Windows Analysis Report
Payout Receipt.pptx

Overview

General Information

Sample name: Payout Receipt.pptx
Analysis ID: 1525814
MD5: 1417101d84f9b072a9d27567e41b12eb
SHA1: d4ad5741fd589701af1c8270cfedeced334c0956
SHA256: 12dda16106f761f8d7508f450b212e3eefdbef67e97ff74afde7ac94ba704498
Infos:

Detection

HTMLPhisher
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Yara detected HtmlPhish54
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains string obfuscation
HTML title does not match URL
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://crewbloom.s3.amazonaws.com/34873.html SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
AI detected phishing page
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known technology company with a legitimate domain of 'microsoft.com'., The URL 'l0gin-microso.ftlivedocs.tech' contains several suspicious elements: 'l0gin' instead of 'login', 'microso' instead of 'microsoft', and an unusual domain extension '.tech'., The domain 'ftlivedocs.tech' does not match the legitimate domain associated with Microsoft., The use of a hyphen and misspellings in the URL are common phishing tactics., The presence of an input field for 'Email' suggests an attempt to collect sensitive information, which is typical in phishing sites. DOM: 0.8.pages.csv
Yara detected HtmlPhish54
Source: Yara match File source: 0.10.id.script.csv, type: HTML
Source: Yara match File source: 0.23.i.script.csv, type: HTML
Source: Yara match File source: 0.6.pages.csv, type: HTML
Source: Yara match File source: 0.7.pages.csv, type: HTML
Source: Yara match File source: 0.8.pages.csv, type: HTML
Phishing site detected (based on favicon image match)
Source: https://ftlivedocs.tech Matcher: Template: microsoft matched with high similarity
Source: https://crewbloom.s3.amazonaws.com/34873.html Matcher: Template: microsoft matched with high similarity
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka Matcher: Template: microsoft matched with high similarity
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Matcher: Template: microsoft matched with high similarity
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true Matcher: Template: microsoft matched with high similarity
Phishing site detected (based on image similarity)
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: Number of links: 0
HTML page contains hidden javascript code
Source: https://crewbloom.s3.amazonaws.com/34873.html HTTP Parser: Base64 decoded: https://l0gi
HTML page contains string obfuscation
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka HTTP Parser: Found new string: script . var ip;. function EnterSite() {. window.location.href = 'ht' + 'tps' + ':' + '//' + 'l0g' + 'in' + '-' + 'm' + 'ic' + 'r' + 'os' + 'o' + '.ft' + 'liv' + 'ed' + 'o' + 'cs.' + 't' + 'e' + 'c' + 'h/K' + 'UtI' + 'd' + 'Fka' + '?S' + '=' + 'U' + 'mxu' + 'Hl' + 'o'. }. ..
HTML title does not match URL
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: Title: Sign in to your account does not match URL
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: <input type="password" .../> found
Source: https://crewbloom.s3.amazonaws.com/34873.html HTTP Parser: No favicon
Source: https://crewbloom.s3.amazonaws.com/34873.html HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49846 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.133:443 -> 192.168.2.17:49847 version: TLS 1.2
Source: powerpnt.exe Memory has grown: Private usage: 2MB later: 110MB
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View IP Address: 146.75.52.159 146.75.52.159
Source: Joe Sandbox View IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View IP Address: 104.18.95.41 104.18.95.41
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6Xtt1sBzydtZp6M&MD=91XKTh55 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/powerpnt.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html HTTP/1.1Host: nomicscare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /34873.html HTTP/1.1Host: crewbloom.s3.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://crewbloom.s3.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: crewbloom.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://crewbloom.s3.amazonaws.com/34873.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /KUtIdFka HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://crewbloom.s3.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/8cd56a496a3b5e6a HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/KUtIdFkaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8cd56a630cf741e3/1728047464607/YBBtqSrR-kb7LqJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8cd56a630cf741e3/1728047464607/YBBtqSrR-kb7LqJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8cd56a630cf741e3/1728047464610/6315a5703f342bce662661e8fa8e5cfbec36c51d90ea70cfa211f89c976d3430/n-8rMprBONH9scU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /KUtIdFka?S=UmxuHlo HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l0gin-microso.ftlivedocs.tech/KUtIdFkaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l0gin-microso.ftlivedocs.tech/KUtIdFkaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd
Source: global traffic HTTP traffic detected: GET /login HTTP/1.1Host: www.ftlivedocs.techConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5
Source: global traffic HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd; fpc=AiTvsUNzDMhLtivCMH0SOIk; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe6JSh8XySIX2JZIyDEcAnTGHJW7xDRybzTrnJSMuljy1faq4uekBlYW6QepUzkeCCVeoETYsf77cKfqUAaCR3HLP0IdxhCl6lLOWFylALBPap_5Jy1OH6KOB0tgqhPeFvx9h3RpcXxRAQOONMX0l8end4UyP-YrFmgiLM0lyRyksgAA; stsservicecookie=estsfd; MUID=0572C4040C3160E33E86D10A0D3661F9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd; fpc=AiTvsUNzDMhLtivCMH0SOIk; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe6JSh8XySIX2JZIyDEcAnTGHJW7xDRybzTrnJSMuljy1faq4uekBlYW6Qep
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; MUID=0572C4040C3160E33E86D10A0D3661F9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; MUID=0572C4040C3160E33E86D10A0D3661F9; uaid=12fc96651938487da1bcb76e2727bac5; MSPRequ=id=N&lt=1728047473&co=1
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6Xtt1sBzydtZp6M&MD=91XKTh55 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAbIzB0A4h2D%2BNkHrVkQylh58%2BvwMN/s6obbwPIDvP8RId7%2B52mg6j96NqltBLmSJDZq7dpan/Biy4iI94XRRBsKCwcQnYCkLPOqnjz8HPQwbOUE8Z1jVHWhD5RDayAmqSOaVYKZaqyvHF0Sbv7B6HLy1wh1STiGG8DdEISAuVtusyELKMwv7OLxWUZnZHDsm5ow0olTWYecTmkPOEw9B6plzponbdE%2BWd5JOar5hhsREUVwj6rVk2E2CX6pjwCdqrcUea1pn1cWWQNIc/IR/AZjod6v1bK9MiQXyhpG3or9vWDY62DKBleAo7GizRpXE%2BiCiOffEzOnWGviCSWajBi0QZgAAEM5S7DwxrwApMATd2WxVp%2BOwAZe1pwhoFYCyynam8KnopJ9vBSxTxxklQ1FROTdoEkZKx6JFCTcja4kqEh6US0eitvQbSqciLfwThHUrPrU/lBONghJO0/Os7D4evM374mWxI2PBgVfFuNR/Sm3CEB0Z4m/A%2B1UROyD6JVrVwbg8l1sFgfqSzvoElbGJyDztj9F/ntgpEX5klsqOFmA46%2BGcN%2BR242lQeArgSmStNBHstuGpa3JVd%2BFDN7XviS3AbKyPh/2E7G1m9VvFb5F76R1HUgzEvUyjUfFYL2CqJ32x2v0d3BGK4NNqLVo/tI%2BAaeAe1uLdM0Gcv2%2Bitf5%2BXvpvxojy9x7tTbQWWbomh5%2BgbwkmCye3SpUDCk2olN95yNqlaRBxFR4PxrYUGYITBj8%2BdQPhLChw9I2AIvPuEhO8eR8tqnk9/ROZe%2Bu9Iuxwr665N0M%2B/W6S37jrp%2Bgr0E1kU/dKfZL6dXH8oVdI/m4CXJS%2Bnw/kLEZhrVeU/lULXiX0hZQCYIEIsQ0Phgt/mQSb6yFidBHH1eLCfLOZAqAaH18vzs9mUepvhTOiCZ0s9REPadu7heYRnpsrfxiaFFEHRtcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1728047494User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 2578F7F661CB4F88B6597755BC50BB4AX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic DNS traffic detected: DNS query: nomicscare.com
Source: global traffic DNS traffic detected: DNS query: crewbloom.s3.amazonaws.com
Source: global traffic DNS traffic detected: DNS query: pbs.twimg.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: l0gin-microso.ftlivedocs.tech
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: www.ftlivedocs.tech
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: ywnjb.ftlivedocs.tech
Source: global traffic DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: M4RGGHMMMNGH1FQ7x-amz-id-2: J5FNCwYXYTAg7fPoukB+g+Tfvb9a72793pOw24cgCZ69wzj/Y5z6lbGwnDL5Rz2FwX/nHDyi7TPkKohyiW2t3Q==Content-Type: application/xmlTransfer-Encoding: chunkedDate: Fri, 04 Oct 2024 13:10:51 GMTServer: AmazonS3Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 13:11:04 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}X-Ms-Ests-Server: 2.1.19005.9 - NCUS ProdSlicesX-Ms-Request-Id: f263b88c-7eca-4adc-9de0-66f6a6630600X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8cd56a6d09578c2f-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 13:11:05 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: PWLXgaJDLE27pSu3T4xa7t6dW6j7j0GRqiE=$Daohbmu9MW1icFpacache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8cd56a739e050f3d-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 13:11:08 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: OJsGAxN8qj6DrvDaz5peZlZzqVoYom3qgeY=$pQsbHOjbUeTv7CMIServer: cloudflareCF-RAY: 8cd56a87cc940f9c-EWR
Source: chromecache_1178.12.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_1178.12.dr String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_1172.12.dr String found in binary or memory: https://l0gin-microso.ftlivedocs.tech
Source: chromecache_1172.12.dr String found in binary or memory: https://login.windows-ppe.net
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49846 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.133:443 -> 192.168.2.17:49847 version: TLS 1.2
Document contains embedded VBA macros
Source: rule700351v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule70036v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule70037v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700400v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule700401v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule700450v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700451v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700500v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700501v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700550v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700551v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700600v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700601v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700650v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700651v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700700v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700701v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700750v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700751v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700850v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700851v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700900v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700901v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700950v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule700951v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701050v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701051v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701100v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701101v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701150v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701151v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701200v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701201v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701250v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701251v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701300v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701301v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701350v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701351v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324004v4.xml.3.dr OLE indicator, VBA macros: true
Source: rule701400v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324005v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule701401v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324005v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule701500v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324006v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule701501v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324006v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule701550v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324007v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule701551v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324007v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule701650v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324008v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule701651v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324008v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule324009v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule701700v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701701v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324009v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule701750v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324010v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule701751v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324010v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule701800v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324011v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701801v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324012v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule701850v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324013v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule701851v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324014v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule701900v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324015v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule701901v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule324016v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule325000v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule701950v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule701951v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule325001v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule702000v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule325002v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule702001v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule360000v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702050v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule360001v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702051v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370000v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702100v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370001v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule702101v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370002v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule702150v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370005v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702151v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370006v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule370007v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702200v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702201v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370009v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule702250v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370011v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702251v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule370012v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule702300v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule390004v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702301v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule390005v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702350v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule440000v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702351v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule460008v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule702400v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule460009v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule702401v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490002v13.xml.3.dr OLE indicator, VBA macros: true
Source: rule490003v7.xml.3.dr OLE indicator, VBA macros: true
Source: rule702450v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702451v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490004v7.xml.3.dr OLE indicator, VBA macros: true
Source: rule702500v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490005v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702501v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule150246v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule490009v5.xml.3.dr OLE indicator, VBA macros: true
Source: rule702550v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule150249v0.xml.3.dr OLE indicator, VBA macros: true
Source: rule490010v7.xml.3.dr OLE indicator, VBA macros: true
Source: rule702551v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule150259v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490011v4.xml.3.dr OLE indicator, VBA macros: true
Source: rule702600v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule150262v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490014v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule702601v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule170000v6.xml.3.dr OLE indicator, VBA macros: true
Source: rule490015v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule702650v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule170002v6.xml.3.dr OLE indicator, VBA macros: true
Source: rule490015v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702651v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule170003v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490015v4.xml.3.dr OLE indicator, VBA macros: true
Source: rule170005v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule490015v5.xml.3.dr OLE indicator, VBA macros: true
Source: rule170007v5.xml.3.dr OLE indicator, VBA macros: true
Source: rule170009v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702700v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule702701v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490016v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702750v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule490018v3.xml.3.dr OLE indicator, VBA macros: true
Source: rule702751v1.xml.3.dr OLE indicator, VBA macros: true
Source: rule170011v2.xml.3.dr OLE indicator, VBA macros: true
Source: rule490020v3.xml.3.dr OLE indicator, VBA macros: true
Document misses a certain OLE stream usually present in this Microsoft Office document type
Source: rule700351v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule70036v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule70037v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700400v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700401v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700450v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700451v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700500v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700501v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700550v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700551v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700600v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700601v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700650v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700651v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700700v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700701v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700750v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700751v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700850v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700851v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700900v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700901v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700950v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700951v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701050v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701051v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701100v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701101v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701150v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701151v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701200v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701201v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701250v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701251v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701300v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701301v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701350v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701351v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324004v4.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701400v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324005v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701401v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324005v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701500v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324006v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701501v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324006v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701550v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324007v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701551v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324007v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701650v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324008v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701651v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324008v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324009v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701700v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701701v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324009v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701750v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324010v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701751v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324010v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701800v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324011v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701801v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324012v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701850v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324013v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701851v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324014v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701900v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324015v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701901v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324016v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule325000v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701950v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701951v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule325001v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702000v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule325002v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702001v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule360000v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702050v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule360001v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702051v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370000v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702100v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370001v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702101v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370002v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702150v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370005v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702151v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370006v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370007v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702200v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702201v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370009v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702250v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370011v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702251v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370012v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702300v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule390004v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702301v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule390005v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702350v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule440000v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702351v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule460008v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702400v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule460009v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702401v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490002v13.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490003v7.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702450v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702451v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490004v7.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702500v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490005v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702501v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150246v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490009v5.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702550v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150249v0.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490010v7.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702551v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150259v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490011v4.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702600v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150262v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490014v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702601v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170000v6.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702650v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170002v6.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702651v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170003v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v4.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170005v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v5.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170007v5.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170009v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702700v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702701v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490016v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702750v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490018v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702751v1.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170011v2.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490020v3.xml.3.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: mal76.phis.winPPTX@20/1149@30/13
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\PowerPoint Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE File created: C:\Users\user\AppData\Local\Temp\{E910548C-1979-4833-9FEE-78F97BEE9BF6} - OProcSessId.dat Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\Payout Receipt.pptx" /ou ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4F1F87A3-2D62-4CDB-ABDF-61BB45105DB2" "40BB7578-B581-41D4-B322-FEC0ED1808AE" "6380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,8800721303449338163,5848358366860922411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4F1F87A3-2D62-4CDB-ABDF-61BB45105DB2" "40BB7578-B581-41D4-B322-FEC0ED1808AE" "6380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,8800721303449338163,5848358366860922411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525814 Sample: Payout Receipt.pptx Startdate: 04/10/2024 Architecture: WINDOWS Score: 76 28 Antivirus detection for URL or domain 2->28 30 AI detected phishing page 2->30 32 Yara detected HtmlPhish54 2->32 34 3 other signatures 2->34 6 chrome.exe 9 2->6         started        9 POWERPNT.EXE 253 1001 2->9         started        process3 dnsIp4 16 192.168.2.17, 138, 443, 49159 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        20 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49709, 49727 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->20 14 ai.exe 9->14         started        process5 dnsIp6 22 l0gin-microso.ftlivedocs.tech 104.26.12.69, 443, 49728, 49729 CLOUDFLARENETUS United States 11->22 24 dualstack.twimg.twitter.map.fastly.net 146.75.52.159, 443, 49722, 49724 SCCGOVUS Sweden 11->24 26 17 other IPs or domains 11->26
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.45
 s-part-0017.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
146.75.52.159
 dualstack.twimg.twitter.map.fastly.net Sweden
30051 SCCGOVUS false
3.5.1.122
 s3-w.us-east-1.amazonaws.com United States
14618 AMAZON-AESUS false
13.107.246.60
 s-part-0032.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.26.13.69
 unknown United States
13335 CLOUDFLARENETUS false
51.255.64.170
 nomicscare.com France
16276 OVHFR false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
142.250.185.68
 www.google.com United States
15169 GOOGLEUS false
172.67.71.124
 www.ftlivedocs.tech United States
13335 CLOUDFLARENETUS false
104.18.95.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.26.12.69
 l0gin-microso.ftlivedocs.tech United States
13335 CLOUDFLARENETUS true
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.17

Contacted Domains

Name IP Active
s3-w.us-east-1.amazonaws.com 3.5.1.122 true
nomicscare.com 51.255.64.170 true
a.nel.cloudflare.com 35.190.80.1 true
dualstack.twimg.twitter.map.fastly.net 146.75.52.159 true
l0gin-microso.ftlivedocs.tech 104.26.12.69 true
challenges.cloudflare.com 104.18.95.41 true
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
sni1gl.wpc.omegacdn.net 152.199.21.175 true
www.google.com 142.250.185.68 true
www.ftlivedocs.tech 172.67.71.124 true
s-part-0032.t-0009.t-msedge.net 13.107.246.60 true
ywnjb.ftlivedocs.tech 172.67.71.124 true
crewbloom.s3.amazonaws.com unknown unknown
identity.nel.measure.office.net unknown unknown
pbs.twimg.com unknown unknown
aadcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://l0gin-microso.ftlivedocs.tech/favicon.ico false
    		unknown
    https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js false
      		unknown
      https://ywnjb.ftlivedocs.tech/Me.htm?v=3 false
        		unknown
        https://l0gin-microso.ftlivedocs.tech/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? false
          		unknown
          https://l0gin-microso.ftlivedocs.tech/cdn-cgi/challenge-platform/scripts/jsd/main.js false
            		unknown
            https://l0gin-microso.ftlivedocs.tech/KUtIdFka?S=UmxuHlo true
              		unknown
              https://l0gin-microso.ftlivedocs.tech/KUtIdFka true
                		unknown
                https://www.ftlivedocs.tech/login false
                  		unknown
                  https://l0gin-microso.ftlivedocs.tech/cdn-cgi/challenge-platform/h/g/jsd/r/8cd56a496a3b5e6a false
                    		unknown
                    https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback false
                      		unknown
                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8cd56a630cf741e3/1728047464607/YBBtqSrR-kb7LqJ false
                        		unknown
                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8cd56a630cf741e3/1728047464610/6315a5703f342bce662661e8fa8e5cfbec36c51d90ea70cfa211f89c976d3430/n-8rMprBONH9scU false
                          		unknown
                          https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 true
                            		unknown
                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ false
                              		unknown
                              https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true true
                                		unknown
                                https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=large false
                                  		unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
                                    		unknown
                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a false
                                      		unknown
                                      https://l0gin-microso.ftlivedocs.tech/ false
                                        		unknown
                                        https://crewbloom.s3.amazonaws.com/34873.html true
                                        • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                        		 unknown
                                        https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html false
                                          		unknown
                                          https://crewbloom.s3.amazonaws.com/favicon.ico false
                                            		unknown
                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto false
                                              		unknown