Click to jump to signature section
| Source: https://1drv.ms/o/c/fca0349b9dac3054/Egg4xW-gVZtFnFIBDYLqn3IBzvGvLdCTacUKBwENWO33dQ?e=nEqWJi | SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
| Source: Chrome DOM: 1.4 | OCR Text: PROW AT THE FORE FRONT PROW AT THE FORE FRONT Shared secured file with you Wednesday, October 23, 2024 10:13 AM PDF CLICK HERE TO VIEW DOCUMENT |
| Source: Chrome DOM: 2.8 | OCR Text: PROW AT THE FORE FRONT Q File Home Insert Draw View Help Vlewirg v Tell me what yau want to do abc 9 Styles v Tags v PROW AT THE FORE FRONT PROW AT THE FORE FRONT Shared secured file with you Add section + Add page Wednesday, October 23, 2024 10:13 AM PROW AT THE FORE F.. PROW AT THE FORE FRO... PDF CLICK HERE TO VIEW DOCUMENT |
| Source: https://onedrive.live.com/view.aspx?resid=FCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9mY2EwMzQ5YjlkYWMzMDU0L0VnZzR4Vy1nVlp0Rm5GSUJEWUxxbjNJQnp2R3ZMZENUYWNVS0J3RU5XTzMzZFE_ZT1uRXFXSmk&wd=target%28Quick%20Notes.one%7Ceb41a5d1-fd11-4e85-a758-ac057152c3cf%2FPROW%20AT%20THE%20FORE%20FRONT%20Shared%C2%A0secured%20file%20with%20you%7C8502bb7e-de02-4bd3-b527-b2bb046d451a%2F%29&wdorigin=NavigationUrl | HTTP Parser: Total embedded image size: 17126 |
| Source: https://onedrive.live.com/edit?id=FCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&resid=FCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&cid=fca0349b9dac3054&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9mY2EwMzQ5YjlkYWMzMDU0L0VnZzR4Vy1nVlp0Rm5GSUJEWUxxbjNJQnp2R3ZMZENUYWNVS0J3RU5XTzMzZFE_ZT1uRXFXSmk&migratedtospo=true&wdo=2 | HTTP Parser: Base64 decoded: {"typ":"JWT","alg":"RS256","x5t":"uXehQJPleVjNCbakUhGD6IyFQQk"} |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:49986 version: TLS 1.2 |
| Source: | Binary string: N||this.Ys.appendChild(this.YE);this.vs();this.Ggd();return new y.a(T,this.Ys)}yca(T,N){T.V1(N,this.sh,this.oP,this.eM)}Ggd(){var T=new O(new Q(this));this.ODb((0,Aa.a)(T,T.USd,"onInputKeyUp"));this.Med((0,Aa.a)(T,T.QTd,"onSearchButtonClick"));var N=new E(this.root,this.Ux,()=>this.pe,new K(this));this.MDb((0,Aa.a)(N,N.hP,"onInputBlur"));this.NDb((0,Aa.a)(N,N.s8,"onInputFocus"));this.PDb((0,Aa.a)(N,N.iP,"onInteractionBegin"));this.nTa((0,Aa.a)(N,N.R_a,"onRestoreFocus"));N=new t(new G(this));this.mTa((0, source: chromecache_233.2.dr, chromecache_409.2.dr, chromecache_339.2.dr, chromecache_306.2.dr |
| Source: | Binary string: (M=y.a.yS(M));n.title=B.a.Ji?String.format(V?Box4Intl.Box4Strings.l_LinkToolTipNoCtrl:Box4Intl.Box4Strings.l_LinkToolTipMac,M):String.format(V?Box4Intl.Box4Strings.l_LinkToolTipNoCtrl:Box4Intl.Box4Strings.l_LinkToolTipWindows,M)}}else n.title=""}static get Wbj(){return!1}static um(n,M){Q.zx.um(n,M)}}Q.Pdb="data-fromssr";(0,D.a)(Q,"AHtmlViewElement",E,[392,393,39])},93176:function(D,L,d){d.d(L,{a:function(){return wa}});D=d(61673);var h=d(66215),k=d(1496),l=d(8562),x=d(41641),u=d(40343),z=d(4840), source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: N=!!M.Vd(V)}for(;N;)(N=M.il.htmlElement)?this.