Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a

Overview

General Information

Sample URL:https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a
Analysis ID:1676169
Infos:

Detection

Score:1
Range:0 - 100
Confidence:100%

Signatures

HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2008 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5020 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0HTTP Parser: Base64 decoded: f8b97238-37a1-40d9-be84-74c424f79aab8abace88-4da3-43c6-b4bd-2a2ede2dda2b
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DBZgRzYsnz1aKiZL9xlKbo_lheluJpJ4UkBNnJq7KGfHmfRe5e69AoguhK_3a2BesYd5hZrr_afwsn1o7rsAb_pqiGksq4uOwmlmV1N418_yAQnih_KsgxAmba9tn1BaYz7BngoxFf2YlI3YIzSONyHqQfn87ddZOhkGh6DuSKfYx06UFIFMIPL6PX5cbdZRQVXsyhubU8_p3jGYSUJ9RDDWvl6nfrK6f05EA5IFb-uwO-sZc53cGdkdJCpAa7aSxKP-HiMeOvtrBhaov-_qg_Q&response_mode=form_post&nonce=638814318741157454.ZjhiOTcyMzgtMzdhMS00MGQ5LWJlODQtNzRjNDI0Zjc5YWFiOGFiYWNlODgtNGRhMy00M2M2LWI0YmQtMmEyZWRlMmRkYTJi&client-request-id=7b7bd820-d005-4630-9e33-55fe2c232d5c&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&claims=%7B%22id_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&x-client-SKU=ID_NET472&x-client-ver=8.3.0.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.241.136:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.62.130:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.35
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.35
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-dRc2Pwesrlw=AQABCQEAAABVrSpeuWamRam2jAF1XRQE59v8lS6y5-RdP_3Npa2-uD2OwrWUSW3qDcGpGGa2V45YsXbI9mch4KFs7xuZx2uD8zU_CPhZ2j5C3w5sLHxpHpaD5wLYc3apjOfSEzGOENCuvRaXOBoglR6uqyTIyTdQw8ai8z_0D2LhoBU9ZyvZuSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXYAMe_N-B6jSkuT5F9XHpElWmfKzIC9VKtEhiVLecTcd3UBAAB2AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEbWSnHL7Fq-ONawAIf4BrL04r5F_rp8DDJMOgs6foG-tulvjz2PssUi5T3mo19tOvklRFu3LgvwGi7lMeoi8pxSmxQhPzS0iVWYVBLbjfATggAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEdZBHsXI9ZU0R8V6b7NlAMLaNmLLM4Jw0CZmlMgqtKfecynPlpcK0nGbFWVyzcw0MP64xaGHDi03lQnGJzJZHm7pZjYtKfI3Ge7F8ctijJGYLo3zvDI41RcPyrvPJwC_i7cogcmK844mtHbIpTcIp6cn6-1zRSVTlTg1lC5KBSA0gAA; esctx-ohbWRyCBwOs=AQABCQEAAABVrSpeuWamRam2jAF1XRQEomvk8ouBJ4Qf17O6lv1ccZll0wYQUo2hFaaHA7HUWKqMyX3W4QMyOq38QYiq8tJXXxjW9pjiyzHofiXaXHbF2VIXi8MdbPqm_Yr2-NNIaUDE4QeiJduJi0FPeSijfP7KdtWXSVdPUdl54q-CyNyfsCAA; fpc=Aky4PaMTjZpLgBNZdvW_D_lc5p_pAQAAAEVLod8OAAAA; MicrosoftApplicationsTelemetryDeviceId=bf95ddf4-68a3-4f91-9ac3-f471ec78091f; brcap=0
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: unknownHTTP traffic detected: POST /api/report?catId=GW+estsfd+est HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 1276Content-Type: application/reports+jsonOrigin: https://login.microsoftonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.241.136:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.62.130:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: classification engineClassification label: clean1.win@24/35@12/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2008 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5020 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2008 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5020 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1676169 URL: https://security.microsoft.... Startdate: 28/04/2025 Architecture: WINDOWS Score: 1 5 chrome.exe 2 2->5         started        8 chrome.exe 2->8         started        dnsIp3 15 192.168.2.5, 138, 443, 49691 unknown unknown 5->15 10 chrome.exe 5->10         started        13 chrome.exe 5->13         started        process4 dnsIp5 17 www.tm.a.prd.aadg.akadns.net 40.126.62.130, 443, 49737 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->17 19 www.google.com 192.178.49.196, 443, 49701, 49742 GOOGLEUS United States 10->19 21 13 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e329293.dscd.akamaiedge.net
23.62.226.164
truefalse
    		high
    www.google.com
    		192.178.49.196
    		truefalse
      		high
      www.tm.a.prd.aadg.akadns.net
      		40.126.62.130
      		truefalse
        		high
        s-part-0043.t-0009.t-msedge.net
        		13.107.246.71
        		truefalse
          		high
          a1894.dscb.akamai.net
          		23.55.241.136
          		truefalse
            		high
            www.tm.a.prd.aadg.trafficmanager.net
            		20.190.151.67
            		truefalse
              		high
              identity.nel.measure.office.net
              		unknown
              		unknownfalse
                		high
                aadcdn.msftauth.net
                		unknown
                		unknownfalse
                  		high
                  login.microsoftonline.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://login.microsoftonline.com/common/GetCredentialType?mkt=en-USfalse
                      		high
                      http://c.pki.goog/r/r4.crlfalse
                        		high
                        https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+estfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          192.178.49.196
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          40.126.62.130
                          		www.tm.a.prd.aadg.akadns.netUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          23.55.241.136
                          		a1894.dscb.akamai.netUnited States
                          		20940AKAMAI-ASN1EUfalse

                          Private

                          IP
                          192.168.2.5

                          General Information

                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1676169
                          Start date and time:2025-04-28 12:10:07 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 3m 7s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:browseurl.jbs
                          Sample URL:https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:9
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:CLEAN
                          Classification:clean1.win@24/35@12/4
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 23.220.73.6, 142.250.188.238, 142.250.72.163, 192.178.49.174, 142.250.141.84, 192.178.49.206, 13.107.6.192, 20.190.151.68, 20.190.151.134, 20.190.151.133, 142.250.68.234, 192.178.49.170, 142.250.69.10, 192.178.49.202, 172.217.12.142, 142.251.40.46, 142.250.68.227, 20.42.73.27, 52.168.117.175, 20.190.151.67, 20.190.151.132, 20.190.151.131, 20.190.151.8, 20.190.151.9, 184.29.183.29, 69.192.44.226, 13.107.246.71, 4.175.87.197
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.
                          • VT rate limit hit for: https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          Chrome Cache Entry: 52

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
                          Category:downloaded
                          Size (bytes):61052
                          Entropy (8bit):7.996159932827634
                          Encrypted:true
                          SSDEEP:1536:HQaq1Q7XOos5ZBIp+1Zr52IGmCJijm1qAxTe9wzf:fq1HoUBIpU5TG7JSmwuTe+b
                          MD5:C1E82BF71ADD622AD0F3BF8572F634FC
                          SHA1:6CA863D4CAB96669202548D301693B3F5F80B0D5
                          SHA-256:BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
                          SHA-512:820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                          Preview:...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..|.-..x1.F...@...yRlG.O..5.Q.|.gy.c.^....r.EC.....xd.oL..$./..|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1.*.lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.......*..W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.

                          Chrome Cache Entry: 53

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                          Category:downloaded
                          Size (bytes):1435
                          Entropy (8bit):7.8613342322590265
                          Encrypted:false
                          SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                          MD5:9F368BC4580FED907775F31C6B26D6CF
                          SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                          SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                          SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                          Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                          Chrome Cache Entry: 54

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                          Category:dropped
                          Size (bytes):1435
                          Entropy (8bit):7.8613342322590265
                          Encrypted:false
                          SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                          MD5:9F368BC4580FED907775F31C6B26D6CF
                          SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                          SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                          SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                          Malicious:false
                          Reputation:low
                          Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                          Chrome Cache Entry: 55

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                          Category:downloaded
                          Size (bytes):35168
                          Entropy (8bit):7.993219152622706
                          Encrypted:true
                          SSDEEP:768:j6PfHtcQsNe72gH9i6EndaklFS0VBrXFm4soWu7VOYpRf0WL/:5xoCgH9i6EFFhrXFmUW4JpRc+/
                          MD5:E9745F803E3FBA8FA0CC8C1E6E4506C6
                          SHA1:87E8B2D2F29CB42BAD597390234F66745642D080
                          SHA-256:D5496BC436AAD08CCA3F391A3CA8D7DAFC076B081567511A8B1358F860DA8003
                          SHA-512:C74C91DD85D312ED34E2275E13AC778E186581BF43F70B379C3B370755AF46EDA4EE0FE1C52997385848084C90CE2466AB3E7F71D9A2EBE1B6BB85AD0FB66AD6
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4f75990aeef30238698e.js
                          Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:{...r..._........,...A........:..x.>.y..u.....N..f...).......<?._.f..C.....%..@..~....`P../.Q4..IQ.' ...e)'.q..Y:...%.z..x..k.z.../....@.D.r?......GP....`..o.'..~1.....&.HJ.`.@.}mV../8.b.m..guo.H_.7Qv.....dQ.....-.NE......G:.U'.....~.1.....H.k...O..dk.d.|.7..x\/..i^.Y..Q_/.`..i.&...-.......P...yEv....,....'.^...X.......YK.".....l.r.ax.....<...1!..4GQ.M_.....L..F..51.!.....].....y...(...=O5?.nT...~

                          Chrome Cache Entry: 56

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 459233
                          Category:downloaded
                          Size (bytes):124082
                          Entropy (8bit):7.9975238263371935
                          Encrypted:true
                          SSDEEP:3072:6WGkF9qkuami5zUIL2+MdueBQzQR14h4STyAKTey8Pd/Y8L1B0:fFfX5LMdpQzqSh4STyAKTedPd/Y8A
                          MD5:36ACAEABB66EB3389B8BBA56FF4F9BAF
                          SHA1:9E85A77464893DBC5B5791BDB0219C01A9136AC9
                          SHA-256:E4F3CC8D144B38F1B49FE19F8B15A75E988C3693D1AD59B25E7943F8FA70C571
                          SHA-512:F79ABAB6F7E40DA2AD6131276DE6DC86EDA6229730BC427D261DD2B168BCB9EA80045605D54296985A1436FE8B94CBDC87A207AF2398E9AF289A95C4AE867070
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_EA9_0LNszQ27kSRR18wFAw2.js
                          Preview:...........kw.8.(....G37mw...Wl....'..t^.'.O*.%K...#yKr..x.....D.r...Y....<*...@..@......U...........W........a.....rv~5..}.=.(....+...*.w....A%.*~...<....G.7.Ye.....U.Q.'s..2......,|.T...\8Q.Z.^..P?.....@i7...........xT..>..U.......WN}7..p.T".2.......oB.8...,.L.(....WF.)j....bL...'..'4P..........e.`.ZW:.V.........p!z........cL.`zV.t.[.I=7.EO.....xT!d....{..@<{.L#'@...`.i..#.........?.#42...$.....*..cV.dP....A..g\.6...k.w....d.[.>L..~1...../\LgN.]w.`p.....v..y...+.r..C.*............/$....................ak..\.X...w%....F.'....zh.7.....V.mCw......>c.4..wvj.......WM.f?...9..;..s.(.3 ...s_ut.........n}.......t.a....H.....HO..*.In....Q.......weOkn=..'I.V......Jw.e.e.....!...T.....d....].:....Si...o....2u.i-W.}Q.a!.c"....k.1...,mu,z..z....[5..Q.*.1.E}C.[.b..&..-......Zr..w..s..R.....m....k.I..&.+...Re...T\.8`g<cZ......h..u..f.P......~.......D...,b.z@.Sw...k5....Db.../...I..}..ZL.j.taJV.HJ...g..H.C.z...^.R?........[.9e..xZ.....9...!.V....<%J.D...

                          Chrome Cache Entry: 57

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142656
                          Category:downloaded
                          Size (bytes):50005
                          Entropy (8bit):7.995240163178497
                          Encrypted:true
                          SSDEEP:1536:JxgptniuBMYzToxuuJ2N+YmXUlf9LFYI1k:JehBhmuq2N+YJlkgk
                          MD5:384EEF4959483B40CCFF18C8B269B794
                          SHA1:C359F400CE19D445AF3DB8AEFC6447148194836B
                          SHA-256:9F44936C83C55C9870458CCCEBAF44FF9AD9E22F0C411F4CBA05EA565C7A9067
                          SHA-512:C593AE92C6ED49E70ACCA13CEFEB3351EBCA7CFA1F94F55C64A89FEDCBC1267D6003355FBC8381E3C8D253836A39BE7D823B10F4933F917A723596E9BBE6CB4B
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_bazYuVH6rF7OQmuNhACwPg2.js
                          Preview:...........m[.8.0........OL....;w.....6.ff.X.'V......4.r~........=........,..JU.......T~.l..?..E...r..r.....r.o....^.......(..q...?.......*aP......h.Fn".....|wR.G.C%...i.~..$.L.8.BC1..*U...*gn.<W...:./.6.....(.>..}R.......xT..^.XTf.'...?.....(..qR..H...x...OX.7..X$.q.%..ze....>._......{P.:....~.M...X&.&.u..ie..|.*IXy.g..Y....x{..;..U.M.f....f,.Gl.dR..<...bl{E|..@<y..En.(W...s."!.D.X.<AE....a....Y..'.t*&8.T.....".J.K......Rm5.;...F...$........Q......C.G_.s...../1.8b\....ZP9..\?P.:........)`_.... .......6..#lXU.s.\I....Q..*..Y..\5n,.~.7V.4..su........N\...._.7...........T.....)..L..S}.c_...\_......Y}:...._1-|p..l@..[q.......*....?&.0Z_.Aw:3.RsV...qR5..Bv./..7...b.G,..jt...HfQP..:.).a...&9s.N....d.=_,:...B..@...+{.Mx.8k.,m.Q.B.......j....}.2bdEkE.G.a..5...1....G ...T...~....uV6.....i.=...A*U.!.+."3c...D.&!*q.9L....8..&`>.....v....6aT\.U.S.q"+!.....Xi.@D2.....g..t\.nw.-..L..S.B@QZ.N>.\-...[...pD....sro//..H...i......}.U.....M.yJ........./.

                          Chrome Cache Entry: 58

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                          Category:downloaded
                          Size (bytes):621
                          Entropy (8bit):7.673946009263606
                          Encrypted:false
                          SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                          MD5:4761405717E938D7E7400BB15715DB1E
                          SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                          SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                          SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                          Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                          Chrome Cache Entry: 59

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 59293
                          Category:downloaded
                          Size (bytes):16714
                          Entropy (8bit):7.987160006931144
                          Encrypted:false
                          SSDEEP:384:TplwL5Bt/vaGc5eK6IaRSSzjnl0Y6kxKNUb6ptH:wL5riGcacQjnKk+vr
                          MD5:878F0134D5623C12145B3C539CCB0A31
                          SHA1:8DA453BA5ACE4E06F9E3599DD765E1E2C8D17AA9
                          SHA-256:FDE7337DB19DC211784EEEE2AAD0856785D1A940C2EA73A6E6B6659233D3AFC7
                          SHA-512:73C1C7735E6A442CB54CC2818B5004201AB556737B35FDA1064EEC8430BF9B2F012AA3B32F04350A8C3B9AEC1821B75548FCE9C36EB4354C57AA3BC3074E08E7
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l8i1wwom7wbodda4l9b6dw2.js
                          Preview:...........}Ms#G.....u...z |..#......!...g..dD.(........R.....}..'.}..?e#.........#.....!..>....2.2..0[......b.A.......o.....i/..:....$>..0.^~t.B..W........u.Y..TL...|~)...:q...j....w...\..r..3v.5.tCAi..NP.4<.w.(...yy.....a8.....+{....W.}.......`.q.qi...?.....qg.D.X.wb..?.bOD...x.B1..X..`.N..b..E...%J.....`<...zu....&4..^..x$>.b+.n,.n...A...;..k?.:......I.._.-.F.B+.n=q..Pgl7.(^.....B.......gQ.k......0..0?...E<.y.B4..w..=?..F..Z........EhH...b.,...].O.z...<.;.....=.L....GB.......i......J.\9.........2.A)h.V..:t.)..?..f.'.....v.%.;.WP...2oOe9./..u1......_...~(..`[.7/5..m...4...?.2.e ...y....#...tg"......O.J.N..~n....q-...U>9l..}........K...I...b.S.:..U$.........P.>X...p-..........,L.G .B.."..O.."..f..P..N&"...._pW.......{..B..{.q..R....._..q_.f.Bp.=.=..:.....=..D.`,!IGr.. ...z.?.g_0N(...:..;..0.z.h....6.../.......?.....c.3...3@n.......=P A.Bv...{{.'.=...L......9..P,`%.N........3.7.G...9:..o....[...........s|.._.:*...Jh.^.(.....s...e.......

                          Chrome Cache Entry: 60

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                          Category:dropped
                          Size (bytes):621
                          Entropy (8bit):7.673946009263606
                          Encrypted:false
                          SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                          MD5:4761405717E938D7E7400BB15715DB1E
                          SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                          SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                          SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                          Malicious:false
                          Reputation:low
                          Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                          Chrome Cache Entry: 61

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:GIF image data, version 89a, 352 x 3
                          Category:dropped
                          Size (bytes):3620
                          Entropy (8bit):6.867828878374734
                          Encrypted:false
                          SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                          MD5:B540A8E518037192E32C4FE58BF2DBAB
                          SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                          SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                          SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                          Malicious:false
                          Reputation:low
                          Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                          Chrome Cache Entry: 62

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):100
                          Entropy (8bit):5.139401470035981
                          Encrypted:false
                          SSDEEP:3:LiczUCWdLmwkMKXZIwPiFXuGFrgMBdrY:LiczidLmR1Pitu/KM
                          MD5:FF2300A7D8C46BBBCDBCE2F5F39F0B3B
                          SHA1:F3E190506568515BF088594BBB6C11ED2762C1E7
                          SHA-256:123C9BC8E48555D7739BFEC27A2567E8C6CFE558BBCA79A31A7DFFC75ABFCCC6
                          SHA-512:E6AF264DAC46295945146F6B0F2C6698A549BC682DA1B0AB085A7F6EDF8F49FAE62D3DCA8505EB64BDD96CE4A15EF9CA412E7E31C1AEF9804FE50ED8AC10B97B
                          Malicious:false
                          Reputation:low
                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCYICaXLWAdtdEgUN0VtRUhIFDVd69_0h5O4-ZHSZs-k=?alt=proto
                          Preview:CkcKCw3RW1FSGgQIVhgCCjgNV3r3/RoECEsYAiorCApSJwodQCEjLiokLV8rJSY/L149KSgsOjt+PCciXF0+W30QARj/////Dw==

                          Chrome Cache Entry: 63

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                          Category:downloaded
                          Size (bytes):17174
                          Entropy (8bit):2.9129715116732746
                          Encrypted:false
                          SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                          MD5:12E3DAC858061D088023B2BD48E2FA96
                          SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                          SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                          SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                          Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                          Chrome Cache Entry: 64

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                          Category:downloaded
                          Size (bytes):673
                          Entropy (8bit):7.6596900876595075
                          Encrypted:false
                          SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                          MD5:0E176276362B94279A4492511BFCBD98
                          SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                          SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                          SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
                          Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                          Chrome Cache Entry: 65

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:GIF image data, version 89a, 352 x 3
                          Category:dropped
                          Size (bytes):2672
                          Entropy (8bit):6.640973516071413
                          Encrypted:false
                          SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                          MD5:166DE53471265253AB3A456DEFE6DA23
                          SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                          SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                          SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                          Malicious:false
                          Reputation:low
                          Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                          Chrome Cache Entry: 66

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):72
                          Entropy (8bit):4.241202481433726
                          Encrypted:false
                          SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                          MD5:9E576E34B18E986347909C29AE6A82C6
                          SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                          SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                          SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                          Malicious:false
                          Reputation:low
                          Preview:{"Message":"The requested resource does not support http method 'GET'."}

                          Chrome Cache Entry: 67

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                          Category:downloaded
                          Size (bytes):20410
                          Entropy (8bit):7.980582012022051
                          Encrypted:false
                          SSDEEP:384:8RvmaMFysnOXZ2m9zM+udO6GGUpeAU02oDGnN5EsQwWUQGTS8r2k:8pmm7ZFM+ObGGUIjN5PJV3Tp
                          MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                          SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                          SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                          SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                          Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                          Chrome Cache Entry: 68

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:GIF image data, version 89a, 352 x 3
                          Category:downloaded
                          Size (bytes):2672
                          Entropy (8bit):6.640973516071413
                          Encrypted:false
                          SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                          MD5:166DE53471265253AB3A456DEFE6DA23
                          SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                          SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                          SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                          Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                          Chrome Cache Entry: 69

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                          Category:dropped
                          Size (bytes):673
                          Entropy (8bit):7.6596900876595075
                          Encrypted:false
                          SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                          MD5:0E176276362B94279A4492511BFCBD98
                          SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                          SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                          SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                          Malicious:false
                          Reputation:low
                          Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                          Chrome Cache Entry: 70

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:GIF image data, version 89a, 352 x 3
                          Category:downloaded
                          Size (bytes):3620
                          Entropy (8bit):6.867828878374734
                          Encrypted:false
                          SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                          MD5:B540A8E518037192E32C4FE58BF2DBAB
                          SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                          SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                          SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                          Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                          Chrome Cache Entry: 71

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                          Category:dropped
                          Size (bytes):17174
                          Entropy (8bit):2.9129715116732746
                          Encrypted:false
                          SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                          MD5:12E3DAC858061D088023B2BD48E2FA96
                          SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                          SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                          SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                          Malicious:false
                          Reputation:low
                          Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                          Chrome Cache Entry: 72

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                          Category:downloaded
                          Size (bytes):116364
                          Entropy (8bit):7.997236503670438
                          Encrypted:true
                          SSDEEP:3072:7EoTCjm+KsUvGOonzI627JoxMrHDGqMzn4:/Cy+KNvGVns6+MijGTT4
                          MD5:991F65CE1AA4809A6ED028BD54B3D1E3
                          SHA1:18B2197389C0AE376309E3A5D03CC1C039337685
                          SHA-256:3C2C2CFEA40049D60B0BCEA06AE9A3558D0D264B318F06DD180A920774EC6365
                          SHA-512:32F2D67286A4A813A3FBC60DA16923D5B210237D39F331244A4ADDB52A9AF66A606E38CE64D219F78A8FBDC20756B42382B136210DE75FF4FE2ED39C154E27F9
                          Malicious:false
                          Reputation:low
                          URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_41f36656d3c0bb04c90c.js
                          Preview:...........k{.H.(.}.......c....8=.Ib......#Ca.....K..o..ZU%...q..9...ct).....S..*?U.6..rqyt~Y9}W..........Z.xzy..x.z.Q.w9......^...U.........<..G....=wZ.....Oxe.._.0.*S/..k>..*&T..*gn.?TN....6.....a0...I\......)....$......7.T>x.0..q\...{..H...|.....2..x"..\`IYkD..#*....FP....a.^.].'0h.&.....ie..|.*qPy....l<..S.y.E..>.....a...3..-vq:..P<..dE.....C.h.P..]..\5.......3.<N.^?T...:B#c....|...T.........(...Q.l7[...V.e.W.8.G.....O...0.m...f.F...7..h.......F..b...Yr.=...f.....?......S.}U..g.......t..../...G.......~.+...)y.X\...<.&.........`.v.....`^....c4c.Yh=.a.wB.m.......i..~v-..O..nY....A....5...v...t..FSw...Q/n...c.9Y{.-..>a..7h..o..ec...O...)~..8...j-M..nD....9......f5..'Q#...L.'......fZW."Q[.<.nx..O...LU.;..a.m..&.k.$...;.=L...yv....,.f<Hb{.w.@.8...8F.D.>.04.[K6v.i..2.#?..&.;-.].....1.X0w.H6mZ..A...t..e-.\...MC6.xt`..cu...@_...v....;z'.mV.T/o.i....-...K......\..Sn>B......%x..%......W.|......~.6.%...+.:..x5..s5P.-..!.G...ZT.i...;.&

                          Static File Info

                          No static file info

                          Network Behavior

                          Download Network PCAP: filteredfull

                          Network Port Distribution

                          • Total Packets: 68
                          • 443 (HTTPS)
                          • 80 (HTTP)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Apr 28, 2025 12:10:58.582998037 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:10:58.895170927 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:10:59.504625082 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:10:59.551471949 CEST49672443192.168.2.5204.79.197.203
                          Apr 28, 2025 12:11:00.707664013 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:11:02.387645006 CEST4969180192.168.2.5142.251.40.35
                          Apr 28, 2025 12:11:02.535661936 CEST8049691142.251.40.35192.168.2.5
                          Apr 28, 2025 12:11:02.535737991 CEST4969180192.168.2.5142.251.40.35
                          Apr 28, 2025 12:11:02.637876987 CEST4969180192.168.2.5142.251.40.35
                          Apr 28, 2025 12:11:02.785888910 CEST8049691142.251.40.35192.168.2.5
                          Apr 28, 2025 12:11:02.786648035 CEST8049691142.251.40.35192.168.2.5
                          Apr 28, 2025 12:11:02.832664967 CEST4969180192.168.2.5142.251.40.35
                          Apr 28, 2025 12:11:03.113925934 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:11:07.926451921 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:11:09.205863953 CEST49672443192.168.2.5204.79.197.203
                          Apr 28, 2025 12:11:12.553623915 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:12.553654909 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:12.553806067 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:12.553968906 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:12.553982973 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:12.871644974 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:12.871757984 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:12.872826099 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:12.872837067 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:12.873037100 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:12.927264929 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:17.544562101 CEST49676443192.168.2.520.189.173.14
                          Apr 28, 2025 12:11:18.021699905 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.021728039 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.021789074 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.021920919 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.021934032 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.353882074 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.353956938 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.354976892 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.354985952 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.355184078 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.355432034 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.400266886 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.663597107 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.663758039 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.663809061 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.665224075 CEST49712443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.665245056 CEST4434971223.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.665941954 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.665985107 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.666049957 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.666193008 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.666208029 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.991836071 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.992121935 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.992136002 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.992264986 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.992270947 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:18.992286921 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:18.992297888 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:19.713845015 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:19.713908911 CEST4434971623.55.241.136192.168.2.5
                          Apr 28, 2025 12:11:19.714206934 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:19.714207888 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:19.714260101 CEST49716443192.168.2.523.55.241.136
                          Apr 28, 2025 12:11:22.902811050 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:22.902872086 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:22.902982950 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:23.134233952 CEST49701443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:11:23.134260893 CEST44349701192.178.49.196192.168.2.5
                          Apr 28, 2025 12:11:35.145304918 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.145344973 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.145427942 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.145602942 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.145617008 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.581259012 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.581342936 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.582505941 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.582510948 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.582758904 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.583177090 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.583192110 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.911529064 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.911596060 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.911606073 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:11:35.911657095 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.913126945 CEST49737443192.168.2.540.126.62.130
                          Apr 28, 2025 12:11:35.913141012 CEST4434973740.126.62.130192.168.2.5
                          Apr 28, 2025 12:12:02.926884890 CEST4969180192.168.2.5142.251.40.35
                          Apr 28, 2025 12:12:03.074954033 CEST8049691142.251.40.35192.168.2.5
                          Apr 28, 2025 12:12:03.075005054 CEST4969180192.168.2.5142.251.40.35
                          Apr 28, 2025 12:12:12.486759901 CEST49742443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:12:12.486799002 CEST44349742192.178.49.196192.168.2.5
                          Apr 28, 2025 12:12:12.486906052 CEST49742443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:12:12.487129927 CEST49742443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:12:12.487145901 CEST44349742192.178.49.196192.168.2.5
                          Apr 28, 2025 12:12:12.800842047 CEST44349742192.178.49.196192.168.2.5
                          Apr 28, 2025 12:12:12.801143885 CEST49742443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:12:12.801166058 CEST44349742192.178.49.196192.168.2.5
                          Apr 28, 2025 12:12:17.835864067 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:17.835901976 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:17.836016893 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:17.836242914 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:17.836261988 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.169368982 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.169873953 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.169892073 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.169955969 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.169960022 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.489715099 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.489841938 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.489914894 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.490210056 CEST49744443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.490221977 CEST4434974423.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.661322117 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.661354065 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.661449909 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.661550999 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.661567926 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.995642900 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.995937109 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.995964050 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.996108055 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.996113062 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:18.996136904 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:18.996141911 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:19.441868067 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:19.441915989 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:19.442074060 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:19.442161083 CEST49746443192.168.2.523.55.241.136
                          Apr 28, 2025 12:12:19.442174911 CEST4434974623.55.241.136192.168.2.5
                          Apr 28, 2025 12:12:22.800288916 CEST44349742192.178.49.196192.168.2.5
                          Apr 28, 2025 12:12:22.800338030 CEST44349742192.178.49.196192.168.2.5
                          Apr 28, 2025 12:12:22.800412893 CEST49742443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:12:23.619533062 CEST49742443192.168.2.5192.178.49.196
                          Apr 28, 2025 12:12:23.619576931 CEST44349742192.178.49.196192.168.2.5
                          TimestampSource PortDest PortSource IPDest IP
                          Apr 28, 2025 12:11:07.877830029 CEST53647331.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:08.100086927 CEST53582801.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:09.211806059 CEST53571071.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:12.412604094 CEST6390553192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:12.412724018 CEST6491853192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:12.552601099 CEST53639051.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:12.552771091 CEST53649181.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:14.203408957 CEST6312753192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:14.203562021 CEST5029153192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:14.344093084 CEST53631271.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:14.344160080 CEST53502911.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:17.823504925 CEST5164153192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:17.823916912 CEST5952353192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:17.998152971 CEST53516411.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:18.014585018 CEST6124353192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:18.014734030 CEST5509353192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:18.020029068 CEST53595231.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:18.154711962 CEST53612431.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:18.154758930 CEST53550931.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:22.197575092 CEST53655151.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:26.286485910 CEST53498631.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:34.994895935 CEST5999853192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:34.995023012 CEST6496253192.168.2.51.1.1.1
                          Apr 28, 2025 12:11:35.135061979 CEST53599981.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:35.144604921 CEST53649621.1.1.1192.168.2.5
                          Apr 28, 2025 12:11:45.219726086 CEST53612631.1.1.1192.168.2.5
                          Apr 28, 2025 12:12:01.854372978 CEST138138192.168.2.5192.168.2.255
                          Apr 28, 2025 12:12:07.790983915 CEST53643071.1.1.1192.168.2.5
                          Apr 28, 2025 12:12:07.808022022 CEST53635271.1.1.1192.168.2.5
                          Apr 28, 2025 12:12:11.122008085 CEST53535821.1.1.1192.168.2.5
                          Apr 28, 2025 12:12:18.491022110 CEST6221453192.168.2.51.1.1.1
                          Apr 28, 2025 12:12:18.491192102 CEST5014053192.168.2.51.1.1.1
                          Apr 28, 2025 12:12:18.631897926 CEST53622141.1.1.1192.168.2.5
                          Apr 28, 2025 12:12:18.672082901 CEST53501401.1.1.1192.168.2.5
                          TimestampSource IPDest IPChecksumCodeType
                          Apr 28, 2025 12:11:18.398917913 CEST192.168.2.51.1.1.1c2ce(Port unreachable)Destination Unreachable
                          Apr 28, 2025 12:12:18.672168970 CEST192.168.2.51.1.1.1c285(Port unreachable)Destination Unreachable

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Apr 28, 2025 12:11:12.412604094 CEST192.168.2.51.1.1.10xe0d0Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:12.412724018 CEST192.168.2.51.1.1.10x7680Standard query (0)www.google.com65IN (0x0001)false
                          Apr 28, 2025 12:11:14.203408957 CEST192.168.2.51.1.1.10x291bStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.203562021 CEST192.168.2.51.1.1.10xa29Standard query (0)login.microsoftonline.com65IN (0x0001)false
                          Apr 28, 2025 12:11:17.823504925 CEST192.168.2.51.1.1.10x61ccStandard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:17.823916912 CEST192.168.2.51.1.1.10x34a6Standard query (0)identity.nel.measure.office.net65IN (0x0001)false
                          Apr 28, 2025 12:11:18.014585018 CEST192.168.2.51.1.1.10x66afStandard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:18.014734030 CEST192.168.2.51.1.1.10x18a6Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                          Apr 28, 2025 12:11:34.994895935 CEST192.168.2.51.1.1.10x14acStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:34.995023012 CEST192.168.2.51.1.1.10xc240Standard query (0)login.microsoftonline.com65IN (0x0001)false
                          Apr 28, 2025 12:12:18.491022110 CEST192.168.2.51.1.1.10x2520Standard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                          Apr 28, 2025 12:12:18.491192102 CEST192.168.2.51.1.1.10x6e81Standard query (0)identity.nel.measure.office.net65IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Apr 28, 2025 12:11:12.552601099 CEST1.1.1.1192.168.2.50xe0d0No error (0)www.google.com192.178.49.196A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:12.552771091 CEST1.1.1.1192.168.2.50x7680No error (0)www.google.com65IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.67A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.69A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.6A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.9A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.131A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.132A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.8A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344093084 CEST1.1.1.1192.168.2.50x291bNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.151.7A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344160080 CEST1.1.1.1192.168.2.50xa29No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344160080 CEST1.1.1.1192.168.2.50xa29No error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:14.344160080 CEST1.1.1.1192.168.2.50xa29No error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:15.680129051 CEST1.1.1.1192.168.2.50x7cf5No error (0)shed.dual-low.s-part-0043.t-0009.t-msedge.nets-part-0043.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:15.680129051 CEST1.1.1.1192.168.2.50x7cf5No error (0)s-part-0043.t-0009.t-msedge.net13.107.246.71A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:17.998152971 CEST1.1.1.1192.168.2.50x61ccNo error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:17.998152971 CEST1.1.1.1192.168.2.50x61ccNo error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:17.998152971 CEST1.1.1.1192.168.2.50x61ccNo error (0)a1894.dscb.akamai.net23.55.241.136A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:17.998152971 CEST1.1.1.1192.168.2.50x61ccNo error (0)a1894.dscb.akamai.net23.55.241.139A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:18.020029068 CEST1.1.1.1192.168.2.50x34a6No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.020029068 CEST1.1.1.1192.168.2.50x34a6No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154711962 CEST1.1.1.1192.168.2.50x66afNo error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154711962 CEST1.1.1.1192.168.2.50x66afNo error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154711962 CEST1.1.1.1192.168.2.50x66afNo error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154711962 CEST1.1.1.1192.168.2.50x66afNo error (0)e329293.dscd.akamaiedge.net23.62.226.164A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154711962 CEST1.1.1.1192.168.2.50x66afNo error (0)e329293.dscd.akamaiedge.net23.62.226.176A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154758930 CEST1.1.1.1192.168.2.50x18a6No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154758930 CEST1.1.1.1192.168.2.50x18a6No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:18.154758930 CEST1.1.1.1192.168.2.50x18a6No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:21.545818090 CEST1.1.1.1192.168.2.50xfa41No error (0)shed.dual-low.s-part-0043.t-0009.t-msedge.nets-part-0043.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:21.545818090 CEST1.1.1.1192.168.2.50xfa41No error (0)s-part-0043.t-0009.t-msedge.net13.107.246.71A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net40.126.62.130A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net20.190.190.196A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net20.190.190.130A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net20.190.190.129A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net20.190.190.193A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net40.126.62.132A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net40.126.62.131A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.135061979 CEST1.1.1.1192.168.2.50x14acNo error (0)www.tm.a.prd.aadg.akadns.net20.190.190.132A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:11:35.144604921 CEST1.1.1.1192.168.2.50xc240No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:35.144604921 CEST1.1.1.1192.168.2.50xc240No error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:11:35.144604921 CEST1.1.1.1192.168.2.50xc240No error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:12:18.631897926 CEST1.1.1.1192.168.2.50x2520No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:12:18.631897926 CEST1.1.1.1192.168.2.50x2520No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:12:18.631897926 CEST1.1.1.1192.168.2.50x2520No error (0)a1894.dscb.akamai.net23.55.241.136A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:12:18.631897926 CEST1.1.1.1192.168.2.50x2520No error (0)a1894.dscb.akamai.net23.55.241.139A (IP address)IN (0x0001)false
                          Apr 28, 2025 12:12:18.672082901 CEST1.1.1.1192.168.2.50x6e81No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                          Apr 28, 2025 12:12:18.672082901 CEST1.1.1.1192.168.2.50x6e81No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • identity.nel.measure.office.net
                          • login.microsoftonline.com
                          • c.pki.goog

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination Port
                          0192.168.2.549691142.251.40.3580
                          TimestampBytes transferredDirectionData
                          Apr 28, 2025 12:11:02.637876987 CEST200OUTGET /r/r4.crl HTTP/1.1
                          Cache-Control: max-age = 3000
                          Connection: Keep-Alive
                          Accept: */*
                          If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                          User-Agent: Microsoft-CryptoAPI/10.0
                          Host: c.pki.goog
                          Apr 28, 2025 12:11:02.786648035 CEST1240INHTTP/1.1 200 OK
                          Accept-Ranges: bytes
                          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                          Cross-Origin-Resource-Policy: cross-origin
                          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                          Content-Length: 530
                          X-Content-Type-Options: nosniff
                          Server: sffe
                          X-XSS-Protection: 0
                          Date: Mon, 28 Apr 2025 10:10:56 GMT
                          Expires: Mon, 28 Apr 2025 11:00:56 GMT
                          Cache-Control: public, max-age=3000
                          Age: 6
                          Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
                          Content-Type: application/pkix-crl
                          Vary: Accept-Encoding
                          Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
                          Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.54971223.55.241.1364437060C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-04-28 10:11:18 UTC441OUTOPTIONS /api/report?catId=GW+estsfd+est HTTP/1.1
                          Host: identity.nel.measure.office.net
                          Connection: keep-alive
                          Origin: https://login.microsoftonline.com
                          Access-Control-Request-Method: POST
                          Access-Control-Request-Headers: content-type
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          2025-04-28 10:11:18 UTC319INHTTP/1.1 200 OK
                          Content-Type: text/html
                          Content-Length: 7
                          Date: Mon, 28 Apr 2025 10:11:18 GMT
                          Connection: close
                          Access-Control-Allow-Headers: content-type
                          Access-Control-Allow-Credentials: false
                          Access-Control-Allow-Methods: *
                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                          Access-Control-Allow-Origin: *
                          2025-04-28 10:11:18 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                          Data Ascii: OPTIONS


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.54971623.55.241.1364437060C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-04-28 10:11:18 UTC417OUTPOST /api/report?catId=GW+estsfd+est HTTP/1.1
                          Host: identity.nel.measure.office.net
                          Connection: keep-alive
                          Content-Length: 1276
                          Content-Type: application/reports+json
                          Origin: https://login.microsoftonline.com
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          2025-04-28 10:11:18 UTC1276OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 33 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 38 30 63 63 63 61 36 37 2d 35 34 62 64 2d 34 34 61 62 2d 38 36 32 35 2d 34 62 37 39 63 34 64 63 37 37 37 35 26 72 65 73 70 6f 6e 73 65 5f 74 79 70 65 3d 63 6f 64 65 25 32 30 69 64 5f 74 6f 6b 65 6e 26 73 63 6f 70 65 3d 6f 70 65 6e 69
                          Data Ascii: [{"age":0,"body":{"elapsed_time":1037,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openi
                          2025-04-28 10:11:19 UTC399INHTTP/1.1 429 Too Many Requests
                          Content-Length: 0
                          x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
                          Request-Context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765
                          Date: Mon, 28 Apr 2025 10:11:19 GMT
                          Connection: close
                          Access-Control-Allow-Credentials: false
                          Access-Control-Allow-Methods: *
                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                          Access-Control-Allow-Origin: *


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.54973740.126.62.1304437060C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-04-28 10:11:35 UTC1490OUTGET /common/GetCredentialType?mkt=en-US HTTP/1.1
                          Host: login.microsoftonline.com
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: */*
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: empty
                          Sec-Fetch-Storage-Access: active
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          Cookie: esctx-dRc2Pwesrlw=AQABCQEAAABVrSpeuWamRam2jAF1XRQE59v8lS6y5-RdP_3Npa2-uD2OwrWUSW3qDcGpGGa2V45YsXbI9mch4KFs7xuZx2uD8zU_CPhZ2j5C3w5sLHxpHpaD5wLYc3apjOfSEzGOENCuvRaXOBoglR6uqyTIyTdQw8ai8z_0D2LhoBU9ZyvZuSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AXYAMe_N-B6jSkuT5F9XHpElWmfKzIC9VKtEhiVLecTcd3UBAAB2AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEbWSnHL7Fq-ONawAIf4BrL04r5F_rp8DDJMOgs6foG-tulvjz2PssUi5T3mo19tOvklRFu3LgvwGi7lMeoi8pxSmxQhPzS0iVWYVBLbjfATggAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEdZBHsXI9ZU0R8V6b7NlAMLaNmLLM4Jw0CZmlMgqtKfecynPlpcK0nGbFWVyzcw0MP64xaGHDi03lQnGJzJZHm7pZjYtKfI3Ge7F8ctijJGYLo3zvDI41RcPyrvPJwC_i7cogcmK844mtHbIpTcIp6cn6-1zRSVTlTg1lC5KBSA0gAA; esctx-ohbWRyCBwOs=AQABCQEAAABVrSpeuWamRam2jAF1XRQEomvk8ouBJ4Qf17O6lv1ccZll0wYQUo2hFaaHA7HUWKqMyX3W4QMyOq38QYiq8tJXXxjW9pjiyzHofiXaXHbF2VIXi8MdbPqm_Yr2-NNIaUDE4QeiJduJi0FPeSijfP7KdtWXSVdPUdl54q-CyNyfsCAA; fpc=Aky4PaMTjZpLgBNZdvW_D_lc5p_pAQAAAEVLod8OAAAA; MicrosoftApplicationsTelemetryDeviceId=bf95 [TRUNCATED]
                          2025-04-28 10:11:35 UTC1562INHTTP/1.1 200 OK
                          Cache-Control: no-store, no-cache
                          Pragma: no-cache
                          Content-Type: application/json; charset=utf-8
                          Expires: -1
                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                          X-Content-Type-Options: nosniff
                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                          x-ms-request-id: 0b9136ef-7e29-4e97-8f03-d9e5f6265000
                          x-ms-ests-server: 2.1.20663.10 - EUS ProdSlices
                          report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}
                          nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                          x-ms-srs: 1.P
                          Referrer-Policy: strict-origin-when-cross-origin
                          Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce--C8ohlw-CzqovZPJ7By9SA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                          X-XSS-Protection: 0
                          Set-Cookie: fpc=Aky4PaMTjZpLgBNZdvW_D_lc5p_pAQAAAEVLod8OAAAA; expires=Wed, 28-May-2025 10:11:35 GMT; path=/; secure; HttpOnly; SameSite=None
                          Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                          Date: Mon, 28 Apr 2025 10:11:35 GMT
                          Connection: close
                          Content-Length: 164
                          2025-04-28 10:11:35 UTC164INData Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 36 31 30 30 2c 22 73 74 73 45 72 72 6f 72 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 2c 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 33 62 34 37 33 34 33 31 2d 62 39 61 36 2d 34 37 36 66 2d 61 38 35 66 2d 32 31 36 30 62 38 39 32 35 33 36 38 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 35 2d 30 34 2d 32 38 20 31 30 3a 31 31 3a 33 35 5a 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 7d 7d
                          Data Ascii: {"error":{"code":6100,"stsError":"AADSTS900561","correlationId":"3b473431-b9a6-476f-a85f-2160b8925368","timestamp":"2025-04-28 10:11:35Z","message":"AADSTS900561"}}


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.54974423.55.241.1364437060C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-04-28 10:12:18 UTC441OUTOPTIONS /api/report?catId=GW+estsfd+est HTTP/1.1
                          Host: identity.nel.measure.office.net
                          Connection: keep-alive
                          Origin: https://login.microsoftonline.com
                          Access-Control-Request-Method: POST
                          Access-Control-Request-Headers: content-type
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          2025-04-28 10:12:18 UTC319INHTTP/1.1 200 OK
                          Content-Type: text/html
                          Content-Length: 7
                          Date: Mon, 28 Apr 2025 10:12:18 GMT
                          Connection: close
                          Access-Control-Allow-Headers: content-type
                          Access-Control-Allow-Credentials: false
                          Access-Control-Allow-Methods: *
                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                          Access-Control-Allow-Origin: *
                          2025-04-28 10:12:18 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                          Data Ascii: OPTIONS


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.54974623.55.241.1364437060C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-04-28 10:12:18 UTC417OUTPOST /api/report?catId=GW+estsfd+est HTTP/1.1
                          Host: identity.nel.measure.office.net
                          Connection: keep-alive
                          Content-Length: 1280
                          Content-Type: application/reports+json
                          Origin: https://login.microsoftonline.com
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          2025-04-28 10:12:18 UTC1280OUTData Raw: 5b 7b 22 61 67 65 22 3a 36 30 30 31 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 33 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 38 30 63 63 63 61 36 37 2d 35 34 62 64 2d 34 34 61 62 2d 38 36 32 35 2d 34 62 37 39 63 34 64 63 37 37 37 35 26 72 65 73 70 6f 6e 73 65 5f 74 79 70 65 3d 63 6f 64 65 25 32 30 69 64 5f 74 6f 6b 65 6e 26 73 63 6f 70 65 3d 6f
                          Data Ascii: [{"age":60012,"body":{"elapsed_time":1037,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=o
                          2025-04-28 10:12:19 UTC399INHTTP/1.1 429 Too Many Requests
                          Content-Length: 0
                          x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
                          Request-Context: appId=cid-v1:27277200-e19a-465d-951d-bb90a149c996
                          Date: Mon, 28 Apr 2025 10:12:19 GMT
                          Connection: close
                          Access-Control-Allow-Credentials: false
                          Access-Control-Allow-Methods: *
                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                          Access-Control-Allow-Origin: *


                          Statistics

                          CPU Usage

                          020406080s020406080100

                          Click to jump to process

                          Memory Usage

                          020406080s0.0050100MB

                          Click to jump to process

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:06:11:02
                          Start date:28/04/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                          Imagebase:0x7ff7464b0000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false
                          Show Windows behavior

                          File Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          COM Activities

                          Show Windows behavior

                          Process Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Memory Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Process Token Activities


                          General

                          Target ID:1
                          Start time:06:11:06
                          Start date:28/04/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2008 /prefetch:3
                          Imagebase:0x7ff7464b0000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false
                          Show Windows behavior

                          File Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Memory Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          General

                          Target ID:2
                          Start time:06:11:09
                          Start date:28/04/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,9276556746409924089,17106921590508392358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5020 /prefetch:8
                          Imagebase:0x7ff7464b0000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false
                          Show Windows behavior

                          File Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Memory Activities


                          General

                          Target ID:5
                          Start time:06:11:12
                          Start date:28/04/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://security.microsoft.com/url?url=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AEU%3Aeafa7db4-a870-4976-bc32-05395f2fb53a"
                          Imagebase:0x7ff7464b0000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          Disassembly

                          No disassembly