Windows Analysis Report
https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u

Overview

General Information

Sample URL:	https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u
Analysis ID:	1523626
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Signatures

Found iframes

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: 72a3c1ea-4b7f-4091-91a0-e30902c3146bf7c92ff2-81f5-40d5-888f-267093d28641

HTML title does not match URL

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: Title: Continue does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil	HTTP Parser: No <meta name="author".. found

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49766 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=bc015380-802a-11ef-b735-d95cc21429f1 HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=bc015380-802a-11ef-b735-d95cc21429f1 HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: forms.office.com
Source: global traffic	DNS traffic detected: DNS query: cdn.forms.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static2.sharepointonline.com
Source: global traffic	DNS traffic detected: DNS query: c.office.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net

Source: unknown

HTTP traffic detected: POST /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveContent-Length: 612sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/x-www-form-urlencodedAccept: */*Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_140.2.dr, chromecache_129.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/default-page.chunk.1ds.cb4f1aa.js.map/5dc
Source: chromecache_159.2.dr, chromecache_103.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/default-page.chunk.utel.97a2d77.js.map/41
Source: chromecache_145.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/default-page.min.77c10f0.js.map/4de9e8ef3
Source: chromecache_160.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-aria.min.eb15ab2.js.map/38eb6ace661c8
Source: chromecache_100.2.dr, chromecache_113.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-dompurify.min.df1eebc.js.map/099c612d
Source: chromecache_162.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-jquery.min.994923f.js.map/be514e98eb1
Source: chromecache_125.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-react.min.c75a17d.js.map/688ae86e9d77
Source: chromecache_107.2.dr, chromecache_118.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-underscore.min.8ec6028.js.map/e8e46fd
Source: chromecache_157.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_125.2.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_110.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_116.2.dr, chromecache_101.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_116.2.dr, chromecache_101.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_161.2.dr, chromecache_145.2.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://sizzlejs.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49766 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@23/114@46/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2136,i,12564451703810747429,3597107060840894912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2136,i,12564451703810747429,3597107060840894912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_168.2.dr	Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'
Source: chromecache_168.2.dr	Binary or memory string: '}.ms-Icon--DisconnectVirtualMachine::before{content:'

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.190.10.96	inbound-weighted.protechts.net	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
34.107.199.61	stk.hsprotect.net	United States	15169	GOOGLEUS	false
13.107.253.72	s-part-0044.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
inbound-weighted.protechts.net	35.190.10.96	true
sni1gl.wpc.alphacdn.net	152.199.21.175	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true
www.google.com	216.58.206.36	true
stk.hsprotect.net	34.107.199.61	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
forms.office.com	unknown	unknown
signup.live.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
collector-pxzc5j78di.hsprotect.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
cdn.forms.office.net	unknown	unknown
static2.sharepointonline.com	unknown	unknown
client.hsprotect.net	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
msft.hsprotect.net	unknown	unknown
c.office.com	unknown	unknown
login.microsoftonline.com	unknown	unknown
fpt.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	false	unknown
https://forms.office.com/?redirecturl=https%3A%2F%2Fforms.office.com%2FPages%2FDesignPage.aspx%3Focid%3Dkog_i9elgli8%26web%3D1%23FormId%3DBZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u#	false	unknown
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	false	unknown
https://stk.hsprotect.net/ns?c=bc015380-802a-11ef-b735-d95cc21429f1	false	unknown
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=638634074252735600.NzJhM2MxZWEtNGI3Zi00MDkxLTkxYTAtZTMwOTAyYzMxNDZiZjdjOTJmZjItODFmNS00MGQ1LTg4OGYtMjY3MDkzZDI4NjQx&prompt=select_account&x-client-SKU=ID_NET8_0&x-client-ver=7.2.0.0	false	unknown
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#Login=true	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ASCII text, with very long lines (16093)	CC672F00BA0081007FF06613F7DD3C91	5896193C3E21362FC5C0FAC4F0A6464B336251D0	7440C1475BE1A61688C1AF01710779C6A6C6BC630F7539525091989001C00626
Chrome Cache Entry: 101	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 102	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 103	ASCII text, with very long lines (34081)	887FD1B5B2B26BF856C90A6698C39E5A	53D60C168CFE47E0337B128495DFB855D8EED61E	818F6B41B6D6B97846A30C78F908B09346DDFE6823B4FBC48F3B1B68F4696307
Chrome Cache Entry: 104	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449703	AF2A7A4929E13F15A045C8C8D80A4543	6A1EC81A5085D0846C77DD616AE686FF732C32D6	EB47C5509CEF44C582EF8ABB8C58766EA6118AD40B0FFC22A7652ED1DC6FEE8B
Chrome Cache Entry: 105	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 106	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 107	ASCII text, with very long lines (22596)	A708F3378E2CB5D0FD4BD71B3020AD0C	0D3C33E320E9AA27DAADE436E2B755A656B0A1A4	863F7DCA059FC303F4175C7DF6ACD59A78F707E1DF9F26182D3211694E20E5E6
Chrome Cache Entry: 108	ASCII text, with very long lines (12919)	A8ECE570D96F879FC1CC30DE62B2308B	15A50CEDCCE888DA17460F9CB4339DD7D658D841	DF8995E1BE2F6A49464E6F8111D7FDB65A845C6DF8A19777589AC43294DC16C9
Chrome Cache Entry: 109	ASCII text, with very long lines (65402)	219C517990A5320E0F5F52501276686D	3F547E6914B8A0722ED08F41CF49C72318FD9BFF	0D59174D7A2E1EFFF00882D0E38C3582E0E8EF5975CB2942DB8C89003EB15951
Chrome Cache Entry: 110	HTML document, Unicode text, UTF-8 text, with very long lines (23190), with CRLF line terminators	E7BCF46AFD710A4399DEB36D63A438E9	5BAE31C7D9E60FB1C4A0737873F4F8592FC44365	A509BE8FB0E1C8A083599857AF24009D30692E19BAA7B8A89EF56BF260C3B64E
Chrome Cache Entry: 111	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 112	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113401	48981D3CF57E7C58CA7E3E851EF9354E	73593DE7633B10F9FFD0EF0E46280FA40FF433FF	8A5E756923CC5C3F013862427B7622F58A52501C5A6017FFF2FDB2AFD94A10C2
Chrome Cache Entry: 113	ASCII text, with very long lines (16093)	CC672F00BA0081007FF06613F7DD3C91	5896193C3E21362FC5C0FAC4F0A6464B336251D0	7440C1475BE1A61688C1AF01710779C6A6C6BC630F7539525091989001C00626
Chrome Cache Entry: 114	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	2D3FBED6DDD719FCC1BFB500B612FCEC	CD91B795DDE806AC8A38E51CCB6E8BAD8E57DA1B	B2566B646F02DF4CE30B05D8223B78130A719D4EC9E4794A0106C371ADE33CC7
Chrome Cache Entry: 115	HTML document, ASCII text, with very long lines (2619), with CRLF line terminators	B9E1ED08AE2417D4471702C2AB1A2CF9	F980B9AC0713146027F9CF2574F527402C1B8BEF	CDBC6171573396C20BE9D77AD682B4342878D81F1FC8A17992AC269D8CB75D36
Chrome Cache Entry: 116	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 117	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 118	ASCII text, with very long lines (22596)	A708F3378E2CB5D0FD4BD71B3020AD0C	0D3C33E320E9AA27DAADE436E2B755A656B0A1A4	863F7DCA059FC303F4175C7DF6ACD59A78F707E1DF9F26182D3211694E20E5E6
Chrome Cache Entry: 119	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443	C217AE35B8592DC9F1E680487DAD094F	2E642562C2BFD8968629317FF212684C7EB59193	D41992E79D7BCFCC1F32597208DD99033D99C04882EAFCC8508F2FA0EE728C6B
Chrome Cache Entry: 120	JSON data	5FC018D9E6C56911BBC8DC5DDCD0C768	70979F57A85D527ED8ABCBF02CFF44640C58BDE6	2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
Chrome Cache Entry: 121	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	D3B6AE9986DF244AB03412CC700335D0	BAAA1F9899178938F3881F09B18265E47DA806E3	CA50059111D30C2E212C90805792EB543548AEF0D4941E886A778E3DCE0B9066
Chrome Cache Entry: 122	ASCII text, with no line terminators	F79FFC1767406D43B996B050CEC09ED2	EA4F919251BCDE6EE3CB2E45C0356E1FA3B86661	1E62D5B3EFE0ECE892FF79BD65457FF2DC48A840444AFD53DEEDF2F2869BD685
Chrome Cache Entry: 123	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	9425D8E9313A692BB3F022E8055FAB82	EDDCF3EA767D4C3042D01AC88594D7E795D8615C	F2A1ABCF12EBD0F329E5B66B811B0BD76C8E954CB283CE3B61E72FBF459EF6F1
Chrome Cache Entry: 124	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 125	ASCII text, with very long lines (64234)	812491D0377475BC47E03C60FDD96AD6	D57A15CBEBFDD99F1892283DE091BC947EABDA5C	B397B0D7A9AB2BC09D34217E92EE9BD677F5029F15CAAA0F12D8EE7A376DAB1E
Chrome Cache Entry: 126	ASCII text, with very long lines (65402)	219C517990A5320E0F5F52501276686D	3F547E6914B8A0722ED08F41CF49C72318FD9BFF	0D59174D7A2E1EFFF00882D0E38C3582E0E8EF5975CB2942DB8C89003EB15951
Chrome Cache Entry: 127	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	D3B6AE9986DF244AB03412CC700335D0	BAAA1F9899178938F3881F09B18265E47DA806E3	CA50059111D30C2E212C90805792EB543548AEF0D4941E886A778E3DCE0B9066
Chrome Cache Entry: 128	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 129	ASCII text, with very long lines (34081)	9D32885C36F256A74C7C3F5D87398F13	51DA8ECE2EA2A2466A83FCA16BD2C4C8FB5F5E95	1330D86D72283E131E6267231B09E99FF3D01A760FEA6E9DD24768CCB5573A23
Chrome Cache Entry: 130	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	6DEB44A9FE273266EFABC3214B998BA0	C8BE755694C25E416C81F5057670E3B14B2FE08F	4A1AA3B8B23FB3C150A62BB681DAE96E6CAB20BFAFB89D74FED2E0BC85826BAF
Chrome Cache Entry: 131	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443	C217AE35B8592DC9F1E680487DAD094F	2E642562C2BFD8968629317FF212684C7EB59193	D41992E79D7BCFCC1F32597208DD99033D99C04882EAFCC8508F2FA0EE728C6B
Chrome Cache Entry: 132	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 886947	724F6EC22EB76C180161CCAC241E2057	0557438245BAE528B963917CB2FD1B2B974C031A	36E4C0F76128F525DE542C8CF3D870591569229FF691F27DD900A8BCEDD0DBB0
Chrome Cache Entry: 133	ASCII text, with very long lines (354), with no line terminators	CDDC675186C994D3CCA06C0F3424BD7C	4F8C76407D012BD4FF6CE6A81932458FAEEAA24E	45817234A62A7AEF5FF1E98F4948964173FC239A06DAB9B647F1FE567ADA7C68
Chrome Cache Entry: 134	ASCII text, with very long lines (354), with no line terminators	A9B52FFCE8C038021192C23D6DA3811B	C17419AEFE80D85D2C3BE7BC83B72E4D99E13981	3A1D6A74A55C580DCF0D8DFA57BBA325B246839D2C710346AA962BAAFC59656B
Chrome Cache Entry: 135	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 136	ASCII text, with no line terminators	06B313E93DD76909460FBFC0CD98CB6B	C4F9B2BBD840A4328F85F54873C434336A193888	B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
Chrome Cache Entry: 137	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	6DEB44A9FE273266EFABC3214B998BA0	C8BE755694C25E416C81F5057670E3B14B2FE08F	4A1AA3B8B23FB3C150A62BB681DAE96E6CAB20BFAFB89D74FED2E0BC85826BAF
Chrome Cache Entry: 138	Unicode text, UTF-8 text, with very long lines (60983)	240548CD9BC8468C2FA1A415BD4843BD	E485F1C34C996B83D6096C50E9D0D20B4E817BC0	E35F19436A70734BBB0647B9F1FA25E92A541FE2A54C5B16AB45331246D7F707
Chrome Cache Entry: 139	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 140	ASCII text, with very long lines (34081)	9D32885C36F256A74C7C3F5D87398F13	51DA8ECE2EA2A2466A83FCA16BD2C4C8FB5F5E95	1330D86D72283E131E6267231B09E99FF3D01A760FEA6E9DD24768CCB5573A23
Chrome Cache Entry: 141	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 142	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449703	AF2A7A4929E13F15A045C8C8D80A4543	6A1EC81A5085D0846C77DD616AE686FF732C32D6	EB47C5509CEF44C582EF8ABB8C58766EA6118AD40B0FFC22A7652ED1DC6FEE8B
Chrome Cache Entry: 143	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 144	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 145	Unicode text, UTF-8 text, with very long lines (55063)	F8A73EC18ACFDC9750F9DD51C8E2CC5F	9961054BBA0612CE338A2FC898F29B372ED5E4E4	414741B0E1470D2347779A1BAB66C38944748975AA1DB67E86B091E3299EC626
Chrome Cache Entry: 146	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 147	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 148	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866	6DE768A4DF1E0D0061CDB52EF06346C4	3829A667B97668008023DDA98F4C0772174C8EF6	58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
Chrome Cache Entry: 149	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	9425D8E9313A692BB3F022E8055FAB82	EDDCF3EA767D4C3042D01AC88594D7E795D8615C	F2A1ABCF12EBD0F329E5B66B811B0BD76C8E954CB283CE3B61E72FBF459EF6F1
Chrome Cache Entry: 150	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 151	ASCII text, with very long lines (64234)	043A07B28060DBF398B23A80E2369892	0FB2425A89AE1404A9D3265E2F1855CD1723AF58	94052BCC3B3AF9D77D2F8648BCA06ADF4454380B23A68A9FD13EF5191DD19B63
Chrome Cache Entry: 152	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 886947	724F6EC22EB76C180161CCAC241E2057	0557438245BAE528B963917CB2FD1B2B974C031A	36E4C0F76128F525DE542C8CF3D870591569229FF691F27DD900A8BCEDD0DBB0
Chrome Cache Entry: 153	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 154	Web Open Font Format (Version 2), TrueType, length 36344, version 0.0	865F1DB6545FC94A2F4444DD60E7BBC6	B00D806DD42101881AB94E1C96F8235B74F6AB7F	94EF87EE295C67526205D67124F404E246226105E939E14C435A20C29A956F49
Chrome Cache Entry: 155	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678	BCD68C8A4F1BB13B272E02FDA0EB5460	57C81EE13D027556D54744C9246226E1E85C211C	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
Chrome Cache Entry: 156	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 157	HTML document, ASCII text, with very long lines (918)	5DC258F6742F6D22A4CD80F50926ED70	2925F965C31990E0F883E2E885A3D57056168DCC	3B8D3C93FD78C24F4C175C8515E4A5DF79AEE536AF4CED58BA078EA591569EAC
Chrome Cache Entry: 158	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 159	ASCII text, with very long lines (34081)	887FD1B5B2B26BF856C90A6698C39E5A	53D60C168CFE47E0337B128495DFB855D8EED61E	818F6B41B6D6B97846A30C78F908B09346DDFE6823B4FBC48F3B1B68F4696307
Chrome Cache Entry: 160	ASCII text, with very long lines (12919)	16D4DA35C85277749F11FF20DEA0FCA9	7A9D96454BAB8D6B7BFBEF62DE051388126844EE	D2A3CB0C2CD5A7A9B1DF73F2120F11FC4F992F7F0E1ED3F53D86D012415B4EE4
Chrome Cache Entry: 161	Unicode text, UTF-8 text, with very long lines (55063)	43854D34DC54CFDCCB1555E75B1DC7C1	95B1D0B833838E138553844FFEEA33B434D061D7	7F84500911B705CD69B0478ED680B34DF1567DC17348BF9F2E19C0B67C6F9E7B
Chrome Cache Entry: 162	Unicode text, UTF-8 text, with very long lines (60983)	D424D76E3621DC490C1F243AE3766379	19ACE33DC864FA9920AB4DEBE731856BE93F9AEE	CCD8E484D5CD83173BBD0EAE6CB2BE218C142DD5EFFDD1EC6474F7F451C74767
Chrome Cache Entry: 163	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 164	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 165	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 166	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678	BCD68C8A4F1BB13B272E02FDA0EB5460	57C81EE13D027556D54744C9246226E1E85C211C	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
Chrome Cache Entry: 167	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 168	ASCII text, with very long lines (65536), with no line terminators	5112B270CE1637E9E70F9D7DA74F6F4F	540E09C08D6C13CF211C58D35DF4D3C24446088D	1016D0B9BF41F4FCEFA7E9B7DE510107DEF3E64BBEAA39AAC00F7B164F642BA9
Chrome Cache Entry: 95	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 96	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 97	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	2D3FBED6DDD719FCC1BFB500B612FCEC	CD91B795DDE806AC8A38E51CCB6E8BAD8E57DA1B	B2566B646F02DF4CE30B05D8223B78130A719D4EC9E4794A0106C371ADE33CC7
Chrome Cache Entry: 98	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866	6DE768A4DF1E0D0061CDB52EF06346C4	3829A667B97668008023DDA98F4C0772174C8EF6	58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
Chrome Cache Entry: 99	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36

Found iframes

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

HTML body contains low number of good links

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: 72a3c1ea-4b7f-4091-91a0-e30902c3146bf7c92ff2-81f5-40d5-888f-267093d28641

HTML title does not match URL

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: Title: Continue does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3dc9a559d2-7aab-4f13-a6ed-e7e9c52aec87%26mkt%3dEN-US%26opid%3d22F9BB745A5D5A89%26opidt%3d1727810642%26uaid%3dad179475791b46309b1e2d4422236c23%26contextid%3dEF617FB3375D2964%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&uaid=ad179475791b46309b1e2d4422236c23&suc=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&lic=1	HTTP Parser: No favicon

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil	HTTP Parser: No <meta name="author".. found

Source: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fDesignPage.aspx%3focid%3dkog_i9elgli8%26web%3d1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7InByb21wdCI6IkFRRGVpQm5ibEs1QkhURnF5bnVXYTFyVlZ3LUtXdlFHNzZaSmFXNWF3S1N3RmViVURDUDR1V1kxWklaR0NSMDJWaktXRlIyNVFQbmx4YnVYNlhsQmgwQSIsIi5yZWRpcmVjdCI6Imh0dHBzOi8vZm9ybXMub2ZmaWNlLmNvbS9QYWdlcy9EZXNpZ25QYWdlLmFzcHg_b2NpZD1rb2dfaTllbGdsaTgmd2ViPTEjRm9ybUlkPUJaTThjOWM1R2thR2JfM3llX1BIXzhZZHNvNzZhcUpPdUR1SFlfaldoYkpVTkVWWk5GbzFSVTVZUmxSTlNsZFJRMU5HVUZwSFdsTkJWQzR1IiwiLnhzcmYiOiJBUS1ERVV6M2lwY1pZT3RSMHJoOTFoNzdxNHA4YVFRdlZ4RWVIOFBxY0ItR09ZaEpRTWUzRUJzSUVVUjFJM19ZdEtyVjBGVml0WXlhaF8waFR3VDlTZF8zTGFwZE1BbE92WjNPSnJITW5FekNNX1VlMDdkMkN1RVJ3dXBUb3EwcGhnIiwiT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpIjoiQWRjd1dRS3QzWlFzOVZzWkxjZmJxcWc5QWdhZHlyLVItTnJ3S2hPZU5hVFdqUlgxSklIXzhUZjhOR0Q4Z2EybUpLbWlsN1lRNUZMMWs0czY5Tm45QU1xbUp2d0V5cGJ2bUotTTN4elBzVHZaazdpLWluZHZ2ajNPa2dmZnF1WkRJdyJ9fQ&response_type=code%20id_token&scope=openid%20profil...	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49766 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_l7exbVZEGzG2v4FeAaRSUA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=bc015380-802a-11ef-b735-d95cc21429f1 HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=bc015380-802a-11ef-b735-d95cc21429f1 HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: forms.office.com
Source: global traffic	DNS traffic detected: DNS query: cdn.forms.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static2.sharepointonline.com
Source: global traffic	DNS traffic detected: DNS query: c.office.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net

Source: unknown

Source: chromecache_140.2.dr, chromecache_129.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/default-page.chunk.1ds.cb4f1aa.js.map/5dc
Source: chromecache_159.2.dr, chromecache_103.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/default-page.chunk.utel.97a2d77.js.map/41
Source: chromecache_145.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/default-page.min.77c10f0.js.map/4de9e8ef3
Source: chromecache_160.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-aria.min.eb15ab2.js.map/38eb6ace661c8
Source: chromecache_100.2.dr, chromecache_113.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-dompurify.min.df1eebc.js.map/099c612d
Source: chromecache_162.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-jquery.min.994923f.js.map/be514e98eb1
Source: chromecache_125.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-react.min.c75a17d.js.map/688ae86e9d77
Source: chromecache_107.2.dr, chromecache_118.2.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/dll-underscore.min.8ec6028.js.map/e8e46fd
Source: chromecache_157.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_125.2.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_110.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_116.2.dr, chromecache_101.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_116.2.dr, chromecache_101.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_161.2.dr, chromecache_145.2.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_138.2.dr, chromecache_162.2.dr	String found in binary or memory: https://sizzlejs.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49766 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@23/114@46/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2136,i,12564451703810747429,3597107060840894912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2136,i,12564451703810747429,3597107060840894912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_168.2.dr	Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'
Source: chromecache_168.2.dr	Binary or memory string: '}.ms-Icon--DisconnectVirtualMachine::before{content:'

ID:	1523626
Product:	CloudBasic
Start time:	21:22:31
Start date:	01.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://forms.office.com/Pages/DesignPage.aspx?ocid=kog_i9elgli8&web=1#FormId=BZM8c9c5GkaGb_3ye_PH_8Ydso76aqJOuDuHY_jWhbJUNEVZNFo1RU5YRlRNSldRQ1NGUFpHWlNBVC4u