$Sa(n,N):k.ULS.sendTraceTag(588840974,339,10,"child of the CurrentHtmlViewElement is null"),N=!!M.Vd(V);M.xb()}this.zFc(T)}}$Sa(n,M){"true"===n.getAttribute(Q.Pdb)&&n.firstChild?n.insertBefore(M,n.firstChild):n.appendChild(M)}XKc(n,M){if(!M)return null;const V=M.parentNode;for(n=n.il.htmlElement;M&&n!==M;){var T=P.a(M);if(T===this||P.c(M))M=M.nextSibling;else{let N=!!T;N&&(T=T.ra.anchor,N=!!T&&T.tOh(this.ra.anchor));if(N){V.insertBefore(n,M);M=n;break}else T= source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: null}ycg(k){let l=this.wc.jl.Tg;for(;l&&!(this.pdb(l)&&l.JO&k);)l.iT(k),l=l.Tg;if(l)return this.wc.fxa(l),this.currentNode;this.xb();return null}}(0,D.a)(h,"LoadedCoreGraphIterator",d.a,[])},717:function(D,L,d){d.d(L,{a:function(){return l}});D=d(61673);var h=d(65120),k=d(39188);class l{constructor(x){this.nQ=this.Uvb=null;this.X0=x.currentNode;const u=new k.a;u.Bb(x);this.c5c=new k.a;this.c5c.Bb(x);this.Z4c=u.origin;this.LSc=Array(u.depth);this.b5a=Array(u.depth);this.MSc=Array(u.depth);for(x=u.depth- source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: this.rj.TabName=h.AFrameworkApplication.ma.Msa}catch(J){z.b(25282133,306,10,"Error while setting context: {0}",J.message)}}gI(E){const J={};try{J["AppInfo.Id"]=this.fKg;J["AppInfo.Version"]=this.gKg;J.SchemaVersion=this.A0i;J.SamplePolicy=this.v_i;J.ExpirationDate=this.f0g(this.TJb);J.ActivityType=this.pDb;J.Audience=this.audience?this.audience.toString():"";J["UserInfo.Id"]=this.u1b;J["UserInfo.IdType"]=this.Zvj;J["UserInfo.OMSTenantId"]=this.$vj;J.Namespace=this.namespace.toString();J.EventName= source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: this.QA(this.wc.jl);this.xcb(l);return x?(this.wc.cW(x),this.currentNode):null}Bpd(l,x){let u=this.QA(this.wc.jl);for(;u&&u.role!==l;)u=this.QA(u);this.xcb(x);return u?(this.wc.cW(u),this.currentNode):null}GY(l){for(l=l.im;l&&!this.pdb(l);)l=l.Tg;return l}QA(l){for(l=l.Tg;l&&!this.pdb(l);)l=l.Tg;return l}}(0,D.a)(k,"AFilteredGraphIterator",d.a,[])},41719:function(D,L,d){d.d(L,{a:function(){return h}});D=d(61673);class h{constructor(){this.J5=this.Ya=null;this.Fia=!1;this.wze=this.n6c=this.nQ=this.CE= source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: S=this.wbf(r);if(0<r&&!S.count)return!1;for(let ka of S)ka.setAttribute(Sg.a.Pdb,"true"),this.htmlElement.appendChild(ka);this.Hfa(this.htmlElement,!0);this.Ubc=this.s6c=!0;this.htmlElement.setAttribute(Sg.a.Pdb,"true");this.oKc.uPi();return!0}Bch(){this.Ubc&&C.AFrameworkApplication.J.Z("WordEditorConsumeSSROnBoot")&&(this.xAi()?this.Cch():this.Ach())}Ach(){const r=this.htmlElement;-1===this.r9a&&(this.r9a=r.clientHeight);this.Ubc=!1;r.removeAttribute(Sg.a.Pdb);this.X6a=!0;let S=0;for(;S<r.children.length;)"true"!