 6a 45 8f 35 5a af 6d b9 e7 ab d5 c8 26 bb 47 35 35 ea f0 5d 47 b7 9b af 57 b6 d8 76 e6 ab d5 cb cb 17 d3 42 79 ea d5 70 11 0e e3 5e 6c 9a f5 76 c9 73 6e 78 1a f6 da e3 b0 d8 8e 7a bd 15 d0 53 7e 6e b5 5d ed 36 b9 ed cf 56 ab ad 87 bf b3 9e af 57 84 7d c1 e7 ab 75 e0 ba f3 db 2b 55 c0 2d bb 8b f3 75 ba f6 cb b6 bc f6 ca f6 ca ea de 27 c7 9e af 57 4c be 24 73 d5 ea eb 6d c5 ed df 9b af 57 45 2d a7 7e 6e 6b d5 c7 6d c7 35 5b af 15 f8 73 d5 aa e0 46 97 b7 37 56 af 15 fe 1c d5 6a b8 6c Data Ascii: Wog75ZP)]w:s^F55?=[,s\B)qs[]-WUKzkNu[jE5Zm&G55]GWvByp^lvsnxzS~n]6VW}u+U-u'WL$smWE-~nkm5[sF7Vjl
2025-04-09 18:25:31 UTC	16384	IN	Data Raw: 57 03 0e db f6 3b bb f3 d5 a8 8a e0 61 b9 df e1 cd cd 6a 26 b1 3a 1e d7 1c b6 da ad 75 b5 fb 01 db 9e af 57 11 08 1a 0e fa 69 cd cd 7a 2b bf 2f de bf 6f 1e 6a b5 58 8a 6d 52 c7 bf b0 72 f5 ea f1 8c ea 06 b7 1c d5 56 b1 18 c9 25 4f 2d 5b ae 50 a0 0e 2f e0 47 2a 4d 78 56 12 84 1b 72 c0 cd 6a b8 85 b0 d7 b7 37 5b af 04 ef fd 1c f4 d6 ab 8b 20 1f c7 9e ad 8a e3 b6 fa 5a e7 96 d9 5a 15 c1 93 c4 73 75 aa e8 a5 b5 1c f6 da f5 74 50 28 e7 ab 5b 2b a5 5b 68 79 a3 5e ae 3e 5d b4 3e 3c dd 6a 2b 89 8f 4b 8e 5a b7 15 8e d7 3c f5 6a b8 ec e7 a6 bd 5d 6c e6 e6 bd 5c 0a 69 cf 57 ab 89 5e 7a b7 5c 76 78 f2 d5 e1 5c 0a 91 cd 56 ab 81 4e 5a bd 5c 76 8b 73 d3 5a ae b6 90 09 e7 ab 75 88 a5 c7 37 5a ae 05 75 d3 9e ad d7 02 a4 73 d5 5a e0 53 96 ad d7 02 bc dd 7a b8 14 e6 e6 b5 Data Ascii: W;aj&:uWiz+/ojXmRrV%O-[P/G*MxVrj7[ ZZsutP([+[hy^>]><j+KZ<j]l\iW^z\vx\VNZ\vsZu7ZusZSz
2025-04-09 18:25:31 UTC	16384	IN	Data Raw: d7 1c 1b 5b 33 dd 60 28 11 72 f7 7b 89 a2 f7 8d 11 3d 58 95 1c 87 1e 07 82 b6 f0 14 14 73 13 49 f8 e8 d0 a7 cb c6 00 53 ef 5f 8a b5 71 a4 61 3c 2a 54 74 61 63 0e 57 71 23 bf 28 55 57 d3 5e 82 81 a4 6b 29 bf b7 e8 e7 8a a2 b4 13 35 8d a9 a1 86 15 65 b9 d8 a7 96 92 4d 56 00 ac 09 4d 00 91 00 4b 5c a7 ee 7d 3f 1e 5a 6a 90 2b 98 a7 8d 1c ee 90 02 35 b1 16 ef cf 4c d6 e2 a6 25 3a 92 19 98 1d de ce 37 31 57 8a 9a 98 6b 82 00 ed c6 ca e9 cd 14 a6 a5 fd 05 30 91 87 c3 88 ce 26 95 8c 05 2f 30 4c cb 89 d1 53 2e 1f 1c f2 25 31 6f 31 d1 4e 87 e9 e1 63 8c 85 19 8c 76 51 a3 6f 14 88 9c 36 d4 4a c7 12 bb 4b 23 fb e0 90 4f 8e be 3c 71 38 53 4a 33 51 e8 d0 a0 3e 48 0d fd 9f d1 e1 ed e5 d4 69 b4 88 a9 5f 24 88 8d b4 10 ca ab 7f f5 ed df 94 d5 3c ec ab 69 e7 a6 a7 c7 40 23 Data Ascii: [3`(r{=XsIS_qa<*TtacWq#(UW^k)5eMVMK\}?Zj+5L%:71Wk0&/0LS.%1o1NcvQo6JK#O<q8SJ3Q>Hi_$<i@#
2025-04-09 18:25:31 UTC	7952	IN	Data Raw: 7a f5 63 64 f6 f3 73 5e a8 e5 6d cd d6 eb 11 1e 1c bd 6a b8 6d d6 e7 9e af 4d 47 75 3c b8 ad 53 05 69 2a a6 fc 50 9a d5 21 31 3a bf 28 1d 7b 70 c1 29 9a d5 13 4e a8 65 9a fc db 8c e3 b8 a6 02 ce 98 8e 0f 05 25 6c 0f 11 b3 af 96 1f 76 d2 3c 6c 7e bf 1d 39 cc ee d6 33 67 72 3c fd 87 9a 51 49 ee c4 11 d3 26 2b ba ff 00 4f 59 35 b6 f0 6e a5 c5 ad e2 02 db 5b ea 0a 49 eb 03 67 41 1c 0f 4d 4f e9 47 5a 93 37 d2 ae 17 8d b2 c3 8a c4 b7 60 34 59 94 68 64 8f e3 fe 25 f0 3f 0e 66 ae e4 ef 8b 5b d4 ce 95 42 5e 48 f1 27 a7 fb e4 f5 7c 2b 9c 1d ab 76 57 73 d9 e5 d6 a4 02 bb 57 09 ee dc e8 fe f1 7d 0a 1d 3c 45 18 4a 2c 64 39 5b 35 ed c9 ad 48 ac 48 a5 b5 05 7e f0 35 bf 10 29 35 ea 51 c5 2e f5 e2 62 2a b5 28 0d fc a9 af 56 26 4e 6e bd b6 b1 32 78 73 75 aa cc 52 cb 6e 35 Data Ascii: zcds^mjmMGu<SiP!1:({p)Ne%lv<l~93gr<QI&+OY5n[IgAMOGZ7`4Yhd%?f[B^H'\|+vWsW}<EJ,d9[5HH~5)5Q.b(V&Nn2xsuRn5
