Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3dac16fc13-eed0-45a8-a4cd-092120207ca4%26user%3d7d35c074-f1ce-4806-8732-1a64869fa060%26ticket%3dPqbSUkJjPpJW0yIMqaUTQLRg3kmINldPr4uL7BaqWvg%25253d%26ver%3d2.0

Overview

General Information

Sample URL: https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3dac16fc13-eed0-45a8-a4cd-092120207ca4%26user%3d7d35c074-f1ce-4806-8732-1a64869fa060%26ticket%3
Analysis ID: 1533086
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Detected hidden input values containing email addresses (often used in phishing pages)
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dtdQ7PWMMiLBhSdK7ZzUDwSaRN2XK_ioJLvxLsgsGJIlXfdWZPmmb2SFrJiBTZkFiQbx2c&response_mode=form_post&nonce=6d534fb1-6601-4f18-aba0-37454ac6c712&lc=1033&login_hint=Torres.Lopez.Irene%40DEME-GROUP.COM&invitation_username=Torres.Lopez.Irene%40deme-group.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3Dac16fc13-eed0-45a8-a4cd-092120207ca4&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=true HTTP Parser: torres.lopez.irene@deme-group.com
HTML body contains low number of good links
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: No favicon
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt... HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uZ7EuV5AC6Durxu&MD=UrhV8gVN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/illustration?ts=637255507111143881 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/bannerlogo?ts=637255507118990034 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /deme-group.com/winauth/ssoprobe?client-request-id=b183b832-0872-4686-93c7-8f9e002bea48&_=1728903861708 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/bannerlogo?ts=637255507118990034 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/illustration?ts=637255507111143881 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c1c6b6c8-gu93kzcvv9nfo0jjjijxe9133mrsglit9lh2ikhkvmm/logintenantbranding/0/bannerlogo?ts=637271955782382065 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c1c6b6c8-gu93kzcvv9nfo0jjjijxe9133mrsglit9lh2ikhkvmm/logintenantbranding/0/bannerlogo?ts=637271955782382065 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uZ7EuV5AC6Durxu&MD=UrhV8gVN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global traffic DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: chromecache_104.1.dr, chromecache_100.1.dr String found in binary or memory: http://feross.org
Source: chromecache_89.1.dr, chromecache_101.1.dr String found in binary or memory: http://knockoutjs.com/
Source: chromecache_89.1.dr, chromecache_101.1.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_104.1.dr, chromecache_105.1.dr, chromecache_109.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_100.1.dr, chromecache_101.1.dr, chromecache_95.1.dr String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_84.1.dr String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_84.1.dr String found in binary or memory: https://login.windows-ppe.net
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: classification engine Classification label: clean2.win@17/48@20/9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,17662341715992215995,799854014391982021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3dac16fc13-eed0-45a8-a4cd-092120207ca4%26user%3d7d35c074-f1ce-4806-8732-1a64869fa060%26ticket%3dPqbSUkJjPpJW0yIMqaUTQLRg3kmINldPr4uL7BaqWvg%25253d%26ver%3d2.0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,17662341715992215995,799854014391982021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1533086 URL: https://login.microsoftonli... Startdate: 14/10/2024 Architecture: WINDOWS Score: 2 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.16, 138, 443, 49711 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 s-part-0017.t-0009.t-msedge.net 13.107.246.45, 443, 49712, 49738 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->17 19 s-part-0039.t-0009.t-msedge.net 13.107.246.67, 443, 49714 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->19 21 13 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.45
 s-part-0017.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.67
 s-part-0039.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.253.67
 s-part-0039.t-0009.fb-t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
40.126.32.74
 autologon.microsoftazuread-sso.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.181.228
 www.google.com United States
15169 GOOGLEUS false
172.217.23.100
 unknown United States
15169 GOOGLEUS false
152.199.21.175
 sni1gl.wpc.omegacdn.net United States
15133 EDGECASTUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
sni1gl.wpc.omegacdn.net 152.199.21.175 true
www.google.com 142.250.181.228 true
s-part-0039.t-0009.t-msedge.net 13.107.246.67 true
s-part-0039.t-0009.fb-t-msedge.net 13.107.253.67 true
autologon.microsoftazuread-sso.com 40.126.32.74 true
identity.nel.measure.office.net unknown unknown
aadcdn.msftauth.net unknown unknown
login.microsoftonline.com unknown unknown
aadcdn.msftauthimages.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login false
    		unknown
    https://aadcdn.msftauthimages.net/c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/illustration?ts=637255507111143881 false
      		unknown
      https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js false unknown
      https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js false unknown
      https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif false unknown
      https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif false unknown
      https://aadcdn.msftauthimages.net/c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/bannerlogo?ts=637255507118990034 false
        		unknown
        https://aadcdn.msftauthimages.net/c1c6b6c8-gu93kzcvv9nfo0jjjijxe9133mrsglit9lh2ikhkvmm/logintenantbranding/0/bannerlogo?ts=637271955782382065 false
          		unknown
          https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico false unknown
          https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js false unknown
          https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js false unknown
          https://autologon.microsoftazuread-sso.com/deme-group.com/winauth/ssoprobe?client-request-id=b183b832-0872-4686-93c7-8f9e002bea48&_=1728903861708 false
            		unknown
            https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js false unknown