Edit tour

Windows Analysis Report
https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub

Overview

General Information

Sample URL:	https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzN
Analysis ID:	1466527
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,15501968651469592190,6701547088032731398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_61	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_61, type: DROPPED

Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d

HTTP Parser: Number of links: 0

HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	HTTP Parser: No <meta name="author".. found
Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	HTTP Parser: No <meta name="author".. found

Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	HTTP Parser: No <meta name="copyright".. found
Source: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=mjf41zbhcy6XSi2MT4IyfXy9eaA_1J2DzcHlChcfmbH9LgiujjrIBFG9F_XiAHLSQtWNSQI2DPkKf39dr0QR5eTTPvtGW770jKStT60E1Ok1&t=638533172441064469 HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=UB81VRIqU8-q--F_Tm8YSrMkmQn_FnAtBEJXqV-fw0a3QLGBGB09uXHhAA-UjRsiG461unCTYAHSok1cTsIvQNF8Civw5DnMopo4lRQi7zwa0ULv-TQjM7LW7pRAaHot14Cy72k2GboVUdRu0Glvj4qJJqD6TziWtjRqK1Wgsmw1&t=ffffffffa8ad04d3 HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=6Qrb1MfQHAYn0ld2KcB-IQagUn10Pz5rZNeeQFR9J31DjkkXSk6Ms-LupgZ2opu0gtlqdkYGjWhk_NfS0G8dmK-4IH4jF-bcKMZVrbzYRMUiqwBvCIUPUgnW_Ep2ufYz580Cqbm_g0V7ziifpquJmJAr0lDt1oViTng0WEBuRFbYE_sGYg6owziEf46s9z-T0&t=74258c30 HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=SEcewcKlewa2Zn8STa8wutLAB03BeU2Kte1tliaQWUNmEotkU_hQfYWZb8clo440783cWlQAWYOa9gponU1_PssX0i55ojQPo7OvA-g25rlV6707O5-4mlXca5Grx-XbN9odycpgyFYciaRc0LhaRRF_472P6sQ2f587XxWrT61rsrCpsUjgMQrk3x9NSSgB0&t=74258c30 HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: cottonaust-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: cottonaust-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: chromecache_54.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_61.2.dr	String found in binary or memory: https://cottonaust-my.sharepoint.com/personal/alik_cotton_org_au/_layouts/15/images/256_icone.png
Source: chromecache_59.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_61.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_61.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25012.12008/require.js
Source: chromecache_61.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/
Source: chromecache_61.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-06-14.009/
Source: chromecache_61.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/22@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,15501968651469592190,6701547088032731398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,15501968651469592190,6701547088032731398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://reactjs.org/docs/error-decoder.html?invariant=	0%	URL Reputation	safe
https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=UB81VRIqU8-q--F_Tm8YSrMkmQn_FnAtBEJXqV-fw0a3QLGBGB09uXHhAA-UjRsiG461unCTYAHSok1cTsIvQNF8Civw5DnMopo4lRQi7zwa0ULv-TQjM7LW7pRAaHot14Cy72k2GboVUdRu0Glvj4qJJqD6TziWtjRqK1Wgsmw1&t=ffffffffa8ad04d3	0%	Avira URL Cloud	safe
https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=6Qrb1MfQHAYn0ld2KcB-IQagUn10Pz5rZNeeQFR9J31DjkkXSk6Ms-LupgZ2opu0gtlqdkYGjWhk_NfS0G8dmK-4IH4jF-bcKMZVrbzYRMUiqwBvCIUPUgnW_Ep2ufYz580Cqbm_g0V7ziifpquJmJAr0lDt1oViTng0WEBuRFbYE_sGYg6owziEf46s9z-T0&t=74258c30	0%	Avira URL Cloud	safe
https://cottonaust-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	0%	Avira URL Cloud	safe
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	0%	Avira URL Cloud	safe
https://cottonaust-my.sharepoint.com/WebResource.axd?d=mjf41zbhcy6XSi2MT4IyfXy9eaA_1J2DzcHlChcfmbH9LgiujjrIBFG9F_XiAHLSQtWNSQI2DPkKf39dr0QR5eTTPvtGW770jKStT60E1Ok1&t=638533172441064469	0%	Avira URL Cloud	safe
https://cottonaust-my.sharepoint.com/personal/alik_cotton_org_au/_layouts/15/images/256_icone.png	0%	Avira URL Cloud	safe
https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=SEcewcKlewa2Zn8STa8wutLAB03BeU2Kte1tliaQWUNmEotkU_hQfYWZb8clo440783cWlQAWYOa9gponU1_PssX0i55ojQPo7OvA-g25rlV6707O5-4mlXca5Grx-XbN9odycpgyFYciaRc0LhaRRF_472P6sQ2f587XxWrT61rsrCpsUjgMQrk3x9NSSgB0&t=74258c30	0%	Avira URL Cloud	safe
https://cottonaust-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	0%	Avira URL Cloud	safe
http://github.com/jrburke/requirejs	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
cottonaust-my.sharepoint.com	unknown	unknown	false	unknown
m365cdn.nel.measure.office.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=UB81VRIqU8-q--F_Tm8YSrMkmQn_FnAtBEJXqV-fw0a3QLGBGB09uXHhAA-UjRsiG461unCTYAHSok1cTsIvQNF8Civw5DnMopo4lRQi7zwa0ULv-TQjM7LW7pRAaHot14Cy72k2GboVUdRu0Glvj4qJJqD6TziWtjRqK1Wgsmw1&t=ffffffffa8ad04d3	false	Avira URL Cloud: safe	unknown
https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=6Qrb1MfQHAYn0ld2KcB-IQagUn10Pz5rZNeeQFR9J31DjkkXSk6Ms-LupgZ2opu0gtlqdkYGjWhk_NfS0G8dmK-4IH4jF-bcKMZVrbzYRMUiqwBvCIUPUgnW_Ep2ufYz580Cqbm_g0V7ziifpquJmJAr0lDt1oViTng0WEBuRFbYE_sGYg6owziEf46s9z-T0&t=74258c30	false	Avira URL Cloud: safe	unknown
https://cottonaust-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	Avira URL Cloud: safe	unknown
https://cottonaust-my.sharepoint.com/WebResource.axd?d=mjf41zbhcy6XSi2MT4IyfXy9eaA_1J2DzcHlChcfmbH9LgiujjrIBFG9F_XiAHLSQtWNSQI2DPkKf39dr0QR5eTTPvtGW770jKStT60E1Ok1&t=638533172441064469	false	Avira URL Cloud: safe	unknown
https://cottonaust-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	false	Avira URL Cloud: safe	unknown
https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=SEcewcKlewa2Zn8STa8wutLAB03BeU2Kte1tliaQWUNmEotkU_hQfYWZb8clo440783cWlQAWYOa9gponU1_PssX0i55ojQPo7OvA-g25rlV6707O5-4mlXca5Grx-XbN9odycpgyFYciaRc0LhaRRF_472P6sQ2f587XxWrT61rsrCpsUjgMQrk3x9NSSgB0&t=74258c30	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/jrburke/requirejs	chromecache_54.2.dr	false	Avira URL Cloud: safe	unknown
https://cottonaust-my.sharepoint.com/personal/alik_cotton_org_au/_layouts/15/images/256_icone.png	chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://reactjs.org/docs/error-decoder.html?invariant=	chromecache_59.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466527
Start date and time:	2024-07-03 01:50:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/22@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.186.174, 64.233.166.84, 34.104.35.123, 2.22.242.16, 2.22.242.64, 142.250.185.138, 142.250.185.106, 142.250.186.138, 142.250.184.234, 216.58.206.42, 142.250.186.74, 172.217.16.202, 172.217.18.106, 142.250.184.202, 142.250.185.74, 172.217.18.10, 142.250.181.234, 142.250.186.106, 216.58.212.170, 142.250.186.42, 216.58.206.74, 2.16.241.15, 2.16.241.17, 20.114.59.183, 93.184.221.240, 192.229.221.95, 20.242.39.171, 20.3.187.198, 142.250.184.195
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, a1894.dscb.akamai.net, wu.azureedge.net, clients2.google.com, 196426-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5Nzll Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,
Title: Sharing Link Validation OCR: OneDrive Microsoft Verify Your Identity You've received a secure link to: BRAND RELATIONS MANAGER COTTON TO MARKET To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Next By clicking Next you allow COTTON AUSTRALIA LIMITED to use your email address in accordance with their privacy statement. COTTON AUSTRALIA LIMITED has not provided links to their terms for you to review. 2017 Microsoft Privacy & Cookies	{"loginform": true,"urgency": false,
URL: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5Nzll Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,
Title: Sharing Link Validation OCR: OneDrive Microsoft Verify Your Identity You've received a secure link to: BRAND RELATIONS MANAGER COTTON TO MARKET To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Your email address is required Next By clicking Next you allow COTTON AUSTRALIA LIMITED to use your email address in accordance with their privacy statement. COTTON AUSTRALIA LIMITED has not provided links to their terms for you to review. 2017 Microsoft Privacy & Cookies	{"loginform": true,"urgency": false,

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	26951
Entropy (8bit):	4.514992390210281
Encrypted:	false
SSDEEP:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
MD5:	B3D7A123BE5203A1A3F0F10233ED373F
SHA1:	F4C61F321D8F79A805B356C6EC94090C0D96215C
SHA-256:	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
SHA-512:	A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=UB81VRIqU8-q--F_Tm8YSrMkmQn_FnAtBEJXqV-fw0a3QLGBGB09uXHhAA-UjRsiG461unCTYAHSok1cTsIvQNF8Civw5DnMopo4lRQi7zwa0ULv-TQjM7LW7pRAaHot14Cy72k2GboVUdRu0Glvj4qJJqD6TziWtjRqK1Wgsmw1&t=ffffffffa8ad04d3
Preview:	var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65329), with CRLF line terminators
Category:	downloaded
Size (bytes):	102801
Entropy (8bit):	5.336080509196147
Encrypted:	false
SSDEEP:	1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
MD5:	C89EAA5B28DF1E17376BE71D71649173
SHA1:	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
SHA-256:	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
SHA-512:	B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=6Qrb1MfQHAYn0ld2KcB-IQagUn10Pz5rZNeeQFR9J31DjkkXSk6Ms-LupgZ2opu0gtlqdkYGjWhk_NfS0G8dmK-4IH4jF-bcKMZVrbzYRMUiqwBvCIUPUgnW_Ep2ufYz580Cqbm_g0V7ziifpquJmJAr0lDt1oViTng0WEBuRFbYE_sGYg6owziEf46s9z-T0&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c\|\|typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17444)
Category:	downloaded
Size (bytes):	17672
Entropy (8bit):	5.233316811547578
Encrypted:	false
SSDEEP:	384:lpLsOooX8uvFBiRh+HnEDuvvy1pqvuvDX/0ohHK9mm+tMHvVOPoQeOMmuI:QnoX8uNB2YHnEDsvy1pqvub/0iq4NMHM
MD5:	6EFDDF589864D2E146A55C01C6764A35
SHA1:	EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F
SHA-256:	2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
SHA-512:	1AFC735660AAE010C04EF89C732D08EBA1B87BE6048164F273BEAEBECA3F30062812B4CD141DDF0291A6AB54F730875D597678A3564C0EED2AAC11E5400F951A
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25012.12008/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.1.22 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.. * Available via the MIT or new BSD license.. * see: http://github.com/jrburke/requirejs for details. */.var requirejs,require,define;!function(global){function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){if(e){var r;for(r=0;r<e.length&&(!e[r]\|\|!t(e[r],r,e));r+=1);}}function eachReverse(e,t){if(e){var r;for(r=e.length-1;r>-1&&(!e[r]\|\|!t(e[r],r,e));r-=1);}}function hasProp(e,t){return hasOwn.call(e,t)}function getOwn(e,t){return hasProp(e,t)&&e[t]}function eachProp(e,t){var r;for(r in e)if(hasProp(e,r)&&t(e[r],r))break}function mixin(e,t,r,i){return t&&eachProp(t,function(t,n){(r\|\|!hasProp(e,n))&&(!i\|\|"object"!=typeof t\|\|!t\|\|isArray(t)\|\|isFunction(t)\|\|t instanceof RegExp?e[n]=t:(e[n]\|\|(e[n]={}),mixin(e[n],t,r,i)))}),e}function bind(e,t){return function(){return t.apply(e,ar

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/WebResource.axd?d=mjf41zbhcy6XSi2MT4IyfXy9eaA_1J2DzcHlChcfmbH9LgiujjrIBFG9F_XiAHLSQtWNSQI2DPkKf39dr0QR5eTTPvtGW770jKStT60E1Ok1&t=638533172441064469
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:H6xhkY:aQY
MD5:	858372DD32511CB4DD08E48A93B4F175
SHA1:	CE4555B7B2EFBBD644D8E34CF3453A0E8CAA3C43
SHA-256:	3D18F3E1469C83D62CF3A39BA93F8EAA5B22447FE630E59F39DC1B7747635359
SHA-512:	6A57E0D4A1C23CB693AA9312F6FDAA1FC4309B5BC91D1B2279B5792BEE3534749FD3693C19AA95E0768800472D11D438EC3116F337679A249C28BE0E038E6DE0
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkG7HtT-LI7ORIFDfSCVyI=?alt=proto
Preview:	CgkKBw30glciGgA=

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39257), with CRLF line terminators
Category:	downloaded
Size (bytes):	40326
Entropy (8bit):	5.245555585297941
Encrypted:	false
SSDEEP:	384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
MD5:	DA9DC1C32E89C02FC1E9EEB7E5AAB91E
SHA1:	3EFB110EFA6068CE6B586A67F87DA5125310BC30
SHA-256:	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
SHA-512:	D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/ScriptResource.axd?d=SEcewcKlewa2Zn8STa8wutLAB03BeU2Kte1tliaQWUNmEotkU_hQfYWZb8clo440783cWlQAWYOa9gponU1_PssX0i55ojQPo7OvA-g25rlV6707O5-4mlXca5Grx-XbN9odycpgyFYciaRc0LhaRRF_472P6sQ2f587XxWrT61rsrCpsUjgMQrk3x9NSSgB0&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/_layouts/15/images/microsoft-logo.png
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (37521)
Category:	downloaded
Size (bytes):	40512
Entropy (8bit):	5.386921349191213
Encrypted:	false
SSDEEP:	768:Tkv+rkfa2aH5m7UYfXLMQWGjaKEstpgG9ycj:Pr8LaZkzLM46G9
MD5:	8DCE60169BA666CA03A31D123DB49908
SHA1:	956C46BB6058C23D35440DCC656CE61C7B151399
SHA-256:	F9F5A40C01C6D569373CE61EE77849F30E4176E1310652FF17D458C68680CF75
SHA-512:	26BA15ADE0F62393413156C5061B04AA8FCE3A5A5EE06EE35DFC42D3F76AF850980731A38DCF7094711E7FAB18C80EF66C9B354C029D06FA2E846330ACCC7E9E
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/spoguestaccesswebpack/spoguestaccess.js
Preview:	/! For license information please see spoguestaccess.js.LICENSE.txt /.document.currentScript,define("@fluentui/react-file-type-icons",[],()=>{var e;return(()=>{"use strict";var t=[e=>{var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,a=Object.prototype.propertyIsEnumerable;function i(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map(function(e){return t[e]}).join(""))return!1;var a={};return"abcdefghijklmnopqrst".split("").forEach(function(e){a[e]=e}),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},a)).join("")}catch(e){return!1}}()?Object.assign:function(e,r){for(var o,s,c=i(e),d=1;d<arguments.length;d++){for(var l in o=Object(arguments[d]))n.call(o,l)&&(c[l]

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (30522), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	69195
Entropy (8bit):	5.67023711679871
Encrypted:	false
SSDEEP:	1536:PlgguXLLh/eWXBOxSPSW8N6fGNNKgKMRJs2wVXUaH33:PLuHCGeTKgtyVXUM
MD5:	E2C3BC7F923050425F526093E8CCBA0A
SHA1:	D1846D7DA79E8F997056A7252B99C3187BA4DBB7
SHA-256:	4D343A10ED34FEECEF0B6D4526E2F67E7FA22EAE3E81541A2ACA97B9A9656797
SHA-512:	096F117B77958A91D966DD1C6C3592655A2B4A031C607864DE6543E60B6A3555502290CF2CA2621836E42253DB9B3A0C2DB31D477B0F5574CB9199E77FB2F74C
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=47" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,ma