2025-04-09 18:25:31 UTC	16384	IN	Data Raw: da dd c8 e6 c2 ab 45 35 89 e8 c6 d0 18 e8 7e d5 86 bc b6 aa d1 4d 77 15 38 47 ba 0b 9f 0b e9 cf 13 35 e0 22 9d 2a e4 82 58 42 ac 5b 5c 0b 16 1a f1 84 82 38 d3 ca 20 8d 94 9c aa 8c f9 65 7b 5f 5f bf fa 38 b1 26 91 a8 53 3c 51 f9 ac 40 b6 e0 3b 1f d9 c5 04 c5 26 02 69 b6 5a 4f 2e 50 76 ee 3e 3c 74 2a 69 82 98 a7 8c 36 84 2a 12 aa 01 6e 30 b5 4d 28 42 62 9c 64 c3 95 22 dd 21 bb 7c 35 e3 21 73 4e 94 53 3d 4d 1b 79 62 4b 58 0f 68 e2 84 aa 93 29 34 c3 25 35 db 71 f6 e8 47 15 03 49 22 a5 41 4e b2 1b b6 84 69 ca 13 15 70 26 b3 0a 05 f3 82 28 24 7c 39 5d 78 55 b4 63 52 e3 a6 4b 80 47 bb ca 13 4e 04 d3 a4 30 18 95 9f b0 f1 37 fb b8 c1 33 4a 00 8a 97 b1 6d b5 7e d1 23 bf 7f a2 df 1e 37 4e 56 39 10 02 6c 0d c9 3a 5b bf b4 8f 80 f1 e6 c5 54 d4 e8 11 4c 96 16 20 58 8d Data Ascii: E5~Mw8G5"XB[\8 e{__8&S<Q@;&iZO.Pv><ti6*n0M(Bbd"!\|5!sNS=MybKXh)4%5qGI"ANip&($\|9]xUcRKGN073Jm~#7NV9l:[TL X
2025-04-09 18:25:31 UTC	8048	IN	Data Raw: 5a bd 58 19 40 36 1f 7f 2d 5e ac 0e be ed f9 ba f5 46 75 d3 de d6 dc 70 56 aa 3b 00 75 ed cd ec ad d4 76 5b 78 72 d5 ea c0 cb cb 56 ab 13 0e 6e b5 58 1d 4f 37 35 b9 ac 3b 01 3c b5 7a a6 41 1f 80 f1 e3 66 9e 02 a6 32 e9 7e 52 9c a6 3a b3 7b f1 f1 4d 9a 63 92 c5 af c7 e9 a3 51 98 73 75 5a c0 57 4b 0e 5a 6b 75 d0 81 8e a3 95 2a 8a d4 d7 8d 33 71 bd 55 ed 42 b1 b5 2b f8 9e 7b 5d 7b 55 62 f9 53 bb 5e dc f1 5d 78 9a f3 c4 05 ed cd 83 4c ec a8 b2 44 7c 35 b7 1c d5 5a a8 be 5e e3 63 cd 4d 5a 2a 4c 50 d8 81 6b 73 d3 57 15 1e ac ea 48 d3 5e 5d 35 65 53 14 ab ef 77 bf 1e 14 c9 35 10 af 8f 1c ad 56 06 1e 3c 74 57 aa 3c 8b b8 73 7b 2a c0 d3 79 5f 6f 1c a7 aa 3b 0b 1e 5e b7 58 58 7d 7c dd 6a b0 30 e5 ab d5 85 86 bc dd 7a a3 b0 f6 f2 d5 ea c2 45 b9 ba f5 60 61 cd d7 ab Data Ascii: ZX@6-^FupV;uv[xrVnXO75;<zAf2~R:{McQsuZWKZku3qUB+{]{UbS^]xLD\|5Z^cMZLPksWH^]5eSw5V<tW<s{*y_o;^XX}\|j0zE`a

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:32 UTC	496	OUT	GET /dbd5a2dd-7aefflgksp0u3dxsklzaxgim1jkwxg1wvjkcunlwbpc/logintenantbranding/0/illustration?ts=635524520434458811 HTTP/1.1 Host: aadcdn.msauthimages.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:25:32 UTC	715	IN	HTTP/1.1 200 OK Content-Length: 323051 Content-Type: image/jpeg Content-MD5: hTrc/cyXc9SAMG9ZZY17mQ== Last-Modified: Mon, 24 Nov 2014 18:54:11 GMT ETag: 0x8D1D62F2B38CA97 x-ms-request-id: 051b1240-a01e-002a-5b66-679cf2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=40387 Date: Wed, 09 Apr 2025 18:25:32 GMT Connection: close X-Content-Type-Options: nosniff Akamai-GRN: 0.8904d217.1744223132.46abdd7
2025-04-09 18:25:32 UTC	15669	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff e1 0b 6e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1c 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 8e 87 69 00 04 00 00 00 01 00 00 00 a4 00 00 00 d0 00 0a fc 80 00 00 27 10 00 0a fc 80 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 34 20 57 69 6e 64 6f 77 73 00 32 30 31 30 3a 30 39 3a 32 39 20 31 35 3a 34 34 3a 30 37 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 b0 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 Data Ascii: JFIFHHnExifMM*bj(1r2i''Adobe Photoshop CS4 Windows2010:09:29 15:44:07
