Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9

Overview

General Information

Sample URL:	https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9
Analysis ID:	1466590
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

Submit button contains javascript call

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 3720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1980,i,456032944698161515,8173837603720171204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_62	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_62, type: DROPPED

Source: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9

HTTP Parser: Number of links: 0

Source: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9

HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9

HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9

HTTP Parser: No <meta name="author".. found

Source: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=MRQVr0sCYQeFRZDlmuVhgl_WH2BtcdRFKn3KLSWGQq2AO5ongGm3TYumvKySFZe2jiMPxLAOD2q9JGYktPh3aS5L2gdcrWFPCuLPwOww-uY1&t=638533172441064469 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=QM62FoVp8bO_VxEs62AS1SGG0pugyBdam5sP_osi62Y12zwBc_aG6lUkgVY_5sxTegshesRKY5FxBAew9yBjh7mv2yxEfGoC4Z3v9ZqRLyS8FyFTZ3CgH8mdIeL_TiiSqaqhhblvicMXIek1PsRIjJU6--PqEGbORyR6LIphGkE1&t=ffffffffa8ad04d3 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=ie2Nnm_MCcBgk2RkJ-5P-S_7McEkBM8CrYvKsi73W5p5q_zr3BTiNetdjd5l5qY_GgBwxc4kilSZlHrFC_Pw4DzAO2EDijSKvgj8jdYhOPtzBLJSZq_KiYVyNQpf5Qf2WJF388eKCmMlslE9LQTcOcbKhND9tOfxbM-eMJMf6u0kY1Fz3HKF6BVK9ZmRr7vV0&t=74258c30 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=-4lq_X4hHAt2kvPZlvW5tRWqwfITh9FVtuvhLUqc_R5ZGXvhxFJbZuPY30RKqRxKlNK1DY0vJKZZpY0Z6ouQcxSc8ChAwUnIH2wmA9Y7QK4aCiu7Cf__BJ1EDKlryhEHjkXZ8cvAFAegCB4oiPhU1t875xK2ro-HQ08wUU_0GHfvQHmzyTAen7s4wIYrBMm30&t=74258c30 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: eastwestseed-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: eastwestseed-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: chromecache_54.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_62.2.dr	String found in binary or memory: https://eastwestseed-my.sharepoint.com/personal/nannaphat_phansuk_eastwestseed_com/_layouts/15/image
Source: chromecache_59.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_62.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_62.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25012.12008/require.js
Source: chromecache_62.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/
Source: chromecache_62.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-06-14.009/
Source: chromecache_62.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/22@8/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1980,i,456032944698161515,8173837603720171204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1980,i,456032944698161515,8173837603720171204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://reactjs.org/docs/error-decoder.html?invariant=	0%	URL Reputation	safe
http://github.com/jrburke/requirejs	0%	Avira URL Cloud	safe
https://eastwestseed-my.sharepoint.com/WebResource.axd?d=MRQVr0sCYQeFRZDlmuVhgl_WH2BtcdRFKn3KLSWGQq2AO5ongGm3TYumvKySFZe2jiMPxLAOD2q9JGYktPh3aS5L2gdcrWFPCuLPwOww-uY1&t=638533172441064469	0%	Avira URL Cloud	safe
https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=ie2Nnm_MCcBgk2RkJ-5P-S_7McEkBM8CrYvKsi73W5p5q_zr3BTiNetdjd5l5qY_GgBwxc4kilSZlHrFC_Pw4DzAO2EDijSKvgj8jdYhOPtzBLJSZq_KiYVyNQpf5Qf2WJF388eKCmMlslE9LQTcOcbKhND9tOfxbM-eMJMf6u0kY1Fz3HKF6BVK9ZmRr7vV0&t=74258c30	0%	Avira URL Cloud	safe
https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=-4lq_X4hHAt2kvPZlvW5tRWqwfITh9FVtuvhLUqc_R5ZGXvhxFJbZuPY30RKqRxKlNK1DY0vJKZZpY0Z6ouQcxSc8ChAwUnIH2wmA9Y7QK4aCiu7Cf__BJ1EDKlryhEHjkXZ8cvAFAegCB4oiPhU1t875xK2ro-HQ08wUU_0GHfvQHmzyTAen7s4wIYrBMm30&t=74258c30	0%	Avira URL Cloud	safe
https://eastwestseed-my.sharepoint.com/personal/nannaphat_phansuk_eastwestseed_com/_layouts/15/image	0%	Avira URL Cloud	safe
http://github.com/jrburke/requirejs	0%	Virustotal		Browse
https://eastwestseed-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	0%	Avira URL Cloud	safe
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	0%	Avira URL Cloud	safe
https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=QM62FoVp8bO_VxEs62AS1SGG0pugyBdam5sP_osi62Y12zwBc_aG6lUkgVY_5sxTegshesRKY5FxBAew9yBjh7mv2yxEfGoC4Z3v9ZqRLyS8FyFTZ3CgH8mdIeL_TiiSqaqhhblvicMXIek1PsRIjJU6--PqEGbORyR6LIphGkE1&t=ffffffffa8ad04d3	0%	Avira URL Cloud	safe
https://eastwestseed-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	0%	Avira URL Cloud	safe
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false		unknown
www.google.com	216.58.206.68	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
eastwestseed-my.sharepoint.com	unknown	unknown	false		unknown
m365cdn.nel.measure.office.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9	false		unknown
https://eastwestseed-my.sharepoint.com/WebResource.axd?d=MRQVr0sCYQeFRZDlmuVhgl_WH2BtcdRFKn3KLSWGQq2AO5ongGm3TYumvKySFZe2jiMPxLAOD2q9JGYktPh3aS5L2gdcrWFPCuLPwOww-uY1&t=638533172441064469	false	Avira URL Cloud: safe	unknown
https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=-4lq_X4hHAt2kvPZlvW5tRWqwfITh9FVtuvhLUqc_R5ZGXvhxFJbZuPY30RKqRxKlNK1DY0vJKZZpY0Z6ouQcxSc8ChAwUnIH2wmA9Y7QK4aCiu7Cf__BJ1EDKlryhEHjkXZ8cvAFAegCB4oiPhU1t875xK2ro-HQ08wUU_0GHfvQHmzyTAen7s4wIYrBMm30&t=74258c30	false	Avira URL Cloud: safe	unknown
https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=ie2Nnm_MCcBgk2RkJ-5P-S_7McEkBM8CrYvKsi73W5p5q_zr3BTiNetdjd5l5qY_GgBwxc4kilSZlHrFC_Pw4DzAO2EDijSKvgj8jdYhOPtzBLJSZq_KiYVyNQpf5Qf2WJF388eKCmMlslE9LQTcOcbKhND9tOfxbM-eMJMf6u0kY1Fz3HKF6BVK9ZmRr7vV0&t=74258c30	false	Avira URL Cloud: safe	unknown
https://eastwestseed-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	false	Avira URL Cloud: safe	unknown
https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=QM62FoVp8bO_VxEs62AS1SGG0pugyBdam5sP_osi62Y12zwBc_aG6lUkgVY_5sxTegshesRKY5FxBAew9yBjh7mv2yxEfGoC4Z3v9ZqRLyS8FyFTZ3CgH8mdIeL_TiiSqaqhhblvicMXIek1PsRIjJU6--PqEGbORyR6LIphGkE1&t=ffffffffa8ad04d3	false	Avira URL Cloud: safe	unknown
https://eastwestseed-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/jrburke/requirejs	chromecache_54.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://eastwestseed-my.sharepoint.com/personal/nannaphat_phansuk_eastwestseed_com/_layouts/15/image	chromecache_62.2.dr	false	Avira URL Cloud: safe	unknown
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	chromecache_62.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reactjs.org/docs/error-decoder.html?invariant=	chromecache_59.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
216.58.206.68	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466590
Start date and time:	2024-07-03 07:41:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/22@8/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 74.125.71.84, 172.217.16.206, 34.104.35.123, 2.23.209.54, 2.23.209.59, 2.23.209.56, 2.23.209.55, 2.23.209.53, 2.23.209.8, 2.23.209.9, 2.23.209.57, 2.23.209.58, 142.250.185.234, 142.250.185.74, 172.217.18.10, 142.250.186.42, 142.250.186.74, 172.217.23.106, 216.58.212.138, 142.250.185.170, 142.250.184.202, 142.250.185.138, 142.250.185.202, 142.250.185.106, 142.250.186.138, 216.58.206.74, 142.250.181.234, 216.58.206.42, 2.16.238.152, 2.16.238.149, 40.68.123.157, 199.232.214.172, 192.229.221.95, 13.95.31.18, 20.166.126.56, 142.250.184.195
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, a1894.dscb.akamai.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, 195888-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net, wu-b-net.trafficmanager.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input

Output

URL: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Model: Perplexity: mixtral-8x7b-instruct

{"loginform": true,"urgency": true,

Title: Sharing Link Validation OCR: OneDrive Microsoft Verify Your Identity You've received a secure link to: Final Closing Documents To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Next ay clicking Next you allow East-West Seed Company Limited to use your email address in accordance with their privacy statement. East-West Seed Company Limited has not prNided links to their terms for you to review. e 2017 Microsoft Privacy & Cookies

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:H6xhkY:aQY
MD5:	858372DD32511CB4DD08E48A93B4F175
SHA1:	CE4555B7B2EFBBD644D8E34CF3453A0E8CAA3C43
SHA-256:	3D18F3E1469C83D62CF3A39BA93F8EAA5B22447FE630E59F39DC1B7747635359
SHA-512:	6A57E0D4A1C23CB693AA9312F6FDAA1FC4309B5BC91D1B2279B5792BEE3534749FD3693C19AA95E0768800472D11D438EC3116F337679A249C28BE0E038E6DE0
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAktKYwfkVP-SRIFDfSCVyI=?alt=proto
Preview:	CgkKBw30glciGgA=

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/WebResource.axd?d=MRQVr0sCYQeFRZDlmuVhgl_WH2BtcdRFKn3KLSWGQq2AO5ongGm3TYumvKySFZe2jiMPxLAOD2q9JGYktPh3aS5L2gdcrWFPCuLPwOww-uY1&t=638533172441064469
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17444)
Category:	downloaded
Size (bytes):	17672
Entropy (8bit):	5.233316811547578
Encrypted:	false
SSDEEP:	384:lpLsOooX8uvFBiRh+HnEDuvvy1pqvuvDX/0ohHK9mm+tMHvVOPoQeOMmuI:QnoX8uNB2YHnEDsvy1pqvub/0iq4NMHM
MD5:	6EFDDF589864D2E146A55C01C6764A35
SHA1:	EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F
SHA-256:	2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
SHA-512:	1AFC735660AAE010C04EF89C732D08EBA1B87BE6048164F273BEAEBECA3F30062812B4CD141DDF0291A6AB54F730875D597678A3564C0EED2AAC11E5400F951A
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25012.12008/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.1.22 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.. * Available via the MIT or new BSD license.. * see: http://github.com/jrburke/requirejs for details. */.var requirejs,require,define;!function(global){function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){if(e){var r;for(r=0;r<e.length&&(!e[r]\|\|!t(e[r],r,e));r+=1);}}function eachReverse(e,t){if(e){var r;for(r=e.length-1;r>-1&&(!e[r]\|\|!t(e[r],r,e));r-=1);}}function hasProp(e,t){return hasOwn.call(e,t)}function getOwn(e,t){return hasProp(e,t)&&e[t]}function eachProp(e,t){var r;for(r in e)if(hasProp(e,r)&&t(e[r],r))break}function mixin(e,t,r,i){return t&&eachProp(t,function(t,n){(r\|\|!hasProp(e,n))&&(!i\|\|"object"!=typeof t\|\|!t\|\|isArray(t)\|\|isFunction(t)\|\|t instanceof RegExp?e[n]=t:(e[n]\|\|(e[n]={}),mixin(e[n],t,r,i)))}),e}function bind(e,t){return function(){return t.apply(e,ar

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	26951
Entropy (8bit):	4.514992390210281
Encrypted:	false
SSDEEP:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
MD5:	B3D7A123BE5203A1A3F0F10233ED373F
SHA1:	F4C61F321D8F79A805B356C6EC94090C0D96215C
SHA-256:	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
SHA-512:	A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=QM62FoVp8bO_VxEs62AS1SGG0pugyBdam5sP_osi62Y12zwBc_aG6lUkgVY_5sxTegshesRKY5FxBAew9yBjh7mv2yxEfGoC4Z3v9ZqRLyS8FyFTZ3CgH8mdIeL_TiiSqaqhhblvicMXIek1PsRIjJU6--PqEGbORyR6LIphGkE1&t=ffffffffa8ad04d3
Preview:	var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39257), with CRLF line terminators
Category:	downloaded
Size (bytes):	40326
Entropy (8bit):	5.245555585297941
Encrypted:	false
SSDEEP:	384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
MD5:	DA9DC1C32E89C02FC1E9EEB7E5AAB91E
SHA1:	3EFB110EFA6068CE6B586A67F87DA5125310BC30
SHA-256:	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
SHA-512:	D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=-4lq_X4hHAt2kvPZlvW5tRWqwfITh9FVtuvhLUqc_R5ZGXvhxFJbZuPY30RKqRxKlNK1DY0vJKZZpY0Z6ouQcxSc8ChAwUnIH2wmA9Y7QK4aCiu7Cf__BJ1EDKlryhEHjkXZ8cvAFAegCB4oiPhU1t875xK2ro-HQ08wUU_0GHfvQHmzyTAen7s4wIYrBMm30&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (37521)
Category:	downloaded
Size (bytes):	40512
Entropy (8bit):	5.386921349191213
Encrypted:	false
SSDEEP:	768:Tkv+rkfa2aH5m7UYfXLMQWGjaKEstpgG9ycj:Pr8LaZkzLM46G9
MD5:	8DCE60169BA666CA03A31D123DB49908
SHA1:	956C46BB6058C23D35440DCC656CE61C7B151399
SHA-256:	F9F5A40C01C6D569373CE61EE77849F30E4176E1310652FF17D458C68680CF75
SHA-512:	26BA15ADE0F62393413156C5061B04AA8FCE3A5A5EE06EE35DFC42D3F76AF850980731A38DCF7094711E7FAB18C80EF66C9B354C029D06FA2E846330ACCC7E9E
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/spoguestaccesswebpack/spoguestaccess.js
Preview:	/! For license information please see spoguestaccess.js.LICENSE.txt /.document.currentScript,define("@fluentui/react-file-type-icons",[],()=>{var e;return(()=>{"use strict";var t=[e=>{var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,a=Object.prototype.propertyIsEnumerable;function i(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map(function(e){return t[e]}).join(""))return!1;var a={};return"abcdefghijklmnopqrst".split("").forEach(function(e){a[e]=e}),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},a)).join("")}catch(e){return!1}}()?Object.assign:function(e,r){for(var o,s,c=i(e),d=1;d<arguments.length;d++){for(var l in o=Object(arguments[d]))n.call(o,l)&&(c[l]

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/_layouts/15/images/microsoft-logo.png
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	69236
Entropy (8bit):	5.669437846632591
Encrypted:	false
SSDEEP:	1536:PlgguXZthlMWXBOxSPSW8N6fGNNKSM5Js2wVXUaH3p:PLuPCGeTKSVVXUC
MD5:	A78A847FFD9AF5B722D5AEC4C133C9FF
SHA1:	7A2B14CE5A04ADC3F940D1E84B92650FF9598BBE
SHA-256:	9978E157DFEDF1A92F6227B806A5050C647E275F2FD40D458CD317C238CBBC85
SHA-512:	7BA80DE31E802774C7101B4E17EFD38D01C758C49244C9857B941E6EF6BE6EB93CF08DEFBA89AFC0773CC4BD462335DEFE4504EDC52FA54E876F292D443EEF09
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=47" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,ma

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65329), with CRLF line terminators
Category:	downloaded
Size (bytes):	102801
Entropy (8bit):	5.336080509196147
Encrypted:	false
SSDEEP:	1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
MD5:	C89EAA5B28DF1E17376BE71D71649173
SHA1:	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
SHA-256:	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
SHA-512:	B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
Malicious:	false
Reputation:	low
URL:	https://eastwestseed-my.sharepoint.com/ScriptResource.axd?d=ie2Nnm_MCcBgk2RkJ-5P-S_7McEkBM8CrYvKsi73W5p5q_zr3BTiNetdjd5l5qY_GgBwxc4kilSZlHrFC_Pw4DzAO2EDijSKvgj8jdYhOPtzBLJSZq_KiYVyNQpf5Qf2WJF388eKCmMlslE9LQTcOcbKhND9tOfxbM-eMJMf6u0kY1Fz3HKF6BVK9ZmRr7vV0&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c\|\|typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 07:42:14.345652103 CEST	49678	443	192.168.2.4	104.46.162.224
Jul 3, 2024 07:42:15.470556021 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 07:42:23.940989017 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:23.941020012 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:23.941127062 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:23.941612005 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:23.941618919 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:23.941713095 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:23.942030907 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:23.942044973 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:23.942790031 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:23.942800045 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.501049042 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.502177954 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.502187967 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.503041983 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.503133059 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.506931067 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.506987095 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.507180929 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.507186890 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.517960072 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.521158934 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.521166086 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.522053003 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.522126913 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.524307966 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.524358034 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.550239086 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.565383911 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:24.565390110 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:24.606672049 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.084081888 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 07:42:25.284554005 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.284579992 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.284673929 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.284702063 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.284750938 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.285568953 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.285577059 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.285640001 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.285645008 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.285654068 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.285689116 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.329241991 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.458080053 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.458090067 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.458209991 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.458228111 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.459389925 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.459420919 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.459450960 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.459460974 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.459479094 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.460279942 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.460340977 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.460347891 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.499560118 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.546421051 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.546428919 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.546540022 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.546550035 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.593801022 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.632200003 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.632210016 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.632239103 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.632283926 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.632323980 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.632635117 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.632642031 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.632688999 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.632700920 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.633558035 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.633618116 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.633620024 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.633665085 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.644495964 CEST	49735	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.644512892 CEST	443	49735	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.651139975 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.651166916 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.651231050 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.651359081 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.651916027 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.651926041 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.651982069 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.652910948 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.652918100 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.652975082 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.653359890 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.653388977 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.653446913 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.653763056 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.653779984 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.654031038 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.654045105 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.654274940 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.654288054 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.654484034 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.654499054 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.692512989 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.960946083 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.960964918 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.961025953 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.961044073 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.961087942 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.961796999 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.961805105 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.961833954 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.961853981 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.961909056 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:25.962560892 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:25.962614059 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.051532984 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.051543951 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.051594973 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.051600933 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.051645994 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.053256989 CEST	49736	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.053271055 CEST	443	49736	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.216121912 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.216362953 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.216375113 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.216753006 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.217283010 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.217351913 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.217534065 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.217668056 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.217833996 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.217848063 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.218843937 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.218897104 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.219435930 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.219494104 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.222062111 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.237449884 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.237463951 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.237740993 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.237751007 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.238245010 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.241293907 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.255680084 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.255695105 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.256815910 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.256881952 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.260505915 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.261681080 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.261845112 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.261852026 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.261919022 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.271327019 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.271418095 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.271584034 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.271594048 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.284946918 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.314954996 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.314954996 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.513731003 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.513748884 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.513804913 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.513814926 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.514704943 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.514761925 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.514776945 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.515374899 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.515425920 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.515435934 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.565684080 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.565705061 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.565762043 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.565771103 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.565828085 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.566935062 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.566948891 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.566975117 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.566986084 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.566989899 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.567023993 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.567034006 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.567048073 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.569226980 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.601146936 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.601155043 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.601202011 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.601214886 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.601224899 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.601253033 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.601274014 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.601346970 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.601696968 CEST	49742	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.601703882 CEST	443	49742	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.608575106 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.654386997 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.654396057 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.654473066 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.654488087 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.654889107 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.654897928 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.654947996 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.654957056 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.655863047 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.655900955 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.655915976 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.655922890 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.655949116 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.656008959 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.656055927 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.670161009 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:26.670181036 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:26.670351982 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:26.670728922 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:26.670741081 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:26.685641050 CEST	49741	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.685647964 CEST	443	49741	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.907006025 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.907030106 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.907103062 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.907115936 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.907166004 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.907780886 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.907788992 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.907882929 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.907891035 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.908516884 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.908576012 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.908581972 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.908631086 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.950934887 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.950959921 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.951029062 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.951047897 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.951092958 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.951100111 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.951111078 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:26.951189995 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.968004942 CEST	49744	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:26.968014002 CEST	443	49744	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.117108107 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.117214918 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.117223978 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.117898941 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.117971897 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.117979050 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.118697882 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.118751049 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.118765116 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.119636059 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.119699955 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.119713068 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.172168970 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.257926941 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.257939100 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.257965088 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.257987976 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.258025885 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.258466959 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.258476019 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.258524895 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.258559942 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.258565903 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.259287119 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.259324074 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.259365082 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.259365082 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.259375095 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.260123968 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.260181904 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.260191917 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.260421038 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.260488033 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.260493994 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.261111021 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.261169910 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.261178017 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.261246920 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.261290073 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.261295080 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.261322021 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.261389971 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.277573109 CEST	49743	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.277589083 CEST	443	49743	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.327688932 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:27.371529102 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:27.377888918 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:27.377895117 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:27.378834009 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:27.378897905 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:27.385782957 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:27.385840893 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:27.426120996 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:27.426130056 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:27.468816042 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:27.519725084 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.519742012 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.519793034 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.520412922 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:27.520426035 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:27.720011950 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:27.720041990 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:27.720139027 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:27.721895933 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:27.721910954 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:28.093872070 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.094146967 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.094161034 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.094492912 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.094917059 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.094981909 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.095056057 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.136522055 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.227247953 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.227266073 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.227324963 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.240252018 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.240267992 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.360934019 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:28.361008883 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:28.617970943 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:28.618030071 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:28.618359089 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:28.672581911 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:28.762573004 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.762598038 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.762650013 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.762667894 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.762779951 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.763101101 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.763148069 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.763278961 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.763328075 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.763572931 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.793992043 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.844440937 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.881882906 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.881890059 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.882985115 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.883066893 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.894136906 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.894212008 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.897435904 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.897443056 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.932930946 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:28.938198090 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.972902060 CEST	49747	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:28.972910881 CEST	443	49747	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:28.976510048 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.002266884 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.002306938 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.002397060 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.002778053 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.002790928 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.121388912 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.121449947 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.121620893 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.121788979 CEST	49749	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.121828079 CEST	443	49749	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.183476925 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.183525085 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.183619022 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.184572935 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.184604883 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.577832937 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.578125000 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.578141928 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.578480959 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.578986883 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.579046011 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.579278946 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.620496035 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.745114088 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.745146036 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.745198011 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.745208979 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.745249987 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.745259047 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.745306969 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.745347023 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.747545004 CEST	49750	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.747550011 CEST	443	49750	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.823955059 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.824031115 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.826905012 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.826917887 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.827167034 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:29.828988075 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:29.864329100 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.864351034 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.864408970 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.864425898 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.864466906 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.865027905 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.865089893 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.865098953 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.865127087 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.865722895 CEST	49752	443	192.168.2.4	13.107.136.10
Jul 3, 2024 07:42:29.865736008 CEST	443	49752	13.107.136.10	192.168.2.4
Jul 3, 2024 07:42:29.872499943 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:30.102452040 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:30.102516890 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:30.102612972 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:30.103940010 CEST	49754	443	192.168.2.4	184.28.90.27
Jul 3, 2024 07:42:30.103954077 CEST	443	49754	184.28.90.27	192.168.2.4
Jul 3, 2024 07:42:37.246197939 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:37.246253967 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:42:37.246396065 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:38.853833914 CEST	49745	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:42:38.853857040 CEST	443	49745	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:26.719413042 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:26.719506025 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:26.719638109 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:26.719799995 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:26.719825029 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:27.376156092 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:27.376425982 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:27.376466036 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:27.376761913 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:27.377073050 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:27.377140045 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:27.420166969 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:33.301357985 CEST	49723	80	192.168.2.4	93.184.221.240
Jul 3, 2024 07:43:33.301496983 CEST	49724	80	192.168.2.4	93.184.221.240
Jul 3, 2024 07:43:33.307535887 CEST	80	49723	93.184.221.240	192.168.2.4
Jul 3, 2024 07:43:33.307549000 CEST	80	49724	93.184.221.240	192.168.2.4
Jul 3, 2024 07:43:33.307615995 CEST	49724	80	192.168.2.4	93.184.221.240
Jul 3, 2024 07:43:33.307616949 CEST	49723	80	192.168.2.4	93.184.221.240
Jul 3, 2024 07:43:37.279539108 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:37.279598951 CEST	443	49764	216.58.206.68	192.168.2.4
Jul 3, 2024 07:43:37.279839993 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:38.731364012 CEST	49764	443	192.168.2.4	216.58.206.68
Jul 3, 2024 07:43:38.731395960 CEST	443	49764	216.58.206.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 07:42:22.352756023 CEST	53	61498	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:22.406330109 CEST	53	63895	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:23.506669998 CEST	53	56553	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:23.894882917 CEST	57440	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:23.897310019 CEST	56164	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:26.660662889 CEST	59720	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:26.661389112 CEST	50075	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:26.668725014 CEST	53	59720	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:26.668736935 CEST	53	50075	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:27.525707006 CEST	53	54161	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:28.184622049 CEST	62609	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:28.185003042 CEST	60775	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:29.105945110 CEST	61198	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:29.106220007 CEST	62253	53	192.168.2.4	1.1.1.1
Jul 3, 2024 07:42:40.570816040 CEST	53	56328	1.1.1.1	192.168.2.4
Jul 3, 2024 07:42:44.866235018 CEST	138	138	192.168.2.4	192.168.2.255
Jul 3, 2024 07:42:59.589379072 CEST	53	56818	1.1.1.1	192.168.2.4
Jul 3, 2024 07:43:21.973064899 CEST	53	57142	1.1.1.1	192.168.2.4
Jul 3, 2024 07:43:22.249273062 CEST	53	62709	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 07:42:23.894882917 CEST	192.168.2.4	1.1.1.1	0x28d7	Standard query (0)	eastwestseed-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:23.897310019 CEST	192.168.2.4	1.1.1.1	0x404a	Standard query (0)	eastwestseed-my.sharepoint.com	65	IN (0x0001)	false
Jul 3, 2024 07:42:26.660662889 CEST	192.168.2.4	1.1.1.1	0x2e18	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:26.661389112 CEST	192.168.2.4	1.1.1.1	0x2d85	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 3, 2024 07:42:28.184622049 CEST	192.168.2.4	1.1.1.1	0x83a9	Standard query (0)	eastwestseed-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:28.185003042 CEST	192.168.2.4	1.1.1.1	0x18e9	Standard query (0)	eastwestseed-my.sharepoint.com	65	IN (0x0001)	false
Jul 3, 2024 07:42:29.105945110 CEST	192.168.2.4	1.1.1.1	0x4cc4	Standard query (0)	m365cdn.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:29.106220007 CEST	192.168.2.4	1.1.1.1	0xea3b	Standard query (0)	m365cdn.nel.measure.office.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 07:42:23.932099104 CEST	1.1.1.1	192.168.2.4	0x404a	No error (0)	eastwestseed-my.sharepoint.com	eastwestseed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.932099104 CEST	1.1.1.1	192.168.2.4	0x404a	No error (0)	eastwestseed.sharepoint.com	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.932099104 CEST	1.1.1.1	192.168.2.4	0x404a	No error (0)	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.932099104 CEST	1.1.1.1	192.168.2.4	0x404a	No error (0)	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	eastwestseed-my.sharepoint.com	eastwestseed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	eastwestseed.sharepoint.com	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	195888-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:23.939889908 CEST	1.1.1.1	192.168.2.4	0x28d7	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:26.668725014 CEST	1.1.1.1	192.168.2.4	0x2e18	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:26.668736935 CEST	1.1.1.1	192.168.2.4	0x2d85	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	eastwestseed-my.sharepoint.com	eastwestseed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	eastwestseed.sharepoint.com	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	195888-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:28.222760916 CEST	1.1.1.1	192.168.2.4	0x83a9	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:28.224159956 CEST	1.1.1.1	192.168.2.4	0x18e9	No error (0)	eastwestseed-my.sharepoint.com	eastwestseed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.224159956 CEST	1.1.1.1	192.168.2.4	0x18e9	No error (0)	eastwestseed.sharepoint.com	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.224159956 CEST	1.1.1.1	192.168.2.4	0x18e9	No error (0)	197-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:28.224159956 CEST	1.1.1.1	192.168.2.4	0x18e9	No error (0)	195888-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com	195888-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:29.113466024 CEST	1.1.1.1	192.168.2.4	0xea3b	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:29.113774061 CEST	1.1.1.1	192.168.2.4	0x4cc4	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:38.910655022 CEST	1.1.1.1	192.168.2.4	0xc0ea	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:38.910655022 CEST	1.1.1.1	192.168.2.4	0xc0ea	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:39.433528900 CEST	1.1.1.1	192.168.2.4	0x2c07	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:39.433528900 CEST	1.1.1.1	192.168.2.4	0x2c07	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:42:52.510935068 CEST	1.1.1.1	192.168.2.4	0xcb27	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:42:52.510935068 CEST	1.1.1.1	192.168.2.4	0xcb27	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:43:14.665761948 CEST	1.1.1.1	192.168.2.4	0x68e9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:43:14.665761948 CEST	1.1.1.1	192.168.2.4	0x68e9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 07:43:35.384701967 CEST	1.1.1.1	192.168.2.4	0xb619	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 07:43:35.384701967 CEST	1.1.1.1	192.168.2.4	0xb619	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

eastwestseed-my.sharepoint.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:24 UTC	761	OUT	GET /:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:25 UTC	1974	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 69236 Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,374,0,26268,171 X-SharePointHealthScore: 3 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: a69438a1-909f-3000-8314-54aea090d9ea request-id: a69438a1-909f-3000-8314-54aea090d9ea MS-CV: oTiUpp+QADCDFFSuoJDZ6g.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=08af01ef-242b-4b1f-9a96-05c2f47fcfe2&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com .powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 115 SPIisLatency: 3 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 9A85D48182644AEC82991B5C1FF53781 Ref B: EWR311000103045 Ref C: 2024-07-03T05:42:24Z Date: Wed, 03 Jul 2024 05:42:24 GMT Connection: close
2024-07-03 05:42:25 UTC	2196	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 6f 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 6f 66 66 69 63 65 3a 6f 66 66 69 63 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 6d 69 74 5d 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 72 69 6e 67 2c 62 75 74 74 6f 6e 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 72 69 6e 67 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 64 6f 74 74 65 64 20 42 75 74 74 6f 6e 54 65 78 74 7d 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 2e 33 35 65 6d 20 2e 37 35 65 6d 20 2e 36 32 35 65 6d 7d 6c 65 67 65 6e 64 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 72 6d 61 6c 7d 70 72 6f 67 72 65 73 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 Data Ascii: mit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:b
2024-07-03 05:42:25 UTC	4144	IN	Data Raw: 65 72 2d 73 70 69 6e 2d 62 75 74 74 6f 6e 7b 6d 61 72 67 69 6e 3a 30 3b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 7d 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 7b 2d 6d 6f 7a 2d 61 70 70 65 61 72 61 6e 63 65 3a 74 65 78 74 66 69 65 6c 64 7d 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 3a 3a 2d 6d 73 2d 63 6c 65 61 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 64 65 73 6b 74 6f 70 2d 6c 6f 67 6f 7b 6d 61 72 67 69 6e 3a 35 37 70 78 20 30 20 32 30 70 78 7d 2e 6d 6f 62 69 6c 65 2d 6c 6f 67 6f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 34 70 78 7d 2e 6d 69 63 72 6f 73 6f 66 74 2d 6c 6f 67 6f 7b 68 65 69 67 68 74 3a 32 34 70 78 3b 77 69 64 74 68 3a 31 31 33 70 78 7d 2e 66 6f 72 6d 2d 69 6e 70 75 74 2d 63 6f 6e 74 61 Data Ascii: er-spin-button{margin:0;-webkit-appearance:none}input[type=number]{-moz-appearance:textfield}input[type=number]::-ms-clear{display:none}.desktop-logo{margin:57px 0 20px}.mobile-logo{margin-top:24px}.microsoft-logo{height:24px;width:113px}.form-input-conta
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 34 66 34 39 2d 61 35 37 38 2d 62 39 31 36 30 62 66 66 33 61 37 66 22 3e 0d 0a 09 09 21 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 27 50 65 72 66 6f 72 6d 61 6e 63 65 4c 6f 6e 67 54 61 73 6b 54 69 6d 69 6e 67 27 20 69 6e 20 77 69 6e 64 6f 77 29 7b 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 5f 5f 74 74 69 3d 7b 65 3a 5b 5d 7d 3b 67 2e 6f 3d 6e 65 77 20 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 67 2e 65 3d 67 2e 65 2e 63 6f 6e 63 61 74 28 6c 2e 67 65 74 45 6e 74 72 69 65 73 28 29 29 7d 29 3b 67 2e 6f 2e 6f 62 73 65 72 76 65 28 7b 65 6e 74 72 79 54 79 70 65 73 3a 5b 27 6c 6f 6e 67 74 61 73 6b 27 5d 7d 29 7d 7d 28 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f Data Ascii: 4f49-a578-b9160bff3a7f">!function(){if('PerformanceLongTaskTiming' in window){var g=window.__tti={e:[]};g.o=new PerformanceObserver(function(l){g.e=g.e.concat(l.getEntries())});g.o.observe({entryTypes:['longtask']})}}();</script><script type="text/
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 65 2e 45 53 36 50 72 6f 6d 69 73 65 3d 74 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 65 3d 73 65 74 54 69 6d 65 6f 75 74 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 72 2c 31 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 53 3b 65 2b 3d 32 29 7b 28 30 2c 54 5b 65 5d 29 28 54 5b 65 2b 31 5d 29 2c 54 5b 65 5d 3d 76 6f 69 64 20 30 2c 54 5b 65 2b 31 5d 3d 76 6f 69 64 Data Ascii: define&&define.amd?define(t):e.ES6Promise=t()}(this,function(){"use strict";function c(e){return"function"==typeof e}function t(){var e=setTimeout;return function(){return e(r,1)}}function r(){for(var e=0;e<S;e+=2){(0,T[e])(T[e+1]),T[e]=void 0,T[e+1]=void
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 7b 76 61 72 20 69 2c 6f 2c 73 3d 64 65 66 43 6f 6e 74 65 78 74 4e 61 6d 65 3b 69 66 28 21 69 73 41 72 72 61 79 28 65 29 26 26 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 29 7b 6f 3d 65 3b 69 66 28 69 73 41 72 72 61 79 28 74 29 29 7b 65 3d 74 3b 74 3d 72 3b 72 3d 6e 7d 65 6c 73 65 20 65 3d 5b 5d 7d 6f 26 26 6f 2e 63 6f 6e 74 65 78 74 26 26 28 73 3d 6f 2e 63 6f 6e 74 65 78 74 29 3b 69 3d 28 69 3d 67 65 74 4f 77 6e 28 63 6f 6e 74 65 78 74 73 2c 73 29 29 7c 7c 28 63 6f 6e 74 65 78 74 73 5b 73 5d 3d 72 65 71 2e 73 2e 6e 65 77 43 6f 6e 74 65 78 74 28 73 29 29 3b 6f 26 26 69 2e 63 6f 6e 66 69 67 75 72 65 28 6f 29 3b 72 65 74 75 72 6e 20 69 2e 72 65 71 75 69 72 65 28 65 2c 74 2c 72 29 7d 3b 72 65 71 2e 63 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f 6e 28 65 Data Ascii: {var i,o,s=defContextName;if(!isArray(e)&&"string"!=typeof e){o=e;if(isArray(t)){e=t;t=r;r=n}else e=[]}o&&o.context&&(s=o.context);i=(i=getOwn(contexts,s))\|\|(contexts[s]=req.s.newContext(s));o&&i.configure(o);return i.require(e,t,r)};req.config=function(e
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 6c 3b 74 2e 72 65 71 75 69 72 65 54 79 70 65 3d 74 68 69 73 2e 6d 61 70 2e 69 73 44 65 66 69 6e 65 3f 22 64 65 66 69 6e 65 22 3a 22 72 65 71 75 69 72 65 22 3b 72 65 74 75 72 6e 20 6a 28 74 68 69 73 2e 65 72 72 6f 72 3d 74 29 7d 7d 65 6c 73 65 20 69 3d 6f 3b 74 68 69 73 2e 65 78 70 6f 72 74 73 3d 69 3b 69 66 28 74 68 69 73 2e 6d 61 70 2e 69 73 44 65 66 69 6e 65 26 26 21 74 68 69 73 2e 69 67 6e 6f 72 65 29 7b 6d 5b 72 5d 3d 69 3b 69 66 28 72 65 71 2e 6f 6e 52 65 73 6f 75 72 63 65 4c 6f 61 64 29 7b 76 61 72 20 73 3d 5b 5d 3b 65 61 63 68 28 74 68 69 73 2e 64 65 70 4d 61 70 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 2e 70 75 73 68 28 65 2e 6e 6f 72 6d 61 6c 69 7a 65 64 4d 61 70 7c 7c 65 29 7d 29 3b 72 65 71 2e 6f 6e 52 65 73 6f 75 72 63 65 4c 6f 61 64 28 64 Data Ascii: l;t.requireType=this.map.isDefine?"define":"require";return j(this.error=t)}}else i=o;this.exports=i;if(this.map.isDefine&&!this.ignore){m[r]=i;if(req.onResourceLoad){var s=[];each(this.depMaps,function(e){s.push(e.normalizedMap\|\|e)});req.onResourceLoad(d
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 3d 20 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 6d 6f 64 75 6c 65 73 46 61 6c 6c 65 64 42 61 63 6b 3b 0d 0a 20 20 20 20 20 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 70 75 73 68 28 6d 6f 64 75 6c 65 49 64 29 3b 0d 0a 20 20 20 20 20 20 69 66 20 28 21 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 62 61 73 65 55 72 6c 46 61 69 6c 65 64 4f 76 65 72 20 26 26 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 6c 65 6e 67 74 68 20 3e 3d 20 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 64 20 69 6e 20 70 61 74 68 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 74 65 6d 73 20 3d 20 70 61 74 68 73 5b 69 64 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 69 74 65 6d 73 29 20 26 26 20 69 Data Ascii: = failOverState.modulesFalledBack; failedModules.push(moduleId); if (!failOverState.baseUrlFailedOver && failedModules.length >= 2) { for (var id in paths) { var items = paths[id]; if (Array.isArray(items) && i
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 34 77 49 59 72 42 4d 6d 33 30 26 61 6d 70 3b 74 3d 37 34 32 35 38 63 33 30 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 2f 2f 3c 21 5b 43 44 41 54 41 5b 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 4f 6e 53 75 62 6d 69 74 28 29 20 7b 0d 0a 69 66 20 28 74 79 70 65 6f 66 28 56 61 6c 69 64 61 74 6f 72 4f 6e 53 75 62 6d 69 74 29 20 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 26 26 20 56 61 6c 69 64 61 74 6f 72 4f 6e 53 75 62 6d 69 74 28 29 20 3d 3d 20 66 61 6c 73 65 29 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 69 66 20 28 74 79 70 65 6f 66 28 5f 73 70 46 6f 72 6d 4f 6e 53 75 62 6d 69 74 57 Data Ascii: 4wIYrBMm30&t=74258c30" type="text/javascript"></script><script type="text/javascript">//<![CDATA[function WebForm_OnSubmit() {if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;if (typeof(_spFormOnSubmitW
2024-07-03 05:42:25 UTC	5552	IN	Data Raw: 73 6f 2e 63 6f 6d 5c 22 29 22 3b 0d 0a 09 56 61 6c 69 64 61 74 65 54 4f 41 41 45 4d 61 69 6c 2e 64 69 73 70 6c 61 79 20 3d 20 22 44 79 6e 61 6d 69 63 22 3b 0d 0a 09 56 61 6c 69 64 61 74 65 54 4f 41 41 45 4d 61 69 6c 2e 65 76 61 6c 75 61 74 69 6f 6e 66 75 6e 63 74 69 6f 6e 20 3d 20 22 52 65 67 75 6c 61 72 45 78 70 72 65 73 73 69 6f 6e 56 61 6c 69 64 61 74 6f 72 45 76 61 6c 75 61 74 65 49 73 56 61 6c 69 64 22 3b 0d 0a 09 56 61 6c 69 64 61 74 65 54 4f 41 41 45 4d 61 69 6c 2e 76 61 6c 69 64 61 74 69 6f 6e 65 78 70 72 65 73 73 69 6f 6e 20 3d 20 22 5e 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 40 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 24 22 3b 0d 0a 09 76 61 72 20 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 20 3d 20 64 6f 63 Data Ascii: so.com\")";ValidateTOAAEMail.display = "Dynamic";ValidateTOAAEMail.evaluationfunction = "RegularExpressionValidatorEvaluateIsValid";ValidateTOAAEMail.validationexpression = "^[^ \\r\\t\\n\\f@]+@[^ \\r\\t\\n\\f@]+$";var IncorrectTOAAEMail = doc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:25 UTC	780	OUT	GET /WebResource.axd?d=MRQVr0sCYQeFRZDlmuVhgl_WH2BtcdRFKn3KLSWGQq2AO5ongGm3TYumvKySFZe2jiMPxLAOD2q9JGYktPh3aS5L2gdcrWFPCuLPwOww-uY1&t=638533172441064469 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:25 UTC	753	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 23063 Content-Type: application/x-javascript Expires: Wed, 02 Jul 2025 18:40:36 GMT Last-Modified: Fri, 07 Jun 2024 07:34:04 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,340,0,26268,156 X-AspNet-Version: 4.0.30319 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 1B85A7A1671245D093BCE1C1E5951953 Ref B: EWR311000101025 Ref C: 2024-07-03T05:42:25Z Date: Wed, 03 Jul 2024 05:42:25 GMT Connection: close
2024-07-03 05:42:25 UTC	3394	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c Data Ascii: function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.val
2024-07-03 05:42:25 UTC	8192	IN	Data Raw: 74 65 63 68 61 6e 67 65 20 3d 20 57 65 62 46 6f 72 6d 5f 43 61 6c 6c 62 61 63 6b 43 6f 6d 70 6c 65 74 65 3b 0d 0a 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 63 6b 2e 78 6d 6c 52 65 71 75 65 73 74 20 3d 20 78 6d 6c 52 65 71 75 65 73 74 3b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 65 2e 67 2e 20 68 74 74 70 3a 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 61 63 74 69 6f 6e 20 3d 20 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2c 20 66 72 61 67 6d 65 6e 74 49 6e 64 65 78 20 3d 20 61 63 74 69 6f 6e 2e 69 6e 64 65 78 4f 66 28 27 23 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 66 72 61 67 6d 65 6e 74 49 6e 64 65 78 20 21 3d 3d 20 2d 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: techange = WebForm_CallbackComplete; callback.xmlRequest = xmlRequest; // e.g. http: var action = theForm.action \|\| document.location.pathname, fragmentIndex = action.indexOf('#'); if (fragmentIndex !== -1) {
2024-07-03 05:42:25 UTC	4167	IN	Data Raw: 20 72 65 74 75 72 6e 20 69 3b 0d 0a 7d 0d 0a 76 61 72 20 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 72 20 3d 20 28 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 61 70 70 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 27 65 78 70 6c 6f 72 65 72 27 29 20 3d 3d 20 2d 31 29 3b 0d 0a 76 61 72 20 5f 5f 74 68 65 46 6f 72 6d 50 6f 73 74 44 61 74 61 20 3d 20 22 22 3b 0d 0a 76 61 72 20 5f 5f 74 68 65 46 6f 72 6d 50 6f 73 74 43 6f 6c 6c 65 63 74 69 6f 6e 20 3d 20 6e 65 77 20 41 72 72 61 79 28 29 3b 0d 0a 76 61 72 20 5f 5f 63 61 6c 6c 62 61 63 6b 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 68 69 64 64 65 6e 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d Data Ascii: return i;}var __nonMSDOMBrowser = (window.navigator.appName.toLowerCase().indexOf('explorer') == -1);var __theFormPostData = "";var __theFormPostCollection = new Array();var __callbackTextTypes = /^(text\|password\|hidden\|search\|tel\|url\|email\|num
2024-07-03 05:42:26 UTC	7310	IN	Data Raw: 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 72 29 20 7b 0d Data Ascii: defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__nonMSDOMBrowser) {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:26 UTC	845	OUT	GET /ScriptResource.axd?d=QM62FoVp8bO_VxEs62AS1SGG0pugyBdam5sP_osi62Y12zwBc_aG6lUkgVY_5sxTegshesRKY5FxBAew9yBjh7mv2yxEfGoC4Z3v9ZqRLyS8FyFTZ3CgH8mdIeL_TiiSqaqhhblvicMXIek1PsRIjJU6--PqEGbORyR6LIphGkE1&t=ffffffffa8ad04d3 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:26 UTC	768	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 26951 Content-Type: application/x-javascript; charset=utf-8 Expires: Wed, 02 Jul 2025 17:09:43 GMT Last-Modified: Tue, 02 Jul 2024 17:09:43 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,262656,0,0,498,0,26370,157 X-AspNet-Version: 4.0.30319 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C1E2F3A883094AB6A941EF69BC97D695 Ref B: EWR311000101021 Ref C: 2024-07-03T05:42:26Z Date: Wed, 03 Jul 2024 05:42:26 GMT Connection: close
2024-07-03 05:42:26 UTC	1775	IN	Data Raw: 76 61 72 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 56 65 72 20 3d 20 22 31 32 35 22 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 73 56 61 6c 69 64 20 3d 20 74 72 75 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 42 6c 6f 63 6b 53 75 62 6d 69 74 20 3d 20 66 61 6c 73 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 6e 76 61 6c 69 64 43 6f 6e 74 72 6f 6c 54 6f 42 65 46 6f 63 75 73 65 64 20 3d 20 6e 75 6c 6c 3b 0d 0a 76 61 72 20 50 61 67 65 5f 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 66 69 6c 65 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d 62 65 72 7c 72 61 6e 67 65 7c 63 6f 6c 6f 72 7c 64 61 74 65 74 69 6d 65 7c 64 61 74 65 7c 6d 6f 6e 74 68 7c 77 65 65 6b 7c 74 69 6d 65 7c 64 61 74 65 74 69 6d 65 Data Ascii: var Page_ValidationVer = "125";var Page_IsValid = true;var Page_BlockSubmit = false;var Page_InvalidControlToBeFocused = null;var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 45 4c 45 43 54 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 69 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 69 20 3d 20 30 3b 20 69 20 3c 20 63 6f 6e 74 72 6f 6c 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 56 61 6c 69 64 61 74 6f 72 48 6f 6f 6b 75 70 43 6f 6e 74 72 6f 6c 28 63 6f 6e 74 72 6f 6c 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 69 5d 2c 20 76 61 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 28 63 6f 6e 74 72 6f 6c 2e 56 61 6c 69 64 61 74 6f 72 73 29 20 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 7b 0d Data Ascii: ELECT") { var i; for (i = 0; i < control.childNodes.length; i++) { ValidatorHookupControl(control.childNodes[i], val); } return; } else { if (typeof(control.Validators) == "undefined") {
2024-07-03 05:42:26 UTC	5771	IN	Data Raw: 20 20 20 63 6f 6e 74 72 6f 6c 47 72 6f 75 70 20 3d 20 63 6f 6e 74 72 6f 6c 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 28 63 6f 6e 74 72 6f 6c 47 72 6f 75 70 20 3d 3d 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 29 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 56 61 6c 69 64 61 74 6f 72 4f 6e 4c 6f 61 64 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 28 50 61 67 65 5f 56 61 6c 69 64 61 74 6f 72 73 29 20 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 76 61 72 20 69 2c 20 76 61 6c 3b 0d 0a 20 20 20 20 66 6f 72 20 28 69 20 3d 20 30 3b 20 69 20 3c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 6f 72 73 2e 6c 65 6e 67 74 Data Ascii: controlGroup = control.validationGroup; } return (controlGroup == validationGroup);}function ValidatorOnLoad() { if (typeof(Page_Validators) == "undefined") return; var i, val; for (i = 0; i < Page_Validators.lengt
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 76 61 6c 69 64 61 74 65 29 3b 0d 0a 20 20 20 20 69 66 20 28 56 61 6c 69 64 61 74 6f 72 54 72 69 6d 28 76 61 6c 75 65 29 2e 6c 65 6e 67 74 68 20 3d 3d 20 30 29 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 76 61 72 20 63 6f 6d 70 61 72 65 54 6f 20 3d 20 22 22 3b 0d 0a 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 20 21 3d 20 22 73 74 72 69 6e 67 22 29 20 7c 7c 0d 0a 20 20 20 20 20 20 20 20 28 74 79 70 65 6f 66 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 29 20 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 7c 7c 0d 0a 20 20 20 20 Data Ascii: l.controltovalidate); if (ValidatorTrim(value).length == 0) return true; var compareTo = ""; if ((typeof(val.controltocompare) != "string") \|\| (typeof(document.getElementById(val.controltocompare)) == "undefined") \|\|
2024-07-03 05:42:26 UTC	3021	IN	Data Raw: 20 20 20 20 20 20 20 20 20 76 61 72 20 6c 65 6e 67 74 68 20 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 6f 72 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 6e 67 74 68 20 2b 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 79 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 69 65 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6c 65 6e 67 74 68 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 Data Ascii: var length = parseSpecificAttribute(selector, dataValidationAttribute, Page_Validators); length += parseSpecificAttribute(selector, dataValidationSummaryAttribute, Page_ValidationSummaries); return length; }

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:26 UTC	858	OUT	GET /ScriptResource.axd?d=ie2Nnm_MCcBgk2RkJ-5P-S_7McEkBM8CrYvKsi73W5p5q_zr3BTiNetdjd5l5qY_GgBwxc4kilSZlHrFC_Pw4DzAO2EDijSKvgj8jdYhOPtzBLJSZq_KiYVyNQpf5Qf2WJF388eKCmMlslE9LQTcOcbKhND9tOfxbM-eMJMf6u0kY1Fz3HKF6BVK9ZmRr7vV0&t=74258c30 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:26 UTC	768	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 102801 Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 03 Jul 2025 03:00:59 GMT Last-Modified: Wed, 03 Jul 2024 03:00:59 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,262656,0,0,660,0,26846,25 X-AspNet-Version: 4.0.30319 SPRequestDuration: 4 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 717BB38009EB479798D5FD6ECCB12B93 Ref B: EWR311000103009 Ref C: 2024-07-03T05:42:26Z Date: Wed, 03 Jul 2024 05:42:26 GMT Connection: close
2024-07-03 05:42:26 UTC	3402	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 2e 6a 73 0d 0a 46 75 6e 63 74 69 6f 6e 2e 5f 5f 74 79 70 65 4e 61 6d 65 3d 22 46 75 6e 63 74 69 6f 6e 22 3b 46 75 6e 63 74 69 6f 6e 2e 5f 5f 63 6c 61 73 73 3d Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjax.jsFunction.__typeName="Function";Function.__class=
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 72 6f 72 2e 63 72 65 61 74 65 28 62 2c 7b 6e 61 6d 65 3a 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4e 75 6c 6c 45 78 63 65 70 74 69 6f 6e 22 2c 70 61 72 61 6d 4e 61 6d 65 3a 61 7d 29 3b 64 2e 70 6f 70 53 74 61 63 6b 46 72 61 6d 65 28 29 3b 72 65 74 75 72 6e 20 64 7d 3b 45 72 72 6f 72 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 61 2c 64 29 7b 76 61 72 20 62 3d 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 45 78 63 65 70 74 69 6f 6e 3a 20 22 2b 28 64 3f 64 3a 53 79 73 2e 52 65 73 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 29 3b 69 66 28 63 29 62 2b 3d 22 5c 6e 22 2b 53 74 72 69 6e 67 2e 66 6f 72 6d 61 74 28 53 79 73 2e 52 65 73 2e 70 61 72 61 6d 4e 61 6d 65 2c 63 29 3b 69 66 Data Ascii: ror.create(b,{name:"Sys.ArgumentNullException",paramName:a});d.popStackFrame();return d};Error.argumentOutOfRange=function(c,a,d){var b="Sys.ArgumentOutOfRangeException: "+(d?d:Sys.Res.argumentOutOfRange);if(c)b+="\n"+String.format(Sys.Res.paramName,c);if
2024-07-03 05:42:26 UTC	4144	IN	Data Raw: 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 26 26 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 28 63 29 7d 3b 53 79 73 2e 5f 67 65 74 42 61 73 65 4d 65 74 68 6f 64 3d 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 63 29 7b 76 61 72 20 62 3d 64 2e 67 65 74 42 61 73 65 54 79 70 65 28 29 3b 69 66 28 62 29 7b 76 61 72 20 61 3d 62 2e 70 72 6f 74 6f 74 79 70 65 5b 63 5d 3b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 61 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 53 79 73 2e 5f 69 73 44 6f 6d 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 66 61 6c 73 65 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 76 61 72 Data Ascii: lementsInterface&&a.implementsInterface(c)};Sys._getBaseMethod=function(d,e,c){var b=d.getBaseType();if(b){var a=b.prototype[c];return a instanceof Function?a:null}return null};Sys._isDomElement=function(a){var c=false;if(typeof a.nodeType!=="number"){var
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 74 41 72 67 73 29 3b 54 79 70 65 2e 72 65 67 69 73 74 65 72 4e 61 6d 65 73 70 61 63 65 28 22 53 79 73 2e 55 49 22 29 3b 53 79 73 2e 5f 44 65 62 75 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 53 79 73 2e 5f 44 65 62 75 67 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 5f 61 70 70 65 6e 64 43 6f 6e 73 6f 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 44 65 62 75 67 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 29 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 6f 70 65 72 61 29 77 69 6e 64 Data Ascii: tArgs);Type.registerNamespace("Sys.UI");Sys._Debug=function(){};Sys._Debug.prototype={_appendConsole:function(a){if(typeof Debug!=="undefined"&&Debug.writeln)Debug.writeln(a);if(window.console&&window.console.log)window.console.log(a);if(window.opera)wind
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 2d 31 2c 5b 62 5d 2c 63 29 29 3b 72 65 74 75 72 6e 20 74 72 75 65 7d 72 65 74 75 72 6e 20 66 61 6c 73 65 7d 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 72 65 6d 6f 76 65 41 74 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 61 29 7b 69 66 28 61 3e 2d 31 26 26 61 3c 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 63 3d 62 5b 61 5d 3b 41 72 72 61 79 2e 72 65 6d 6f 76 65 41 74 28 62 2c 61 29 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 5f 63 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 62 2c 6e 65 77 20 53 79 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 53 79 73 2e 4e 6f 74 69 66 79 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 64 41 63 74 69 6f 6e 2e 72 65 6d 6f 76 65 2c 6e 75 6c 6c 2c 2d 31 2c 5b 63 5d 2c 61 29 29 7d 7d 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e Data Ascii: -1,[b],c));return true}return false};Sys.Observer.removeAt=function(b,a){if(a>-1&&a<b.length){var c=b[a];Array.removeAt(b,a);Sys.Observer._collectionChange(b,new Sys.CollectionChange(Sys.NotifyCollectionChangedAction.remove,null,-1,[c],a))}};Sys.Observer.
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 61 29 7b 69 66 28 61 3c 31 30 29 72 65 74 75 72 6e 20 22 30 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 29 72 65 74 75 72 6e 20 22 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 30 29 72 65 74 75 72 6e 20 22 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 76 61 72 20 68 2c 70 2c 74 3d 2f 28 5b 5e 64 5d 7c 5e 29 28 64 7c 64 64 29 28 5b 5e 64 5d 7c 24 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 69 66 28 68 7c 7c 70 29 72 65 74 75 72 6e 20 68 3b 68 3d 74 2e 74 65 73 74 28 65 29 3b 70 3d 74 72 75 65 3b 72 65 74 75 72 6e 20 68 7d 76 61 72 20 71 3d 30 2c 6f 3d 44 61 74 65 2e 5f 67 65 74 54 6f 6b 65 6e 52 65 67 45 78 70 28 29 2c 66 3b 69 66 28 21 6b 26 26 6e Data Ascii: ng()}function v(a){if(a<10)return "000"+a;else if(a<100)return "00"+a;else if(a<1000)return "0"+a;return a.toString()}var h,p,t=/([^d]\|^)(d\|dd)([^d]\|$)/g;function s(){if(h\|\|p)return h;h=t.test(e);p=true;return h}var q=0,o=Date._getTokenRegExp(),f;if(!k&&n
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 41 72 72 61 79 28 74 68 69 73 2e 64 61 74 65 54 69 6d 65 46 6f 72 6d 61 74 2e 41 62 62 72 65 76 69 61 74 65 64 44 61 79 4e 61 6d 65 73 29 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 2c 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 61 29 29 7d 2c 5f 74 6f 55 70 70 65 72 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 62 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 61 3d 30 2c 64 3d 63 2e 6c 65 6e 67 74 68 3b 61 3c 64 3b 61 2b 2b 29 62 5b 61 5d 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 63 5b 61 5d 29 3b 72 65 74 75 72 6e 20 62 7d 2c 5f 74 6f 55 70 70 65 72 3a 66 75 6e 63 74 69 6f 6e 28 61 Data Ascii: _upperAbbrDays=this._toUpperArray(this.dateTimeFormat.AbbreviatedDayNames);return Array.indexOf(this._upperAbbrDays,this._toUpper(a))},_toUpperArray:function(c){var b=[];for(var a=0,d=c.length;a<d;a++)b[a]=this._toUpper(c[a]);return b},_toUpper:function(a
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 29 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 4f 70 65 72 61 7c 7c 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 46 69 72 65 46 6f 78 29 61 3d 61 2e 73 70 6c 69 74 28 62 29 2e 6a 6f 69 6e 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 65 73 63 61 70 65 43 68 61 72 73 5b 62 5d 29 3b 65 6c 73 65 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 63 68 61 72 73 54 6f 45 73 63 61 70 65 52 65 67 45 78 73 5b 62 5d 2c 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e Data Ascii: )if(Sys.Browser.agent===Sys.Browser.Opera\|\|Sys.Browser.agent===Sys.Browser.FireFox)a=a.split(b).join(Sys.Serialization.JavaScriptSerializer._escapeChars[b]);else a=a.replace(Sys.Serialization.JavaScriptSerializer._charsToEscapeRegExs[b],Sys.Serialization.
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 58 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 59 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 74 68 69 73 2e 6f 66 66 73 65 74 58 3d 61 2e 6f 66 66 73 65 74 58 3b 74 68 69 73 2e 6f 66 66 73 65 74 59 3d 61 2e 6f 66 66 73 65 74 59 7d 65 6c 73 65 20 69 66 28 74 68 69 73 2e 74 61 72 67 65 74 26 26 74 68 69 73 2e 74 61 72 67 65 74 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 33 26 26 74 79 70 65 6f 66 20 61 2e 63 6c 69 65 6e 74 58 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 76 61 72 20 63 3d 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 67 65 74 4c 6f 63 61 74 69 6f 6e 28 74 68 69 73 2e 74 61 72 67 65 74 29 2c 64 3d 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 5f 67 Data Ascii: peof a.offsetX!=="undefined"&&typeof a.offsetY!=="undefined"){this.offsetX=a.offsetX;this.offsetY=a.offsetY}else if(this.target&&this.target.nodeType!==3&&typeof a.clientX==="number"){var c=Sys.UI.DomElement.getLocation(this.target),d=Sys.UI.DomElement._g
2024-07-03 05:42:27 UTC	8192	IN	Data Raw: 61 29 7b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 29 7b 76 61 72 20 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 7c 7c 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 5f 67 65 74 43 75 72 72 65 6e 74 53 74 79 6c 65 28 61 29 3b 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 62 3f 62 2e 64 69 73 70 6c 61 79 3a 6e 75 6c 6c 3b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 7c 7c 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 3d 3d 22 6e 6f 6e 65 22 29 73 77 69 74 63 68 28 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 63 61 73 65 20 22 44 49 56 22 3a 63 61 73 65 20 22 50 22 3a 63 61 73 65 20 22 41 44 44 52 45 53 53 22 3a 63 61 73 65 20 22 42 4c 4f 43 4b 51 55 4f 54 45 22 Data Ascii: a){if(!a._oldDisplayMode){var b=a.currentStyle\|\|Sys.UI.DomElement._getCurrentStyle(a);a._oldDisplayMode=b?b.display:null;if(!a._oldDisplayMode\|\|a._oldDisplayMode==="none")switch(a.tagName.toUpperCase()){case "DIV":case "P":case "ADDRESS":case "BLOCKQUOTE"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:26 UTC	858	OUT	GET /ScriptResource.axd?d=-4lq_X4hHAt2kvPZlvW5tRWqwfITh9FVtuvhLUqc_R5ZGXvhxFJbZuPY30RKqRxKlNK1DY0vJKZZpY0Z6ouQcxSc8ChAwUnIH2wmA9Y7QK4aCiu7Cf__BJ1EDKlryhEHjkXZ8cvAFAegCB4oiPhU1t875xK2ro-HQ08wUU_0GHfvQHmzyTAen7s4wIYrBMm30&t=74258c30 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:26 UTC	768	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 40326 Content-Type: application/x-javascript; charset=utf-8 Expires: Wed, 02 Jul 2025 18:07:21 GMT Last-Modified: Tue, 02 Jul 2024 18:07:21 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,262656,0,0,500,0,26370,157 X-AspNet-Version: 4.0.30319 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: AD0FFD07A1184580A68730B3933EFC7C Ref B: EWR311000104019 Ref C: 2024-07-03T05:42:26Z Date: Wed, 03 Jul 2024 05:42:26 GMT Connection: close
2024-07-03 05:42:26 UTC	3402	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f 72 6d 73 2e 6a 73 0d 0a 54 79 70 65 2e 5f 72 65 67 69 73 74 65 72 53 63 72 69 70 74 28 22 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjaxWebForms.jsType._registerScript("MicrosoftAjaxWebFo
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 68 69 73 2e 5f 65 76 65 6e 74 73 29 64 65 6c 65 74 65 20 74 68 69 73 2e 5f 65 76 65 6e 74 73 3b 74 68 69 73 2e 5f 73 65 73 73 69 6f 6e 73 3d 6e 75 6c 6c 3b 74 68 69 73 2e 5f 63 75 72 72 65 6e 74 53 65 73 73 69 6f 6e 3d 6e 75 6c 6c 3b 74 68 69 73 2e 5f 73 63 72 69 70 74 4c 6f 61 64 65 64 44 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 7d 2c 6c 6f 61 64 53 63 72 69 70 74 73 3a 66 75 6e 63 74 69 6f 6e 28 64 2c 62 2c 63 2c 61 29 7b 76 61 72 20 65 3d 7b 61 6c 6c 53 63 72 69 70 74 73 4c 6f 61 64 65 64 43 61 6c 6c 62 61 63 6b 3a 62 2c 73 63 72 69 70 74 4c 6f 61 64 46 61 69 6c 65 64 43 61 6c 6c 62 61 63 6b 3a 63 2c 73 63 72 69 70 74 4c 6f 61 64 54 69 6d 65 6f 75 74 43 61 6c 6c 62 61 63 6b 3a 61 2c 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 3a 74 68 69 73 2e 5f 73 63 72 69 70 Data Ascii: his._events)delete this._events;this._sessions=null;this._currentSession=null;this._scriptLoadedDelegate=null},loadScripts:function(d,b,c,a){var e={allScriptsLoadedCallback:b,scriptLoadFailedCallback:c,scriptLoadTimeoutCallback:a,scriptsToLoad:this._scrip
2024-07-03 05:42:26 UTC	4144	IN	Data Raw: 6f 72 6d 73 2e 50 61 67 65 52 65 71 75 65 73 74 4d 61 6e 61 67 65 72 53 65 72 76 65 72 45 72 72 6f 72 45 78 63 65 70 74 69 6f 6e 3a 20 22 2b 28 64 7c 7c 53 74 72 69 6e 67 2e 66 6f 72 6d 61 74 28 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 52 65 73 2e 50 52 4d 5f 53 65 72 76 65 72 45 72 72 6f 72 2c 61 29 29 2c 62 3d 45 72 72 6f 72 2e 63 72 65 61 74 65 28 63 2c 7b 6e 61 6d 65 3a 22 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 50 61 67 65 52 65 71 75 65 73 74 4d 61 6e 61 67 65 72 53 65 72 76 65 72 45 72 72 6f 72 45 78 63 65 70 74 69 6f 6e 22 2c 68 74 74 70 53 74 61 74 75 73 43 6f 64 65 3a 61 7d 29 3b 62 2e 70 6f 70 53 74 61 63 6b 46 72 61 6d 65 28 29 3b 72 65 74 75 72 6e 20 62 7d 2c 5f 63 72 65 61 74 65 50 61 67 65 52 65 71 75 65 73 74 4d 61 6e 61 67 65 72 50 61 72 73 Data Ascii: orms.PageRequestManagerServerErrorException: "+(d\|\|String.format(Sys.WebForms.Res.PRM_ServerError,a)),b=Error.create(c,{name:"Sys.WebForms.PageRequestManagerServerErrorException",httpStatusCode:a});b.popStackFrame();return b},_createPageRequestManagerPars
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 69 64 61 74 65 28 61 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 29 3b 69 66 28 64 29 7b 69 66 28 74 79 70 65 6f 66 20 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 6e 75 6c 6c 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 2e 6c 65 6e 67 74 68 3e 30 29 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 3d 61 2e 61 63 74 69 6f 6e 55 72 6c 3b 69 66 28 61 2e 74 72 61 63 6b 46 6f 63 75 73 29 7b 76 61 72 20 63 3d 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 5b 22 5f 5f 4c 41 53 54 46 4f 43 55 53 22 5d 3b 69 66 28 74 79 70 65 6f 66 20 63 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 63 21 3d 6e 75 6c 6c 29 69 66 28 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 Data Ascii: idate(a.validationGroup);if(d){if(typeof a.actionUrl!="undefined"&&a.actionUrl!=null&&a.actionUrl.length>0)theForm.action=a.actionUrl;if(a.trackFocus){var c=theForm.elements["__LASTFOCUS"];if(typeof c!="undefined"&&c!=null)if(typeof document.activeElement
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 7b 62 2e 61 70 70 65 6e 64 28 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 3b 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 3d 6e 75 6c 6c 7d 76 61 72 20 63 3d 6e 65 77 20 53 79 73 2e 4e 65 74 2e 57 65 62 52 65 71 75 65 73 74 2c 61 3d 77 2e 61 63 74 69 6f 6e 3b 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 49 6e 74 65 72 6e 65 74 45 78 70 6c 6f 72 65 72 29 7b 76 61 72 20 72 3d 61 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 69 66 28 72 21 3d 3d 2d 31 29 61 3d 61 2e 73 75 62 73 74 72 28 30 2c 72 29 3b 76 61 72 20 6f 3d 22 22 2c 76 3d 22 22 2c 6d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3b 69 66 28 6d 21 3d 3d 2d Data Ascii: additionalInput){b.append(this._additionalInput);this._additionalInput=null}var c=new Sys.Net.WebRequest,a=w.action;if(Sys.Browser.agent===Sys.Browser.InternetExplorer){var r=a.indexOf("#");if(r!==-1)a=a.substr(0,r);var o="",v="",m=a.indexOf("?");if(m!==-
2024-07-03 05:42:26 UTC	8192	IN	Data Raw: 6f 73 65 73 5b 61 5d 2c 62 29 7d 2c 5f 73 63 72 69 70 74 49 6e 63 6c 75 64 65 73 4c 6f 61 64 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 62 29 7b 69 66 28 62 2e 65 78 65 63 75 74 6f 72 2e 67 65 74 5f 77 65 62 52 65 71 75 65 73 74 28 29 21 3d 3d 74 68 69 73 2e 5f 72 65 71 75 65 73 74 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 43 6f 6e 74 72 6f 6c 73 28 62 2e 75 70 64 61 74 65 50 61 6e 65 6c 44 61 74 61 2c 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 3f 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 2e 63 6f 6e 74 65 6e 74 3a 6e 75 6c 6c 29 3b 69 66 28 62 2e 66 6f 72 6d 41 63 74 69 6f 6e 4e 6f 64 65 29 74 68 69 73 2e 5f 66 6f 72 6d 2e 61 63 74 69 6f 6e 3d 62 2e Data Ascii: oses[a],b)},_scriptIncludesLoadComplete:function(e,b){if(b.executor.get_webRequest()!==this._request)return;this._commitControls(b.updatePanelData,b.asyncPostBackTimeoutNode?b.asyncPostBackTimeoutNode.content:null);if(b.formActionNode)this._form.action=b.
2024-07-03 05:42:26 UTC	12	IN	Data Raw: 68 61 6e 20 6f 6e 63 65 2e 22 7d 3b Data Ascii: han once."};