== source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: this.rj[G]}catch(G){z.b(25282134,306,10,"Error while converting to dictionary: {0}",G.message)}return J}f0g(E){return 1===this.pDb?E.format(B.nYe):(new Date(E.getFullYear(),B.nKi[Math.floor(E.getMonth()/B.Rii)],E.getDate())).format(B.nYe)}a4i(E=!0){E?(this.ycc=this.pDb=1,this.TJb=B.HEi):(this.pDb=0,this.ycc=2,this.TJb=B.I9g)}mvd(){let E=l.unknown;const J=h.AFrameworkApplication.J.ua("OneNoteHVAAudience");if(J&&0<J.length)switch(parseInt(J)){case 1:E=l.dogfood;break;case 2:E=l.pJi}return E}static fwh(E){let J= source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: N=new z.a;N.Bb(M);N.xb();N.xb();do N.pp(M.currentNode,V,M.role),V=M.currentNode;while(M.u_e());M.ee();M.Kd(T)}},87233:function(D,L,d){d.d(L,{a:function(){return h}});const h=k=>{let l="undefined"!==typeof k.get_type;return l=l||"undefined"!==typeof k.type}},66540:function(D,L,d){d.d(L,{a:function(){return h}});D=d(61673);d=d(35676);class h extends d.a{constructor(){super()}pdb(k){return k.Yuc}xcg(k){let l=this.wc.Ok.im;for(;l&&!(this.pdb(l)&&l.JO&k);)l.iT(k),l=l.Tg;return l?(this.wc.cW(l),this.currentNode): source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: typeof E)for(let J of B.kCg)J in E&&(this.rj[J]=E[J])}c4i(E){this.HZe=0;this.che=B.ueg;this.dhe=h.AFrameworkApplication.buildVersion;this.NBe=h.AFrameworkApplication.J.Z("IsEmbeddedScenario")?5:4;this.rGe=h.AFrameworkApplication.J.ua("OneNoteHVAUserId");this.sGe=h.AFrameworkApplication.J.ua("OneNoteHVAUserIdType");this.tGe=h.AFrameworkApplication.J.ua("TenantId");this.ycc=2;this.pDb=0;this.uhe=this.mvd();this.SBe=B.mgg;this.oZf=h.AFrameworkApplication.userSessionId;this.a4i(E)}SZf(){const {App:E}= source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: r.children[S].getAttribute(Sg.a.Pdb)?S++:(this.DEa(r.children[S]),r.removeChild(r.children[S]))}xAi(){if(ni.OutlineElementReader.esa(this.ra)||!this.ra.ja(lj.a.NIa,!1))return!1;const r=Ng.a.Aa(this.ra);if(!r.tb(1)||!r.currentNode.ja(lj.a.YUb,!1))return!1;for(;r.Vd(1);)if(r.currentNode.ja(lj.a.YUb,!1))return!1;return!0}Cch(){if(C.AFrameworkApplication.J.Z("WordEditorOneOutlineElementIsEnabled")){var r=this.htmlElement;-1===this.r9a&&(this.r9a=r.clientHeight);r.firstChild&&"true"===r.firstChild.getAttribute(Sg.a.Pdb)&& source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: null;this.pDb=0;this.oZf=this.correlationVector=this.tGe=this.sGe=this.rGe=this.uhe=null;this.HZe=this.NBe=0;this.rj={};this.started=!1;this.namespace=E}get fKg(){return this.che}get gKg(){return this.dhe}get A0i(){return this.SBe}get v_i(){return this.ycc}get audience(){return this.uhe}get u1b(){return this.rGe}get Zvj(){return this.sGe}get $vj(){return this.tGe}get q_i(){return this.NBe}vba(E,J){if("object"===typeof J)for(const G of w.a(J))this.rj[G]=J[G];else this.rj[E]=J}SDg(E){if("object"=== source: chromecache_326.2.dr, chromecache_351.2.dr |
| Source: | Binary string: Aa.a)(N,N.onKeyDown,"onKeyDown"));N=new B(this.sh);this.nTa(V.XSa((0,Aa.a)(N,N.AEd,"interactionEnd")));this.nTa(V.XSa((0,Aa.a)(T,T.$Sd,"onInteractionEnd")));this.PDb(V.XSa((0,Aa.a)(T,T.iP,"onInteractionBegin")));"placeholder"in this.sh?this.sh.setAttribute("placeholder",this.Ux.PlaceholderText):(T=new C(this.sh,this.Ux.PlaceholderText,"cui-sb-placeholder"),this.MDb((0,Aa.a)(T,T.hP,"onInputBlur")),this.NDb((0,Aa.a)(T,T.s8,"onInputFocus")));this.Led(this.gTd);this.mTa((aa,da)=>P.a.DXd(da,k.a.SP));this.mTa((aa, source: chromecache_233.2.dr, chromecache_409.2.dr, chromecache_339.2.dr, chromecache_306.2.dr |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.32 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.32 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /o/c/fca0349b9dac3054/Egg4xW-gVZtFnFIBDYLqn3IBzvGvLdCTacUKBwENWO33dQ?e=nEqWJi HTTP/1.1Host: 1drv.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /redir?cid=fca0349b9dac3054&resid=FCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&ithint=onenote&e=nEqWJi&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9mY2EwMzQ5YjlkYWMzMDU0L0VnZzR4Vy1nVlp0Rm5GSUJEWUxxbjNJQnp2R3ZMZENUYWNVS0J3RU5XTzMzZFE_ZT1uRXFXSmk HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /edit?id=FCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&resid=FCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&cid=fca0349b9dac3054&ithint=onenote&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9mY2EwMzQ5YjlkYWMzMDU0L0VnZzR4Vy1nVlp0Rm5GSUJEWUxxbjNJQnp2R3ZMZENUYWNVS0J3RU5XTzMzZFE_ZT1uRXFXSmk&migratedtospo=true&wdo=2 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: E=P:Wr+31Xjz3Ig=:AhRnzLDSpMZUnuSiq0Xz/c2efYTuMeUxAoY2wwJ1kPs=:F; xid=6b4da330-ac6b-4235-95e2-dc0640a52c7c&&ODSP-ODWEB-ODCF&343; xidseq=1 |
| Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /v1.0/token HTTP/1.1Host: api-badgerp.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /_api/v2.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL28vYy9mY2EwMzQ5YjlkYWMzMDU0L0VnZzR4Vy1nVlp0Rm5GSUJEWUxxbjNJQnp2R3ZMZENUYWNVS0J3RU5XTzMzZFE_ZT1uRXFXSmk/driveItem?action=Edit&$select=id,openWith,officebundle,currentUserRole,eTag,name,size,content.downloadUrl,file,sharepointIds,sensitivityLabel,webUrl,webDavUrl,parentReference,vault HTTP/1.1Host: my.microsoftpersonalcontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=f3c7a33d-7e59-4c20-a031-16f920c06af4 HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18201.41003&waccluster=GEU5&usid=f3c7a33d-7e59-4c20-a031-16f920c06af4 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=6b4da330-ac6b-4235-95e2-dc0640a52c7c&&ODSP-ODWEB-ODCF&343; E=P:cbRF1njz3Ig=:0DH+t/6xgWYrII6MwFCaI8cnQ3yu2GYwTg9CCM11de0=:F; xidseq=2; wla42= |
| Source: global traffic | HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18201.41003&waccluster=GEU5&usid=f3c7a33d-7e59-4c20-a031-16f920c06af4 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=6b4da330-ac6b-4235-95e2-dc0640a52c7c&&ODSP-ODWEB-ODCF&343; E=P:cbRF1njz3Ig=:0DH+t/6xgWYrII6MwFCaI8cnQ3yu2GYwTg9CCM11de0=:F; xidseq=2; wla42= |
| Source: global traffic | HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=6b4da330-ac6b-4235-95e2-dc0640a52c7c&&ODSP-ODWEB-ODCF&343; E=P:cbRF1njz3Ig=:0DH+t/6xgWYrII6MwFCaI8cnQ3yu2GYwTg9CCM11de0=:F; xidseq=2; wla42= |
| Source: global traffic | HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18201.41003&waccluster=GEU5&usid=f3c7a33d-7e59-4c20-a031-16f920c06af4 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=6b4da330-ac6b-4235-95e2-dc0640a52c7c&&ODSP-ODWEB-ODCF&343; E=P:cbRF1njz3Ig=:0DH+t/6xgWYrII6MwFCaI8cnQ3yu2GYwTg9CCM11de0=:F; xidseq=2; wla42= |
| Source: global traffic | HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18201.41003&waccluster=GEU5&usid=f3c7a33d-7e59-4c20-a031-16f920c06af4 HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=6b4da330-ac6b-4235-95e2-dc0640a52c7c&&ODSP-ODWEB-ODCF&343; E=P:cbRF1njz3Ig=:0DH+t/6xgWYrII6MwFCaI8cnQ3yu2GYwTg9CCM11de0=:F; xidseq=2; wla42= |
| Source: global traffic | HTTP traffic detected: GET /o/null&DataUrlEnabled=true HTTP/1.1Host: euc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: PA1PEPF00035E95X-OfficeVersion: 16.0.18201.41003X-Key: Mr5yCyZre3MWmJd6px/fiTgkPEOiiVpPoeeH1hSSB3Q=;Zh2AwOnSngnewCbg6HccNT5IjsoaUsKCseAT3gXqKFI=,638652947673963805X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-AccessToken: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9.eyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk2OTc5NjEiLCJleHAiOiIxNzMwMTI2MzYxIiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYXRlbmFudGFub24jOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhdGVuYW50YW5vbiM5MTg4MDQwZC02YzY3LTRjNWItYjExMi0zNmEzMDRiNjZkYWQiLCJzaGFyaW5naWQiOiI4ZDllYTNiMWRmODAzNWRhZmZhOTBjMDJhNjY5MDhhZSIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNmZjNTM4MDg1NWEwNDU5YjljNTIwMTBkODJlYTlmNzI7TU1Jb2RUdWsyeFpwNFNMUjJSVDdxT0dxM2xNPTtEZWZhdWx0O2EzZDg5YjNmOTAwYzQ0MWZhZDFkNGIzZmE4MjMyNTkxOztUcnVlOzs7MzkwODs1MmMzNWNhMS0wMGI2LWEwMDAtM2Y3MC0zYWE3NDA3NjQ1MDgiLCJmaWQiOiIxODc4NjEifQ.HXU2btNfmuw2SXHNwCTziH1VtYQHoGiZhNBR85gXVie_I6_4ofsMTYKBbmvvnltYF4CDLLt4FPypmdvy95vWaceBviQD81wvWg1ys0wNYMW1IjrNhcfV5BPdbFsXRRq9zMp1cGjEnfUYVKwFN651Rh1FlJwCHqYfjTTKastP6jQ2MaHsN0hRUvM4n2bIT0W6lH-ouV2uU7YwMYEWi_93mPS0esj0YZBr_gQ6qTM5slLmEovLVRfymIrhcQ7WzmsCLu_cIQL12gESxyESmR1iCvNr-phUYc4h5Wfc-sO2DjfCuhnfQ0eCfNjQVecO9cXNyROmKb3edMRYjrw3Vy6HHQX-UserSessionId: f3c7a33d-7e59-4c20-a031-16f920c06af4X-AccessTokenTtl: 1730126361269sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: GEU5Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://euc-onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fmy.microsoftpersonalcontent.com%2Fpersonal%2Ffca0349b9dac3054%2F_vti_bin%2Fwopi.ashx%2Ffolders%2FFCA0349B9DAC3054!s6fc5380855a0459b9c52010d82ea9f72&wdenableroaming=1&mscc=1&wdodb=1&hid=6mEp |
Edit tour
chrome.exe (PID: 3484 cmdline: 