2025-04-09 18:25:33 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-04-09 18:25:33 UTC	1886	IN	Data Raw: cd 55 6b a2 9c f5 6e b2 aa fe 85 8f c4 72 b5 6a c2 57 96 ad 57 b6 f3 d5 aa e8 0b 73 d5 ea ea d6 e6 eb 55 ed b6 ef cd 57 ab a2 2f a7 37 5e ae 8a 83 df 9e af 57 ad cf 56 ab ad a3 9e ad d7 45 6f a7 3d 5a 8a e8 a7 87 37 5e ae b6 11 72 0f 3d 35 6a e0 15 6f 71 cd cd 6a bc 57 5f 6f 35 5a ae 1b 3b fb 39 ba dd 70 db f0 e6 eb 75 ed 9e cd 39 ea d5 71 db 62 79 ea f5 70 d9 61 f4 73 73 5e ae 99 6d cf 57 ab 89 4b e9 cf 4d 7a b8 14 e5 ab d5 c7 6f c7 9e af 57 12 83 c3 9b ad d7 02 be 1c f5 78 57 6a 82 c4 9e d6 e6 ab 75 87 65 bb 72 db 6a b5 c7 6d f4 e6 eb 75 8c a5 b9 ba f5 71 0b 73 cd cd 7a b1 32 73 75 ea e2 46 97 e6 eb 55 8f 6d b9 ed b5 ea e2 57 9b ad d7 02 97 e7 ab d5 c3 66 96 e7 ab 55 88 ae b7 3c b5 7a 2b 89 5b 69 cf 57 ab 86 cb 6b cf 56 ab 81 43 cd d6 eb 19 4f 87 37 5e Data Ascii: UknrjWWsUW/7^WVEo=Z7^r=5joqjW_o5Z;9pu9qbypass^mWKMzoWxWjuerjmuqsz2suFUmWfU<z+[iWkVCO7^
2025-04-09 18:25:33 UTC	16384	IN	Data Raw: c3 9b ad d6 36 17 e7 ab d5 84 8e 5a bd 5c 18 73 75 ea c4 47 b3 9b af 56 22 0f 37 35 ea c4 47 37 5a ac 44 5f 96 ad d7 02 3d bc dd 6a b1 30 e6 eb 75 88 8e 6e bd 58 ca f3 75 ba c4 57 d9 cf 56 ab 1b 0f 6f 2d 5e ac 67 9e af 56 22 2d cb 57 ab 19 1a fd 3c dd 6e b1 b0 f1 e6 eb d5 8d 87 3d 5a ac 44 0e 6e b7 5c 08 e5 ab d5 8c 8e 7a bd 58 88 b7 37 5e ae 04 5f 9b af 56 22 39 ba dd 63 23 c7 9b af 56 32 01 e6 eb 55 8c fb 39 ba d5 70 23 9b ad d6 26 e6 eb 75 da 26 e3 af 3d 5b 14 f9 4b 09 24 5f 89 c9 a7 85 3a 1d 78 d5 3d 5c 08 e6 eb d5 8c f3 d5 ba 87 56 db 63 db e2 78 e0 aa 1a 8d 20 20 47 7f 01 cd d5 6b 25 42 de 13 cd 0a b1 a4 b5 58 b1 3f 5f 15 8a 4c 69 b0 af 1e aa d7 02 39 6a f5 70 23 9a af 57 02 35 3c dd 7a b8 1e 78 56 ab 81 1e ce 6e b7 5c 08 b7 37 5e af 73 d5 ea f7 3d Data Ascii: 6Z\suGV"75G7ZD_=j0unXuWVo-^gV"-W<n=ZDn\zX7^_V"9c#V2U9p#&u&=[K$_:x=\Vcx Gk%BX?_Li9jp#W5<zxVn\7^s=
2025-04-09 18:25:33 UTC	12120	IN	Data Raw: b0 bc 57 6f 67 37 35 5a ed 50 29 d3 c7 9b af 01 5d f9 77 3a 73 d3 5e ae 46 14 b9 b7 8f 35 35 a8 ae c2 9f dd 3f 7f 3d 5b ae 2c 80 e9 db c0 73 d5 a3 5c 42 29 bd b9 ea ad 71 f2 c5 b6 f3 73 5b d9 5d 84 2d aa e9 cd 57 ab db 0d b4 e7 ab 55 d8 4b 1b 0e 7a 6b d5 d1 4e d7 e5 ab 75 d9 5b 6a 45 8f 35 5a af 6d b9 e7 ab d5 c8 26 bb 47 35 35 ea f0 5d 47 b7 9b af 57 b6 d8 76 e6 ab d5 cb cb 17 d3 42 79 ea d5 70 11 0e e3 5e 6c 9a f5 76 c9 73 6e 78 1a f6 da e3 b0 d8 8e 7a bd 15 d0 53 7e 6e b5 5d ed 36 b9 ed cf 56 ab ad 87 bf b3 9e af 57 84 7d c1 e7 ab 75 e0 ba f3 db 2b 55 c0 2d bb 8b f3 75 ba f6 cb b6 bc f6 ca f6 ca ea de 27 c7 9e af 57 4c be 24 73 d5 ea eb 6d c5 ed df 9b af 57 45 2d a7 7e 6e 6b d5 c7 6d c7 35 5b af 15 f8 73 d5 aa e0 46 97 b7 37 56 af 15 fe 1c d5 6a b8 6c Data Ascii: Wog75ZP)]w:s^F55?=[,s\B)qs[]-WUKzkNu[jE5Zm&G55]GWvByp^lvsnxzS~n]6VW}u+U-u'WL$smWE-~nkm5[sF7Vjl