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:26 UTC	730	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:26 UTC	727	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Fri, 28 Jun 2024 04:07:14 GMT Accept-Ranges: bytes ETag: "d97c43a810c9da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,379,0,26268,175 SPRequestDuration: 4 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 28EBF88A7F7547F3BC2E31B664C3FC34 Ref B: EWR311000101009 Ref C: 2024-07-03T05:42:26Z Date: Wed, 03 Jul 2024 05:42:26 GMT Connection: close
2024-07-03 05:42:26 UTC	3331	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:28 UTC	730	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:28 UTC	730	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Fri, 28 Jun 2024 04:06:51 GMT Accept-Ranges: bytes ETag: "da70ce9a10c9da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,372,0,26268,169 SPRequestDuration: 3 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 0D05EF1C515B42E7803B8DCCD539DCA4 Ref B: EWR311000103051 Ref C: 2024-07-03T05:42:28Z Date: Wed, 03 Jul 2024 05:42:28 GMT Connection: close
2024-07-03 05:42:28 UTC	3440	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-07-03 05:42:28 UTC	4446	IN	Data Raw: 00 00 00 00 00 00 70 6c 03 bf 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 6c 03 40 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: plplplplplplplplplplplplplplplplplplpl@plplplplplplplplplplplplplplplplpl@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49750	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:28 UTC	391	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:29 UTC	727	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Fri, 28 Jun 2024 04:06:39 GMT Accept-Ranges: bytes ETag: "dbe1849310c9da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,372,0,26268,173 SPRequestDuration: 4 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 9BBC92E41DC145B5ABEAB648EB96A027 Ref B: EWR311000102035 Ref C: 2024-07-03T05:42:28Z Date: Wed, 03 Jul 2024 05:42:28 GMT Connection: close
2024-07-03 05:42:29 UTC	3331	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49749	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 05:42:29 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=123995 Date: Wed, 03 Jul 2024 05:42:29 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	13.107.136.10	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:29 UTC	391	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: eastwestseed-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 05:42:29 UTC	733	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Fri, 28 Jun 2024 04:06:51 GMT Accept-Ranges: bytes ETag: "da70ce9a10c9da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,348,4718,0,67329,170 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25012 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F2516C94C30042038F1B510092329062 Ref B: EWR311000103045 Ref C: 2024-07-03T05:42:29Z Date: Wed, 03 Jul 2024 05:42:29 GMT Connection: close
2024-07-03 05:42:29 UTC	3437	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-07-03 05:42:29 UTC	4449	IN	Data Raw: 00 00 00 00 00 00 00 00 00 70 6c 03 bf 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 6c 03 40 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 ff 70 6c 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: plplplplplplplplplplplplplplplplplplpl@plplplplplplplplplplplplplplplplpl@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49754	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 05:42:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 05:42:30 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=124004 Date: Wed, 03 Jul 2024 05:42:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-03 05:42:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3720, Parent PID: 1060

General

Target ID:	0
Start time:	01:42:16
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4500, Parent PID: 3720

General

Target ID:	2
Start time:	01:42:20
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1980,i,456032944698161515,8173837603720171204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6500, Parent PID: 1060

General

Target ID:	3
Start time:	01:42:22
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eastwestseed-my.sharepoint.com/:o:/p/nannaphat_phansuk/Eidgp0Qg-HFArs_bxgJSxjYBoQDW3HefgIxqLzXf3wb6MA?e=5%3aUVSLsG&at=9"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly