Windows Analysis Report
https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9

Overview

General Information

Sample URL:	https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9
Analysis ID:	1541336
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML page contains hidden javascript code

Source: https://onedrive.live.com/personal/76471f3776916fd0/_layouts/15/Doc.aspx?sourcedoc=%7Bc2b6a389-6e2d-402f-8346-e7ceb243c74f%7D&action=default&fromShare=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05&slrid=64165da1-90a4-6000-a17a-a7453b5ea7e9&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_cnRpbWU9d3B6TnEwUDAzRWc&CID=e20b8c70-5808-4803-b162-15b8d742ff39&_SRM=0:G:36

HTTP Parser: Base64 decoded: {"siteid":"e7b15d85-b450-4045-9a97-fd90105fa5ee","aud":"00000003-0000-0ff1-ce00-000000000000/onedrive.live.com@9188040d-6c67-4c5b-b112-36a304b66dad","exp":"1730213467"}

Source: https://mann.ru.com/9?ai=xd	HTTP Parser: No favicon
Source: https://mann.ru.com/9?ai=xd	HTTP Parser: No favicon
Source: https://mann.ru.com/9?ai=xd&__cf_chl_tk=iBAVvT1q0k_Ls9aZfzbK2qfH49f0zYwhU0jEUzklYIc-1729785099-1.0.1.1-8h8.Ro3xP9Pql1_Emvx.x3Z6MCdAIZ_cuji_ogYf0K8	HTTP Parser: No favicon
Source: https://googleweblight.com/i?u=google.com	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:50207 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:50087 version: TLS 1.2

Source:	Binary string: B.interval),this.pDb=!0,this.khe=new Date,so.show(Yc.a.eci),Jk.tSe()))}eo(B,X,sa){Array.add(this.bR,new Bv.a(!0,B,X,sa));zc.App.hv.MS()}forceOutbound(){}bYa(){return 4!==this._state}QJa(){1===this._state?this.$0a():this.ic&&2===this.ic.status&&(this.BZ(),this.gO.execute(B=>{B.wbb();B.uja();B.DUa()}))}get buf(){return!0}$0a(){var B=this.Jb.fileId?In.a.fmd(this.Jb.ei,"",this.Jb.km):In.a.fmd(wb.AFrameworkApplication.uo,zc.App.vgb,null),X=wb.AFrameworkApplication.J;B.ForceTransform=Ce.WoncaApp.xpc;B.IsNewFile= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: "RetryOnFailure";break;case 0:wb.AFrameworkApplication.oja.RetryReason="None";break;case 4:wb.AFrameworkApplication.oja.RetryReason="RedirectedClusterOnServer"}}gBf(){wb.AFrameworkApplication.oja.RetryStartTime=0<this.Acc?this.nCe.getTime():0;wb.AFrameworkApplication.oja.RetryCountWhileParsing=this.Acc;this.ufi(this.d9a);this.a_i()}a_i(){this.Acc=this.d9a=0}fv(B){this._state=4;B\|\|this.pDb\|\|Jk.tSe()}Mc(B,X,sa,La,eb,lb,Nb,fc=!1){wb.AFrameworkApplication.oja.BootFailed=!0;var mc={};mc.ErrorCode=B;mc.Message= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: !1;let va=0;ca.FW&&(pa=ca.ZA.Cla(V));this.UVf(V,xa,!1);var ra=V.cpBegin;V=V.node;this.ajj(la.a.Fe(V,ra+1));xa=V.pdb(ra);Ka=Ka(xa);xa.blob=Ka;if(ca.YHd&&6===xa.blob.zj){if(0<ra){const wa=V.Ba;va=wa.uXa(ra);0<=va-1&&(ra=wa.K(va-1),xa.$a=new ua.a(xa,ra.$a?ra.$a.fi:u.a.nil),!ca.FW&&ra.hyperlink&&this.Qe.cG(xa.$a))}ca.FW&&(pa?xa.Yk&&(xa.Yk=!1,V.Ba.K(va+1).Yk=!0):xa.$a&&xa.$a.cache.Xr&&this.Qe.cG(xa.$a))}if(D.a.instance.K(57))for(V.lq(),pa=Ka.v8,xa.$a&&pa--,V.wordRunProperties.JYa(Math.max(0,Ka.ef-1),2, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.ow.YD&&(ae.a.instance.K(58)&&this.yQ!==B.Cells.length-1&&(La.yb.enabled=0),this.j$f(La),this.ow=null,this.yQ++);sa=Jk.v9f(X.getTime());1>sa&&(sa=1);if(this.ow\|\|Jk.Xfa(sa)){this.gX+=sa;B=wb.AFrameworkApplication.J.vb("MaxBootDeserializationTimeInMs",0);if(0<B&&this.gX>B)return this.Mc(Yc.a.pzf,CommonUiStrings.CannotOpenFile,!1,!0,!1,null,null),this.Aw.dispose(),!1;this.setActive();return!1}}return!0}pFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm))this.hhh();else{var B= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: case 2:a=Ed.a.Hib}return this.Jj.ja(a,0)}j9i(a){this.Jj.setValue(qs.uRd,a);this.xM()}Hhb(){return this.Jj.ja(qs.uRd,!1)}S3h(){return this.Jj.Oa(qs.uRd)}$2h(){return gc.a.instance.K(13)?this.Jj.Oa(ec.a.Yr)\|\|this.Jj.Oa(Ed.a.Gib)\|\|this.Jj.Oa(Ed.a.Hib):this.Jj.Oa(ec.a.Yr)}xM(){if(ca.a.Mob){var a=Gf.a.instance.Na.Ra.Ga,c=a.node;if(c===this.Maa)this.Maa.rm(16,!0);else{this.Maa=c;c=this.Maa.Ofa();try{this.Maa.pdb(a.cpBegin).UY=!0}finally{c&&c.dispose()}}}}IVi(){if(ca.a.Mob&&this.Maa){var a=0,c=this.Maa.Ofa(); source: chromecache_340.1.dr
Source:	Binary string: sa,La,eb,lb,Nb,fc=null,mc=null,$c=0){super();this.nCe=this.khe=this.aF=this.vi=this.rx=this.nX=this.qh=this.Aw=null;this.gX=this.yQ=0;this.ow=null;this.bR=[];this.Jpe=null;this.d9a=this.Acc=0;this.pDb=this.Fpe=!1;this.pBa=null;this.lia=0;this.va=new hh.a;this.vS=null;this.Jb=B;this.aha=X;this.Ia=sa;this.gO=La;this.Ir=eb;this.S5b=fc;this.cac=Nb;zc.App.hv.register(this);this.bob=!0;this.iU="GraphSpaceRootReplicator";lb&&""!==lb&&(this.iU+="_"+lb);0<$c&&(mc\|\|(mc=zf.TaskManager.instance),mc.Fb(new Zc.a(3, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: BE=H(63763);class Iv{constructor(b){this.fc=b;this.tXc=new Hv.a}qgc(b,e,m,I,U=null,ka=null,Ia=null){b=b.pdb(e);b.li\|\|(b.li=new AE.a(b));b.li.add(new pr(b,m,I,U,ka,Ia));b.isFromErrorRangeSplit=!0}GUf(b){return b.oc&&b.oc.li&&b.oc.li.lXb(e=>e===b,[b.type])?!0:!1}FVi(b,e){if(b.type===e.type&&b.te&&!e.te&&b.oc&&b.oc.li&&b.oc.li.contains(b)&&e.oc&&e.oc.li&&e.oc.li.contains(e)){var m=[b.type];b.oc.li.lXb(I=>I===b,m);e.oc.li.lXb(I=>I===e,m)}}Wyj(b,e,m){if(!e)return!1;m=new Tz.a([m]);for(let I=0;I<b.length;I++){const U= source: chromecache_460.1.dr
Source:	Binary string: 1,1E3*$c,vd=>{this.uDg(vd)},132)))}get IBd(){return this.Jpe\|\|(this.Jpe=ib.a.instance.resolve("Wonca.IGraphSpaceRootReplicatorErrorHandler"))}dIg(B){this.va.addHandler(Jk.nwd,B)}get O1(){return 4===this._state?super.O1:1}get eK(){return this.iU}uDg(B){4===this._state\|\|this.pDb\|\|(this.qh?vb.ULS.sendTraceTag(41821144,338,15,"GetCells still processing response when abort call came after {0} ms. Not aborting.",B.interval):(vb.ULS.sendTraceTag(41821145,338,15,"GetCells aborting boot after it did not complete in {0} ms.", source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: X);fr.a.UDb("InitializeLocalCobalt",B.InitializeLocalCobaltStartTime,B.InitializeLocalCobaltEndTime,X);this.Ir.Ac("ServerData",X)}}BZ(){wb.AFrameworkApplication.J.Z("RefactorParseServerResponseIsEnabled")?this.pFi():this.oFi()}oFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm)){if(!(wb.AFrameworkApplication.Uf\|\|ae.a.instance.K(58)&&zc.App.GIf)){var B={["RetryCount"]:this.lia,["StatusCode"]:this.ic.statusCode,["HttpStatus"]:this.ic.httpStatusCode.toString(),["HasResponseObjects"]:!Yo.a.Fva(this.ic.Qm)}; source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: sa,2,fc),$c.hyperlink=null,eb=mc,La=!0;else if(La&&$c.Yk){this.Ind(B,$c,sa,2,fc);$c.Yk=!1;lb=$c.cp;Nb=mc;break}La&&$c.$a&&this.Cc.cG($c.$a)}sa=ad.ParagraphReader.text(B).substring(X.oc.cp,lb);this.fc.replaceTextRange(bi.a.createTextRange(B,X.oc.cp,lb),sa,!0,!1);for(X=eb;X<=Nb;)eb=B.Ba.K(X++),lb=B.pdb(eb.cp+sa.length),eb.$a&&(lb.$a=eb.$a.ld(lb));B.lq()}flc(B,X,sa){sa.wordRunProperties.Euc(X?B-1:B,2);ae.a.instance.K(57)&&(sa.wordRunProperties.EP.W(B,Nk.CharacterPropertiesEditor.u8),sa.wordRunProperties.yZ.W(B, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.i3f(ha);da.a.Keb().then(ia=>{ia.update(ha);return null})}i3f(ha){const {AFrameworkApplication:ia}=d(40343);this.nVc=ha;if(ia.fa){ia.Hmc();ia.fa.lJ(!1);const Y={};Y.activeDivZIndex=ia.fa.dY;ha.dialogHostProperties=Y}ha.dialogButtonsOption=void 0!==ha.dialogButtonsOption&&null!==ha.dialogButtonsOption?ha.dialogButtonsOption:this.lc;ha=this.PDb(1,ha);ha=this.PDb(2,ha);ha=this.PDb(3,ha);ha=this.PDb(4,ha);ha=this.PDb(0,ha);ha.defaultExecutionButton=ha.defaultExecutionButton\|\|this.c6a;ha.hideCloseButton= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: Ga):Va.end<hb.end?Ga++:r++}return R}mJe(r,R){let ja=!1;for(const Ga of R){R=Ga.errorDetails;ja=1===R.proofingType\|\|ja;let Va=r.pdb(Ga.begin);Va.Sm=new Jd(Va,R);Va.isFromErrorRangeSplit=!0;Va=r.pdb(Ga.end);Va.UJ=!0;Va.isFromErrorRangeSplit=!0}ja&&(r.SPb=!1)}uUf(r,R){if(!Lf.a.fh(R)){r=r.Ba;for(const ja of R){R=r.Cz(ja.begin);const Ga=r.Cz(ja.end);R&&R.Sm&&Ga&&Ga.UJ?(R.Sm=null,Ga.UJ=!1):(R=String.format("Could not find and remove ErrorRange from CHPs. Cp Begin: {0}, Cp End: {1}",ja.begin,ja.end),la.ULS.sendTraceTag(37532355, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: rb,Mb){2===Mb&&this.BM(!0,"OnDictationTimeout");return 32}Q9f(){this.uCb\|\|(this.uCb=!0,this.lw.isVisible()?(this.snc("RibbonClicked"),this.uCb=!1):this.showFloatie(),this.yNc())}showFloatie(Wa=!0){na.ULS.sendTraceTag(573190859,394,50,"Show dictation floatie triggered");this.lw.showFloatie((new S.a(this.Wb.KA)).displayName).then(()=>{this.i6a&&(this.i6a.aLc(),this.Wb.dSb=new Date,this.Wb.Pdb\|\|(this.Wb.Pdb=new Date));0===this.IG.Dz()&&(Wa?this.QKa():this.lw&&this.lw.vHf(),this.uCb=!1);this.Wb.$Pb&& source: chromecache_460.1.dr
Source:	Binary string: void 0!==this.Wb.Pdb&&null!==this.Wb.Pdb&&Array.add(this.qf.dataFields,{name:"FirstSeen",string:this.Wb.Pdb.toISOString()});void 0!==this.Wb.dSb&&null!==this.Wb.dSb&&Array.add(this.qf.dataFields,{name:"LastSeen",string:this.Wb.dSb.toISOString()})}onFinalResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Qbd+=b;this.J3c<b&&(this.J3c=b);this.Y3c>b&&(this.Y3c=b)}onPartialResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Tbd+=b;this.M3c<b&&(this.M3c=b);this.Z3c> source: chromecache_460.1.dr

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.17:50090 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: mann.ru.com to https://office.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: mann.ru.com to http://googleweblight.com/i?u=google.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: mann.ru.com to http://googleweblight.com/i?u=google.com