2025-04-09 18:25:33 UTC	16384	IN	Data Raw: 57 03 0e db f6 3b bb f3 d5 a8 8a e0 61 b9 df e1 cd cd 6a 26 b1 3a 1e d7 1c b6 da ad 75 b5 fb 01 db 9e af 57 11 08 1a 0e fa 69 cd cd 7a 2b bf 2f de bf 6f 1e 6a b5 58 8a 6d 52 c7 bf b0 72 f5 ea f1 8c ea 06 b7 1c d5 56 b1 18 c9 25 4f 2d 5b ae 50 a0 0e 2f e0 47 2a 4d 78 56 12 84 1b 72 c0 cd 6a b8 85 b0 d7 b7 37 5b af 04 ef fd 1c f4 d6 ab 8b 20 1f c7 9e ad 8a e3 b6 fa 5a e7 96 d9 5a 15 c1 93 c4 73 75 aa e8 a5 b5 1c f6 da f5 74 50 28 e7 ab 5b 2b a5 5b 68 79 a3 5e ae 3e 5d b4 3e 3c dd 6a 2b 89 8f 4b 8e 5a b7 15 8e d7 3c f5 6a b8 ec e7 a6 bd 5d 6c e6 e6 bd 5c 0a 69 cf 57 ab 89 5e 7a b7 5c 76 78 f2 d5 e1 5c 0a 91 cd 56 ab 81 4e 5a bd 5c 76 8b 73 d3 5a ae b6 90 09 e7 ab 75 88 a5 c7 37 5a ae 05 75 d3 9e ad d7 02 a4 73 d5 5a e0 53 96 ad d7 02 bc dd 7a b8 14 e6 e6 b5 Data Ascii: W;aj&:uWiz+/ojXmRrV%O-[P/G*MxVrj7[ ZZsutP([+[hy^>]><j+KZ<j]l\iW^z\vx\VNZ\vsZu7ZusZSz
2025-04-09 18:25:33 UTC	16384	IN	Data Raw: d7 1c 1b 5b 33 dd 60 28 11 72 f7 7b 89 a2 f7 8d 11 3d 58 95 1c 87 1e 07 82 b6 f0 14 14 73 13 49 f8 e8 d0 a7 cb c6 00 53 ef 5f 8a b5 71 a4 61 3c 2a 54 74 61 63 0e 57 71 23 bf 28 55 57 d3 5e 82 81 a4 6b 29 bf b7 e8 e7 8a a2 b4 13 35 8d a9 a1 86 15 65 b9 d8 a7 96 92 4d 56 00 ac 09 4d 00 91 00 4b 5c a7 ee 7d 3f 1e 5a 6a 90 2b 98 a7 8d 1c ee 90 02 35 b1 16 ef cf 4c d6 e2 a6 25 3a 92 19 98 1d de ce 37 31 57 8a 9a 98 6b 82 00 ed c6 ca e9 cd 14 a6 a5 fd 05 30 91 87 c3 88 ce 26 95 8c 05 2f 30 4c cb 89 d1 53 2e 1f 1c f2 25 31 6f 31 d1 4e 87 e9 e1 63 8c 85 19 8c 76 51 a3 6f 14 88 9c 36 d4 4a c7 12 bb 4b 23 fb e0 90 4f 8e be 3c 71 38 53 4a 33 51 e8 d0 a0 3e 48 0d fd 9f d1 e1 ed e5 d4 69 b4 88 a9 5f 24 88 8d b4 10 ca ab 7f f5 ed df 94 d5 3c ec ab 69 e7 a6 a7 c7 40 23 Data Ascii: [3`(r{=XsIS_qa<*TtacWq#(UW^k)5eMVMK\}?Zj+5L%:71Wk0&/0LS.%1o1NcvQo6JK#O<q8SJ3Q>Hi_$<i@#
2025-04-09 18:25:33 UTC	7952	IN	Data Raw: 7a f5 63 64 f6 f3 73 5e a8 e5 6d cd d6 eb 11 1e 1c bd 6a b8 6d d6 e7 9e af 4d 47 75 3c b8 ad 53 05 69 2a a6 fc 50 9a d5 21 31 3a bf 28 1d 7b 70 c1 29 9a d5 13 4e a8 65 9a fc db 8c e3 b8 a6 02 ce 98 8e 0f 05 25 6c 0f 11 b3 af 96 1f 76 d2 3c 6c 7e bf 1d 39 cc ee d6 33 67 72 3c fd 87 9a 51 49 ee c4 11 d3 26 2b ba ff 00 4f 59 35 b6 f0 6e a5 c5 ad e2 02 db 5b ea 0a 49 eb 03 67 41 1c 0f 4d 4f e9 47 5a 93 37 d2 ae 17 8d b2 c3 8a c4 b7 60 34 59 94 68 64 8f e3 fe 25 f0 3f 0e 66 ae e4 ef 8b 5b d4 ce 95 42 5e 48 f1 27 a7 fb e4 f5 7c 2b 9c 1d ab 76 57 73 d9 e5 d6 a4 02 bb 57 09 ee dc e8 fe f1 7d 0a 1d 3c 45 18 4a 2c 64 39 5b 35 ed c9 ad 48 ac 48 a5 b5 05 7e f0 35 bf 10 29 35 ea 51 c5 2e f5 e2 62 2a b5 28 0d fc a9 af 56 26 4e 6e bd b6 b1 32 78 73 75 aa cc 52 cb 6e 35 Data Ascii: zcds^mjmMGu<SiP!1:({p)Ne%lv<l~93gr<QI&+OY5n[IgAMOGZ7`4Yhd%?f[B^H'\|+vWsW}<EJ,d9[5HH~5)5Q.b(V&Nn2xsuRn5
2025-04-09 18:25:33 UTC	16384	IN	Data Raw: da dd c8 e6 c2 ab 45 35 89 e8 c6 d0 18 e8 7e d5 86 bc b6 aa d1 4d 77 15 38 47 ba 0b 9f 0b e9 cf 13 35 e0 22 9d 2a e4 82 58 42 ac 5b 5c 0b 16 1a f1 84 82 38 d3 ca 20 8d 94 9c aa 8c f9 65 7b 5f 5f bf fa 38 b1 26 91 a8 53 3c 51 f9 ac 40 b6 e0 3b 1f d9 c5 04 c5 26 02 69 b6 5a 4f 2e 50 76 ee 3e 3c 74 2a 69 82 98 a7 8c 36 84 2a 12 aa 01 6e 30 b5 4d 28 42 62 9c 64 c3 95 22 dd 21 bb 7c 35 e3 21 73 4e 94 53 3d 4d 1b 79 62 4b 58 0f 68 e2 84 aa 93 29 34 c3 25 35 db 71 f6 e8 47 15 03 49 22 a5 41 4e b2 1b b6 84 69 ca 13 15 70 26 b3 0a 05 f3 82 28 24 7c 39 5d 78 55 b4 63 52 e3 a6 4b 80 47 bb ca 13 4e 04 d3 a4 30 18 95 9f b0 f1 37 fb b8 c1 33 4a 00 8a 97 b1 6d b5 7e d1 23 bf 7f a2 df 1e 37 4e 56 39 10 02 6c 0d c9 3a 5b bf b4 8f 80 f1 e6 c5 54 d4 e8 11 4c 96 16 20 58 8d Data Ascii: E5~Mw8G5"XB[\8 e{__8&S<Q@;&iZO.Pv><ti6*n0M(Bbd"!\|5!sNS=MybKXh)4%5qGI"ANip&($\|9]xUcRKGN073Jm~#7NV9l:[TL X
2025-04-09 18:25:33 UTC	8048	IN	Data Raw: 5a bd 58 19 40 36 1f 7f 2d 5e ac 0e be ed f9 ba f5 46 75 d3 de d6 dc 70 56 aa 3b 00 75 ed cd ec ad d4 76 5b 78 72 d5 ea c0 cb cb 56 ab 13 0e 6e b5 58 1d 4f 37 35 b9 ac 3b 01 3c b5 7a a6 41 1f 80 f1 e3 66 9e 02 a6 32 e9 7e 52 9c a6 3a b3 7b f1 f1 4d 9a 63 92 c5 af c7 e9 a3 51 98 73 75 5a c0 57 4b 0e 5a 6b 75 d0 81 8e a3 95 2a 8a d4 d7 8d 33 71 bd 55 ed 42 b1 b5 2b f8 9e 7b 5d 7b 55 62 f9 53 bb 5e dc f1 5d 78 9a f3 c4 05 ed cd 83 4c ec a8 b2 44 7c 35 b7 1c d5 5a a8 be 5e e3 63 cd 4d 5a 2a 4c 50 d8 81 6b 73 d3 57 15 1e ac ea 48 d3 5e 5d 35 65 53 14 ab ef 77 bf 1e 14 c9 35 10 af 8f 1c ad 56 06 1e 3c 74 57 aa 3c 8b b8 73 7b 2a c0 d3 79 5f 6f 1c a7 aa 3b 0b 1e 5e b7 58 58 7d 7c dd 6a b0 30 e5 ab d5 85 86 bc dd 7a a3 b0 f6 f2 d5 ea c2 45 b9 ba f5 60 61 cd d7 ab Data Ascii: ZX@6-^FupV;uv[xrVnXO75;<zAf2~R:{McQsuZWKZku3qUB+{]{UbS^]xLD\|5Z^cMZLPksWH^]5eSw5V<tW<s{*y_o;^XX}\|j0zE`a

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:25:41 UTC	2797	OUT	POST /common/GetCredentialType?mkt=en-US HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive Content-Length: 1790 sec-ch-ua-platform: "Windows" hpgid: 1104 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" hpgact: 1800 canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQE0OSw702sHEzh_jS31R2k5YeDWAb3Uc05J5tOK_0MQk7Ab4uI_HFaYOSNsPq22rzqgWXbxvC1iTEAMzi00dJI6GECogRzgMSepMoSNIdO9pV2TpXjYIn8xtA3a4Ik1DcW37cDpdVlTEuZjqRBh7ckZ8dXPtHOj5WIcsTbY6oR-ZwLGDMY7KUgVUFGCAwRx5ayvvodZ-49LHAdCNxk70C0iiAA sec-ch-ua-mobile: ?0 client-request-id: 9cdf90f1-a73e-40af-9ce0-3a75b8b175bf User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json hpgrequestid: e97e1b41-62ca-4d77-962b-ac9174db1000 Content-type: application/json; charset=UTF-8 Origin: https://login.microsoftonline.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access%20email&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com%2F&client-request-id=9cdf90f1-a73e-40af-9ce0-3a75b8b175bf&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=YbJwiH0q_IuueDoKh6_0qY-PvSWuWJuuFO6bzYDFkBQ&code_challenge_method=S256&nonce=d224c807-e71e-4b8f-ada2-ba03d0ce32e5&state=eyJpZCI6ImMyODAzZmE2LTk4NGEtNDVkMy1hOWRhLTk1ZWU4MmNhZTBiNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-SroN80k5yyo=AQABCQEAAABVrSpeuWamRam2jAF1XRQEiMOBMuIrQm02A_xgMLW1Cr8JtV3LYD4fRQ7dWH6n-NoCUTiA_ah9w_YtycgGvU66XbJ84llo0CuaH09KhC3BR83qsD8EGftC4iQzWPoZlg64KuQ_0hpQn65KXCcpNZlBXzKSQpyUE6kC7lGpgzCZoSAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.ARIAtNlx8kzl4UaCvSXVCvo3eV6Zkyd9CtdAvTVpaLoUIZfZAQASAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEF9qDNn3xwvgRhNlh9mbJgNZLqKNzDgzXQt92nwVarUSyRIm3f8zOsamyuV84-3ThR_8xtNtfuDMfCKZBWSfYoel2MeDbFu2uwcH-PQ_ugSIgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbaGydbbkWJmSs1iLu4ky0gh1PBtWaPpN9YweQv18o8pw0K_Zq9CAHzDVucT5r7ClEUkVMmjJGxEjku4T4bcHJz8nD0iW3d_3hoBKKbDgK9Gls4nerZtUxSU0URWTAN6NjFG9_1Mdn6Tw9hHB1u9vtnJE7PcZwSgtaXFAET3UlmwgAA; esctx-bWZD2oRZl4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEHZ6MwSLh1zycLWyX8Uh_KFbiity-H3wga9dLtIpZsHzHZ6dPOLHJX7qIsmOvtIhm8cnD2cTqpL8ngjHr1jPCbeMIy-qpsgkQDLETieCORQMWa25qT6X0c4JrJXhKRwen_bXfczHOZKF9eIrLXmiHayAA; fpc=AvgNz1NAK-BIq3Umf6dJxRVSA2dqAQAAAJWyiN8OAAAA; MicrosoftApplicationsTelemetryDeviceId=6aed6 [TRUNCATED]
2025-04-09 18:25:41 UTC	1790	OUT	Data Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 22 39 6a 6c 61 6c 38 40 6a 68 61 6d 2e 69 6f 22 2c 22 69 73 4f 74 68 65 72 49 64 70 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 68 65 63 6b 50 68 6f 6e 65 73 22 3a 66 61 6c 73 65 2c 22 69 73 52 65 6d 6f 74 65 4e 47 43 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 69 73 43 6f 6f 6b 69 65 42 61 6e 6e 65 72 53 68 6f 77 6e 22 3a 66 61 6c 73 65 2c 22 69 73 46 69 64 6f 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 6f 72 69 67 69 6e 61 6c 52 65 71 75 65 73 74 22 3a 22 72 51 51 49 41 52 41 41 6a 5a 48 50 61 39 4e 67 41 49 61 54 64 71 75 31 6f 4b 73 4b 4d 76 42 53 63 42 4f 78 70 6b 32 2d 66 47 6d 61 77 73 52 75 4b 31 74 69 32 37 43 75 58 62 74 63 78 70 66 6b 79 35 49 31 61 64 49 6b 74 54 38 4f 6e 6a 33 4f 69 Data Ascii: {"username":"9jlal8@jham.io","isOtherIdpSupported":true,"checkPhones":false,"isRemoteNGCSupported":true,"isCookieBannerShown":false,"isFidoSupported":true,"originalRequest":"rQQIARAAjZHPa9NgAIaTdqu1oKsKMvBScBOxpk2-fGmawsRuK1ti27CuXbtcxpfky5I1adIktT8Onj3Oi
2025-04-09 18:25:42 UTC	1620	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" client-request-id: 9cdf90f1-a73e-40af-9ce0-3a75b8b175bf x-ms-request-id: 05c2878e-41ad-47ab-9faf-bfb5d04c8a00 x-ms-ests-server: 2.1.20465.4 - WUS3 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-0x6k2CCKTMeJHDVe0Fa8Uw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=AvgNz1NAK-BIq3Umf6dJxRVSA2dqAQAAAJWyiN8OAAAA; expires=Fri, 09-May-2025 18:25:42 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 09 Apr 2025 18:25:41 GMT Connection: close Content-Length: 1290
2025-04-09 18:25:42 UTC	1290	IN	Data Raw: 7b 22 55 73 65 72 6e 61 6d 65 22 3a 22 39 6a 6c 61 6c 38 40 6a 68 61 6d 2e 69 6f 22 2c 22 44 69 73 70 6c 61 79 22 3a 22 39 6a 6c 61 6c 38 40 6a 68 61 6d 2e 69 6f 22 2c 22 49 66 45 78 69 73 74 73 52 65 73 75 6c 74 22 3a 31 2c 22 49 73 55 6e 6d 61 6e 61 67 65 64 22 3a 66 61 6c 73 65 2c 22 54 68 72 6f 74 74 6c 65 53 74 61 74 75 73 22 3a 31 2c 22 43 72 65 64 65 6e 74 69 61 6c 73 22 3a 7b 22 50 72 65 66 43 72 65 64 65 6e 74 69 61 6c 22 3a 31 2c 22 48 61 73 50 61 73 73 77 6f 72 64 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 65 4e 67 63 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 46 69 64 6f 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 51 72 43 6f 64 65 50 69 6e 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 53 61 73 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 43 65 72 74 41 75 Data Ascii: {"Username":"9jlal8@jham.io","Display":"9jlal8@jham.io","IfExistsResult":1,"IsUnmanaged":false,"ThrottleStatus":1,"Credentials":{"PrefCredential":1,"HasPassword":true,"RemoteNgcParams":null,"FidoParams":null,"QrCodePinParams":null,"SasParams":null,"CertAu

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (956), with no line terminators
Category:	downloaded
Size (bytes):	956
Entropy (8bit):	4.9751633939046895
Encrypted:	false
SSDEEP:	24:0E01AZZcW56tyy4I2VWyEiVWyqpVWynEVWyoktAVWyNdrrVX55B2a:0EG+WTy2phlqUfWk5Hf
MD5:	01B6295C637FB7C8A06485915D228616
SHA1:	45639DD726BD5C16E32099B3A05450A5F5995C1E
SHA-256:	D441D19EEA83506FEE9FE53721C9DF87DB29EF7E077E8FEF4023349A76631D20
SHA-512:	CC5C3B53B3EC8FB2966E321522944ED9A602EF04CE4951D2FCA25BFB05E716892B51F8574EE47D07B7C3BA2B03CCB05E2FFBEC9C52AFA011CDFDD89D49B594D1
Malicious:	false
Reputation:	low
URL:	https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779
Preview:	<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="manifest" href="/manifest.json"><title>My Apps</title><base href="/"><meta name="description" content="My Apps"><link rel="icon" href="/favicon.ico"><script defer="defer" src="/bundle/low-change-freq-vendors.64aacf46.js"></script><script defer="defer" src="/bundle/fluent.331533d0.js"></script><script defer="defer" src="/bundle/microsoft.9a8b6809.js"></script><script defer="defer" src="/bundle/azure.e9a30734.js"></script><script defer="defer" src="/bundle/moderate-change-freq-vendors.b9b6c819.js"></script><script defer="defer" src="/bundle/main.51d86a5c.js"></script></head><body style="margin: 0;"><noscript>You need to enable JavaScript to run this app</noscript><div id="root"></div></body></html>

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65465)
Category:	downloaded
Size (bytes):	1294432
Entropy (8bit):	5.685989454584915
Encrypted:	false
SSDEEP:	12288:V5MHA/iMfypoNCNtqAYxZKR4Jr9bQTpmo1AuQhHqd0UuSrTk4CHpXYAMBf1ofDhe:Vkro4CJIAMBf1dXl
MD5:	457DDC4612F0A319DD6EAC329E4CBBF4
SHA1:	CA160211081AC2E7CBC0E1148ECB750614CABCF3
SHA-256:	57CD43C1AB6BD0101415E6F30BD8482EB85ACEDBE84053A2870FF33F8390D452
SHA-512:	234BE2D7FABBED47578413DFF1734ED3CBCA5BC60715D86D7B77AA55A442BD4D535F77DE714B8210D1F761F52834172C51AE34C8B2380004EE25B6DF7323265F
Malicious:	false
Reputation:	low
URL:	https://myapplications.microsoft.com/bundle/main.51d86a5c.js
Preview:	/! For license information please see main.51d86a5c.js.LICENSE.txt /.!function(){var e,t,n,r,o,i={65788:function(e,t,n){"use strict";n.d(t,{N:function(){return m},u:function(){return y}});var r=n(2784);function o(e){return o="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},o(e)}function i(){i=function(){return e};var e={},t=Object.prototype,n=t.hasOwnProperty,r=Object.defineProperty\|\|function(e,t,n){e[t]=n.value},a="function"==typeof Symbol?Symbol:{},c=a.iterator\|\|"@@iterator",s=a.asyncIterator\|\|"@@asyncIterator",u=a.toStringTag\|\|"@@toStringTag";function l(e,t,n){return Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}),e[t]}try{l({},"")}catch(e){l=function(e,t,n){return e[t]=n}}function d(e,t,n,o){var i=t&&t.prototype instanceof g?t:g,a=Object.create(i.prototype),c=new T(o\|\|[]);return r(a,"_invoke",{value

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65464)
Category:	downloaded
Size (bytes):	382676
Entropy (8bit):	5.241158512530426
Encrypted:	false
SSDEEP:	6144:apotiSu+09qisQFXR6uCSB1DkCXWsFqIfI6xYCFrjWO33wv:FRQaSB1DkCXWsFSaN3gv
MD5:	C2BB805FC8B25BF3FE5B5C1865BD1155
SHA1:	6FA491DDB5CD48A75D32AB474D2BF08477C34860
SHA-256:	F22C0E077993BC20AEC1A2EF52B37D64C653A663529D087D2DE78EC3B54FAA0A
SHA-512:	4C6B2C66C5D105DAC5471D9BABABB19A57671BD9FDDAE6B938C47113BAE01AAC401FC8F6BEF8EE2BDE34F595CCF93F43D40F6D04F4ABE08E20F0B6102FE62372
Malicious:	false
Reputation:	low
URL:	https://myapplications.microsoft.com/bundle/azure.e9a30734.js
Preview:	/! For license information please see azure.e9a30734.js.LICENSE.txt /."use strict";(self.webpackChunkapps=self.webpackChunkapps\|\|[]).push([[196],{93218:function(e,t,r){r.d(t,{L:function(){return wr}});var n,o,i=function(e,t){return i=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},i(e,t)},a=function(){return a=Object.assign\|\|function(e){for(var t,r=1,n=arguments.length;r<n;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},a.apply(this,arguments)},s=r(41601);!function(e){e.AcquireTokenByCode="acquireTokenByCode",e.AcquireTokenByRefreshToken="acquireTokenByRefreshToken",e.AcquireTokenSilent="acquireTokenSilent",e.AcquireTokenSilentAsync="acquireTokenSilentAsync",e.AcquireTokenPopup="acquireTokenPopup",e.CryptoOptsGetPublicKeyThumbprint="cryptoOptsGetPublicKeyThumbprint",e.CryptoOptsSignJwt="cryptoOptsSignJwt",e.SilentCa

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:26:22 UTC	441	OUT	OPTIONS /api/report?catId=GW+estsfd+chi HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Origin: https://login.microsoftonline.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:26:22 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Wed, 09 Apr 2025 18:26:22 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-04-09 18:26:22 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-04-09 18:26:22 UTC	417	OUT	POST /api/report?catId=GW+estsfd+chi HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Content-Length: 1062 Content-Type: application/reports+json Origin: https://login.microsoftonline.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-09 18:26:22 UTC	1062	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 36 30 30 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 35 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 66 32 37 31 64 39 62 34 2d 65 35 34 63 2d 34 36 65 31 2d 38 32 62 64 2d 32 35 64 35 30 61 66 61 33 37 37 39 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 37 39 33 39 39 35 65 2d 30 61 37 64 2d 34 30 64 37 2d 62 64 33 35 2d 36 39 36 38 62 61 31 34 32 31 39 37 26 73 63 6f Data Ascii: [{"age":56002,"body":{"elapsed_time":453,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/f271d9b4-e54c-46e1-82bd-25d50afa3779/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&sco
2025-04-09 18:26:23 UTC	399	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Request-Context: appId=cid-v1:c242839f-7b23-4fcd-8b70-f19e1d322576 Date: Wed, 09 Apr 2025 18:26:23 GMT Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Target ID:	1
Start time:	14:25:09
Start date:	09/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	14:25:10
Start date:	09/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2124,i,7307648910549068412,10690054634076645875,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	7
Start time:	14:25:17
Start date:	09/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Windows Analysis Report
https://myapplications.microsoft.com/?tenantid=f271d9b4-e54c-46e1-82bd-25d50afa3779

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre