Windows Analysis Report
phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml

Overview

General Information

Sample name:	phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml
Analysis ID:	1542205
MD5:	ee2cf9d48f55895023e818ff676479b5
SHA1:	74a82c6fce7a00dee906e251352526c4e3b4daf2
SHA256:	3ce92be9b5211e73d76bd5652f9564ac2ba82987386ec21ed42d219560c683c2
Infos:

Detection

Score:	25
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden URLs

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Signatures

Phishing

HTML page contains hidden URLs

Source: https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb

HTTP Parser: https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response='Approve'&utm_source=approvals_univ&utm_medium=email&environment=default-0c56c575-dc34-419a-acd3-ad147e682deb&loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb

HTML body contains low number of good links

Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response='Approve'&utm_source=approvals_univ&utm_medium=email&en...

HTML title does not match URL

Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:60346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:60347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:60349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:60351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:60350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:60354 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.edgepilot.com to https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response='approve'&utm_source=approvals_univ&utm_medium=email&environment=default-0c56c575-dc34-419a-acd3-ad147e682deb&logintenant=0c56c575-dc34-419a-acd3-ad147e682deb
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.edgepilot.com to https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response='approve'&utm_source=approvals_univ&utm_medium=email&environment=default-0c56c575-dc34-419a-acd3-ad147e682deb&logintenant=0c56c575-dc34-419a-acd3-ad147e682deb

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 199.30.234.133 199.30.234.133
Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 13.107.246.67 13.107.246.67

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tdgtu3MvK24fxfS&MD=XAeff161 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tdgtu3MvK24fxfS&MD=XAeff161 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb HTTP/1.1Host: link.edgepilot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/app.css?v=1 HTTP/1.1Host: link.edgepilot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682debAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://link.edgepilot.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://link.edgepilot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://link.edgepilot.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://link.edgepilot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://link.edgepilot.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://link.edgepilot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: link.edgepilot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682debAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: link.edgepilot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27&utm_source=approvals_univ&utm_medium=email&environment=default-0c56c575-dc34-419a-acd3-ad147e682deb&loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb HTTP/1.1Host: make.powerautomate.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://link.edgepilot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/makerx/static/js/module/main.b68233e9.js HTTP/1.1Host: content.powerapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://make.powerautomate.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://make.powerautomate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/makerx/static/js/module/main.b68233e9.js HTTP/1.1Host: content.powerapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/makerx/static/js/module/47.f3da3845.chunk.js HTTP/1.1Host: content.powerapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://make.powerautomate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://make.powerautomate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/makerx/static/js/module/authenticatedApp.cb0fa83f.chunk.js HTTP/1.1Host: content.powerapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://make.powerautomate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/makerx/static/js/module/47.f3da3845.chunk.js HTTP/1.1Host: content.powerapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/makerx/static/js/module/authenticatedApp.cb0fa83f.chunk.js HTTP/1.1Host: content.powerapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: make.powerautomate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://make.powerautomate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: make.powerautomate.com.AuthBootstrap.SessionId=0ca0bb30-92de-11ef-861b-118b55807869; make.powerautomate.com.AuthBootstrap.PathQueryHash=%3Fresponse%3D%2527Approve%2527%26utm_source%3Dapprovals_univ%26utm_medium%3Demail%26environment%3Ddefault-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant%3D0c56c575-dc34-419a-acd3-ad147e682deb
Source: global traffic	HTTP traffic detected: GET /manifest.json HTTP/1.1Host: make.powerautomate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://make.powerautomate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: make.powerautomate.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: make.powerautomate.com.AuthBootstrap.SessionId=0ca0bb30-92de-11ef-861b-118b55807869; make.powerautomate.com.AuthBootstrap.PathQueryHash=%3Fresponse%3D%2527Approve%2527%26utm_source%3Dapprovals_univ%26utm_medium%3Demail%26environment%3Ddefault-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant%3D0c56c575-dc34-419a-acd3-ad147e682deb
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-cjzlndmp-i8gcan-w1jhtnexu8x8vj8fgcf0f4zt6bi/logintenantbranding/0/bannerlogo?ts=637208391047112924 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-cjzlndmp-i8gcan-w1jhtnexu8x8vj8fgcf0f4zt6bi/logintenantbranding/0/bannerlogo?ts=637208391047112924 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: .net/redirect/?destination=3Dhttps%253A%252F%252Fwww.facebook.= equals www.facebook.com (Facebook)
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: HYPERLINK "https://link.edgepilot.com/s/1e8cf817/RBSW9LpCQEGV040fh7nEUw?u=https://nam.safelink.emails.azure.net/redirect/?destination=https%253A%252F%252Fwww.facebook.com%252FMicrosoftFlow%26p=bT0yOTU0ZTQ3YS0xNGNiLTQyZjYtYjcxMS1hNDBjMWQyZGViMmYmdT1hZW8mbD1mb290ZXIlM0FmYWNlYm9vaw%253D%253D" equals www.facebook.com (Facebook)
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: HYPERLINK "https://link.edgepilot.com/s/2081db79/VUZyVc9xQEur5wirfzeZHQ?u=https://nam.safelink.emails.azure.net/redirect/?destination=https%253A%252F%252Fwww.youtube.com%252Fchannel%252FUCG98S4lL7nwlN8dxSF322bA%26p=bT0yOTU0ZTQ3YS0xNGNiLTQyZjYtYjcxMS1hNDBjMWQyZGViMmYmdT1hZW8mbD1mb290ZXIlM0F5b3V0dWJl" equals www.youtube.com (Youtube)
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: HYPERLINK "https://link.edgepilot.com/s/5e9a60ca/ZHlQ2QywMki_cgLtAD7xug?u=https://nam.safelink.emails.azure.net/redirect/?destination=https%253A%252F%252Fwww.linkedin.com%252Fgroups%252F11900013%252F%26p=bT0yOTU0ZTQ3YS0xNGNiLTQyZjYtYjcxMS1hNDBjMWQyZGViMmYmdT1hZW8mbD1mb290ZXIlM0FsaW5rZWRpbg%253D%253D" equals www.linkedin.com (Linkedin)
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: destination=3Dhttps%253A%252F%252Fwww.linkedin.com%252Fgroups%252F11900013%= equals www.linkedin.com (Linkedin)
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: destination=3Dhttps%253A%252F%252Fwww.youtube.com%252Fchannel%252FUCG98S4lL= equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: link.edgepilot.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: make.powerautomate.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: content.powerapps.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_112.12.dr, chromecache_117.12.dr	String found in binary or memory: http://feross.org
Source: chromecache_98.12.dr, chromecache_104.12.dr, chromecache_107.12.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_130.12.dr, chromecache_133.12.dr	String found in binary or memory: http://knockoutjs.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: http://schema.=
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_130.12.dr, chromecache_133.12.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.aadrm.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.cortana.ai
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.office.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.onedrive.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://api.scheduler.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://app.powerbi.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://augloop.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://canary.designerapp.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.entity.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cortana.ai
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cortana.ai/api
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://cr.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://d.docs.live.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://directory.services.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ecs.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_102.12.dr, chromecache_130.12.dr, chromecache_133.12.dr, chromecache_100.12.dr, chromecache_112.12.dr, chromecache_117.12.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_107.12.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://graph.windows.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://graph.windows.net/
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://helgesenindustries.=
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://images.ecomm.microsoft.=
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://invites.office.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://link.=
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://link.edgepilot.=
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/14ac0288/brWaDLtpc0aJlJ1cvdLaJA?u=https://helgesenindustries.sharepoint
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/1e8cf817/RBSW9LpCQEGV040fh7nEUw?u=https://nam.safelink.emails.azure.net
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://link.edgepilot.com/s/2081db79/VUZyVc9xQEur5wirfzeZHQ?=
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/2081db79/VUZyVc9xQEur5wirfzeZHQ?u=https://nam.safelink.emails.azure.net
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/3c7966f3/XNWDS3ynJUa3bfwGwzA7mg?u=https://nam.safelink.emails.azure.net
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://link.edgepilot.com/s/50cc7a62/3qCIwyI6-Eeth0ovJjf_Zw?=
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/50cc7a62/3qCIwyI6-Eeth0ovJjf_Zw?u=https://nam.safelink.emails.azure.net
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://link.edgepilot.com/s/5e9a60ca/ZHlQ2QywMki_cgLtAD7xug?=
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/5e9a60ca/ZHlQ2QywMki_cgLtAD7xug?u=https://nam.safelink.emails.azure.net
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/704d4b70/CV80j0VwwkqD1UZkXAY1ag?u=https://nam.safelink.emails.azure.net
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/7a42c62e/ycq5aCSso066uhSs5CAB4Q?u=https://nam.safelink.emails.azure.net
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/9988b259/yH2SuMWI00_pqzKgNVYOLg?u=https://nam.safelink.emails.azure.net
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://link.edgepilot.com/s/cb490966/0-5KNRS3a0mtqLb5=
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/cb490966/0-5KNRS3a0mtqLb5KBCwuA?u=https://nam.safelink.emails.azure.net
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/enviro
Source: ~WRS{00C19F1E-459A-4F06-8C41-239D2CB761DB}.tmp.0.dr	String found in binary or memory: https://link.edgepilot.com/s/f461c50c/FYZWQrVBCkifmq4DPs7cBg?u=https://make.powerautomate.com/enviro
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr, chromecache_88.12.dr	String found in binary or memory: https://login.microsoftonline.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: chromecache_109.12.dr, chromecache_99.12.dr	String found in binary or memory: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/discovery/v2.0/keys
Source: chromecache_109.12.dr, chromecache_99.12.dr	String found in binary or memory: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/token
Source: chromecache_109.12.dr, chromecache_99.12.dr	String found in binary or memory: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/v2.0
Source: chromecache_90.12.dr, chromecache_118.12.dr	String found in binary or memory: https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/v2.0/.well-known/openid-confi
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: chromecache_88.12.dr	String found in binary or memory: https://login.windows-ppe.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr, OUTLOOK_16_0_16827_20130-20241025T1031430019-1836.etl.0.dr	String found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241025T1031430019-1836.etl.0.dr	String found in binary or memory: https://login.windows.localnLoR
Source: OUTLOOK_16_0_16827_20130-20241025T1031430019-1836.etl.0.dr	String found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241025T1031430019-1836.etl.0.dr	String found in binary or memory: https://login.windows.localnullaysD
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://make.powerautomate.=
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://management.azure.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://management.azure.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://messaging.office.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://mss.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://nam.safelink.=
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://nam.safelink.emails.azure.net/redirect/?=
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://nam.safelink.emails.azure.net/trackingfeedback/?=
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://nam.safelink.emails.azure.net/trackingpixel/?=
Source: phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml	String found in binary or memory: https://nam.safelink.emails.azure=
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://officeapps.live.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://onedrive.live.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office365.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://service.powerapps.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://settings.outlook.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: chromecache_122.12.dr, chromecache_132.12.dr	String found in binary or memory: https://sourcemaps.powerapps.com/srcmaps/static/js/module/47.f3da3845.chunk.js.map
Source: chromecache_128.12.dr, chromecache_129.12.dr	String found in binary or memory: https://sourcemaps.powerapps.com/srcmaps/static/js/module/authenticatedApp.cb0fa83f.chunk.js.map
Source: chromecache_115.12.dr, chromecache_105.12.dr	String found in binary or memory: https://sourcemaps.powerapps.com/srcmaps/static/js/module/main.b68233e9.js.map
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://substrate.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://tasks.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: 5DF7FD4D-EA1D-434E-B1E2-66EEE20F93BB.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 60420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60380
Source: unknown	Network traffic detected: HTTP traffic on port 60372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60374
Source: unknown	Network traffic detected: HTTP traffic on port 60408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60371
Source: unknown	Network traffic detected: HTTP traffic on port 60400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60417
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60414
Source: unknown	Network traffic detected: HTTP traffic on port 60366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60412
Source: unknown	Network traffic detected: HTTP traffic on port 60419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60421
Source: unknown	Network traffic detected: HTTP traffic on port 60369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60382
Source: unknown	Network traffic detected: HTTP traffic on port 60405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60397
Source: unknown	Network traffic detected: HTTP traffic on port 60368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60347
Source: unknown	Network traffic detected: HTTP traffic on port 60382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60346
Source: unknown	Network traffic detected: HTTP traffic on port 60359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60350
Source: unknown	Network traffic detected: HTTP traffic on port 60381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60359
Source: unknown	Network traffic detected: HTTP traffic on port 60364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60370
Source: unknown	Network traffic detected: HTTP traffic on port 60356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60364
Source: unknown	Network traffic detected: HTTP traffic on port 60398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60361
Source: unknown	Network traffic detected: HTTP traffic on port 60407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60368

Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:60346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:60347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:60349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:60351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:60350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:60354 version: TLS 1.2

Source: classification engine

Classification label: sus25.phis.winEML@19/109@38/12

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "53023F5F-A925-4875-95D9-BE7CD019C66E" "78879932-1851-489E-8301-124B28738FAE" "1836" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1920,i,17562642169992172981,12193815822245000528,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "53023F5F-A925-4875-95D9-BE7CD019C66E" "78879932-1851-489E-8301-124B28738FAE" "1836" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1920,i,17562642169992172981,12193815822245000528,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: Google Drive.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: chromecache_115.12.dr, chromecache_105.12.dr	Binary or memory string: "}.ms-Icon--DisconnectVirtualMachine:before{content:"
Source: chromecache_115.12.dr, chromecache_105.12.dr	Binary or memory string: "}.ms-Icon--ConnectVirtualMachine:before{content:"
Source: chromecache_115.12.dr, chromecache_105.12.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_115.12.dr, chromecache_105.12.dr	Binary or memory string: ",DisconnectVirtualMachine:"

IP	Domain	Country	ASN	ASN Name	Malicious
199.30.234.133	link.edgepilot.com	United States	13380	ASN-CUSTUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.67	s-part-0039.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
151.101.194.137	unknown	United States	54113	FASTLYUS	false
13.107.253.45	s-part-0017.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
13.107.253.72	s-part-0044.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Name	IP	Active
link.edgepilot.com	199.30.234.133	true
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
code.jquery.com	151.101.66.137	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.132	true
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true
make.powerautomate.com	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
content.powerapps.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
aadcdn.msftauthimages.net	unknown	unknown

Name	Malicious	Reputation
https://link.edgepilot.com/s/cfc0c828/yFY4y1N5Nk632Ion0uEUJQ?u=https://make.powerautomate.com/environments/default-0c56c575-dc34-419a-acd3-ad147e682deb/approvals/received/195b1c22-188f-4c56-8d0b-b2b8f3de44c9/requests/a3456ded-0583-4ad9-9d7e-7a1cd6efc239?response=%27Approve%27%26utm_source=approvals_univ%26utm_medium=email%26environment=default-0c56c575-dc34-419a-acd3-ad147e682deb%26loginTenant=0c56c575-dc34-419a-acd3-ad147e682deb	true	unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css	false	unknown
https://content.powerapps.com/resource/makerx/static/js/module/47.f3da3845.chunk.js	false	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	unknown
https://content.powerapps.com/resource/makerx/static/js/module/authenticatedApp.cb0fa83f.chunk.js	false	unknown
https://login.microsoftonline.com/0c56c575-dc34-419a-acd3-ad147e682deb/oauth2/v2.0/authorize?client_id=6204c1d1-4712-4c46-a7d9-3ed63d992682&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmake.powerautomate.com%2Fauth&client-request-id=cc132150-0dac-4fa4-87c1-99cd16022714&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=E0PAGJKJRDluWGhJfRrZ0ce_qXK84TV90ZgLjMuEev8&code_challenge_method=S256&nonce=fb34fdfd-78cb-4f29-8caf-5c3260a1e378&state=eyJpZCI6IjM3Y2E1YTFiLTljN2UtNDA1Ni05ODJlLTEzNzYxOTE2N2ZhZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	false	unknown
https://make.powerautomate.com/manifest.json	false	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js	false	unknown

ID:	1542205
Product:	CloudBasic
Start time:	16:31:13
Start date:	25.10.2024
Sample:	phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ee2cf9d48f55895023e818ff676479b5
SHA1:	74a82c6fce7a00dee906e251352526c4e3b4daf2
SHA256:	3ce92be9b5211e73d76bd5652f9564ac2ba82987386ec21ed42d219560c683c2
Filetype:	E-Mail message (Var. 5) (54515/1) 100.00%

Windows Analysis Report phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
phish_alert_sp2_2.0.0.0 - 2024-10-25T091521.629.eml