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
URL:	https://cottonaust-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 01:51:16.294347048 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:27.738173962 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:27.738224030 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:27.738290071 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:27.738589048 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:27.738596916 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:27.738920927 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:27.738935947 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:27.738955021 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:27.739077091 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:27.739084005 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.297270060 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.297528982 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.297558069 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.298546076 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.298619032 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.299583912 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.299643040 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.299959898 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.299967051 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.340526104 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.375725031 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.376138926 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.376157045 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.377135992 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.377196074 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.377600908 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.377655029 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.419449091 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:28.419461966 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:28.465982914 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.681437016 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.682379007 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.682384968 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.682423115 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.682427883 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.682449102 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.682466984 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.682760000 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.768925905 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.768994093 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.769009113 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.769623041 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.769680023 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.769686937 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.815458059 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.894532919 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.894543886 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.894603014 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.894623041 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.895323038 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.895375013 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.895375967 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.895384073 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.895392895 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.895421028 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.895441055 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.895447016 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.895484924 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.896192074 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.896244049 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.896253109 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.896958113 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.897000074 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.897005081 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.897032976 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:29.897077084 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.899068117 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:29.899080992 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.210521936 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.211996078 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.212033033 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.212094069 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.212332010 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.212344885 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.212717056 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.212748051 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.212843895 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.213021994 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.213040113 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.213628054 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.213635921 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.213691950 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.213928938 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.213938951 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.252509117 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.271434069 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.271459103 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:30.271569967 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.272552967 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.272572994 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:30.549384117 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:30.549405098 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:30.553061962 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.553087950 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.553181887 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:30.553189039 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.553215981 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.553563118 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.553993940 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.554001093 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.554053068 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.554088116 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.554105043 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.554135084 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.554142952 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.554163933 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.555315971 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:30.555332899 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:30.606365919 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.639930964 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.639940977 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.640001059 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.640045881 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.640055895 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.640086889 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.640168905 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.640747070 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.640747070 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.640768051 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.642606020 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.766657114 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.767050028 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.767064095 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.768060923 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.768208027 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.768661022 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.768718958 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.768974066 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.768982887 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.787848949 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.788279057 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.788290024 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.788656950 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.788688898 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.788958073 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.788978100 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.789300919 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.789326906 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.789392948 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.789675951 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.790218115 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.790218115 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.790231943 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.790277958 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.825371981 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.832500935 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:30.840611935 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.840620041 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:30.930097103 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:30.930779934 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.930799007 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:30.931664944 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:30.931819916 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.933696032 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.933753014 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:30.981729984 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:30.981738091 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:31.027543068 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:31.120803118 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.120831013 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.120932102 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.120944977 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.121572971 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.121978998 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.121985912 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.122102976 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.122111082 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.122850895 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.123142958 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.123150110 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.123224974 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.139055014 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.139076948 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.139240026 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.139246941 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.139378071 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.140969992 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.140979052 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.141100883 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.141119003 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.141623974 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.141726017 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.141746044 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.141886950 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.143085957 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.143115997 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.143186092 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.143197060 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.143353939 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.144954920 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.144962072 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.145040989 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.145049095 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.145771027 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.146020889 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.146027088 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.146095991 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.207694054 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.207752943 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.207778931 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.207813025 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.207845926 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.208161116 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.208205938 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.208340883 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.208369970 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.208533049 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.213975906 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.214113951 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.219310045 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.219316959 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.219547987 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.229589939 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.229655027 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.229676962 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.230353117 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.230400085 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.230415106 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.230451107 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.232038975 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.232094049 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.232103109 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.232198000 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.232255936 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.233473063 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.233556986 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.233567953 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.234321117 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.234371901 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.234379053 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.235992908 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.236040115 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.236047983 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.236952066 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.237006903 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.237014055 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.237986088 CEST	49740	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.237999916 CEST	443	49740	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.250279903 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.250370979 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.250442028 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.250855923 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.250891924 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.259732962 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.276078939 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.290857077 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.316513062 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.323815107 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.323826075 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.323894024 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.323908091 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.324434042 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.324471951 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.324496984 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.324528933 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.324537039 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.325079918 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.325125933 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.325131893 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.325697899 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.325754881 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.325761080 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.326633930 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.326683998 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.326690912 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.326817036 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.326859951 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.326867104 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.327594042 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.327649117 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.327653885 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.327671051 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.327719927 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.327842951 CEST	49739	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.327855110 CEST	443	49739	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.490161896 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.490216970 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.490267992 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.490334988 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.490355968 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.490365982 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.490371943 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.614012957 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.614048004 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.614108086 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.616601944 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:31.616614103 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:31.797352076 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.798015118 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.798048019 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.798397064 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.799412966 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.799479961 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:31.800124884 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:31.840504885 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.128813982 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.128830910 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.128897905 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.128897905 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.128937960 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.131351948 CEST	49746	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.131371975 CEST	443	49746	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.153958082 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.153990984 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.154053926 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.154658079 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.154676914 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.200823069 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.200851917 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.200922012 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.201531887 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.201558113 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.365777969 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.365842104 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:32.368937969 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:32.368942022 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.369139910 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.372095108 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:32.416502953 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.644164085 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.644220114 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.644304037 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:32.644923925 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:32.644929886 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.644963980 CEST	49747	443	192.168.2.4	184.28.90.27
Jul 3, 2024 01:51:32.644969940 CEST	443	49747	184.28.90.27	192.168.2.4
Jul 3, 2024 01:51:32.726211071 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.726459026 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.726473093 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.727241993 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.727552891 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.727613926 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.727693081 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.772504091 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.958313942 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.958601952 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.958642960 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.960109949 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:32.960179090 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.960474968 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.960566044 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:32.960582018 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.011940956 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.011962891 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.058032990 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.066977978 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.067004919 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.067066908 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.067087889 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.067131996 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.067321062 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.067377090 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.067658901 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.067709923 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.067759037 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.068706989 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.068718910 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.085437059 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.085494995 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.085572958 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.086339951 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.086369991 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.293209076 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.293235064 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.293318987 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.293328047 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.293396950 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.308177948 CEST	49751	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.308223009 CEST	443	49751	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.657202959 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.700057983 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.902363062 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.902399063 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.902847052 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.905112028 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.905309916 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:33.905400991 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:33.952491999 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:34.237855911 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:34.237873077 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:34.237956047 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:34.238004923 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:34.238069057 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:34.238617897 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:34.238677979 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:34.238681078 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:34.238740921 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:34.239270926 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 01:51:34.239306927 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 01:51:37.274233103 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:37.274287939 CEST	443	49672	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:37.274606943 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:37.274606943 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:37.274617910 CEST	443	49672	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:37.274630070 CEST	443	49672	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:37.278338909 CEST	49756	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:37.278389931 CEST	443	49756	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:37.281553030 CEST	49756	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:37.281898975 CEST	49756	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:37.281912088 CEST	443	49756	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:37.879304886 CEST	443	49756	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:37.879409075 CEST	49756	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:51:40.847513914 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:40.847573996 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:40.847620964 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:42.009959936 CEST	49744	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:51:42.009985924 CEST	443	49744	142.250.185.68	192.168.2.4
Jul 3, 2024 01:51:44.149688005 CEST	49723	80	192.168.2.4	199.232.214.172
Jul 3, 2024 01:51:44.154998064 CEST	80	49723	199.232.214.172	192.168.2.4
Jul 3, 2024 01:51:44.155061007 CEST	49723	80	192.168.2.4	199.232.214.172
Jul 3, 2024 01:51:57.051184893 CEST	443	49756	173.222.162.32	192.168.2.4
Jul 3, 2024 01:51:57.051248074 CEST	49756	443	192.168.2.4	173.222.162.32
Jul 3, 2024 01:52:30.308325052 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:30.308373928 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:30.308598995 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:30.309226036 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:30.309237957 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:30.938035011 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:30.938515902 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:30.938529015 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:30.938849926 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:30.939774990 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:30.939826965 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:30.983412981 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:33.121570110 CEST	49724	80	192.168.2.4	199.232.214.172
Jul 3, 2024 01:52:33.127084970 CEST	80	49724	199.232.214.172	192.168.2.4
Jul 3, 2024 01:52:33.127234936 CEST	49724	80	192.168.2.4	199.232.214.172
Jul 3, 2024 01:52:40.848670959 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:40.848737955 CEST	443	49765	142.250.185.68	192.168.2.4
Jul 3, 2024 01:52:40.848872900 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:42.017082930 CEST	49765	443	192.168.2.4	142.250.185.68
Jul 3, 2024 01:52:42.017106056 CEST	443	49765	142.250.185.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 01:51:25.597096920 CEST	53	49332	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:25.663847923 CEST	53	49320	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:26.693094015 CEST	53	49315	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:27.687079906 CEST	62153	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:27.687855005 CEST	63210	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:30.260895967 CEST	61728	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:30.261238098 CEST	59397	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:30.269465923 CEST	53	61728	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:30.270103931 CEST	53	59397	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:31.701114893 CEST	53	56992	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:32.161470890 CEST	53380	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:32.161845922 CEST	62045	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:33.487560987 CEST	52508	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:33.487994909 CEST	51363	53	192.168.2.4	1.1.1.1
Jul 3, 2024 01:51:43.973252058 CEST	53	56548	1.1.1.1	192.168.2.4
Jul 3, 2024 01:51:44.691098928 CEST	138	138	192.168.2.4	192.168.2.255
Jul 3, 2024 01:52:02.745021105 CEST	53	56636	1.1.1.1	192.168.2.4
Jul 3, 2024 01:52:25.174829006 CEST	53	60228	1.1.1.1	192.168.2.4
Jul 3, 2024 01:52:25.488920927 CEST	53	53883	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 01:51:27.687079906 CEST	192.168.2.4	1.1.1.1	0x614f	Standard query (0)	cottonaust-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:27.687855005 CEST	192.168.2.4	1.1.1.1	0x5eac	Standard query (0)	cottonaust-my.sharepoint.com	65	IN (0x0001)	false
Jul 3, 2024 01:51:30.260895967 CEST	192.168.2.4	1.1.1.1	0x4562	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:30.261238098 CEST	192.168.2.4	1.1.1.1	0xb97d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 3, 2024 01:51:32.161470890 CEST	192.168.2.4	1.1.1.1	0x2016	Standard query (0)	cottonaust-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:32.161845922 CEST	192.168.2.4	1.1.1.1	0xdb57	Standard query (0)	cottonaust-my.sharepoint.com	65	IN (0x0001)	false
Jul 3, 2024 01:51:33.487560987 CEST	192.168.2.4	1.1.1.1	0x56f8	Standard query (0)	m365cdn.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:33.487994909 CEST	192.168.2.4	1.1.1.1	0x87bc	Standard query (0)	m365cdn.nel.measure.office.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 01:51:27.726334095 CEST	1.1.1.1	192.168.2.4	0x5eac	No error (0)	cottonaust-my.sharepoint.com	cottonaust.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.726334095 CEST	1.1.1.1	192.168.2.4	0x5eac	No error (0)	cottonaust.sharepoint.com	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.726334095 CEST	1.1.1.1	192.168.2.4	0x5eac	No error (0)	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.726334095 CEST	1.1.1.1	192.168.2.4	0x5eac	No error (0)	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	cottonaust-my.sharepoint.com	cottonaust.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	cottonaust.sharepoint.com	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	196426-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:27.736710072 CEST	1.1.1.1	192.168.2.4	0x614f	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:30.269465923 CEST	1.1.1.1	192.168.2.4	0x4562	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:30.270103931 CEST	1.1.1.1	192.168.2.4	0xb97d	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	cottonaust-my.sharepoint.com	cottonaust.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	cottonaust.sharepoint.com	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	196426-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:32.194035053 CEST	1.1.1.1	192.168.2.4	0x2016	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:32.199589014 CEST	1.1.1.1	192.168.2.4	0xdb57	No error (0)	cottonaust-my.sharepoint.com	cottonaust.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.199589014 CEST	1.1.1.1	192.168.2.4	0xdb57	No error (0)	cottonaust.sharepoint.com	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.199589014 CEST	1.1.1.1	192.168.2.4	0xdb57	No error (0)	1621-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:32.199589014 CEST	1.1.1.1	192.168.2.4	0xdb57	No error (0)	196426-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	196426-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:33.494854927 CEST	1.1.1.1	192.168.2.4	0x56f8	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:33.495378971 CEST	1.1.1.1	192.168.2.4	0x87bc	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:41.427148104 CEST	1.1.1.1	192.168.2.4	0x5fb9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:41.427148104 CEST	1.1.1.1	192.168.2.4	0x5fb9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:51:54.967437029 CEST	1.1.1.1	192.168.2.4	0x6f32	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:51:54.967437029 CEST	1.1.1.1	192.168.2.4	0x6f32	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:52:17.864250898 CEST	1.1.1.1	192.168.2.4	0x3371	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:52:17.864250898 CEST	1.1.1.1	192.168.2.4	0x3371	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 01:52:38.584342957 CEST	1.1.1.1	192.168.2.4	0x4bd1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 01:52:38.584342957 CEST	1.1.1.1	192.168.2.4	0x4bd1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cottonaust-my.sharepoint.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:28 UTC	1122	OUT	GET /:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:29 UTC	1977	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 69195 Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,121416,0,48006,208 X-SharePointHealthScore: 1 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 918038a1-a0e9-3000-826d-8eca496f1a3c request-id: 918038a1-a0e9-3000-826d-8eca496f1a3c MS-CV: oTiAkemgADCCbY7KSW8aPA.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=02a441e0-9927-4ea0-8ec8-160f901c519c&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com .powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 849 SPIisLatency: 7 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 55899BFBF7DB4BA8B57567576E4C2C0B Ref B: EWR311000108045 Ref C: 2024-07-02T23:51:28Z Date: Tue, 02 Jul 2024 23:51:29 GMT Connection: close
2024-07-02 23:51:29 UTC	262	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 6f 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 6f 66 66 69 63 65 3a 6f 66 66 69 63 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 48 54 4d 4c 49 4e 44 45 58 22 20 2f 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 Data Ascii: http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1
2024-07-02 23:51:29 UTC	6075	IN	Data Raw: 6c 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 31 32 70 78 7d 2e 74 6f 70 2d 62 61 6e 6e 65 72 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 32 30 70 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 30 37 38 64 37 7d 2e 74 6f 70 2d 62 61 6e 6e 65 72 20 2e 62 72 61 6e 64 2d 6e 61 6d 65 7b 63 6f 6c 6f 72 3a 23 66 Data Ascii: l{box-sizing:border-box}.main-content{flex-direction:column;display:flex;align-items:center;padding:0 12px}.top-banner{flex-direction:column;display:flex;height:40px;padding:0 20px;justify-content:center;background:#0078d7}.top-banner .brand-name{color:#f
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 39 34 2d 34 61 62 39 2d 62 64 63 37 2d 34 39 35 34 32 30 35 31 38 33 32 30 22 3e 0d 0a 09 09 21 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 27 50 65 72 66 6f 72 6d 61 6e 63 65 4c 6f 6e 67 54 61 73 6b 54 69 6d 69 6e 67 27 20 69 6e 20 77 69 6e 64 6f 77 29 7b 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 5f 5f 74 74 69 3d 7b 65 3a 5b 5d 7d 3b 67 2e 6f 3d 6e 65 77 20 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 67 2e 65 3d 67 2e 65 2e 63 6f 6e 63 61 74 28 6c 2e 67 65 74 45 6e 74 72 69 65 73 28 29 29 7d 29 3b 67 2e 6f 2e 6f 62 73 65 72 76 65 28 7b 65 6e 74 72 79 54 79 70 65 73 3a 5b 27 6c 6f 6e 67 74 61 73 6b 27 5d 7d 29 7d 7d 28 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 Data Ascii: 94-4ab9-bdc7-495420518320">!function(){if('PerformanceLongTaskTiming' in window){var g=window.__tti={e:[]};g.o=new PerformanceObserver(function(l){g.e=g.e.concat(l.getEntries())});g.o.observe({entryTypes:['longtask']})}}();</script><script type="te
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 65 2e 45 53 36 50 72 6f 6d 69 73 65 3d 74 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 65 3d 73 65 74 54 69 6d 65 6f 75 74 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 72 2c 31 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 53 3b 65 2b 3d 32 29 7b 28 30 2c 54 5b 65 5d 29 28 54 5b 65 2b 31 5d 29 2c 54 5b 65 5d 3d 76 6f 69 64 20 30 2c 54 5b 65 2b 31 5d 3d 76 Data Ascii: of define&&define.amd?define(t):e.ES6Promise=t()}(this,function(){"use strict";function c(e){return"function"==typeof e}function t(){var e=setTimeout;return function(){return e(r,1)}}function r(){for(var e=0;e<S;e+=2){(0,T[e])(T[e+1]),T[e]=void 0,T[e+1]=v
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 2c 6e 29 7b 76 61 72 20 69 2c 6f 2c 73 3d 64 65 66 43 6f 6e 74 65 78 74 4e 61 6d 65 3b 69 66 28 21 69 73 41 72 72 61 79 28 65 29 26 26 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 29 7b 6f 3d 65 3b 69 66 28 69 73 41 72 72 61 79 28 74 29 29 7b 65 3d 74 3b 74 3d 72 3b 72 3d 6e 7d 65 6c 73 65 20 65 3d 5b 5d 7d 6f 26 26 6f 2e 63 6f 6e 74 65 78 74 26 26 28 73 3d 6f 2e 63 6f 6e 74 65 78 74 29 3b 69 3d 28 69 3d 67 65 74 4f 77 6e 28 63 6f 6e 74 65 78 74 73 2c 73 29 29 7c 7c 28 63 6f 6e 74 65 78 74 73 5b 73 5d 3d 72 65 71 2e 73 2e 6e 65 77 43 6f 6e 74 65 78 74 28 73 29 29 3b 6f 26 26 69 2e 63 6f 6e 66 69 67 75 72 65 28 6f 29 3b 72 65 74 75 72 6e 20 69 2e 72 65 71 75 69 72 65 28 65 2c 74 2c 72 29 7d 3b 72 65 71 2e 63 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f Data Ascii: ,n){var i,o,s=defContextName;if(!isArray(e)&&"string"!=typeof e){o=e;if(isArray(t)){e=t;t=r;r=n}else e=[]}o&&o.context&&(s=o.context);i=(i=getOwn(contexts,s))\|\|(contexts[s]=req.s.newContext(s));o&&i.configure(o);return i.require(e,t,r)};req.config=functio
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 6e 75 6c 6c 3b 74 2e 72 65 71 75 69 72 65 54 79 70 65 3d 74 68 69 73 2e 6d 61 70 2e 69 73 44 65 66 69 6e 65 3f 22 64 65 66 69 6e 65 22 3a 22 72 65 71 75 69 72 65 22 3b 72 65 74 75 72 6e 20 6a 28 74 68 69 73 2e 65 72 72 6f 72 3d 74 29 7d 7d 65 6c 73 65 20 69 3d 6f 3b 74 68 69 73 2e 65 78 70 6f 72 74 73 3d 69 3b 69 66 28 74 68 69 73 2e 6d 61 70 2e 69 73 44 65 66 69 6e 65 26 26 21 74 68 69 73 2e 69 67 6e 6f 72 65 29 7b 6d 5b 72 5d 3d 69 3b 69 66 28 72 65 71 2e 6f 6e 52 65 73 6f 75 72 63 65 4c 6f 61 64 29 7b 76 61 72 20 73 3d 5b 5d 3b 65 61 63 68 28 74 68 69 73 2e 64 65 70 4d 61 70 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 2e 70 75 73 68 28 65 2e 6e 6f 72 6d 61 6c 69 7a 65 64 4d 61 70 7c 7c 65 29 7d 29 3b 72 65 71 2e 6f 6e 52 65 73 6f 75 72 63 65 4c 6f 61 Data Ascii: null;t.requireType=this.map.isDefine?"define":"require";return j(this.error=t)}}else i=o;this.exports=i;if(this.map.isDefine&&!this.ignore){m[r]=i;if(req.onResourceLoad){var s=[];each(this.depMaps,function(e){s.push(e.normalizedMap\|\|e)});req.onResourceLoa
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 65 73 20 3d 20 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 6d 6f 64 75 6c 65 73 46 61 6c 6c 65 64 42 61 63 6b 3b 0d 0a 20 20 20 20 20 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 70 75 73 68 28 6d 6f 64 75 6c 65 49 64 29 3b 0d 0a 20 20 20 20 20 20 69 66 20 28 21 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 62 61 73 65 55 72 6c 46 61 69 6c 65 64 4f 76 65 72 20 26 26 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 6c 65 6e 67 74 68 20 3e 3d 20 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 64 20 69 6e 20 70 61 74 68 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 74 65 6d 73 20 3d 20 70 61 74 68 73 5b 69 64 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 69 74 65 6d 73 29 20 26 Data Ascii: es = failOverState.modulesFalledBack; failedModules.push(moduleId); if (!failOverState.baseUrlFailedOver && failedModules.length >= 2) { for (var id in paths) { var items = paths[id]; if (Array.isArray(items) &
2024-07-02 23:51:29 UTC	8192	IN	Data Raw: 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 2f 2f 3c 21 5b 43 44 41 54 41 5b 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 4f 6e 53 75 62 6d 69 74 28 29 20 7b 0d 0a 69 66 20 28 74 79 70 65 6f 66 28 56 61 6c 69 64 61 74 6f 72 4f 6e 53 75 62 6d 69 74 29 20 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 26 26 20 56 61 6c 69 64 61 74 6f 72 4f 6e 53 75 62 6d 69 74 28 29 20 3d 3d 20 66 61 6c 73 65 29 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 69 66 20 28 74 79 70 65 6f 66 28 5f 73 70 46 6f 72 6d 4f 6e 53 75 62 6d 69 74 57 72 61 70 70 65 72 29 20 21 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 72 65 74 75 72 6e 20 5f 73 70 46 6f 72 6d 4f 6e 53 75 62 6d 69 74 57 72 Data Ascii: ></script><script type="text/javascript">//<![CDATA[function WebForm_OnSubmit() {if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;if (typeof(_spFormOnSubmitWrapper) != 'undefined') {return _spFormOnSubmitWr
2024-07-02 23:51:29 UTC	5514	IN	Data Raw: 3d 20 22 44 79 6e 61 6d 69 63 22 3b 0d 0a 09 56 61 6c 69 64 61 74 65 54 4f 41 41 45 4d 61 69 6c 2e 65 76 61 6c 75 61 74 69 6f 6e 66 75 6e 63 74 69 6f 6e 20 3d 20 22 52 65 67 75 6c 61 72 45 78 70 72 65 73 73 69 6f 6e 56 61 6c 69 64 61 74 6f 72 45 76 61 6c 75 61 74 65 49 73 56 61 6c 69 64 22 3b 0d 0a 09 56 61 6c 69 64 61 74 65 54 4f 41 41 45 4d 61 69 6c 2e 76 61 6c 69 64 61 74 69 6f 6e 65 78 70 72 65 73 73 69 6f 6e 20 3d 20 22 5e 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 40 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 24 22 3b 0d 0a 09 76 61 72 20 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 20 3f 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 22 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 Data Ascii: = "Dynamic";ValidateTOAAEMail.evaluationfunction = "RegularExpressionValidatorEvaluateIsValid";ValidateTOAAEMail.validationexpression = "^[^ \\r\\t\\n\\f@]+@[^ \\r\\t\\n\\f@]+$";var IncorrectTOAAEMail = document.all ? document.all["IncorrectTOAAE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:30 UTC	1139	OUT	GET /WebResource.axd?d=mjf41zbhcy6XSi2MT4IyfXy9eaA_1J2DzcHlChcfmbH9LgiujjrIBFG9F_XiAHLSQtWNSQI2DPkKf39dr0QR5eTTPvtGW770jKStT60E1Ok1&t=638533172441064469 HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:30 UTC	761	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 23063 Content-Type: application/x-javascript Expires: Wed, 02 Jul 2025 19:27:27 GMT Last-Modified: Fri, 07 Jun 2024 07:34:04 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,4204800,51,131,371620,0,2101618,25 X-AspNet-Version: 4.0.30319 SPRequestDuration: 8 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 5CFBE925FABB465199DB7E8A608F2BD4 Ref B: EWR311000108031 Ref C: 2024-07-02T23:51:30Z Date: Tue, 02 Jul 2024 23:51:29 GMT Connection: close
2024-07-02 23:51:30 UTC	3735	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c Data Ascii: function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.val
2024-07-02 23:51:30 UTC	8192	IN	Data Raw: 72 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 22 22 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 70 61 74 68 20 3d 20 61 63 74 69 6f 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 71 75 65 72 79 20 3d 20 22 22 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 71 75 65 72 79 49 6e 64 65 78 20 3d 20 61 63 74 69 6f 6e 2e 69 6e 64 65 78 4f 66 28 27 3f 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 71 75 65 72 79 49 6e 64 65 78 20 21 3d 3d 20 2d 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 71 75 65 72 79 20 3d 20 61 63 74 69 6f 6e 2e 73 75 62 73 74 72 28 71 75 65 72 79 49 6e 64 65 78 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 Data Ascii: r) { var domain = ""; var path = action; var query = ""; var queryIndex = action.indexOf('?'); if (queryIndex !== -1) { query = action.substr(queryIndex); p
2024-07-02 23:51:30 UTC	3818	IN	Data Raw: 69 74 43 61 6c 6c 62 61 63 6b 28 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 66 6f 72 6d 45 6c 65 6d 65 6e 74 73 20 3d 20 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 2c 0d 0a 20 20 20 20 20 20 20 20 63 6f 75 6e 74 20 3d 20 66 6f 72 6d 45 6c 65 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 0d 0a 20 20 20 20 20 20 20 20 65 6c 65 6d 65 6e 74 3b 0d 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 63 6f 75 6e 74 3b 20 69 2b 2b 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 65 6c 65 6d 65 6e 74 20 3d 20 66 6f 72 6d 45 6c 65 6d 65 6e 74 73 5b 69 5d 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 67 4e 61 6d 65 20 3d 20 65 6c 65 6d 65 6e 74 2e 74 61 67 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 Data Ascii: itCallback() { var formElements = theForm.elements, count = formElements.length, element; for (var i = 0; i < count; i++) { element = formElements[i]; var tagName = element.tagName.toLowerCase(); if (
2024-07-02 23:51:30 UTC	7318	IN	Data Raw: 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f Data Ascii: { defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__nonMSDOMBro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:30 UTC	1204	OUT	GET /ScriptResource.axd?d=UB81VRIqU8-q--F_Tm8YSrMkmQn_FnAtBEJXqV-fw0a3QLGBGB09uXHhAA-UjRsiG461unCTYAHSok1cTsIvQNF8Civw5DnMopo4lRQi7zwa0ULv-TQjM7LW7pRAaHot14Cy72k2GboVUdRu0Glvj4qJJqD6TziWtjRqK1Wgsmw1&t=ffffffffa8ad04d3 HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:31 UTC	768	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 26951 Content-Type: application/x-javascript; charset=utf-8 Expires: Wed, 02 Jul 2025 15:11:13 GMT Last-Modified: Tue, 02 Jul 2024 15:11:13 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,262656,0,0,613,0,26370,193 X-AspNet-Version: 4.0.30319 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 4546419BD6CE41C09515B8708EA8A2E1 Ref B: EWR311000104037 Ref C: 2024-07-02T23:51:30Z Date: Tue, 02 Jul 2024 23:51:30 GMT Connection: close
2024-07-02 23:51:31 UTC	3402	IN	Data Raw: 76 61 72 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 56 65 72 20 3d 20 22 31 32 35 22 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 73 56 61 6c 69 64 20 3d 20 74 72 75 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 42 6c 6f 63 6b 53 75 62 6d 69 74 20 3d 20 66 61 6c 73 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 6e 76 61 6c 69 64 43 6f 6e 74 72 6f 6c 54 6f 42 65 46 6f 63 75 73 65 64 20 3d 20 6e 75 6c 6c 3b 0d 0a 76 61 72 20 50 61 67 65 5f 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 66 69 6c 65 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d 62 65 72 7c 72 61 6e 67 65 7c 63 6f 6c 6f 72 7c 64 61 74 65 74 69 6d 65 7c 64 61 74 65 7c 6d 6f 6e 74 68 7c 77 65 65 6b 7c 74 69 6d 65 7c 64 61 74 65 74 69 6d 65 Data Ascii: var Page_ValidationVer = "125";var Page_IsValid = true;var Page_BlockSubmit = false;var Page_InvalidControlToBeFocused = null;var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 64 29 3b 0d 0a 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 28 63 6f 6e 74 72 6f 6c 2e 76 61 6c 75 65 29 20 3d 3d 20 22 73 74 72 69 6e 67 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 63 6f 6e 74 72 6f 6c 2e 76 61 6c 75 65 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 56 61 6c 69 64 61 74 6f 72 47 65 74 56 61 6c 75 65 52 65 63 75 72 73 69 76 65 28 63 6f 6e 74 72 6f 6c 29 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 56 61 6c 69 64 61 74 6f 72 47 65 74 56 61 6c 75 65 52 65 63 75 72 73 69 76 65 28 63 6f 6e 74 72 6f 6c 29 0d 0a 7b 0d 0a 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 28 63 6f 6e 74 72 6f 6c 2e 76 61 6c 75 65 29 20 3d 3d 20 22 73 74 72 69 6e 67 22 20 26 26 20 28 63 6f 6e 74 72 Data Ascii: tElementById(id); if (typeof(control.value) == "string") { return control.value; } return ValidatorGetValueRecursive(control);}function ValidatorGetValueRecursive(control){ if (typeof(control.value) == "string" && (contr
2024-07-02 23:51:31 UTC	4144	IN	Data Raw: 66 20 28 6f 70 2e 6d 61 74 63 68 28 65 78 70 29 20 3d 3d 20 6e 75 6c 6c 29 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 0d 0a 20 20 20 20 20 20 20 20 6e 75 6d 20 3d 20 70 61 72 73 65 49 6e 74 28 6f 70 2c 20 31 30 29 3b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 28 69 73 4e 61 4e 28 6e 75 6d 29 20 3f 20 6e 75 6c 6c 20 3a 20 6e 75 6d 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 69 66 28 64 61 74 61 54 79 70 65 20 3d 3d 20 22 44 6f 75 62 6c 65 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 65 78 70 20 3d 20 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 73 2a 28 5b 2d 5c 5c 2b 5d 29 3f 28 5c 5c 64 2a 29 5c 5c 22 20 2b 20 76 61 6c 2e 64 65 63 69 6d 61 6c 63 68 61 72 20 2b 20 22 3f 28 5c 5c 64 2a 29 5c 5c 73 2a Data Ascii: f (op.match(exp) == null) return null; num = parseInt(op, 10); return (isNaN(num) ? null : num); } else if(dataType == "Double") { exp = new RegExp("^\\s([-\\+])?(\\d)\\" + val.decimalchar + "?(\\d)\\s
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 76 61 6c 69 64 61 74 65 29 3b 0d 0a 20 20 20 20 69 66 20 28 56 61 6c 69 64 61 74 6f 72 54 72 69 6d 28 76 61 6c 75 65 29 2e 6c 65 6e 67 74 68 20 3d 3d 20 30 29 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 76 61 72 20 63 6f 6d 70 61 72 65 54 6f 20 3d 20 22 22 3b 0d 0a 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 20 21 3d 20 22 73 74 72 69 6e 67 22 29 20 7c 7c 0d 0a 20 20 20 20 20 20 20 20 28 74 79 70 65 6f 66 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 29 20 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 7c 7c 0d 0a 20 20 20 20 Data Ascii: l.controltovalidate); if (ValidatorTrim(value).length == 0) return true; var compareTo = ""; if ((typeof(val.controltocompare) != "string") \|\| (typeof(document.getElementById(val.controltocompare)) == "undefined") \|\|
2024-07-02 23:51:31 UTC	3021	IN	Data Raw: 20 20 20 20 20 20 20 20 20 76 61 72 20 6c 65 6e 67 74 68 20 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 6f 72 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 6e 67 74 68 20 2b 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 79 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 69 65 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6c 65 6e 67 74 68 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 Data Ascii: var length = parseSpecificAttribute(selector, dataValidationAttribute, Page_Validators); length += parseSpecificAttribute(selector, dataValidationSummaryAttribute, Page_ValidationSummaries); return length; }

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:30 UTC	1217	OUT	GET /ScriptResource.axd?d=6Qrb1MfQHAYn0ld2KcB-IQagUn10Pz5rZNeeQFR9J31DjkkXSk6Ms-LupgZ2opu0gtlqdkYGjWhk_NfS0G8dmK-4IH4jF-bcKMZVrbzYRMUiqwBvCIUPUgnW_Ep2ufYz580Cqbm_g0V7ziifpquJmJAr0lDt1oViTng0WEBuRFbYE_sGYg6owziEf46s9z-T0&t=74258c30 HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:31 UTC	779	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 102801 Content-Type: application/x-javascript; charset=utf-8 Expires: Wed, 02 Jul 2025 23:51:30 GMT Last-Modified: Tue, 02 Jul 2024 23:51:30 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,2102272,0,1278,1147087,0,1095550,208 X-AspNet-Version: 4.0.30319 SPRequestDuration: 5 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: EAFEA1D0311D4B2DB7B37BB95E884A80 Ref B: EWR311000102029 Ref C: 2024-07-02T23:51:30Z Date: Tue, 02 Jul 2024 23:51:30 GMT Connection: close
2024-07-02 23:51:31 UTC	3384	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 2e 6a 73 0d 0a 46 75 6e 63 74 69 6f 6e 2e 5f 5f 74 79 70 65 4e 61 6d 65 3d 22 46 75 6e 63 74 69 6f 6e 22 3b 46 75 6e 63 74 69 6f 6e 2e 5f 5f 63 6c 61 73 73 3d Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjax.jsFunction.__typeName="Function";Function.__class=
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 61 6d 4e 61 6d 65 2c 61 29 3b 76 61 72 20 64 3d 45 72 72 6f 72 2e 63 72 65 61 74 65 28 62 2c 7b 6e 61 6d 65 3a 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4e 75 6c 6c 45 78 63 65 70 74 69 6f 6e 22 2c 70 61 72 61 6d 4e 61 6d 65 3a 61 7d 29 3b 64 2e 70 6f 70 53 74 61 63 6b 46 72 61 6d 65 28 29 3b 72 65 74 75 72 6e 20 64 7d 3b 45 72 72 6f 72 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 61 2c 64 29 7b 76 61 72 20 62 3d 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 45 78 63 65 70 74 69 6f 6e 3a 20 22 2b 28 64 3f 64 3a 53 79 73 2e 52 65 73 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 29 3b 69 66 28 63 29 62 2b 3d 22 5c 6e 22 2b 53 74 72 69 6e 67 2e 66 6f 72 6d 61 74 28 53 79 73 2e 52 Data Ascii: amName,a);var d=Error.create(b,{name:"Sys.ArgumentNullException",paramName:a});d.popStackFrame();return d};Error.argumentOutOfRange=function(c,a,d){var b="Sys.ArgumentOutOfRangeException: "+(d?d:Sys.Res.argumentOutOfRange);if(c)b+="\n"+String.format(Sys.R
2024-07-02 23:51:31 UTC	4151	IN	Data Raw: 72 69 74 73 46 72 6f 6d 28 63 29 7c 7c 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 26 26 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 28 63 29 7d 3b 53 79 73 2e 5f 67 65 74 42 61 73 65 4d 65 74 68 6f 64 3d 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 63 29 7b 76 61 72 20 62 3d 64 2e 67 65 74 42 61 73 65 54 79 70 65 28 29 3b 69 66 28 62 29 7b 76 61 72 20 61 3d 62 2e 70 72 6f 74 6f 74 79 70 65 5b 63 5d 3b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 61 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 53 79 73 2e 5f 69 73 44 6f 6d 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 66 61 6c 73 65 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6e 6f 64 65 54 79 Data Ascii: ritsFrom(c)\|\|a.implementsInterface&&a.implementsInterface(c)};Sys._getBaseMethod=function(d,e,c){var b=d.getBaseType();if(b){var a=b.prototype[c];return a instanceof Function?a:null}return null};Sys._isDomElement=function(a){var c=false;if(typeof a.nodeTy
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 73 22 2c 53 79 73 2e 45 76 65 6e 74 41 72 67 73 29 3b 54 79 70 65 2e 72 65 67 69 73 74 65 72 4e 61 6d 65 73 70 61 63 65 28 22 53 79 73 2e 55 49 22 29 3b 53 79 73 2e 5f 44 65 62 75 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 53 79 73 2e 5f 44 65 62 75 67 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 5f 61 70 70 65 6e 64 43 6f 6e 73 6f 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 44 65 62 75 67 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 29 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 Data Ascii: s",Sys.EventArgs);Type.registerNamespace("Sys.UI");Sys._Debug=function(){};Sys._Debug.prototype={_appendConsole:function(a){if(typeof Debug!=="undefined"&&Debug.writeln)Debug.writeln(a);if(window.console&&window.console.log)window.console.log(a);if(window
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 65 6d 6f 76 65 2c 6e 75 6c 6c 2c 2d 31 2c 5b 62 5d 2c 63 29 29 3b 72 65 74 75 72 6e 20 74 72 75 65 7d 72 65 74 75 72 6e 20 66 61 6c 73 65 7d 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 72 65 6d 6f 76 65 41 74 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 61 29 7b 69 66 28 61 3e 2d 31 26 26 61 3c 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 63 3d 62 5b 61 5d 3b 41 72 72 61 79 2e 72 65 6d 6f 76 65 41 74 28 62 2c 61 29 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 5f 63 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 62 2c 6e 65 77 20 53 79 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 53 79 73 2e 4e 6f 74 69 66 79 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 64 41 63 74 69 6f 6e 2e 72 65 6d 6f 76 65 2c 6e 75 6c 6c 2c 2d 31 2c 5b 63 5d 2c 61 29 29 7d 7d 3b 53 79 Data Ascii: emove,null,-1,[b],c));return true}return false};Sys.Observer.removeAt=function(b,a){if(a>-1&&a<b.length){var c=b[a];Array.removeAt(b,a);Sys.Observer._collectionChange(b,new Sys.CollectionChange(Sys.NotifyCollectionChangedAction.remove,null,-1,[c],a))}};Sy
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 61 29 7b 69 66 28 61 3c 31 30 29 72 65 74 75 72 6e 20 22 30 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 29 72 65 74 75 72 6e 20 22 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 30 29 72 65 74 75 72 6e 20 22 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 76 61 72 20 68 2c 70 2c 74 3d 2f 28 5b 5e 64 5d 7c 5e 29 28 64 7c 64 64 29 28 5b 5e 64 5d 7c 24 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 69 66 28 68 7c 7c 70 29 72 65 74 75 72 6e 20 68 3b 68 3d 74 2e 74 65 73 74 28 65 29 3b 70 3d 74 72 75 65 3b 72 65 74 75 72 6e 20 68 7d 76 61 72 20 71 3d 30 2c 6f 3d 44 61 74 65 2e 5f 67 65 74 54 6f 6b 65 6e 52 65 67 45 78 70 28 29 Data Ascii: rn a.toString()}function v(a){if(a<10)return "000"+a;else if(a<100)return "00"+a;else if(a<1000)return "0"+a;return a.toString()}var h,p,t=/([^d]\|^)(d\|dd)([^d]\|$)/g;function s(){if(h\|\|p)return h;h=t.test(e);p=true;return h}var q=0,o=Date._getTokenRegExp()
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 72 44 61 79 73 29 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 41 72 72 61 79 28 74 68 69 73 2e 64 61 74 65 54 69 6d 65 46 6f 72 6d 61 74 2e 41 62 62 72 65 76 69 61 74 65 64 44 61 79 4e 61 6d 65 73 29 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 2c 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 61 29 29 7d 2c 5f 74 6f 55 70 70 65 72 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 62 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 61 3d 30 2c 64 3d 63 2e 6c 65 6e 67 74 68 3b 61 3c 64 3b 61 2b 2b 29 62 5b 61 5d 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 63 5b 61 5d 29 3b 72 65 74 75 72 6e 20 62 7d 2c 5f 74 6f 55 70 70 65 72 Data Ascii: rDays)this._upperAbbrDays=this._toUpperArray(this.dateTimeFormat.AbbreviatedDayNames);return Array.indexOf(this._upperAbbrDays,this._toUpper(a))},_toUpperArray:function(c){var b=[];for(var a=0,d=c.length;a<d;a++)b[a]=this._toUpper(c[a]);return b},_toUpper
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 78 4f 66 28 62 29 21 3d 3d 2d 31 29 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 4f 70 65 72 61 7c 7c 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 46 69 72 65 46 6f 78 29 61 3d 61 2e 73 70 6c 69 74 28 62 29 2e 6a 6f 69 6e 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 65 73 63 61 70 65 43 68 61 72 73 5b 62 5d 29 3b 65 6c 73 65 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 63 68 61 72 73 54 6f 45 73 63 61 70 65 52 65 67 45 78 73 5b 62 5d 2c 53 79 73 2e 53 65 72 Data Ascii: xOf(b)!==-1)if(Sys.Browser.agent===Sys.Browser.Opera\|\|Sys.Browser.agent===Sys.Browser.FireFox)a=a.split(b).join(Sys.Serialization.JavaScriptSerializer._escapeChars[b]);else a=a.replace(Sys.Serialization.JavaScriptSerializer._charsToEscapeRegExs[b],Sys.Ser
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 6b 65 79 22 29 29 69 66 28 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 58 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 59 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 74 68 69 73 2e 6f 66 66 73 65 74 58 3d 61 2e 6f 66 66 73 65 74 58 3b 74 68 69 73 2e 6f 66 66 73 65 74 59 3d 61 2e 6f 66 66 73 65 74 59 7d 65 6c 73 65 20 69 66 28 74 68 69 73 2e 74 61 72 67 65 74 26 26 74 68 69 73 2e 74 61 72 67 65 74 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 33 26 26 74 79 70 65 6f 66 20 61 2e 63 6c 69 65 6e 74 58 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 76 61 72 20 63 3d 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 67 65 74 4c 6f 63 61 74 69 6f 6e 28 74 68 69 73 2e 74 61 72 67 65 74 29 2c 64 3d 53 79 73 2e 55 49 2e 44 6f Data Ascii: key"))if(typeof a.offsetX!=="undefined"&&typeof a.offsetY!=="undefined"){this.offsetX=a.offsetX;this.offsetY=a.offsetY}else if(this.target&&this.target.nodeType!==3&&typeof a.clientX==="number"){var c=Sys.UI.DomElement.getLocation(this.target),d=Sys.UI.Do
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 29 7b 76 61 72 20 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 7c 7c 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 5f 67 65 74 43 75 72 72 65 6e 74 53 74 79 6c 65 28 61 29 3b 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 62 3f 62 2e 64 69 73 70 6c 61 79 3a 6e 75 6c 6c 3b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 7c 7c 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 3d 3d 22 6e 6f 6e 65 22 29 73 77 69 74 63 68 28 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 63 61 73 65 20 22 44 49 56 22 3a 63 61 73 65 20 22 50 22 3a 63 61 73 65 20 22 41 44 44 52 45 53 53 22 3a 63 61 73 65 20 22 Data Ascii: e=function(a){if(!a._oldDisplayMode){var b=a.currentStyle\|\|Sys.UI.DomElement._getCurrentStyle(a);a._oldDisplayMode=b?b.display:null;if(!a._oldDisplayMode\|\|a._oldDisplayMode==="none")switch(a.tagName.toUpperCase()){case "DIV":case "P":case "ADDRESS":case "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:30 UTC	1217	OUT	GET /ScriptResource.axd?d=SEcewcKlewa2Zn8STa8wutLAB03BeU2Kte1tliaQWUNmEotkU_hQfYWZb8clo440783cWlQAWYOa9gponU1_PssX0i55ojQPo7OvA-g25rlV6707O5-4mlXca5Grx-XbN9odycpgyFYciaRc0LhaRRF_472P6sQ2f587XxWrT61rsrCpsUjgMQrk3x9NSSgB0&t=74258c30 HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:31 UTC	768	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 40326 Content-Type: application/x-javascript; charset=utf-8 Expires: Wed, 02 Jul 2025 16:25:03 GMT Last-Modified: Tue, 02 Jul 2024 16:25:03 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,262656,0,0,610,0,26370,193 X-AspNet-Version: 4.0.30319 SPRequestDuration: 6 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 24555CCD2E4C4EA4B32B4695D9DFDABE Ref B: EWR311000101051 Ref C: 2024-07-02T23:51:30Z Date: Tue, 02 Jul 2024 23:51:30 GMT Connection: close
2024-07-02 23:51:31 UTC	3944	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f 72 6d 73 2e 6a 73 0d 0a 54 79 70 65 2e 5f 72 65 67 69 73 74 65 72 53 63 72 69 70 74 28 22 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjaxWebForms.jsType._registerScript("MicrosoftAjaxWebFo
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 70 74 73 54 6f 4c 6f 61 64 29 74 68 69 73 2e 5f 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 3d 5b 5d 3b 41 72 72 61 79 2e 61 64 64 28 74 68 69 73 2e 5f 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 2c 7b 74 65 78 74 3a 61 7d 29 7d 2c 71 75 65 75 65 53 63 72 69 70 74 52 65 66 65 72 65 6e 63 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 74 68 69 73 2e 5f 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 29 74 68 69 73 2e 5f 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 3d 5b 5d 3b 41 72 72 61 79 2e 61 64 64 28 74 68 69 73 2e 5f 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 2c 7b 73 72 63 3a 61 2c 66 61 6c 6c 62 61 63 6b 3a 62 7d 29 7d 2c 5f 63 72 65 61 74 65 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e Data Ascii: ptsToLoad)this._scriptsToLoad=[];Array.add(this._scriptsToLoad,{text:a})},queueScriptReference:function(a,b){if(!this._scriptsToLoad)this._scriptsToLoad=[];Array.add(this._scriptsToLoad,{src:a,fallback:b})},_createScriptElement:function(c){var a=document.
2024-07-02 23:51:31 UTC	3602	IN	Data Raw: 2c 61 3d 74 68 69 73 2e 5f 65 6e 73 75 72 65 55 6e 69 71 75 65 49 64 73 28 65 7c 7c 62 2e 70 61 6e 65 6c 73 54 6f 55 70 64 61 74 65 29 2c 64 3d 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 3f 61 2e 6a 6f 69 6e 28 22 2c 22 29 3a 61 7c 7c 74 68 69 73 2e 5f 73 63 72 69 70 74 4d 61 6e 61 67 65 72 49 44 3b 69 66 28 63 29 64 2b 3d 22 7c 22 2b 63 3b 72 65 74 75 72 6e 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 74 68 69 73 2e 5f 73 63 72 69 70 74 4d 61 6e 61 67 65 72 49 44 29 2b 22 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 64 29 2b 22 26 22 7d 2c 5f 63 72 65 61 74 65 50 6f 73 74 42 61 63 6b 53 65 74 74 69 6e 67 73 3a 66 75 6e 63 74 69 6f 6e 28 64 2c 61 2c 63 2c 62 29 7b 72 65 74 75 72 6e 20 7b 61 73 79 6e 63 3a 64 Data Ascii: ,a=this._ensureUniqueIds(e\|\|b.panelsToUpdate),d=a instanceof Array?a.join(","):a\|\|this._scriptManagerID;if(c)d+="\|"+c;return encodeURIComponent(this._scriptManagerID)+"="+encodeURIComponent(d)+"&"},_createPostBackSettings:function(d,a,c,b){return {async:d
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 69 64 61 74 65 28 61 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 29 3b 69 66 28 64 29 7b 69 66 28 74 79 70 65 6f 66 20 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 6e 75 6c 6c 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 2e 6c 65 6e 67 74 68 3e 30 29 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 3d 61 2e 61 63 74 69 6f 6e 55 72 6c 3b 69 66 28 61 2e 74 72 61 63 6b 46 6f 63 75 73 29 7b 76 61 72 20 63 3d 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 5b 22 5f 5f 4c 41 53 54 46 4f 43 55 53 22 5d 3b 69 66 28 74 79 70 65 6f 66 20 63 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 63 21 3d 6e 75 6c 6c 29 69 66 28 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 Data Ascii: idate(a.validationGroup);if(d){if(typeof a.actionUrl!="undefined"&&a.actionUrl!=null&&a.actionUrl.length>0)theForm.action=a.actionUrl;if(a.trackFocus){var c=theForm.elements["__LASTFOCUS"];if(typeof c!="undefined"&&c!=null)if(typeof document.activeElement
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 7b 62 2e 61 70 70 65 6e 64 28 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 3b 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 3d 6e 75 6c 6c 7d 76 61 72 20 63 3d 6e 65 77 20 53 79 73 2e 4e 65 74 2e 57 65 62 52 65 71 75 65 73 74 2c 61 3d 77 2e 61 63 74 69 6f 6e 3b 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 49 6e 74 65 72 6e 65 74 45 78 70 6c 6f 72 65 72 29 7b 76 61 72 20 72 3d 61 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 69 66 28 72 21 3d 3d 2d 31 29 61 3d 61 2e 73 75 62 73 74 72 28 30 2c 72 29 3b 76 61 72 20 6f 3d 22 22 2c 76 3d 22 22 2c 6d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3b 69 66 28 6d 21 3d 3d 2d Data Ascii: additionalInput){b.append(this._additionalInput);this._additionalInput=null}var c=new Sys.Net.WebRequest,a=w.action;if(Sys.Browser.agent===Sys.Browser.InternetExplorer){var r=a.indexOf("#");if(r!==-1)a=a.substr(0,r);var o="",v="",m=a.indexOf("?");if(m!==-
2024-07-02 23:51:31 UTC	8192	IN	Data Raw: 6f 73 65 73 5b 61 5d 2c 62 29 7d 2c 5f 73 63 72 69 70 74 49 6e 63 6c 75 64 65 73 4c 6f 61 64 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 62 29 7b 69 66 28 62 2e 65 78 65 63 75 74 6f 72 2e 67 65 74 5f 77 65 62 52 65 71 75 65 73 74 28 29 21 3d 3d 74 68 69 73 2e 5f 72 65 71 75 65 73 74 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 43 6f 6e 74 72 6f 6c 73 28 62 2e 75 70 64 61 74 65 50 61 6e 65 6c 44 61 74 61 2c 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 3f 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 2e 63 6f 6e 74 65 6e 74 3a 6e 75 6c 6c 29 3b 69 66 28 62 2e 66 6f 72 6d 41 63 74 69 6f 6e 4e 6f 64 65 29 74 68 69 73 2e 5f 66 6f 72 6d 2e 61 63 74 69 6f 6e 3d 62 2e Data Ascii: oses[a],b)},_scriptIncludesLoadComplete:function(e,b){if(b.executor.get_webRequest()!==this._request)return;this._commitControls(b.updatePanelData,b.asyncPostBackTimeoutNode?b.asyncPostBackTimeoutNode.content:null);if(b.formActionNode)this._form.action=b.
2024-07-02 23:51:31 UTC	12	IN	Data Raw: 68 61 6e 20 6f 6e 63 65 2e 22 7d 3b Data Ascii: han once."};

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:31 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-02 23:51:31 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=145053 Date: Tue, 02 Jul 2024 23:51:31 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:31 UTC	1089	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:32 UTC	729	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Thu, 27 Jun 2024 04:12:01 GMT Accept-Ranges: bytes ETag: "74fd3c2948c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,60274,0,34514,208 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 12274EA20D1F44BDA53CF4632834790E Ref B: EWR311000104047 Ref C: 2024-07-02T23:51:31Z Date: Tue, 02 Jul 2024 23:51:31 GMT Connection: close
2024-07-02 23:51:32 UTC	3331	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:32 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-02 23:51:32 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=145062 Date: Tue, 02 Jul 2024 23:51:32 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-02 23:51:32 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49750	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:32 UTC	1089	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:33 UTC	736	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Thu, 27 Jun 2024 04:11:44 GMT Accept-Ranges: bytes ETag: "8b1ed1e48c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,1279,102582,0,267911,208 SPRequestDuration: 6 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: FB25A359A29A48FCB0FB16BD66BCF6C4 Ref B: EWR311000104029 Ref C: 2024-07-02T23:51:32Z Date: Tue, 02 Jul 2024 23:51:32 GMT Connection: close
2024-07-02 23:51:33 UTC	3434	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-07-02 23:51:33 UTC	4452	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 70 6c 03 bf 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 6c 03 40 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: plplplplplplplplplplplplplplplplplplpl@plplplplplplplplplplplplplplplplpl@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49751	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:32 UTC	389	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:33 UTC	730	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Thu, 27 Jun 2024 04:12:01 GMT Accept-Ranges: bytes ETag: "74fd3c2948c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,232912,0,70826,208 SPRequestDuration: 4 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 9F3BA0B1DCDA4996AC9C22B87167114D Ref B: EWR311000104049 Ref C: 2024-07-02T23:51:32Z Date: Tue, 02 Jul 2024 23:51:32 GMT Connection: close
2024-07-02 23:51:33 UTC	3331	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49752	13.107.136.10	443	3300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 23:51:33 UTC	389	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: cottonaust-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 23:51:34 UTC	732	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Thu, 27 Jun 2024 04:11:44 GMT Accept-Ranges: bytes ETag: "8b1ed1e48c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,105125,0,34516,208 SPRequestDuration: 4 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 1D1268A54497473A9E87D73739AB16A9 Ref B: EWR311000107051 Ref C: 2024-07-02T23:51:33Z Date: Tue, 02 Jul 2024 23:51:33 GMT Connection: close
2024-07-02 23:51:34 UTC	3455	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-07-02 23:51:34 UTC	4431	IN	Data Raw: 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 6c 03 40 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 6c 03 8f Data Ascii: lplplplplplplplplplplplplplplplpl@plplplplplplplplplplplplplplplplpl@pl

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3468, Parent PID: 6092

General

Target ID:	0
Start time:	19:51:19
Start date:	02/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3300, Parent PID: 3468

General

Target ID:	2
Start time:	19:51:24
Start date:	02/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,15501968651469592190,6701547088032731398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6496, Parent PID: 6092

General

Target ID:	3
Start time:	19:51:26
Start date:	02/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0OTU0MnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=VE9DZzJSVTNuaG5vZE9ZcEhOQlFJanR5NTYvK1h0NU1kSDlQMTlVb2ZTVT0%3d"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3468, Parent PID: 6092