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:50207 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	HTTP traffic detected: GET /o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9 HTTP/1.1Host: 1drv.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/76471F3776916FD0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?resid=76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&ithint=onenote&e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/76471f3776916fd0/_layouts/15/Doc.aspx?sourcedoc=%7Bc2b6a389-6e2d-402f-8346-e7ceb243c74f%7D&action=default&fromShare=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05&slrid=64165da1-90a4-6000-a17a-a7453b5ea7e9&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_cnRpbWU9d3B6TnEwUDAzRWc&CID=e20b8c70-5808-4803-b162-15b8d742ff39&_SRM=0:G:36 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzEzZTcxMTY5ZWUxZjY5OTkzZjJhMzQxYmUxZjcxYTNkNjdlMWE1NTY4M2U1ZWQwNmZkNjMzNjBlYmMzMjE5NzAsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCwxMzM3NDI1ODk2NjAwMDAwMDAsMCwxMzM3NDM0NTA2NjE4MjA0ODcsMC4wLjAuMCwyNTgsOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkLCwsNjQxNjVkYTEtOTBhNC02MDAwLWExN2EtYTc0NTNiNWVhN2U5LDY0MTY1ZGExLTkwYTQtNjAwMC1hMTdhLWE3NDUzYjVlYTdlOSxrS2VISFRXL1JraWkvdlJBWDJ4SEx3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4OTUsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLHFha1B1RytaNzlxWmJkNlVWdm82QkFNKzB3QWNMeERKWkVsZ1N1TDBRT0pYSmtFdUhwNG5XZVN3VjBkZ3g2VHhxbmRGZ0ZyRjlQbTllV3pieE53S29kM1kvYm5VbzVYeEl5NkdGcWI1aFZ3Snp2VTI4Z2FPMFdjYVlFZ3NuMCtFKzNMNktjU3RMOXEzdjR2NFh5NjdMeVZJRVBlLzVCak1MTnB5dGEvYUlRdlh6cWNyTUYxWi93dytteDBvM1BEMGdxQVNkVjk5THNmc3d2ZWtHSVFESy9XSGMvZnQ1VXRKaEhEenZmVnBPRmtiYzFWYzZqdmdBeHNvaEUxSThXNDFGL0h4TjFuVmJESHhDSTFDTE5HNnJMNVY5SVhaN2VTd2RJcXVMeFVkZVpNbTVOUFBNMUZqY2xuT2dBR1J4M2xQOHFITEVxRllLOWIzcE1zY3lpQVU1dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hGEKNxxd99ywXE5&MD=RRr1cbPr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/proofing.ashx?WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266&apitype=LanguageInfo HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=educationuser&WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/proofing.ashx?WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/proofing.ashx?WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fmy.microsoftpersonalcontent.com%2Fpersonal%2F76471f3776916fd0%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fonedrive.live.com%22%2C%22pmshare%22%3Atrue%2C%22redeem%22%3A%22aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05%22%7D&wdenableroaming=1&mscc=1&wdodb=1&hid=64165DA1-30ED-6000-AD14-5BE362F10703.0&uih=onedrivecom&wdlcid=en-US&dchat=1&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1729785063228&jsapi=1&jsapiver=v1&newsession=1&corrid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&sftc=1&sams=1&cac=1&sfp=1&hch=1&hwfh=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtectedAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic	HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build=16.0.18214.41004&waccluster=PUS10 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736
Source: global traffic	HTTP traffic detected: GET /files/fabric-cdn-prod_20240129.001/assets/icons/fabric-icons-a13498cf.woff HTTP/1.1Host: res.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build= HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://onedrive.live.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8d7b21294c7d2c94 HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mann.ru.com/9?ai=xd&__cf_chl_rt_tk=iBAVvT1q0k_Ls9aZfzbK2qfH49f0zYwhU0jEUzklYIc-1729785099-1.0.1.1-8h8.Ro3xP9Pql1_Emvx.x3Z6MCdAIZ_cuji_ogYf0K8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build= HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736
Source: global traffic	HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oa/WacOAuth.aspx?replyUrl=https://onenote.officeapps.live.com&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&WacUserType=WOPI&sv=1&msalv3=1 HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US&WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"haep: 3X-WacFrontEnd: DM3PEPF00014BEAX-UserSessionId: d0fa52e3-0f3d-e35c-d61d-a94526612b29sec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.18214.41004X-Key: FKnkhRu+5j+BXU4OS+9ASxmg7jKgTA8vtRLm9+84Nvg=;wI/3PDglHIP2H0iVs0ptMMCmcs78fWZzVug+3+yUO+w=,638653818706795394X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: PUS10sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fmy.microsoftpersonalcontent.com%2Fpersonal%2F76471f3776916fd0%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fonedrive.live.com%22%2C%22pmshare%22%3Atrue%2C%22redeem%22%3A%22aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZS
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js?onload=fSZI2&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mann.ru.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mann.ru.com/9?ai=xdAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8d7b21294c7d2c94 HTTP/1.1Host: mann.ru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js?onload=fSZI2&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mann.ru.com/9?ai=xdAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1725621520:1729702573:tCqhrP7VLKBEthGOwjof52flGbgIGszUdNhEZpSSuH8/8d7b21294c7d2c94/8l5SquBVm5tikoUKjc6upuDRGIHmGo5v7HpD6k.Sc5A-1729785099-1.2.1.1-bd9udQFFrR5GTbbD9wrurPVR6DoeETq3.X3RGsJw0wJpf7J2UCQ3G3HIAtG.lPYA HTTP/1.1Host: mann.ru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8d7b21457ba24766&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8d7b21457ba24766&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /admincenter/admin-main/2024.10.17.1/floodgate.en.bundle.js HTTP/1.1Host: res.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/456159693:1729702700:bw_2NaBwqawLsLBoXaKhO-5XzHcr_1qGeB6RWNXVuQM/8d7b21457ba24766/3_CjyR8B9TJLJuMtHJPmK4XTnFBPv5TsW5rVRddf1Ls-1729785104-1.1.1.1-CMcUI0IrC24Bwi5_XGeN.AnYbOZfl271Hy1XSuv5rzcOZ0QW0f2GEJWcuLDSZKRc HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/learningtools/?et= HTTP/1.1Host: www.onenote.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8d7b21457ba24766/1729785106325/6f3139b1deeb106748e9957d1db230b01f4dc8bcedcbab15d8aaf2da7189cf4a/xaqRYNrtNwA4T8_ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oa/WacOauth.aspx/LogLoadScriptResult HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8d7b21457ba24766/1729785106325/9N0aiT9M7lwIIf7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8d7b21457ba24766/1729785106325/9N0aiT9M7lwIIf7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oa/OAuth.html HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PUS6-ARRAffinity=eee8025a101a10f0d384ca9c89bafc4edd34b7bf2873caea26377b9fc5eb86b5; PUS11-ARRAffinity=edd9a540e4fd7c880e7328445a8c5a4bd3b1b35fd0929e4317133af397ef9517
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/office.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/456159693:1729702700:bw_2NaBwqawLsLBoXaKhO-5XzHcr_1qGeB6RWNXVuQM/8d7b21457ba24766/3_CjyR8B9TJLJuMtHJPmK4XTnFBPv5TsW5rVRddf1Ls-1729785104-1.1.1.1-CMcUI0IrC24Bwi5_XGeN.AnYbOZfl271Hy1XSuv5rzcOZ0QW0f2GEJWcuLDSZKRc HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/office.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/onenote-web-16.00.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/en-us/office_strings.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/en-us/office_strings.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mann.ru.com/9?ai=xd&__cf_chl_tk=iBAVvT1q0k_Ls9aZfzbK2qfH49f0zYwhU0jEUzklYIc-1729785099-1.0.1.1-8h8.Ro3xP9Pql1_Emvx.x3Z6MCdAIZ_cuji_ogYf0K8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1725621520:1729702573:tCqhrP7VLKBEthGOwjof52flGbgIGszUdNhEZpSSuH8/8d7b21294c7d2c94/8l5SquBVm5tikoUKjc6upuDRGIHmGo5v7HpD6k.Sc5A-1729785099-1.2.1.1-bd9udQFFrR5GTbbD9wrurPVR6DoeETq3.X3RGsJw0wJpf7J2UCQ3G3HIAtG.lPYA HTTP/1.1Host: mann.ru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9/?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hGEKNxxd99ywXE5&MD=RRr1cbPr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /9/?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl; PHPSESSID=ee216e2ea437411e5f1102ec936b8bda
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/onenote-web-16.00.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/telemetry/oteljs_agave.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i?u=google.com HTTP/1.1Host: googleweblight.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/telemetry/oteljs_agave.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleweblight.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleweblight.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: googleweblight.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleweblight.com/i?u=google.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=0XQA8ZwbIMSLhCU2UUfXHhgtFNzJhFXBmKeT5GG3CJ41FvJnX_bC3B36ID9cxMrrpZtF_noafZkd144n4bU1hojZB-IPle6ayz595wJAxJAmKajHbITb6f2-rJzX2MRr5HD5DX1snt90VwpKF_SwxNtglnA1Ju1ylsF5BBoLmwM
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build=16.0.18214.41004&waccluster=PUS10 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx?perfTag=GetChanges_1 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /9?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl; PHPSESSID=ee216e2ea437411e5f1102ec936b8bda
Source: global traffic	HTTP traffic detected: GET /9/?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl; PHPSESSID=ee216e2ea437411e5f1102ec936b8bda
Source: global traffic	HTTP traffic detected: GET /i?u=google.com HTTP/1.1Host: googleweblight.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=0XQA8ZwbIMSLhCU2UUfXHhgtFNzJhFXBmKeT5GG3CJ41FvJnX_bC3B36ID9cxMrrpZtF_noafZkd144n4bU1hojZB-IPle6ayz595wJAxJAmKajHbITb6f2-rJzX2MRr5HD5DX1snt90VwpKF_SwxNtglnA1Ju1ylsF5BBoLmwM
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx?perfTag=GetChanges_2 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build=16.0.18214.41004&waccluster=PUS10 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: googleweblight.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=0XQA8ZwbIMSLhCU2UUfXHhgtFNzJhFXBmKeT5GG3CJ41FvJnX_bC3B36ID9cxMrrpZtF_noafZkd144n4bU1hojZB-IPle6ayz595wJAxJAmKajHbITb6f2-rJzX2MRr5HD5DX1snt90VwpKF_SwxNtglnA1Ju1ylsF5BBoLmwM
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 1drv.ms
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: mann.ru.com
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: office.com
Source: global traffic	DNS traffic detected: DNS query: www.office.com
Source: global traffic	DNS traffic detected: DNS query: googleweblight.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fmy.microsoftpersonalcontent.com%2Fpersonal%2F76471f3776916fd0%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fonedrive.live.com%22%2C%22pmshare%22%3Atrue%2C%22redeem%22%3A%22aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05%22%7D&wdenableroaming=1&mscc=1&wdodb=1&hid=64165DA1-30ED-6000-AD14-5BE362F10703.0&uih=onedrivecom&wdlcid=en-US&dchat=1&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1729785063228&jsapi=1&jsapiver=v1&newsession=1&corrid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&sftc=1&sams=1&cac=1&sfp=1&hch=1&hwfh=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtected HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveContent-Length: 10956Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://onedrive.live.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: f158c54b-2c75-4ad7-9ac5-e11e09a4db9eX-UserSessionId: f158c54b-2c75-4ad7-9ac5-e11e09a4db9eStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: DM3PEPF0001571AX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS1X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: DM3PEPF0001571AX-WacFrontEnd: DM3PEPF0001571AX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_controlX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_controlX-MSEdge-Ref: Ref A: 98218F36BD2243AAB5575FF339F2986D Ref B: DFW311000102027 Ref C: 2024-10-24T15:51:18ZDate: Thu, 24 Oct 2024 15:51:17 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: privateContent-Length: 1233Content-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 79b8d9b0-f549-459d-94dc-f04b9e8ecd5cX-UserSessionId: d0fa52e3-0f3d-e35c-d61d-a94526612b29Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: DM3PEPF00014BE9X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS10X-Partitioning-Enabled: trueX-OFFICEFD: DM3PEPF00014BE9X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_controlX-MSEdge-Features: afd_waccluster,afd_wordslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_controlX-MSEdge-Ref: Ref A: 29D2D05105674004AB4948A5C3DDC542 Ref B: DFW311000105033 Ref C: 2024-10-24T15:51:42ZDate: Thu, 24 Oct 2024 15:51:42 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:44 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: tCEMzyW5GHCi7oYkQMiS0vexNxTBNHKCv9k=$noOUKRWFrOxQuaRoReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFjkaPjdYSTrp7g7xwTJ6hB3TDSfN5idp%2BQOxm%2BmhPdZQccgGPcVTeRgjR656WGiDj9JtIawkAcXE7hihYXXjaWBVq%2BkQwh0GSrOOtnSu9K6D5O3XdscCMFuYaspGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7b21495fbe4869-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1163&delivery_rate=2592658&cwnd=251&unsent_bytes=0&cid=bdac616681f34e0f&ts=155&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: zikKUz1eTWghoUzU/Pmzwy0AFZSMRH2qH3o=$6YAvRgW5E3Cq0OBvcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7b215f1c120b82-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:51 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: NX7Kp09Ts1oGtO81MGkKDkvBao4EruaKpNg=$ok1hFy+wVSNEloKeServer: cloudflareCF-RAY: 8d7b2173de69e5ea-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:53 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 7iZr1xIRoRzFEv5blcDPbZfiNKLo0oCH2HE=$foDoPB9I9lgTTerrcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nssyju5GCRf0COfkmqw%2BC1hmChGlBkz0DDFSFXRqdnLOnyiyxpehNaeJIZM9d20dtG%2BpIHyrxdtUVPdRLiOw4DeXoj%2FL0pYqx6AdR50YvPpoxADv%2FDfA7r3pvkD%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7b2181883fe534-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1163&delivery_rate=2592658&cwnd=251&unsent_bytes=0&cid=54195dee12e481c2&ts=165&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 24 Oct 2024 15:52:02 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-4gnNJz6vy-cHlrVVy8jhww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/WebLightFeaturePhoneHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com;report-uri /_/WebLightFeaturePhoneHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/WebLightFeaturePhoneHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 3fef5cd3-0b5f-4804-8e7c-9f02d2919f41X-UserSessionId: 3fef5cd3-0b5f-4804-8e7c-9f02d2919f41Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: DM3PEPF0001570FX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS1X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: DM3PEPF0001570FX-WacFrontEnd: DM3PEPF0001570FX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_visioslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 4B4C4C8E004E4CC2B1D2DDCE79C2A1EB Ref B: DFW311000103009 Ref C: 2024-10-24T15:52:15ZDate: Thu, 24 Oct 2024 15:52:14 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: e38e3d5b-5251-49cd-b6be-ce8db51fe3b3X-UserSessionId: e38e3d5b-5251-49cd-b6be-ce8db51fe3b3Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF00017C7EX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS11X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF00017C7EX-WacFrontEnd: SN3PEPF00017C7EX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_controlX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_controlX-MSEdge-Ref: Ref A: 4898764B71EF4D1EAFB527BB7B8A4D49 Ref B: DFW311000103029 Ref C: 2024-10-24T15:52:16ZDate: Thu, 24 Oct 2024 15:52:15 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 7f4dc36d-634d-4959-b1e1-ebc317a262baX-UserSessionId: 7f4dc36d-634d-4959-b1e1-ebc317a262baStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF00017C98X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS11X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF00017C98X-WacFrontEnd: SN3PEPF00017C98X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wordcapacity_control,afd_onenoteslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 2A11AA0E0A374F58983CFCBCE91136A0 Ref B: DFW311000107045 Ref C: 2024-10-24T15:52:18ZDate: Thu, 24 Oct 2024 15:52:18 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 80e95a53-73c2-4418-9e25-110b63749a44X-UserSessionId: 80e95a53-73c2-4418-9e25-110b63749a44Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF000091D1X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS6X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF000091D1X-WacFrontEnd: SN3PEPF000091D1X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: AA33744F5E274FA6B41537EEA318FA60 Ref B: DFW311000107047 Ref C: 2024-10-24T15:52:25ZDate: Thu, 24 Oct 2024 15:52:25 GMTConnection: close

Source: chromecache_295.1.dr, chromecache_341.1.dr, chromecache_305.1.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_366.1.dr	String found in binary or memory: http://hammerjs.github.io/
Source: chromecache_323.1.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: chromecache_341.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://1drv.ms
Source: chromecache_358.1.dr, chromecache_507.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.3.min.js
Source: chromecache_460.1.dr	String found in binary or memory: https://aka.ms/MathAssistantSupport?client_id=onenote_wac&platform_id=web&correlation_id=
Source: chromecache_460.1.dr	String found in binary or memory: https://aka.ms/OfficeAddinOverview
Source: chromecache_460.1.dr	String found in binary or memory: https://aka.ms/Officeaddins
Source: chromecache_460.1.dr	String found in binary or memory: https://api.addins.omex.office.net/
Source: chromecache_340.1.dr	String found in binary or memory: https://apps.apple.com/in/app/microsoft-onenote/id410395246
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://attributes.engagement.office-int.com
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://attributes.engagement.office.com
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://attributes.engagement.officeppe.com
Source: chromecache_460.1.dr	String found in binary or memory: https://augloop-int.officeppe.com/v2
Source: chromecache_460.1.dr	String found in binary or memory: https://augloop.office.com/v2
Source: chromecache_507.1.dr	String found in binary or memory: https://augloop.office.com/v2;394866fc-eedb-4f01-8536-3ff84b16be2a;liveprofilecard.access;https://sh
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/dev
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/stg
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/df
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/gcc
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/prod
Source: chromecache_340.1.dr	String found in binary or memory: https://cdn.hubblecontent.msit.osi.office.net
Source: chromecache_340.1.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details16x16.png
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details32x32.png
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details48x48.png
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details80x80.png
Source: chromecache_460.1.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://ecs.office.com
Source: chromecache_340.1.dr	String found in binary or memory: https://edog.onenote.com
Source: chromecache_323.1.dr	String found in binary or memory: https://fa000000096.resources.office.net
Source: chromecache_323.1.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://fa000000128.resources.office.net
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://fa000000128.resources.office.net:3000/index.html
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_460.1.dr, chromecache_311.1.dr	String found in binary or memory: https://forms.office.com
Source: chromecache_460.1.dr	String found in binary or memory: https://forms.office.com/Pages/OneNoteMathAddinFunctionPage.aspx
Source: chromecache_460.1.dr, chromecache_381.1.dr, chromecache_311.1.dr	String found in binary or memory: https://forms.officeppe.com
Source: chromecache_387.1.dr, chromecache_418.1.dr	String found in binary or memory: https://github.com/OfficeDev/office-js/blob/release/LICENSE.md
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_340.1.dr	String found in binary or memory: https://hedwigtestserver.blob.core.windows.net/builds/
Source: chromecache_340.1.dr	String found in binary or memory: https://hubblecontent.azureedge.eaglex.ic.gov
Source: chromecache_340.1.dr	String found in binary or memory: https://hubblecontent.azureedge.microsoft.scloud
Source: chromecache_460.1.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore/flyoutdetails/
Source: chromecache_296.1.dr	String found in binary or memory: https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map
Source: chromecache_276.1.dr, chromecache_323.1.dr, chromecache_482.1.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_460.1.dr	String found in binary or memory: https://office.visualstudio.com/DefaultCollection/OC/_wiki/wikis/OC.wiki/22688/Using-Dictation-on-yo
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://officeapps.live.com
Source: chromecache_311.1.dr	String found in binary or memory: https://onedrive.live.com
Source: chromecache_507.1.dr	String found in binary or memory: https://onenote.officeapps.live.com
Source: chromecache_340.1.dr	String found in binary or memory: https://osizewuspersimmon001.blob.core.windows.net
Source: chromecache_340.1.dr	String found in binary or memory: https://osiziwuspersimmon002.blob.core.windows.net
Source: chromecache_340.1.dr	String found in binary or memory: https://osizpscuspersimmon000.blob.core.windows.net
Source: chromecache_385.1.dr, chromecache_264.1.dr	String found in binary or memory: https://pf.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_460.1.dr	String found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474836617/Product_42949677398/Asset_e
Source: chromecache_349.1.dr, chromecache_387.1.dr, chromecache_418.1.dr, chromecache_329.1.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_305.1.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_340.1.dr	String found in binary or memory: https://res-dev.cdn.officeppe.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-dod.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-dod.cdn.office.net/fluid/dod
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-gcch.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-gcch.cdn.office.net/fluid/gcch
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res-h3.public.cdn.office.net
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res-h3.sdf.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr, chromecache_340.1.dr	String found in binary or memory: https://res-sdf.cdn.office.net
Source: chromecache_318.1.dr, chromecache_276.1.dr, chromecache_323.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res.cdn.office.net
Source: chromecache_281.1.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.10.17.1/
Source: chromecache_281.1.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.10.17.1/floodgate.en.bundle.js
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res.sdf.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.edog.officeapps.live.com/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.officeapps.live.com/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.officeapps.partner.office365.cn/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.osi.apps.mil/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.osi.office.de/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.osi.office365.us/rs/v1/settings
Source: chromecache_311.1.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/suggestions
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
Source: chromecache_340.1.dr	String found in binary or memory: https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
Source: chromecache_385.1.dr, chromecache_264.1.dr	String found in binary or memory: https://tb.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_340.1.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/
Source: chromecache_340.1.dr	String found in binary or memory: https://uci.edog.cdn.office.net/mirrored/smartlookup/
Source: chromecache_340.1.dr	String found in binary or memory: https://uciserviceintcdnwus.blob.core.windows.net/mirrored/smartlookup/
Source: chromecache_435.1.dr, chromecache_433.1.dr	String found in binary or memory: https://usc-onenote.officeapps.live.com/o/RemoteUls.ashx
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.apps.mil
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.eaglex.ic.gov
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.microsoft.scloud
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.office.com/root/index.fluid.js
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.office365.us
Source: chromecache_358.1.dr, chromecache_507.1.dr	String found in binary or memory: https://wise-m-backup.public.onecdn.static.microsoft/wise/owl/sharedauthclientmsal.39dcdf70a24344361
Source: chromecache_358.1.dr, chromecache_507.1.dr	String found in binary or memory: https://wise.public.cdn.office.net/wise/owl/sharedauthclientmsal.39dcdf70a2434436117b.js
Source: chromecache_385.1.dr, chromecache_264.1.dr	String found in binary or memory: https://www.office.com/launch
Source: chromecache_340.1.dr	String found in binary or memory: https://www.onenote.com
Source: chromecache_460.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/mathassistant
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bs-Latn-BA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cy-GB&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=es-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=eu-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fa-IR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ga-IE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gd-GB&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gl-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hi-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ig-NG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kn-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ku-Arab-IQ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lb-LU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lv-LV&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nb-NO&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nn-NO&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=or-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=quz-PE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sd-Arab-PK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=si-LK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-BA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-RS&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sw-KE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=te-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ti-ET&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tt-RU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ur-PK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=wo-SN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=xh-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-TW&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:50087 version: TLS 1.2

Source: chromecache_276.1.dr, chromecache_323.1.dr

Binary or memory string: new w.a(u.a.Bd());const t=".3gp .aa .aac .aax .act .aiff .amr .ape .au .awb .dct .dss .dvf .flac .gsm .iklax .ivs .m4a .m4b .m4p .mmf .mp3 .mpc .msv .ogg .oga .mogg .opus .ra .rm .raw .sln .tta .vox .wav .webm .wma .wv".split(" ");for(const J of t)G.A9b.add(J)}return G.A9b}static Z2h(t){return G.yLh().contains(t)}static T7h(t){t=x.iwh(t);return""!==document.createElement("audio").canPlayType(t)}}G.A9b=null;(0,C.a)(G,"EmbeddedFileReaderUtils",null,[])},94099:function(C,L,d){d.d(L,{a:function(){return h}});

Source: classification engine

Classification label: mal48.win@29/394@118/22

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,1742604777212346186,10490191622210278842,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,1742604777212346186,10490191622210278842,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: B.interval),this.pDb=!0,this.khe=new Date,so.show(Yc.a.eci),Jk.tSe()))}eo(B,X,sa){Array.add(this.bR,new Bv.a(!0,B,X,sa));zc.App.hv.MS()}forceOutbound(){}bYa(){return 4!==this._state}QJa(){1===this._state?this.$0a():this.ic&&2===this.ic.status&&(this.BZ(),this.gO.execute(B=>{B.wbb();B.uja();B.DUa()}))}get buf(){return!0}$0a(){var B=this.Jb.fileId?In.a.fmd(this.Jb.ei,"",this.Jb.km):In.a.fmd(wb.AFrameworkApplication.uo,zc.App.vgb,null),X=wb.AFrameworkApplication.J;B.ForceTransform=Ce.WoncaApp.xpc;B.IsNewFile= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: "RetryOnFailure";break;case 0:wb.AFrameworkApplication.oja.RetryReason="None";break;case 4:wb.AFrameworkApplication.oja.RetryReason="RedirectedClusterOnServer"}}gBf(){wb.AFrameworkApplication.oja.RetryStartTime=0<this.Acc?this.nCe.getTime():0;wb.AFrameworkApplication.oja.RetryCountWhileParsing=this.Acc;this.ufi(this.d9a);this.a_i()}a_i(){this.Acc=this.d9a=0}fv(B){this._state=4;B\|\|this.pDb\|\|Jk.tSe()}Mc(B,X,sa,La,eb,lb,Nb,fc=!1){wb.AFrameworkApplication.oja.BootFailed=!0;var mc={};mc.ErrorCode=B;mc.Message= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: !1;let va=0;ca.FW&&(pa=ca.ZA.Cla(V));this.UVf(V,xa,!1);var ra=V.cpBegin;V=V.node;this.ajj(la.a.Fe(V,ra+1));xa=V.pdb(ra);Ka=Ka(xa);xa.blob=Ka;if(ca.YHd&&6===xa.blob.zj){if(0<ra){const wa=V.Ba;va=wa.uXa(ra);0<=va-1&&(ra=wa.K(va-1),xa.$a=new ua.a(xa,ra.$a?ra.$a.fi:u.a.nil),!ca.FW&&ra.hyperlink&&this.Qe.cG(xa.$a))}ca.FW&&(pa?xa.Yk&&(xa.Yk=!1,V.Ba.K(va+1).Yk=!0):xa.$a&&xa.$a.cache.Xr&&this.Qe.cG(xa.$a))}if(D.a.instance.K(57))for(V.lq(),pa=Ka.v8,xa.$a&&pa--,V.wordRunProperties.JYa(Math.max(0,Ka.ef-1),2, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.ow.YD&&(ae.a.instance.K(58)&&this.yQ!==B.Cells.length-1&&(La.yb.enabled=0),this.j$f(La),this.ow=null,this.yQ++);sa=Jk.v9f(X.getTime());1>sa&&(sa=1);if(this.ow\|\|Jk.Xfa(sa)){this.gX+=sa;B=wb.AFrameworkApplication.J.vb("MaxBootDeserializationTimeInMs",0);if(0<B&&this.gX>B)return this.Mc(Yc.a.pzf,CommonUiStrings.CannotOpenFile,!1,!0,!1,null,null),this.Aw.dispose(),!1;this.setActive();return!1}}return!0}pFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm))this.hhh();else{var B= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: case 2:a=Ed.a.Hib}return this.Jj.ja(a,0)}j9i(a){this.Jj.setValue(qs.uRd,a);this.xM()}Hhb(){return this.Jj.ja(qs.uRd,!1)}S3h(){return this.Jj.Oa(qs.uRd)}$2h(){return gc.a.instance.K(13)?this.Jj.Oa(ec.a.Yr)\|\|this.Jj.Oa(Ed.a.Gib)\|\|this.Jj.Oa(Ed.a.Hib):this.Jj.Oa(ec.a.Yr)}xM(){if(ca.a.Mob){var a=Gf.a.instance.Na.Ra.Ga,c=a.node;if(c===this.Maa)this.Maa.rm(16,!0);else{this.Maa=c;c=this.Maa.Ofa();try{this.Maa.pdb(a.cpBegin).UY=!0}finally{c&&c.dispose()}}}}IVi(){if(ca.a.Mob&&this.Maa){var a=0,c=this.Maa.Ofa(); source: chromecache_340.1.dr
Source:	Binary string: sa,La,eb,lb,Nb,fc=null,mc=null,$c=0){super();this.nCe=this.khe=this.aF=this.vi=this.rx=this.nX=this.qh=this.Aw=null;this.gX=this.yQ=0;this.ow=null;this.bR=[];this.Jpe=null;this.d9a=this.Acc=0;this.pDb=this.Fpe=!1;this.pBa=null;this.lia=0;this.va=new hh.a;this.vS=null;this.Jb=B;this.aha=X;this.Ia=sa;this.gO=La;this.Ir=eb;this.S5b=fc;this.cac=Nb;zc.App.hv.register(this);this.bob=!0;this.iU="GraphSpaceRootReplicator";lb&&""!==lb&&(this.iU+="_"+lb);0<$c&&(mc\|\|(mc=zf.TaskManager.instance),mc.Fb(new Zc.a(3, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: BE=H(63763);class Iv{constructor(b){this.fc=b;this.tXc=new Hv.a}qgc(b,e,m,I,U=null,ka=null,Ia=null){b=b.pdb(e);b.li\|\|(b.li=new AE.a(b));b.li.add(new pr(b,m,I,U,ka,Ia));b.isFromErrorRangeSplit=!0}GUf(b){return b.oc&&b.oc.li&&b.oc.li.lXb(e=>e===b,[b.type])?!0:!1}FVi(b,e){if(b.type===e.type&&b.te&&!e.te&&b.oc&&b.oc.li&&b.oc.li.contains(b)&&e.oc&&e.oc.li&&e.oc.li.contains(e)){var m=[b.type];b.oc.li.lXb(I=>I===b,m);e.oc.li.lXb(I=>I===e,m)}}Wyj(b,e,m){if(!e)return!1;m=new Tz.a([m]);for(let I=0;I<b.length;I++){const U= source: chromecache_460.1.dr
Source:	Binary string: 1,1E3*$c,vd=>{this.uDg(vd)},132)))}get IBd(){return this.Jpe\|\|(this.Jpe=ib.a.instance.resolve("Wonca.IGraphSpaceRootReplicatorErrorHandler"))}dIg(B){this.va.addHandler(Jk.nwd,B)}get O1(){return 4===this._state?super.O1:1}get eK(){return this.iU}uDg(B){4===this._state\|\|this.pDb\|\|(this.qh?vb.ULS.sendTraceTag(41821144,338,15,"GetCells still processing response when abort call came after {0} ms. Not aborting.",B.interval):(vb.ULS.sendTraceTag(41821145,338,15,"GetCells aborting boot after it did not complete in {0} ms.", source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: X);fr.a.UDb("InitializeLocalCobalt",B.InitializeLocalCobaltStartTime,B.InitializeLocalCobaltEndTime,X);this.Ir.Ac("ServerData",X)}}BZ(){wb.AFrameworkApplication.J.Z("RefactorParseServerResponseIsEnabled")?this.pFi():this.oFi()}oFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm)){if(!(wb.AFrameworkApplication.Uf\|\|ae.a.instance.K(58)&&zc.App.GIf)){var B={["RetryCount"]:this.lia,["StatusCode"]:this.ic.statusCode,["HttpStatus"]:this.ic.httpStatusCode.toString(),["HasResponseObjects"]:!Yo.a.Fva(this.ic.Qm)}; source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: sa,2,fc),$c.hyperlink=null,eb=mc,La=!0;else if(La&&$c.Yk){this.Ind(B,$c,sa,2,fc);$c.Yk=!1;lb=$c.cp;Nb=mc;break}La&&$c.$a&&this.Cc.cG($c.$a)}sa=ad.ParagraphReader.text(B).substring(X.oc.cp,lb);this.fc.replaceTextRange(bi.a.createTextRange(B,X.oc.cp,lb),sa,!0,!1);for(X=eb;X<=Nb;)eb=B.Ba.K(X++),lb=B.pdb(eb.cp+sa.length),eb.$a&&(lb.$a=eb.$a.ld(lb));B.lq()}flc(B,X,sa){sa.wordRunProperties.Euc(X?B-1:B,2);ae.a.instance.K(57)&&(sa.wordRunProperties.EP.W(B,Nk.CharacterPropertiesEditor.u8),sa.wordRunProperties.yZ.W(B, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.i3f(ha);da.a.Keb().then(ia=>{ia.update(ha);return null})}i3f(ha){const {AFrameworkApplication:ia}=d(40343);this.nVc=ha;if(ia.fa){ia.Hmc();ia.fa.lJ(!1);const Y={};Y.activeDivZIndex=ia.fa.dY;ha.dialogHostProperties=Y}ha.dialogButtonsOption=void 0!==ha.dialogButtonsOption&&null!==ha.dialogButtonsOption?ha.dialogButtonsOption:this.lc;ha=this.PDb(1,ha);ha=this.PDb(2,ha);ha=this.PDb(3,ha);ha=this.PDb(4,ha);ha=this.PDb(0,ha);ha.defaultExecutionButton=ha.defaultExecutionButton\|\|this.c6a;ha.hideCloseButton= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: Ga):Va.end<hb.end?Ga++:r++}return R}mJe(r,R){let ja=!1;for(const Ga of R){R=Ga.errorDetails;ja=1===R.proofingType\|\|ja;let Va=r.pdb(Ga.begin);Va.Sm=new Jd(Va,R);Va.isFromErrorRangeSplit=!0;Va=r.pdb(Ga.end);Va.UJ=!0;Va.isFromErrorRangeSplit=!0}ja&&(r.SPb=!1)}uUf(r,R){if(!Lf.a.fh(R)){r=r.Ba;for(const ja of R){R=r.Cz(ja.begin);const Ga=r.Cz(ja.end);R&&R.Sm&&Ga&&Ga.UJ?(R.Sm=null,Ga.UJ=!1):(R=String.format("Could not find and remove ErrorRange from CHPs. Cp Begin: {0}, Cp End: {1}",ja.begin,ja.end),la.ULS.sendTraceTag(37532355, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: rb,Mb){2===Mb&&this.BM(!0,"OnDictationTimeout");return 32}Q9f(){this.uCb\|\|(this.uCb=!0,this.lw.isVisible()?(this.snc("RibbonClicked"),this.uCb=!1):this.showFloatie(),this.yNc())}showFloatie(Wa=!0){na.ULS.sendTraceTag(573190859,394,50,"Show dictation floatie triggered");this.lw.showFloatie((new S.a(this.Wb.KA)).displayName).then(()=>{this.i6a&&(this.i6a.aLc(),this.Wb.dSb=new Date,this.Wb.Pdb\|\|(this.Wb.Pdb=new Date));0===this.IG.Dz()&&(Wa?this.QKa():this.lw&&this.lw.vHf(),this.uCb=!1);this.Wb.$Pb&& source: chromecache_460.1.dr
Source:	Binary string: void 0!==this.Wb.Pdb&&null!==this.Wb.Pdb&&Array.add(this.qf.dataFields,{name:"FirstSeen",string:this.Wb.Pdb.toISOString()});void 0!==this.Wb.dSb&&null!==this.Wb.dSb&&Array.add(this.qf.dataFields,{name:"LastSeen",string:this.Wb.dSb.toISOString()})}onFinalResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Qbd+=b;this.J3c<b&&(this.J3c=b);this.Y3c>b&&(this.Y3c=b)}onPartialResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Tbd+=b;this.M3c<b&&(this.M3c=b);this.Z3c> source: chromecache_460.1.dr

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_265.1.dr, chromecache_286.1.dr, chromecache_296.1.dr, chromecache_450.1.dr, chromecache_476.1.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_265.1.dr, chromecache_286.1.dr, chromecache_296.1.dr, chromecache_450.1.dr, chromecache_476.1.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.9.12	wac-0003.wac-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
142.250.184.193	googleweblight.com	United States	15169	GOOGLEUS	false
13.107.253.67	s-part-0039.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
13.107.42.12	1drv.ms	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.253.72	s-part-0044.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.sigmacdn.net	United States	15133	EDGECASTUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.18.97	unknown	United States	15169	GOOGLEUS	false
13.107.137.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.253.45	s-part-0017.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
52.108.8.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.181.178	mann.ru.com	United States	13335	CLOUDFLARENETUS	false
104.21.56.85	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.17

Contacted Domains

Name	IP	Active
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
a.nel.cloudflare.com	35.190.80.1	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true
s-part-0039.t-0009.fb-t-msedge.net	13.107.253.67	true
1drv.ms	13.107.42.12	true
dual-spov-0006.spov-msedge.net	13.107.137.11	true
wac-0003.wac-msedge.net	52.108.9.12	true
googleweblight.com	142.250.184.193	true
challenges.cloudflare.com	104.18.95.41	true
office.com	13.107.6.156	true
www.google.com	142.250.185.132	true
mann.ru.com	172.67.181.178	true
sni1gl.wpc.sigmacdn.net	152.199.21.175	true
js.monitor.azure.com	unknown	unknown
www.office.com	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
fa000000110.resources.office.net	unknown	unknown
onenoteonline.nel.measure.office.net	unknown	unknown
fa000000138.resources.office.net	unknown	unknown
onedrive.live.com	unknown	unknown
amcdn.msftauth.net	unknown	unknown
www.onenote.com	unknown	unknown
messaging.engagement.office.com	unknown	unknown
fa000000096.resources.office.net	unknown	unknown
fa000000012.resources.office.net	unknown	unknown
fa000000111.resources.office.net	unknown	unknown
fa000000128.resources.office.net	unknown	unknown
storage.live.com	unknown	unknown
common.online.office.com	unknown	unknown
login.microsoftonline.com	unknown	unknown
spoprod-a.akamaihd.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8d7b21457ba24766/1729785106325/6f3139b1deeb106748e9957d1db230b01f4dc8bcedcbab15d8aaf2da7189cf4a/xaqRYNrtNwA4T8_	false	unknown
https://a.nel.cloudflare.com/report/v4?s=wu3hal5hOBDQe6aLEqIpAkaDR2DQzj61MaIF7cfFy7TvjA%2BYkshXv0iIfVWr2HGSNqHP6i8FzrorjhmxDholbjA16fhRXG92uhaGMrViN3YqWPOU6nCmZ5WcbdWmLw%3D%3D	false	unknown
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js	false	unknown
https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9	true	unknown
https://www.onenote.com/officeaddins/learningtools/?et=	false	unknown
https://mann.ru.com/9?ai=xd	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8d7b21457ba24766/1729785106325/9N0aiT9M7lwIIf7	false	unknown
https://googleweblight.com/	false	unknown
https://common.online.office.com/suite/RemoteUls.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&officeserverversion=	false	unknown
https://onedrive.live.com/personal/76471f3776916fd0/_layouts/15/Doc.aspx?sourcedoc=%7Bc2b6a389-6e2d-402f-8346-e7ceb243c74f%7D&action=default&fromShare=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05&slrid=64165da1-90a4-6000-a17a-a7453b5ea7e9&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_cnRpbWU9d3B6TnEwUDAzRWc&CID=e20b8c70-5808-4803-b162-15b8d742ff39&_SRM=0:G:36	false	unknown
https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell	false	unknown
https://onedrive.live.com/:o:/g/personal/76471F3776916FD0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?resid=76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&ithint=onenote&e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05	false	unknown
https://www.onenote.com/officeaddins/RemoteUls.ashx	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:51:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	9CF1D22E6631609B6AAC40FA138CD0A3	E024B17CD1FF208946371940D37CCB96EC84211A	DEA192F3EDAD8696C95F1FB9D7118912AF2677AB766348C4BC56B09D8185AA09
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:51:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	BFCDA0252E334C3B0BC9D14C20C10609	96BE0DE397749B9C5709FFF2BDF22FA76B8D04E7	345B3DC8A2E34202B7F26D388E516D00D4AAB03B93B564BC6C2680BA8BBC8DF4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	F05FC270066F4C3840B7B6C6EEE2B200	6639EA77C9412F6DEBDF54A76F429F694BEDEC62	705C918CA464B4CD34CFE0F7AEA67B926FE5251DD2180A460D7E43AADB729DF7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:51:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	842B9066D2B80483848B99BF2473863F	18F8B31B19DD29F883C6E98784D0DA2E031B3099	4733354AF1E0BF530A240445EB9F36D4BE24698992ECF630C3EFA1D256DB3D74
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:51:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	CC3B0D4195BCE95D3F02A8508B09FF5D	EE0946A66AC4681E3DB7CFBA9747CB21305AAD86	1E426907B7B39BAE4AEF485C84B5C40AC629ED7AC3A2EFF88BBAAD932BA06610
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:51:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	80FBCEA076384C43CF7D408B22836E7E	A3B54715DFDB90B1EE74012A37975C9BEA639284	7852C30EE1BD3DF4865C1263460759D9FF41266ACF5078BE2077D0955B89EDB4
Chrome Cache Entry: 258	HTML document, ASCII text, with CRLF line terminators	59372A1A3FB09A27594093F0BF524613	DD44CDA08F082DAC06E0D0FBFA662830B9989926	4D16C45DF3C3EDB6B0A3E8937DADB5AE95BF8737A728EEDB397E0C964F16B396
Chrome Cache Entry: 259	ASCII text, with very long lines (5949), with no line terminators	BBF6A2B6E77972F0718F99C86AE3FE92	806E8C002AE178B41819BEAFE123AE09202DF966	78FF6158246E4FA25F994827F90ED69FEEF349AA57449CB404E35C3026BD4B8A
Chrome Cache Entry: 260	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 261	ASCII text, with very long lines (38617), with no line terminators	FE1E3F510D9B8C6F79E1E5E52362BC6E	5E3B968543A37E7AD3AA50B2536420DEE762C069	82C1D484D2DD8CC012FC9DED6FE545E4D83C6232337038B1A57BCEDEEFF70193
Chrome Cache Entry: 262	ASCII text, with very long lines (65536), with no line terminators	65F960810895837B06B1D3AE1CCEAEF3	0673F80A70CFB78AD7018E161E3201E80CB71307	F452E6287DAFD3B632CBFF8533ED5DFC2F6F476C8672B468CF6DCFE321B8C889
Chrome Cache Entry: 263	HTML document, ASCII text, with CRLF line terminators	D29FA9F2AB3A72F2608E8E82C8C3D1C6	8B21CC06752837B4B6B8FEF8D54F50EB2C7CCA8F	E1B0A10649C4B92F828523EFC2EBE135EA9488179A2816888D1E84F786202DBF
Chrome Cache Entry: 264	ASCII text, with very long lines (58562)	E978BE49E42EDD7F2EDFC219B7607279	1BBC808263DC64117ADAEDF0E265D35728917DD5	7634B978111B5E70BF0CB418D76059674EE3D5ADD569F69406F509AD056367C7
Chrome Cache Entry: 265	ASCII text, with very long lines (65536), with no line terminators	669A6FE594693F2596A28853D92FB309	FE5DE41CFEFAC7DDEFAD06322238D30FAFEEC580	60DD865806D547201402D473A6C7C2635477A33F3E871428557143273872F13C
Chrome Cache Entry: 266	ASCII text, with very long lines (14666), with no line terminators	8880E957219B056B26B67D88CB7FFFF5	BE024ABFE99C2DC447191E2C59DD96FD9352E2C4	4BBB0DBB03A136E993BB2FB363455E7DCABF84CBB17DE37AD6168B9326E56909
Chrome Cache Entry: 267	ASCII text, with very long lines (1922), with no line terminators	3E3CD75B07B521BC61C01450E2C7873A	57D7881E0E878CABE74B1021CF86126148928DE7	2882BF4B22D0AD63E6F8877EB5C22353921E8C87B197911462933B7D1A7A44B8
Chrome Cache Entry: 268	ASCII text, with very long lines (41569), with no line terminators	345BFF8D2E34511694D9D12A008F5F5D	B3F35302052C26C285C43B935BCE972904E62E28	DD4039F8AFAC6FD76B462C4FD4F90374B18DB762719108491AC2E365196D71AC
Chrome Cache Entry: 269	ASCII text, with very long lines (20946), with CRLF line terminators	92A3DDF4C14AF9EB4DB2939A2B2712AC	81B322775A3E9E9335FB780179B6B922759CE6FF	5B6D3F98F8A755878F226B38FDB1F7C31E67B456221F253B70F95AA331668594
Chrome Cache Entry: 270	ASCII text, with very long lines (57788)	BC93B7FD04F68A94312B547CEF297451	59EA29125AD34035D985DA7C32668D1570BA2FE0	E55ED51D4941518F0B995EDF3557D3845DB5B91E0EA9F7BA771DC14A312871A1
Chrome Cache Entry: 271	ASCII text, with very long lines (65536), with no line terminators	65F960810895837B06B1D3AE1CCEAEF3	0673F80A70CFB78AD7018E161E3201E80CB71307	F452E6287DAFD3B632CBFF8533ED5DFC2F6F476C8672B468CF6DCFE321B8C889
Chrome Cache Entry: 272	Web Open Font Format, TrueType, length 6784, version 3.30147	14EC2D31F37BB0F43FD441D11E771D50	48F83A9581A5E37AD1CCD0D4848EFC7FA64C17CF	43C551EA819A83B1100F566ECF6BD70DB5A019F165D221200AF2DF11C4448627
Chrome Cache Entry: 273	ASCII text, with very long lines (20082), with no line terminators	58A30E58FBE0165292F0425B04256E46	420050FE7E6034D52094B2F769FDB12A3591A748	534ECF698946529FF99C868DA810DAB8E1E9C7491EBDC873BDF95D34ABF75C4E
Chrome Cache Entry: 274	ASCII text, with very long lines (65536), with no line terminators	6D65897ADB16447C6CA38DF7EF5C62F3	527058146A95BAD856D5FF78238568507BFCC185	B82EC4FEBA0212A5367C85FDA50406BE8B014826E7826251FBE79AFF398B7566
Chrome Cache Entry: 275	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	7A7A4890CAAA77025E1B33A6D6E474EE	DC735B99D9EF0C76B4A7AEAE8BAA4CBD9551BA77	9E1DA5BF715135491519A188CAD977DB6CBA414071E2407B69D63221379D8802
Chrome Cache Entry: 276	ASCII text, with very long lines (627)	1C61FE06C85D5FFC9CF7D5B86223536C	344E99D68E02BB0FA288771EC17854808296FB4F	F2D4A670C00B7D9D0A78E95BF95FDA4F5C70B9972450E08A75E1BB021E580C91
Chrome Cache Entry: 277	GIF image data, version 89a, 24 x 24	648AD2F7EEA95A9B5491DCD2203B2F54	5FFA99938410AEBAB10B32308F242437B9432B53	A3596C17DAD9A003D0BFBE0B7BA6765F51391B5C3943660316F01C8E77B323DB
Chrome Cache Entry: 278	ASCII text, with very long lines (65536), with no line terminators	9747CFD352DC4A728F7197577D939A01	A86856D0FB47046A9578FBCF1B3F4846684C10FF	776C63720217ABF62AB3945E9AD5FD66C97CEBB88F5A2AD225867B85D9BA08F3
Chrome Cache Entry: 279	ASCII text, with very long lines (42915)	47A7F90B61230BBB7FBEB2132A8BBD43	40D26F410F6B0A178BD61C06CD90D9EBE541BE0E	0C23BA55CD8384A6B6EAE1B2BF20E993896AD34873DD5E7112644E86258D9898
Chrome Cache Entry: 280	ASCII text, with very long lines (60197)	E01FFDF881BE6EE55465D981D9A932CF	D30134C757C94DB9D8F18EFEB14432DA60468D39	563FBA440CB645E242FE821A24B50E6F5D26CA248765E29DAFC2EDCA7299410E
Chrome Cache Entry: 281	JSON data	BC37636DB83AD0CF7D7FEF34D060EBDF	EF0020804B3A08871B8158130A9E74433C607EE2	999A9E6CE76DE70BD8E46F052D3119F82EAE0CC4EA9AFAA8F790326DAC4C797F
Chrome Cache Entry: 282	ASCII text, with very long lines (32011), with CRLF line terminators	5A8ED3646A340A247CD48F5732BAEA69	8A961A2C1461EB5CD8A9009911970824602F8B79	C459EC1608D98A847AB4C83723E1C4B2DC6E58A7006D5566C529A93113C2EE62
Chrome Cache Entry: 283	PNG image data, 222 x 204, 8-bit/color RGBA, non-interlaced	5D71229F6CA9EBFF5F7972F01B547C7C	4D71B33506E6F0EBA1C783DE37E36480F2E392BE	ABC0FA95B72F082CF4FBB18267CDBD282F2909B65B1B479D7F339DB41769946E
Chrome Cache Entry: 284	ASCII text, with very long lines (47531)	808A57CAE0B6FEE71F46EFDDED44B348	DD570A24C8BDA1B391AA1DDEA6004125818E579A	5B75AC6F98994352699841DFFA6E562725EBBD0005C539946AD3625EC550EB0F
Chrome Cache Entry: 285	ASCII text, with very long lines (65536), with no line terminators	9DECB0C734D0ECAD3E60A93F23DB8F39	96BC3698D305077A5A5CF09303BE1195FA65824C	54C618DE71735F3693D0DF3ACD1A36DD17AFF1655D09A0F2A23A314F9BA92765
Chrome Cache Entry: 286	ASCII text, with very long lines (7694)	BB351812C3D14ECD554D52D4EA634BE8	D36B85C4C5D4E37AA0EBDDBF2AC97DF9B0B7FE3B	DD5BEF510ABB01291BE7FA75E16B6F26CBA20EE62ADBBAC8E09E3205BF5B5084
Chrome Cache Entry: 287	JSON data	B22CAC36842DCB642F5BFF86C0FF2FB9	7F0557D5258453F55C1DB5DD40AB7F1C31932655	E25ABD11267B28557444D53A9A3BF52A796DF20A14205FDE0B19C6B8287976B3
Chrome Cache Entry: 288	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	1BF11FC2DBDB5C48B7D60F5005583417	DF52B131F6B151E674204CBA77082EFAEFBC3F8C	172E218E70CC419328B7AAB580615DA2A562E1508EAC9AC3014C52C51F2F50EC
Chrome Cache Entry: 289	ASCII text, with very long lines (29173), with no line terminators	F6228139447C795F72C09114F8289A8C	0D0499DC74723111C0B78792B40BF5B8D04A2FB2	E6108C2F14C08CE48EB243728C24011A8E70E60DCA21BFA51FFFC6B1B8A999C7
Chrome Cache Entry: 290	PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced	D212459353E8FD1D2514C77703D44F1F	A0CABB548A218E87FBCB4D4ADDEA47068A4288D3	7AD89A907BFE47019D905B92D0C203082AA75852D39B480E6FBE1718A8EA3647
Chrome Cache Entry: 291	ASCII text, with very long lines (32038)	F03E5A3BF534F4A738BC350631FD05BD	37B1DB88B57438F1072A8EBC7559C909C9D3A682	AEC3D419D50F05781A96F223E18289AEB52598B5DB39BE82A7B71DC67D6A7947
Chrome Cache Entry: 292	Unicode text, UTF-8 text, with very long lines (56385)	BC553108CB200A9A9036DD8FC379767F	F5C8EA36367061664B738BC1C46C8192E3C8B97A	A8A93A5AD7BFEBE0381A319F2681457CB386F9B645C594FB443640677F5857B5
Chrome Cache Entry: 293	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 294	ASCII text, with CRLF line terminators	72D9A825554620C51BF0018A457E7F2E	23400E26C69A1F8A47236FFAD4BC80FC80BA773E	365009220D893F07B356C7F253CECD5A9F7E06D6207A3DD7A148FC73812B4FE6
Chrome Cache Entry: 295	ASCII text, with very long lines (63604)	ACDFECB80B06F30C59B48F9B2140E6F5	C46873F855BDABF9943DA278813B53B4DD6FB6D6	CA46523D06A57712685B5C6B01430B530FE76F8FD5803179FCAA3466770E93A0
Chrome Cache Entry: 296	Unicode text, UTF-8 text, with very long lines (12695)	2FCED6E6CD0963580F963BC4C20EE1B6	92AE09CA220AEBB5DB448911AAABEEB28D688E9E	2D409FB1116C9A18791011CAF0B2AB2AB5C5F19CAF91C54BBF39BF7FF5DED27D
Chrome Cache Entry: 297	Unicode text, UTF-8 text, with very long lines (28488)	1E4F97EA439FFDD90F9546620038D5D4	E36215A823445A6CA7E0C9AB4E4C3C04C44289AB	DDF9B6FBE337192EE7334115B15D604DB9778202B7D28FAABB96E10D8F55E3C8
Chrome Cache Entry: 298	ASCII text, with very long lines (27024), with CRLF line terminators	A230E20FEECBB758D7C13303A657EEDD	F12606CCE8600D9DFB5316610EE5177BA51B0CE9	816A0F42A2BF473213A47BE1DDE62215811D54AF1151A1E9916DC215DF6EC776
Chrome Cache Entry: 299	XML 1.0 document, ASCII text	03FD32F2E28EBDE4EC38156C83EEEE10	518410F8BC555BC44E361CD50A4F20366896A36E	3CB6C640746A34590CC7FAA34E0FF24804AA947927DCAB6E50CDE0902033E421
Chrome Cache Entry: 300	ASCII text, with very long lines (65536), with no line terminators	9747CFD352DC4A728F7197577D939A01	A86856D0FB47046A9578FBCF1B3F4846684C10FF	776C63720217ABF62AB3945E9AD5FD66C97CEBB88F5A2AD225867B85D9BA08F3
Chrome Cache Entry: 301	PNG image data, 222 x 204, 8-bit/color RGBA, non-interlaced	5D71229F6CA9EBFF5F7972F01B547C7C	4D71B33506E6F0EBA1C783DE37E36480F2E392BE	ABC0FA95B72F082CF4FBB18267CDBD282F2909B65B1B479D7F339DB41769946E
Chrome Cache Entry: 302	ASCII text, with very long lines (65536), with no line terminators	8017EFC165ED5E4071013E77982A10E7	503B6090E3741A1423D1C03962304A5128ADACC2	9AFD741D5FF23189871E012B80CEBFBB8E220044555372CA0FE0979C94707624
Chrome Cache Entry: 303	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 304	ASCII text, with very long lines (7708)	DDD63B48AF585746957581C2465786B8	D57B0B43445D410B476B2FE9EB6C685E297851AE	1F40B9A806FAA70C1C142A9AD7EB4EAA84A3F3A18184ADFF6AEA4B21A2C60A9D
Chrome Cache Entry: 305	ASCII text, with very long lines (63604)	ACDFECB80B06F30C59B48F9B2140E6F5	C46873F855BDABF9943DA278813B53B4DD6FB6D6	CA46523D06A57712685B5C6B01430B530FE76F8FD5803179FCAA3466770E93A0
Chrome Cache Entry: 306	Unicode text, UTF-8 text, with very long lines (28488)	1E4F97EA439FFDD90F9546620038D5D4	E36215A823445A6CA7E0C9AB4E4C3C04C44289AB	DDF9B6FBE337192EE7334115B15D604DB9778202B7D28FAABB96E10D8F55E3C8
Chrome Cache Entry: 307	ASCII text, with very long lines (65437)	1F17361FB29A6080C472FE5C698043C9	871666BDC70C55EFAAD11AF36162CE91A65956EF	CC4307363023A70100271E492118FCE784D287479B2AC86BDB3DBD1FB2BAAF9F
Chrome Cache Entry: 308	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 309	ASCII text, with very long lines (30298)	4EDE79987F52C99D7B570FE77436747E	B9C4251C30ADBAE5F6BD532F37109E82DA414E7C	715D8C6EC761B3051A58AC9EE1AB704F7C3587F31159C289372A30AE5103F2F2
Chrome Cache Entry: 310	ASCII text, with very long lines (47531)	808A57CAE0B6FEE71F46EFDDED44B348	DD570A24C8BDA1B391AA1DDEA6004125818E579A	5B75AC6F98994352699841DFFA6E562725EBBD0005C539946AD3625EC550EB0F
Chrome Cache Entry: 311	ASCII text, with very long lines (616)	00A1160C879D7DC00D9A8693B6899A2F	6B8E243B8B5B44EFDA496BBE178DC8153B4F982E	0FB5855C124A1DC24D40900CF3C8A1F2091088394A28612BC9C3E2DCC06E1D3B
Chrome Cache Entry: 312	ASCII text, with very long lines (41569), with no line terminators	345BFF8D2E34511694D9D12A008F5F5D	B3F35302052C26C285C43B935BCE972904E62E28	DD4039F8AFAC6FD76B462C4FD4F90374B18DB762719108491AC2E365196D71AC
Chrome Cache Entry: 313	Unicode text, UTF-8 text, with very long lines (65526), with no line terminators	A07BBD93F7642473051CB1CF69C08472	E52DD5ECC98629978B277B7A41326AD1B6BCD75F	1C6285973A69887718A02AC335C5119F5B591F41F262C99A59C680D7F5D17700
Chrome Cache Entry: 314	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	084E7612635DFCF69A16255B41E70CAA	0D9721AA70B01487D3340B864C0BD49FB1D95206	7B389747818635BCA6FE76F5E3226EDA36AF53D8F27526796BC975EBD440A395
Chrome Cache Entry: 315	ASCII text, with very long lines (35936), with CRLF line terminators	1997228D20EACA8AA1C9D666E58CBCDB	B7FAD772EDC427D672F2911D5FCC4AF5151606BF	B873715A8705C515974A714B92EF7AD138EA308D972E407DEFD77F2078DB2BA5
Chrome Cache Entry: 316	JSON data	0F8A71C4D33149AC821AF59DD8780877	488B35F4C14517658F80CF926824D1AD51E2E02E	8FBA642792C3C2C30BD6B8A8394332CCBA65BA0676079BCB516C2A201CA583AF
Chrome Cache Entry: 317	Unicode text, UTF-8 text, with very long lines (65340), with no line terminators	F7E1D4D211A0B61997EA97964BD14E5A	2145B0FD252CD3AB2225ED0AF171C179B8CD6099	B8FDD85B0B87E9C2971C6DF817D1023D9E489A821F1F3B7293876B4CD0A82FF6
Chrome Cache Entry: 318	XML 1.0 document, ASCII text	03FD32F2E28EBDE4EC38156C83EEEE10	518410F8BC555BC44E361CD50A4F20366896A36E	3CB6C640746A34590CC7FAA34E0FF24804AA947927DCAB6E50CDE0902033E421
Chrome Cache Entry: 319	ASCII text, with very long lines (59425)	5238C6C5C1CBD7F3EB1095E46AD72D30	DAD44C1B0E5F936A92771EFD231A20D0D9C79D41	73AF98C00BFBC6937101E8E207DCDD7F7564FAB05F844FBE31011C9913B17284
Chrome Cache Entry: 320	Unicode text, UTF-8 text, with very long lines (65530), with no line terminators	A79F48E6E75920EAC571FFBAEDAD667A	1058C1417B1C18C127EE477CF250A2BBD2D7C211	C34867173151FBA54D6453846BE6B4028397018A76D7ECB70CF38A0AFDA072DF
Chrome Cache Entry: 321	XML 1.0 document, ASCII text, with CRLF line terminators	C2EE1D789CF6FC61AEB0B76399FB0E64	E55F7A87DD76AECBEDFB84347F07A75F283D58C6	AFACB4EBFE0700B8192FDBC3B0F1D776C4B3C73E1B192F955C47C870DDD73989
Chrome Cache Entry: 322	ASCII text, with very long lines (3527), with no line terminators	DF2E618F66E5DE074A8070BC09CA3C4F	38F67C978761E4AEAA5341A4FF39C59C1DED221C	BD0DD2B15855BE52CBA496CC6E8F0FF65FBBA6ADDBA92282E53CECA6B27BFCC9
Chrome Cache Entry: 323	ASCII text, with very long lines (627)	1C61FE06C85D5FFC9CF7D5B86223536C	344E99D68E02BB0FA288771EC17854808296FB4F	F2D4A670C00B7D9D0A78E95BF95FDA4F5C70B9972450E08A75E1BB021E580C91
Chrome Cache Entry: 324	ASCII text, with very long lines (8369), with no line terminators	3650AB0863890CA0F8ED7CB854D03F2B	86530F1BDFE32F6EE2C0B3770C648E13929A22D5	A77B85A1922F1E45FA8610E3D68CA6CA1EE887499F3148D5922A304D44E03EDF
Chrome Cache Entry: 325	PNG image data, 171 x 213, 8-bit colormap, non-interlaced	4C9ACF280B47CEF7DEF3FC91A34C7FFE	C32BB847DAF52117AB93B723D7C57D8B1E75D36B	5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
Chrome Cache Entry: 326	XML 1.0 document, ASCII text, with CRLF line terminators	605C6BD48B2AB0262C0113445494FF4C	00CC6621252EB4930486F4837638A0524E5C77E9	405497AC72ADA72A30277E2493A9B00B999DF6CE1B425167B8C405AF45EF0338
Chrome Cache Entry: 327	Unicode text, UTF-8 text, with very long lines (65530), with no line terminators	2C09ECEDCC26D01D2BF6EB26E7B00702	CDC426462849F616786AD8ACD1BD9EA3E474248F	41D3F17294A627E15FFA2323AB0F58925D2353255C532BCBAE87E9090E604D01
Chrome Cache Entry: 328	ASCII text, with very long lines (22548), with no line terminators	2111DE21CB1EA0EBCB6706B44282755A	138AB6A1C486B260287A8F0E000E1A63ADA8F5DA	063EDFEC2E8C1A0CAB9FB979341F1E4431DF455E919676A398ED5E7B5BCF8EFE
Chrome Cache Entry: 329	ASCII text, with very long lines (64817)	D3CD36D061148A303F8E1DFC47F6B2CB	DADE1F0E4A9E31351C121442A7AFEBDE21787D45	1473F3E79F0EF7F34E3E5AABC1B4209D16F40124F35AECBA6BB26B91372C43C5
Chrome Cache Entry: 330	ASCII text, with very long lines (1922), with no line terminators	3E3CD75B07B521BC61C01450E2C7873A	57D7881E0E878CABE74B1021CF86126148928DE7	2882BF4B22D0AD63E6F8877EB5C22353921E8C87B197911462933B7D1A7A44B8
Chrome Cache Entry: 331	HTML document, ASCII text, with CRLF line terminators	F4A8336B86F2D5DEDF72C7EF9477F419	DE2D931B1DC23C366798082F815B42A763B5261B	4B9820FC384D52E19072A63838740D74AA272D873EE1F3BD4AF17D7FC28EF511
Chrome Cache Entry: 332	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced	9D73B3AA30BCE9D8F166DE5178AE4338	D0CBC46850D8ED54625A3B2B01A2C31F37977E75	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
Chrome Cache Entry: 333	ASCII text, with very long lines (30249)	FE144FFEC80A348871EA70A8F63CED30	6957E9201D3B3016365C4080761435BDBE997287	DE35D12D5EE75E9E4FC8B605E443EC514543EE0CECA914A532E860F3C9EFEE2C
Chrome Cache Entry: 334	ASCII text, with very long lines (61584), with CRLF line terminators	95AA78CD619069BCDE235DEDC3AF5F41	6CD1FB538E2AEF2D14C5D88E905C72713DE7A8D4	3994D1ABCC40B2E17CF88747F45CB06238F0458DFC1EF57196BBC44065A69C6D
Chrome Cache Entry: 335	Unicode text, UTF-8 (with BOM) text, with very long lines (18992), with CRLF line terminators	D9604CC18F364A6ADE707B7FAAEC642C	F38F0B94764184D4373886FDA1CA87D352BFCE5A	F282423F48F12F56419363384F3B10002C8D3D106BC1AC8FF721602AA2B2FD9B
Chrome Cache Entry: 336	ASCII text, with no line terminators	825644F747BAAB2C00E420DBBC39E4B3	10588307553E766AB3C7D328D948DC6754893CEF	7C41B898C5DA0CFA4AA049B65EF50248BCE9A72D24BEF4C723786431921B75AA
Chrome Cache Entry: 337	ASCII text, with no line terminators	435B48C70ACA2DC80F8B34B5FDEB2789	FFE2C8567607568F939FA1A6F9888639B98B400C	6468AC9F9BCA964F3910FC967B80781C1C8634300E36F95AE49056D91A2734BF
Chrome Cache Entry: 338	Unicode text, UTF-8 text, with very long lines (58392)	64CF57DDEFEE6B6909C89A150D729583	027B6EDDE1688950000D6CA19E997C79E03E2C77	9AFCD14B4FC43E6D091C9A73564E28CA513FB536C19F78C7CA483DF29E610B44
Chrome Cache Entry: 339	XML 1.0 document, ASCII text, with CRLF line terminators	C2EE1D789CF6FC61AEB0B76399FB0E64	E55F7A87DD76AECBEDFB84347F07A75F283D58C6	AFACB4EBFE0700B8192FDBC3B0F1D776C4B3C73E1B192F955C47C870DDD73989
Chrome Cache Entry: 340	ASCII text, with very long lines (672)	EEB61E4E3B09AB99B1BDB48A68DE3B0F	474B169E13CF3BB1AC0101E915B59612AC025649	9305C186BFA36C3F54D99504658E9B49840DCEB94B9AE62699AA93766D665AA0
Chrome Cache Entry: 341	Unicode text, UTF-8 text, with very long lines (65308), with no line terminators	8D9EDD60E2B6329696B4B416FF6178D2	BDDA8531DA8BFB1031B9F9C03F8B5B26004EDF00	4E23B6C34FCBDBF7EFD6120B27D65D6D0A74E60F161377D678AD530E7DF10251
Chrome Cache Entry: 342	ASCII text, with very long lines (65536), with no line terminators	41357E3B962E967BC44D72B3DA22478A	C92D60811E9BB815D32F61E55E9EAF491546FA5D	08DBB36DDCA31F436328FF92E111186CAB0BE844E91A287AAF1274F4D0B9B3C7
Chrome Cache Entry: 343	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 344	ASCII text, with very long lines (65536), with no line terminators	28AE8A97F4ABA21B7C2E35059829E3A2	B7B1145ADB4697AD6D781BF6D63F9C6F7FBF3A93	6DEFAE634ACD4E2356838DEE0DD0213411310C26A2D9720C2C85058B7771B1BE
Chrome Cache Entry: 345	ASCII text, with very long lines (2224), with no line terminators	96EC242EA2E25558F7EC13FA88D9D793	B0BB7F6BD5206CC1FFB572CBD4A6AD2F88D42433	850C54CE960E710757379C19601C65C00CF7D485063115F34AA30AE193CCEA43
Chrome Cache Entry: 346	ASCII text, with no line terminators	292452D9158CA5211CEB7B3FB1D71E28	DE9347FB1604A4AADB4230CA87B9D9CADC98629E	D6700E797D44FC7A78934BB9FC6C435027F1D23587B097003E3A84BD1B4E3333
Chrome Cache Entry: 347	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 348	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	4753311527A079EC0CC7E95D043B12C4	ECDDDE593B9BB99B9AF52572ACE99AE8668D23D8	E1A86909453E1BFDB18F961D9148601D54308E5C7A7826DFD79A7264A53B6E6A
Chrome Cache Entry: 349	ASCII text, with very long lines (64817)	D3CD36D061148A303F8E1DFC47F6B2CB	DADE1F0E4A9E31351C121442A7AFEBDE21787D45	1473F3E79F0EF7F34E3E5AABC1B4209D16F40124F35AECBA6BB26B91372C43C5
Chrome Cache Entry: 350	ASCII text, with very long lines (65394)	CF5CC7F4B57526CC37893DCB83DED031	E953783BE0A7894585778455AAE3D0DF094D6F29	3A790B6C0D26D7A4D292CB27F992EAFAFF42C37E9318B2AB704207039127FCB8
Chrome Cache Entry: 351	ASCII text, with very long lines (65443)	9F5073B64B56A4C8D0B1B596C3D05FFD	CAFAD76BE15AC0B9E3B48AF173D2EFE02B5C416F	8B6BA39147DC3BA407A6D00A31C665194A425D95BC3F8F6284C52A2008E73C5E
Chrome Cache Entry: 352	JSON data	99914B932BD37A50B983C5E7C90AE93B	BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F	44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
Chrome Cache Entry: 353	PNG image data, 171 x 213, 8-bit colormap, non-interlaced	4C9ACF280B47CEF7DEF3FC91A34C7FFE	C32BB847DAF52117AB93B723D7C57D8B1E75D36B	5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
Chrome Cache Entry: 354	TrueType Font data, 15 tables, 1st "OS/2"	08E4693DF7CDE76B1EFB1E7F55FF8BF4	6C67DE4AF78F57DB19FCCABD54C2EED2128DD41C	D69B95DF2F4053D1E712C11A2819A2244AC1B99142FFCE33C5A56D1FA54C1CFD
Chrome Cache Entry: 355	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	1DC889AC693F912C263AA6D27A258A93	B2100EA2AEE5ED5FD90E0331F26160CDD5D1B002	9224E5240ABC039D55CB765EA6611F07BA95F5E59C05DA325C968470946C6E52
Chrome Cache Entry: 356	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	4DE42314D6EDDA70DF9779762ACC12B8	2AF63137ABC68C0910107F8598B7DE48FD5BBD9C	7E86DF2AC06E3524CB7BC6F0B8EB07565BA6D103EAF3CF1A30AC4C78F11A4EAA
Chrome Cache Entry: 357	ASCII text, with very long lines (65536), with no line terminators	7E93C384B574C1D19DF910D525EC3789	EDF6EBFAF4A1F29E76B4094BB5B9DFB57388ECA6	16AB414F8B420754EB7D8095EF2E2953C18C442E173B1CBC1603CB0E19F1CC95
Chrome Cache Entry: 358	HTML document, ASCII text, with CRLF line terminators	945CA45FFB7EAA5DBE316A985E038270	A85D6D400290DC518AB708EBBB9516CFE4A87606	4E53886D60CFACB6E5BB15923B1B923B9DAE4F0B322890396887D3C44C9E3AD2
Chrome Cache Entry: 359	JSON data	B22CAC36842DCB642F5BFF86C0FF2FB9	7F0557D5258453F55C1DB5DD40AB7F1C31932655	E25ABD11267B28557444D53A9A3BF52A796DF20A14205FDE0B19C6B8287976B3
Chrome Cache Entry: 360	ASCII text, with very long lines (65536), with no line terminators	8017EFC165ED5E4071013E77982A10E7	503B6090E3741A1423D1C03962304A5128ADACC2	9AFD741D5FF23189871E012B80CEBFBB8E220044555372CA0FE0979C94707624
Chrome Cache Entry: 361	JSON data	0AD0E10CC588321BD7617B19BD20EEAF	9F8EB93D15C4E7A67682496852F988EABD86A4D7	C08AB5C3BECC722758C460401FBC6D8AB11F38BD4AE57B0FCDED3CCCD031DB3C
Chrome Cache Entry: 362	ASCII text, with very long lines (35936), with CRLF line terminators	1997228D20EACA8AA1C9D666E58CBCDB	B7FAD772EDC427D672F2911D5FCC4AF5151606BF	B873715A8705C515974A714B92EF7AD138EA308D972E407DEFD77F2078DB2BA5
Chrome Cache Entry: 363	Unicode text, UTF-8 (with BOM) text, with very long lines (18992), with CRLF line terminators	D9604CC18F364A6ADE707B7FAAEC642C	F38F0B94764184D4373886FDA1CA87D352BFCE5A	F282423F48F12F56419363384F3B10002C8D3D106BC1AC8FF721602AA2B2FD9B
Chrome Cache Entry: 364	ASCII text, with very long lines (65536), with no line terminators	76328F92AA8FCDC94FBCB570CE57D76C	CA9D64B517CD0E8474F8FCFF4101B3A88E5F9EB2	E15A3B74A760F470FE602177F03B496FED3243E19CCD6BC359AD48DE7E5C4F11
Chrome Cache Entry: 365	ASCII text, with very long lines (38617), with no line terminators	FE1E3F510D9B8C6F79E1E5E52362BC6E	5E3B968543A37E7AD3AA50B2536420DEE762C069	82C1D484D2DD8CC012FC9DED6FE545E4D83C6232337038B1A57BCEDEEFF70193
Chrome Cache Entry: 366	ASCII text, with very long lines (24306), with CRLF line terminators	AC459993971D136B5C420665B272E101	3C84797F6C43434519212E1AE74E84C4BC9E133A	883922A710E857E94B35FD6748792782280A859E154E4DB2E4C0B4876DFA61AE
Chrome Cache Entry: 367	ASCII text, with CRLF line terminators	9CFEFB2D46D6102DAC2A24C606F47FEA	076B63F4F46CE28648201E2507BBC67FB4F990C5	43C5939CB732D8AA2D20FCE97F359F46B7C3B937E60ED576B752AE0A2E73314F
Chrome Cache Entry: 368	PNG image data, 452 x 444, 8-bit/color RGBA, non-interlaced	ECA50172A6583B16E553E9917FB710FB	2FD7FB2FF5C10E17E9066CE6BD2393E1F6B93CC0	FFF5919A2CBACEAE0528522B6C73E4F1D549CA8EE13C680B50ED377DFD2B61F0
Chrome Cache Entry: 369	ASCII text, with very long lines (11252)	5497DFC3FD0E40DB230E1D59B34797DD	170F2C748BEDED58B7DAE3C6A3F8A5019A4534C1	BA445B74289601E54A8FEBA0951364685EA140F0A0B9FBE2A355F1001A16FBE5
Chrome Cache Entry: 370	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	084E7612635DFCF69A16255B41E70CAA	0D9721AA70B01487D3340B864C0BD49FB1D95206	7B389747818635BCA6FE76F5E3226EDA36AF53D8F27526796BC975EBD440A395
Chrome Cache Entry: 371	MS Windows cursor resource - 1 icon, 32x32, hotspot @16x16	04D59A1FFDA7020CBDA1BB9FCBF0BCA0	E0CACE5751F02AF9E12B3C066FFD542F3D12A279	EDC250E23E06AE7D15C1C19FDF9C6759129796B0A2F76DC82DF665C823C7B495
Chrome Cache Entry: 372	ASCII text, with very long lines (30497), with no line terminators	E55F3C2F2F2F2A339E4B0A08030E9803	729D608C534829E07F5DCDBBD75BBC031A9E9D9A	40CBE329851D4261E0E4A3B3665FD1025747AAC3CBFD87689CF3F2689CACF4E9
Chrome Cache Entry: 373	Unicode text, UTF-8 text, with very long lines (65526), with no line terminators	A07BBD93F7642473051CB1CF69C08472	E52DD5ECC98629978B277B7A41326AD1B6BCD75F	1C6285973A69887718A02AC335C5119F5B591F41F262C99A59C680D7F5D17700
Chrome Cache Entry: 374	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	4DE42314D6EDDA70DF9779762ACC12B8	2AF63137ABC68C0910107F8598B7DE48FD5BBD9C	7E86DF2AC06E3524CB7BC6F0B8EB07565BA6D103EAF3CF1A30AC4C78F11A4EAA
Chrome Cache Entry: 375	ASCII text, with very long lines (59425)	5238C6C5C1CBD7F3EB1095E46AD72D30	DAD44C1B0E5F936A92771EFD231A20D0D9C79D41	73AF98C00BFBC6937101E8E207DCDD7F7564FAB05F844FBE31011C9913B17284
Chrome Cache Entry: 376	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	5FBC6BB137EA2316DEFE300913A950DF	29464B148AE54621A4AAD4F7742A2A05BE6517E3	82553839D3ECC08D5F9DDF58F9F466B88BFC614F9613DB9525B0E7037BF6843C
Chrome Cache Entry: 377	ASCII text, with very long lines (32038)	F03E5A3BF534F4A738BC350631FD05BD	37B1DB88B57438F1072A8EBC7559C909C9D3A682	AEC3D419D50F05781A96F223E18289AEB52598B5DB39BE82A7B71DC67D6A7947
Chrome Cache Entry: 378	ASCII text, with very long lines (1917), with no line terminators	FFC175D47F55E17139466B8D5F7B5597	F179CDF25E0F3F02E6A7506628136EC2BC61EB31	038A2421C537F9A7FEFA0CBB8FD7A907D53952B424870ACC7939D6A3BCBB7B14
Chrome Cache Entry: 379	ASCII text, with no line terminators	FF55249D55143D5EB2DF396FA8A34EE8	D2B08C91DD9FCC8D49BAE85476308230D0BC591F	216A9426D94326E483B2C11154DE2E303385366841111A4A3DAD5590FF89F0BC
Chrome Cache Entry: 380	XML 1.0 document, ASCII text, with CRLF line terminators	5E6EDC73470FF3E746BC8BDAC6FB38B2	7DFA441D001FE0B50A5F6ED6102479662D2497DF	71344C4AACBC26401DD2CFDCDB7C16625B423B4E710A0030A65D90B7E16F602D
Chrome Cache Entry: 381	XML 1.0 document, ASCII text, with CRLF line terminators	BCB0C4305749B10C7E9F428F8199CAF5	B0AFC5BE5ABE6F91286C5F15784EC25FB318BADF	996A3022BDB1C69A264B5E164E4596169D81A91DC6114F7B971FBCD2A218E69C
Chrome Cache Entry: 382	Unicode text, UTF-8 text, with very long lines (65340), with no line terminators	F7E1D4D211A0B61997EA97964BD14E5A	2145B0FD252CD3AB2225ED0AF171C179B8CD6099	B8FDD85B0B87E9C2971C6DF817D1023D9E489A821F1F3B7293876B4CD0A82FF6
Chrome Cache Entry: 383	PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced	D212459353E8FD1D2514C77703D44F1F	A0CABB548A218E87FBCB4D4ADDEA47068A4288D3	7AD89A907BFE47019D905B92D0C203082AA75852D39B480E6FBE1718A8EA3647
Chrome Cache Entry: 384	ASCII text, with very long lines (11652), with no line terminators	88549F0717DF6160AC5DEBC0030CED14	7539CDD9F0478597766968DFE5F2052633B76F29	4B69F2216035B852B4673B035919BDAD219CEEA9C70FFA7444D17F428097181E
Chrome Cache Entry: 385	ASCII text, with very long lines (58562)	E978BE49E42EDD7F2EDFC219B7607279	1BBC808263DC64117ADAEDF0E265D35728917DD5	7634B978111B5E70BF0CB418D76059674EE3D5ADD569F69406F509AD056367C7
Chrome Cache Entry: 386	Unicode text, UTF-8 text, with very long lines (56385)	BC553108CB200A9A9036DD8FC379767F	F5C8EA36367061664B738BC1C46C8192E3C8B97A	A8A93A5AD7BFEBE0381A319F2681457CB386F9B645C594FB443640677F5857B5
Chrome Cache Entry: 387	ASCII text, with very long lines (64762), with CRLF line terminators	9E19EB15127E8B483390FA4A0ECD250D	A07FA6F2E546CAF496419528830E44EB7BB76F96	72EFADABC758848CF94116C0119EB20F830A070441D8C05683AF2311B7B04A42
Chrome Cache Entry: 388	ASCII text, with very long lines (65536), with no line terminators	41357E3B962E967BC44D72B3DA22478A	C92D60811E9BB815D32F61E55E9EAF491546FA5D	08DBB36DDCA31F436328FF92E111186CAB0BE844E91A287AAF1274F4D0B9B3C7
Chrome Cache Entry: 389	ASCII text, with very long lines (65536), with no line terminators	65B80C88DE560F779A84639D0F9AC31B	9B982BFE1677E45A60651F369656C390FE15D51A	C27EAC3A4384958AD7787D0C4CA7841DA0B911814C8D023C345D7C3096A404CB
Chrome Cache Entry: 390	ASCII text, with very long lines (3527), with no line terminators	DF2E618F66E5DE074A8070BC09CA3C4F	38F67C978761E4AEAA5341A4FF39C59C1DED221C	BD0DD2B15855BE52CBA496CC6E8F0FF65FBBA6ADDBA92282E53CECA6B27BFCC9
Chrome Cache Entry: 391	XML 1.0 document, ASCII text, with CRLF line terminators	BCB0C4305749B10C7E9F428F8199CAF5	B0AFC5BE5ABE6F91286C5F15784EC25FB318BADF	996A3022BDB1C69A264B5E164E4596169D81A91DC6114F7B971FBCD2A218E69C
Chrome Cache Entry: 392	ASCII text, with very long lines (11652), with no line terminators	88549F0717DF6160AC5DEBC0030CED14	7539CDD9F0478597766968DFE5F2052633B76F29	4B69F2216035B852B4673B035919BDAD219CEEA9C70FFA7444D17F428097181E
Chrome Cache Entry: 393	ASCII text, with very long lines (1917), with no line terminators	FFC175D47F55E17139466B8D5F7B5597	F179CDF25E0F3F02E6A7506628136EC2BC61EB31	038A2421C537F9A7FEFA0CBB8FD7A907D53952B424870ACC7939D6A3BCBB7B14
Chrome Cache Entry: 394	PNG image data, 82 x 258, 8-bit/color RGBA, non-interlaced	2443F04DFD8CE58264835F7CD477799C	E798EF676A42AA8F723246C95FA6A918010223B2	77DD1463FE34BE51528C6535C5AAF5590EE90BBD3B76AE8E362657C45E9F90FD
Chrome Cache Entry: 395	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 396	ASCII text, with very long lines (1837)	4407169B6C6BE1315CB8BBCF664D6C13	D3930B118CACB9CB54F380896499A627D43A12D2	805C4A9707CDA2C8FAB9D20C477C14CE783D37B739809A5601860465036549F2
Chrome Cache Entry: 397	ASCII text, with no line terminators	435B48C70ACA2DC80F8B34B5FDEB2789	FFE2C8567607568F939FA1A6F9888639B98B400C	6468AC9F9BCA964F3910FC967B80781C1C8634300E36F95AE49056D91A2734BF
Chrome Cache Entry: 398	JSON data	8D75B8E85D749610931E168F2EFCF555	11410945A27700DBE941C030189C637792AAC2CE	485A60AD5AF1CEFF60C50A9BFB08A03F0C42B984034A2255820356938B82B2A0
Chrome Cache Entry: 399	ASCII text, with very long lines (65536), with no line terminators	2F1D74149F052D3354358E9856375219	8019F7A2EA824930F91C3EC375D926B650FB1CFF	66C70312DE6CA4E1D7EF1E858307764C241A80E7411CEE686EA2FC2D74152749
Chrome Cache Entry: 400	ASCII text, with no line terminators	435B48C70ACA2DC80F8B34B5FDEB2789	FFE2C8567607568F939FA1A6F9888639B98B400C	6468AC9F9BCA964F3910FC967B80781C1C8634300E36F95AE49056D91A2734BF
Chrome Cache Entry: 401	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 402	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 403	ASCII text, with very long lines (61584), with CRLF line terminators	95AA78CD619069BCDE235DEDC3AF5F41	6CD1FB538E2AEF2D14C5D88E905C72713DE7A8D4	3994D1ABCC40B2E17CF88747F45CB06238F0458DFC1EF57196BBC44065A69C6D
Chrome Cache Entry: 404	Unicode text, UTF-8 text, with very long lines (65530), with no line terminators	A79F48E6E75920EAC571FFBAEDAD667A	1058C1417B1C18C127EE477CF250A2BBD2D7C211	C34867173151FBA54D6453846BE6B4028397018A76D7ECB70CF38A0AFDA072DF
Chrome Cache Entry: 405	Web Open Font Format, TrueType, length 3052, version 4.-22282	A11193DEB0B6BA33E4782396F19F3D0C	6200BCA8CB8A8C7B8C2AA7E8665E464ED5D15194	FE05188DA3C5A767088355C5FB1229BA979AEDC8727AD8FCF9C170267C52B786
Chrome Cache Entry: 406	ASCII text, with very long lines (4615)	20B673F9D2064C78B2CC2C7A7DDBC46D	3CC9E0F095D93B38481BE3D0137741D97C1978C3	83C5CCAF7404DF012ACED39092D0982EB73E9DC942BCE6991956C7B2F10957D8
Chrome Cache Entry: 407	ASCII text, with very long lines (65443)	9F5073B64B56A4C8D0B1B596C3D05FFD	CAFAD76BE15AC0B9E3B48AF173D2EFE02B5C416F	8B6BA39147DC3BA407A6D00A31C665194A425D95BC3F8F6284C52A2008E73C5E
Chrome Cache Entry: 408	Web Open Font Format, TrueType, length 151924, version 0.0	F7B522D9B75CA8239CBB83AE0AF1AA39	4573CD1D06809C240A50EDFB20EF343CB4B7ADEE	17A719C693F24C4DDF59B83CFFC58A19BF03ACB26FAB553F274F0090767B1BAB
Chrome Cache Entry: 409	ASCII text, with very long lines (672)	EEB61E4E3B09AB99B1BDB48A68DE3B0F	474B169E13CF3BB1AC0101E915B59612AC025649	9305C186BFA36C3F54D99504658E9B49840DCEB94B9AE62699AA93766D665AA0
Chrome Cache Entry: 410	PNG image data, 82 x 258, 8-bit/color RGBA, non-interlaced	2443F04DFD8CE58264835F7CD477799C	E798EF676A42AA8F723246C95FA6A918010223B2	77DD1463FE34BE51528C6535C5AAF5590EE90BBD3B76AE8E362657C45E9F90FD
Chrome Cache Entry: 411	ASCII text, with very long lines (65536), with no line terminators	E1FD17FCEC2CB35FD213E85B52850C2F	0287D09192300AA91E7C6AFA684B4EF80D536CAF	5C1A339B057F4356DA637C136C76F77BF98CA7680958AC271CE0E1657C8EAB5F
Chrome Cache Entry: 412	JSON data	99914B932BD37A50B983C5E7C90AE93B	BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F	44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
Chrome Cache Entry: 413	ASCII text, with very long lines (1837)	4407169B6C6BE1315CB8BBCF664D6C13	D3930B118CACB9CB54F380896499A627D43A12D2	805C4A9707CDA2C8FAB9D20C477C14CE783D37B739809A5601860465036549F2
Chrome Cache Entry: 414	HTML document, ASCII text, with CRLF line terminators	110868F9EC11E396D97ED9289064D046	3E5FF538A088C9D06F1ADC9F0E82E30FB9D6E3A1	C1DC3E248A3C0494BBF760B8E2A6B3E38A3507043FCC4CCBEB533B90EAE45F50
Chrome Cache Entry: 415	ASCII text, with no line terminators	DA69159E7EC38222D30F02FAE3F5B795	A25E1C206C6EF0DC1E82AB5D715E56A1EFE3BDE4	77E2C43DFDEBA7EA496189A7D4DA3A22EDA4CCE35B6246260698A60B141972EE
Chrome Cache Entry: 416	ASCII text, with very long lines (42915)	47A7F90B61230BBB7FBEB2132A8BBD43	40D26F410F6B0A178BD61C06CD90D9EBE541BE0E	0C23BA55CD8384A6B6EAE1B2BF20E993896AD34873DD5E7112644E86258D9898
Chrome Cache Entry: 417	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	4753311527A079EC0CC7E95D043B12C4	ECDDDE593B9BB99B9AF52572ACE99AE8668D23D8	E1A86909453E1BFDB18F961D9148601D54308E5C7A7826DFD79A7264A53B6E6A
Chrome Cache Entry: 418	ASCII text, with very long lines (64762), with CRLF line terminators	3B3F77A1F2990107C99E7788B6991302	B81E8B10377BC751AED6715856AF401F2D88234A	C5AF99636CFE83E04A749B90DA4D4F7D75B8E8E2D43B29A7258F578735C5C34E
Chrome Cache Entry: 419	ASCII text, with very long lines (65536), with no line terminators	6D65897ADB16447C6CA38DF7EF5C62F3	527058146A95BAD856D5FF78238568507BFCC185	B82EC4FEBA0212A5367C85FDA50406BE8B014826E7826251FBE79AFF398B7566
Chrome Cache Entry: 420	JSON data	C956AA965C0D64E319623E766148BF9A	A3C1DC3FEE658F463C2C247D8FF82FD3FC49CF9F	0A5A6583BDF7C80F4F711CB6612DCFA0534F4940495B12420926B80CE43B87CB
Chrome Cache Entry: 421	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 422	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 423	ASCII text, with very long lines (20116), with no line terminators	EDF023B23DC08C7C90BA27A3BDE7480B	0F03EDBE6BDA20C20251EFF9DB86359EB5155F66	7337ED6220111758E61F3BE5060AE9A807D83EDF05D5F7CC92B0B85E34A5FEF3
Chrome Cache Entry: 424	JSON data	3A60051CD6CA060A515E1ED573152E25	7B9CC35159DEE664492531F4A94C089348095528	864D10FD5CAB9FFFA8F4FE32CB525809D3A7F195B4CE0CA72B01FE01F24659C2
Chrome Cache Entry: 425	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced	9D73B3AA30BCE9D8F166DE5178AE4338	D0CBC46850D8ED54625A3B2B01A2C31F37977E75	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
Chrome Cache Entry: 426	ASCII text, with no line terminators	825644F747BAAB2C00E420DBBC39E4B3	10588307553E766AB3C7D328D948DC6754893CEF	7C41B898C5DA0CFA4AA049B65EF50248BCE9A72D24BEF4C723786431921B75AA
Chrome Cache Entry: 427	PNG image data, 452 x 444, 8-bit/color RGBA, non-interlaced	ECA50172A6583B16E553E9917FB710FB	2FD7FB2FF5C10E17E9066CE6BD2393E1F6B93CC0	FFF5919A2CBACEAE0528522B6C73E4F1D549CA8EE13C680B50ED377DFD2B61F0
Chrome Cache Entry: 428	ASCII text, with very long lines (2936)	4F1D12D57F5342C2B9B0ED43E73C39B8	C0C2E9B165076D27558A37C55B1E14CE9728FCEF	5B1487ECD05FC0A7192742055E471EE39845AD39D20CFF2EF746FE5B62C5CB3C
Chrome Cache Entry: 429	ASCII text, with very long lines (33654)	B6E215C559C24CAFD09273E9BFAFD357	ECCF0B92955DACEAF6FAD3A9DE7C36EB65B341CB	DAF0C5F563BBD6915BEA269FA160B52176BAE7AA972FFA7F0D9345165A4825F3
Chrome Cache Entry: 430	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 431	ASCII text, with very long lines (20082), with no line terminators	58A30E58FBE0165292F0425B04256E46	420050FE7E6034D52094B2F769FDB12A3591A748	534ECF698946529FF99C868DA810DAB8E1E9C7491EBDC873BDF95D34ABF75C4E
Chrome Cache Entry: 432	ASCII text, with very long lines (29173), with no line terminators	F6228139447C795F72C09114F8289A8C	0D0499DC74723111C0B78792B40BF5B8D04A2FB2	E6108C2F14C08CE48EB243728C24011A8E70E60DCA21BFA51FFFC6B1B8A999C7
Chrome Cache Entry: 433	JSON data	046E75F15276B4235B4AF246C2439AE4	7E8C69EAF56DF3D775ACA9C04E18060DDB578F44	A87D3F6E49AEAACC611E10491BFF08306824B71081B00C7D1D65C94CB3F8D580
Chrome Cache Entry: 434	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 435	JSON data	2AA64CF564EEAE5787D64DC866F0C731	DD77CBB5B55C16302651E18629D56924D363C375	21C0A4F729272B7B0BCD090ED5A9E000A018799416DD7C4EFAC55024490FFBDB
Chrome Cache Entry: 436	XML 1.0 document, ASCII text, with CRLF line terminators	605C6BD48B2AB0262C0113445494FF4C	00CC6621252EB4930486F4837638A0524E5C77E9	405497AC72ADA72A30277E2493A9B00B999DF6CE1B425167B8C405AF45EF0338
Chrome Cache Entry: 437	HTML document, ASCII text, with CRLF line terminators	59372A1A3FB09A27594093F0BF524613	DD44CDA08F082DAC06E0D0FBFA662830B9989926	4D16C45DF3C3EDB6B0A3E8937DADB5AE95BF8737A728EEDB397E0C964F16B396
Chrome Cache Entry: 438	ASCII text, with very long lines (65536), with no line terminators	28AE8A97F4ABA21B7C2E35059829E3A2	B7B1145ADB4697AD6D781BF6D63F9C6F7FBF3A93	6DEFAE634ACD4E2356838DEE0DD0213411310C26A2D9720C2C85058B7771B1BE
Chrome Cache Entry: 439	GIF image data, version 89a, 24 x 24	648AD2F7EEA95A9B5491DCD2203B2F54	5FFA99938410AEBAB10B32308F242437B9432B53	A3596C17DAD9A003D0BFBE0B7BA6765F51391B5C3943660316F01C8E77B323DB
Chrome Cache Entry: 440	ASCII text, with very long lines (11252)	5497DFC3FD0E40DB230E1D59B34797DD	170F2C748BEDED58B7DAE3C6A3F8A5019A4534C1	BA445B74289601E54A8FEBA0951364685EA140F0A0B9FBE2A355F1001A16FBE5
Chrome Cache Entry: 441	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	7A7A4890CAAA77025E1B33A6D6E474EE	DC735B99D9EF0C76B4A7AEAE8BAA4CBD9551BA77	9E1DA5BF715135491519A188CAD977DB6CBA414071E2407B69D63221379D8802
Chrome Cache Entry: 442	Unicode text, UTF-8 text, with very long lines (58392)	64CF57DDEFEE6B6909C89A150D729583	027B6EDDE1688950000D6CA19E997C79E03E2C77	9AFCD14B4FC43E6D091C9A73564E28CA513FB536C19F78C7CA483DF29E610B44
Chrome Cache Entry: 443	ASCII text, with very long lines (20946), with CRLF line terminators	92A3DDF4C14AF9EB4DB2939A2B2712AC	81B322775A3E9E9335FB780179B6B922759CE6FF	5B6D3F98F8A755878F226B38FDB1F7C31E67B456221F253B70F95AA331668594
Chrome Cache Entry: 444	ASCII text, with very long lines (24306), with CRLF line terminators	AC459993971D136B5C420665B272E101	3C84797F6C43434519212E1AE74E84C4BC9E133A	883922A710E857E94B35FD6748792782280A859E154E4DB2E4C0B4876DFA61AE
Chrome Cache Entry: 445	ASCII text, with very long lines (2936)	4F1D12D57F5342C2B9B0ED43E73C39B8	C0C2E9B165076D27558A37C55B1E14CE9728FCEF	5B1487ECD05FC0A7192742055E471EE39845AD39D20CFF2EF746FE5B62C5CB3C
Chrome Cache Entry: 446	PNG image data, 59 x 10, 8-bit/color RGB, non-interlaced	51E0205922E53DC15F09B3E735C57F9D	E3A99BC0429CCA21EEA13F6F39E8E68C12C76156	3EF6A1A32D8609069C5A4CF1D7CAF4867C9D8AEBE81D2411E5FC256EA10E50B4
Chrome Cache Entry: 447	ASCII text, with very long lines (33654)	B6E215C559C24CAFD09273E9BFAFD357	ECCF0B92955DACEAF6FAD3A9DE7C36EB65B341CB	DAF0C5F563BBD6915BEA269FA160B52176BAE7AA972FFA7F0D9345165A4825F3
Chrome Cache Entry: 448	ASCII text, with very long lines (14666), with no line terminators	8880E957219B056B26B67D88CB7FFFF5	BE024ABFE99C2DC447191E2C59DD96FD9352E2C4	4BBB0DBB03A136E993BB2FB363455E7DCABF84CBB17DE37AD6168B9326E56909
Chrome Cache Entry: 449	ASCII text, with very long lines (65457)	122C9E4338794A3EE4A5E74D9777BC0F	98EF50E42CE81E5A7DB198EB3370252DE9A8BEBC	3BDAE7D8720DA0DCD5883C72A02762CF728F2392BAD92716FCEE190CA5AF2C53
Chrome Cache Entry: 450	ASCII text, with very long lines (65536), with no line terminators	669A6FE594693F2596A28853D92FB309	FE5DE41CFEFAC7DDEFAD06322238D30FAFEEC580	60DD865806D547201402D473A6C7C2635477A33F3E871428557143273872F13C
Chrome Cache Entry: 451	PNG image data, 59 x 10, 8-bit/color RGB, non-interlaced	51E0205922E53DC15F09B3E735C57F9D	E3A99BC0429CCA21EEA13F6F39E8E68C12C76156	3EF6A1A32D8609069C5A4CF1D7CAF4867C9D8AEBE81D2411E5FC256EA10E50B4
Chrome Cache Entry: 452	ASCII text, with very long lines (65437)	1F17361FB29A6080C472FE5C698043C9	871666BDC70C55EFAAD11AF36162CE91A65956EF	CC4307363023A70100271E492118FCE784D287479B2AC86BDB3DBD1FB2BAAF9F
Chrome Cache Entry: 453	ASCII text, with very long lines (11667), with no line terminators	A1D892F1368C7F3B1DFB75057B936B66	91EC4980BFA5B301199B574E6240A618247679F9	2DB70125E37F651D09A6D03D593A65E09668E6267CCA1257251328517F7EAEFC
Chrome Cache Entry: 454	JSON data	0F8A71C4D33149AC821AF59DD8780877	488B35F4C14517658F80CF926824D1AD51E2E02E	8FBA642792C3C2C30BD6B8A8394332CCBA65BA0676079BCB516C2A201CA583AF
Chrome Cache Entry: 455	ASCII text, with very long lines (8369), with no line terminators	3650AB0863890CA0F8ED7CB854D03F2B	86530F1BDFE32F6EE2C0B3770C648E13929A22D5	A77B85A1922F1E45FA8610E3D68CA6CA1EE887499F3148D5922A304D44E03EDF
Chrome Cache Entry: 456	ASCII text, with very long lines (22010)	C5E5AF3E566863CC521E9AC58F82305F	EF9A8CE0980E73F7DF4FF51D8CFF68E8FCA2F6E2	5AD6073D9E96064AFF3B050FC9CBF896878BE17457DC02130FCFA63937E334F0
Chrome Cache Entry: 457	ASCII text, with very long lines (65536), with no line terminators	28AE8A97F4ABA21B7C2E35059829E3A2	B7B1145ADB4697AD6D781BF6D63F9C6F7FBF3A93	6DEFAE634ACD4E2356838DEE0DD0213411310C26A2D9720C2C85058B7771B1BE
Chrome Cache Entry: 458	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	5FBC6BB137EA2316DEFE300913A950DF	29464B148AE54621A4AAD4F7742A2A05BE6517E3	82553839D3ECC08D5F9DDF58F9F466B88BFC614F9613DB9525B0E7037BF6843C
Chrome Cache Entry: 459	ASCII text, with very long lines (60197)	E01FFDF881BE6EE55465D981D9A932CF	D30134C757C94DB9D8F18EFEB14432DA60468D39	563FBA440CB645E242FE821A24B50E6F5D26CA248765E29DAFC2EDCA7299410E
Chrome Cache Entry: 460	ASCII text, with very long lines (616)	00A1160C879D7DC00D9A8693B6899A2F	6B8E243B8B5B44EFDA496BBE178DC8153B4F982E	0FB5855C124A1DC24D40900CF3C8A1F2091088394A28612BC9C3E2DCC06E1D3B
Chrome Cache Entry: 461	ASCII text, with very long lines (14762)	3807223F69B81F8B802488A647F3F03B	F7449911C1FE49B8B536DD9D9A14A659D924279B	38D5ADF71F9E522CA10B22FDA7BE148F0B2537E8B06F8981EFACB58B937B72CD
Chrome Cache Entry: 462	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 463	ASCII text, with very long lines (65536), with no line terminators	4015DAD6F999BE9E8CD244F9697DBB6D	F33976CAA136D6C90B73F1BCB4908C3BB06FD0ED	3AC57C0E9D926E64A8E2A561B29B739327CC2007357612B507D72FAF6FC06A08
Chrome Cache Entry: 464	ASCII text, with very long lines (11667), with no line terminators	A1D892F1368C7F3B1DFB75057B936B66	91EC4980BFA5B301199B574E6240A618247679F9	2DB70125E37F651D09A6D03D593A65E09668E6267CCA1257251328517F7EAEFC
Chrome Cache Entry: 465	XML 1.0 document, ASCII text, with CRLF line terminators	5E6EDC73470FF3E746BC8BDAC6FB38B2	7DFA441D001FE0B50A5F6ED6102479662D2497DF	71344C4AACBC26401DD2CFDCDB7C16625B423B4E710A0030A65D90B7E16F602D
Chrome Cache Entry: 466	ASCII text, with very long lines (65451)	12108007906290015100837A6A61E9F4	1D6AE46F2FFA213DEDE37A521B011EC1CD8D1AD3	C4DCCDD9AE25B64078E0C73F273DE94F8894D5C99E4741645ECE29AEEFC9C5A4
Chrome Cache Entry: 467	Unicode text, UTF-8 text, with very long lines (12695)	2FCED6E6CD0963580F963BC4C20EE1B6	92AE09CA220AEBB5DB448911AAABEEB28D688E9E	2D409FB1116C9A18791011CAF0B2AB2AB5C5F19CAF91C54BBF39BF7FF5DED27D
Chrome Cache Entry: 468	ASCII text, with very long lines (22010)	C5E5AF3E566863CC521E9AC58F82305F	EF9A8CE0980E73F7DF4FF51D8CFF68E8FCA2F6E2	5AD6073D9E96064AFF3B050FC9CBF896878BE17457DC02130FCFA63937E334F0
Chrome Cache Entry: 469	Unicode text, UTF-8 text, with very long lines (1592)	A3B491174EF1CC7968AF33188A522977	25A4AAA9E8F1D47F22286B8E427FABA5C0AB8BB9	AACE481226BEADED455E66DE87D25ED7371ED604E313ABC44EADA8DE5CD58E51
Chrome Cache Entry: 470	ASCII text, with very long lines (30298)	4EDE79987F52C99D7B570FE77436747E	B9C4251C30ADBAE5F6BD532F37109E82DA414E7C	715D8C6EC761B3051A58AC9EE1AB704F7C3587F31159C289372A30AE5103F2F2
Chrome Cache Entry: 471	Unicode text, UTF-8 text, with very long lines (1592)	A3B491174EF1CC7968AF33188A522977	25A4AAA9E8F1D47F22286B8E427FABA5C0AB8BB9	AACE481226BEADED455E66DE87D25ED7371ED604E313ABC44EADA8DE5CD58E51
Chrome Cache Entry: 472	ASCII text, with very long lines (65536), with no line terminators	9747CFD352DC4A728F7197577D939A01	A86856D0FB47046A9578FBCF1B3F4846684C10FF	776C63720217ABF62AB3945E9AD5FD66C97CEBB88F5A2AD225867B85D9BA08F3
Chrome Cache Entry: 473	ASCII text, with very long lines (20116), with no line terminators	EDF023B23DC08C7C90BA27A3BDE7480B	0F03EDBE6BDA20C20251EFF9DB86359EB5155F66	7337ED6220111758E61F3BE5060AE9A807D83EDF05D5F7CC92B0B85E34A5FEF3
Chrome Cache Entry: 474	ASCII text, with very long lines (65536), with no line terminators	4015DAD6F999BE9E8CD244F9697DBB6D	F33976CAA136D6C90B73F1BCB4908C3BB06FD0ED	3AC57C0E9D926E64A8E2A561B29B739327CC2007357612B507D72FAF6FC06A08
Chrome Cache Entry: 475	ASCII text, with very long lines (65536), with no line terminators	E1FD17FCEC2CB35FD213E85B52850C2F	0287D09192300AA91E7C6AFA684B4EF80D536CAF	5C1A339B057F4356DA637C136C76F77BF98CA7680958AC271CE0E1657C8EAB5F
Chrome Cache Entry: 476	ASCII text, with very long lines (7694)	BB351812C3D14ECD554D52D4EA634BE8	D36B85C4C5D4E37AA0EBDDBF2AC97DF9B0B7FE3B	DD5BEF510ABB01291BE7FA75E16B6F26CBA20EE62ADBBAC8E09E3205BF5B5084
Chrome Cache Entry: 477	ASCII text, with very long lines (30663)	71706C53165D6963A26E07A5EE5000C9	2BF85692F91FF746721404B132433D98D9E948B1	B282E5C08BEF5CD85B0017EDA2CAC50C6AE4BA63AF205F889CA3DD21075A4789
Chrome Cache Entry: 478	ASCII text, with CRLF line terminators	72D9A825554620C51BF0018A457E7F2E	23400E26C69A1F8A47236FFAD4BC80FC80BA773E	365009220D893F07B356C7F253CECD5A9F7E06D6207A3DD7A148FC73812B4FE6
Chrome Cache Entry: 479	HTML document, ASCII text, with CRLF line terminators	11CA4578CB026A23713AEA6781B8ECE3	A05AE51B4A3E2E0076222CBCBE9C58833CDEF108	C55F527E536DE44C7980FECECE7428AE5A765647495E47008A8A54FA1E434736
Chrome Cache Entry: 480	Unicode text, UTF-8 text, with very long lines (65308), with no line terminators	8D9EDD60E2B6329696B4B416FF6178D2	BDDA8531DA8BFB1031B9F9C03F8B5B26004EDF00	4E23B6C34FCBDBF7EFD6120B27D65D6D0A74E60F161377D678AD530E7DF10251
Chrome Cache Entry: 481	ASCII text, with very long lines (65536), with no line terminators	2F1D74149F052D3354358E9856375219	8019F7A2EA824930F91C3EC375D926B650FB1CFF	66C70312DE6CA4E1D7EF1E858307764C241A80E7411CEE686EA2FC2D74152749
Chrome Cache Entry: 482	ASCII text, with very long lines (14762)	3807223F69B81F8B802488A647F3F03B	F7449911C1FE49B8B536DD9D9A14A659D924279B	38D5ADF71F9E522CA10B22FDA7BE148F0B2537E8B06F8981EFACB58B937B72CD
Chrome Cache Entry: 483	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 484	ASCII text, with CRLF line terminators	9CFEFB2D46D6102DAC2A24C606F47FEA	076B63F4F46CE28648201E2507BBC67FB4F990C5	43C5939CB732D8AA2D20FCE97F359F46B7C3B937E60ED576B752AE0A2E73314F
Chrome Cache Entry: 485	ASCII text, with very long lines (65536), with no line terminators	8E9FFFA7BE90F048F46B6CCA399661F2	9E8F440BA763918EF08D4FC523E2C11073677A4C	67CB3AFF2EBBF18F67B2823712560A8103771722010E9EAE0D91840AB407F539
Chrome Cache Entry: 486	ASCII text, with CRLF line terminators	4DF9B0011F8AE623E26116BC635CFB36	0D68BBCB58D190F6E2803043A1823A3826325F33	47D6DBDB766BD7EA675F68A5CE5A22654554001EFC7007A0B8C484069D9E2638
Chrome Cache Entry: 487	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	1BF11FC2DBDB5C48B7D60F5005583417	DF52B131F6B151E674204CBA77082EFAEFBC3F8C	172E218E70CC419328B7AAB580615DA2A562E1508EAC9AC3014C52C51F2F50EC
Chrome Cache Entry: 488	ASCII text, with very long lines (57788)	BC93B7FD04F68A94312B547CEF297451	59EA29125AD34035D985DA7C32668D1570BA2FE0	E55ED51D4941518F0B995EDF3557D3845DB5B91E0EA9F7BA771DC14A312871A1
Chrome Cache Entry: 489	ASCII text, with very long lines (65536), with no line terminators	3309FB05681E22B6802DDA0759839080	C2E778DA54300AD0CBAE065147E4E255068CADC5	316FA5C7EA4EDF117C79E2447E95506068FAE35FB15E302D15F3822417C7C321
Chrome Cache Entry: 490	ASCII text, with very long lines (65536), with no line terminators	9DECB0C734D0ECAD3E60A93F23DB8F39	96BC3698D305077A5A5CF09303BE1195FA65824C	54C618DE71735F3693D0DF3ACD1A36DD17AFF1655D09A0F2A23A314F9BA92765
Chrome Cache Entry: 491	ASCII text, with very long lines (41116)	08FBFF79B5EEC28DDFF4D772223B81A9	AAABD7E0B32698E8295139C4868E9AEE5EDBD112	773A678845579E6334F19D4E62F29446E7898BD816359C74574E37884503F909
Chrome Cache Entry: 492	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 493	JSON data	DFE3652C1EA0FC667C2E2A4261CD64DF	943F0D0650C11D8386406397701B0CEF5E759AA3	784545063730163ED3F249AA0285F8B06553C65E8BCA1AA01FE1C699175845F1
Chrome Cache Entry: 494	ASCII text, with very long lines (65536), with no line terminators	7E93C384B574C1D19DF910D525EC3789	EDF6EBFAF4A1F29E76B4094BB5B9DFB57388ECA6	16AB414F8B420754EB7D8095EF2E2953C18C442E173B1CBC1603CB0E19F1CC95
Chrome Cache Entry: 495	ASCII text, with very long lines (65394)	CF5CC7F4B57526CC37893DCB83DED031	E953783BE0A7894585778455AAE3D0DF094D6F29	3A790B6C0D26D7A4D292CB27F992EAFAFF42C37E9318B2AB704207039127FCB8
Chrome Cache Entry: 496	ASCII text, with very long lines (22548), with no line terminators	2111DE21CB1EA0EBCB6706B44282755A	138AB6A1C486B260287A8F0E000E1A63ADA8F5DA	063EDFEC2E8C1A0CAB9FB979341F1E4431DF455E919676A398ED5E7B5BCF8EFE
Chrome Cache Entry: 497	ASCII text, with very long lines (41116)	08FBFF79B5EEC28DDFF4D772223B81A9	AAABD7E0B32698E8295139C4868E9AEE5EDBD112	773A678845579E6334F19D4E62F29446E7898BD816359C74574E37884503F909
Chrome Cache Entry: 498	ASCII text, with very long lines (30497), with no line terminators	E55F3C2F2F2F2A339E4B0A08030E9803	729D608C534829E07F5DCDBBD75BBC031A9E9D9A	40CBE329851D4261E0E4A3B3665FD1025747AAC3CBFD87689CF3F2689CACF4E9
Chrome Cache Entry: 499	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	1DC889AC693F912C263AA6D27A258A93	B2100EA2AEE5ED5FD90E0331F26160CDD5D1B002	9224E5240ABC039D55CB765EA6611F07BA95F5E59C05DA325C968470946C6E52
Chrome Cache Entry: 500	MS Windows cursor resource - 1 icon, 32x32, hotspot @16x16	04D59A1FFDA7020CBDA1BB9FCBF0BCA0	E0CACE5751F02AF9E12B3C066FFD542F3D12A279	EDC250E23E06AE7D15C1C19FDF9C6759129796B0A2F76DC82DF665C823C7B495
Chrome Cache Entry: 501	ASCII text, with very long lines (65451)	12108007906290015100837A6A61E9F4	1D6AE46F2FFA213DEDE37A521B011EC1CD8D1AD3	C4DCCDD9AE25B64078E0C73F273DE94F8894D5C99E4741645ECE29AEEFC9C5A4
Chrome Cache Entry: 502	ASCII text, with very long lines (2224), with no line terminators	96EC242EA2E25558F7EC13FA88D9D793	B0BB7F6BD5206CC1FFB572CBD4A6AD2F88D42433	850C54CE960E710757379C19601C65C00CF7D485063115F34AA30AE193CCEA43
Chrome Cache Entry: 503	Unicode text, UTF-8 text, with very long lines (65530), with no line terminators	2C09ECEDCC26D01D2BF6EB26E7B00702	CDC426462849F616786AD8ACD1BD9EA3E474248F	41D3F17294A627E15FFA2323AB0F58925D2353255C532BCBAE87E9090E604D01
Chrome Cache Entry: 504	ASCII text, with very long lines (4615)	20B673F9D2064C78B2CC2C7A7DDBC46D	3CC9E0F095D93B38481BE3D0137741D97C1978C3	83C5CCAF7404DF012ACED39092D0982EB73E9DC942BCE6991956C7B2F10957D8
Chrome Cache Entry: 505	ASCII text, with very long lines (65457)	122C9E4338794A3EE4A5E74D9777BC0F	98EF50E42CE81E5A7DB198EB3370252DE9A8BEBC	3BDAE7D8720DA0DCD5883C72A02762CF728F2392BAD92716FCEE190CA5AF2C53
Chrome Cache Entry: 506	JSON data	8D75B8E85D749610931E168F2EFCF555	11410945A27700DBE941C030189C637792AAC2CE	485A60AD5AF1CEFF60C50A9BFB08A03F0C42B984034A2255820356938B82B2A0
Chrome Cache Entry: 507	HTML document, ASCII text, with very long lines (337), with CRLF line terminators	A4721BB6D4E11F3B89A65177600D3B7A	82B334D420FDA73B9417448FDF9460F07BFECA1D	82E9CCE25EF8EF145288A8460A86524C87706BE7AE67650DEE791B44CAE88944
Chrome Cache Entry: 508	ASCII text, with very long lines (65536), with no line terminators	641ED2F088E8590E8A1FA338B988EE64	84B6C315096AE4CAF1EB06FA25AABA97FA3A19D7	3E5143BA7FDD5C2AAEAE9B33D0B816CE31010263F46B4404F0757E7815904004
Chrome Cache Entry: 509	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 510	ASCII text, with very long lines (65536), with no line terminators	641ED2F088E8590E8A1FA338B988EE64	84B6C315096AE4CAF1EB06FA25AABA97FA3A19D7	3E5143BA7FDD5C2AAEAE9B33D0B816CE31010263F46B4404F0757E7815904004
Chrome Cache Entry: 511	ASCII text, with very long lines (32011), with CRLF line terminators	5A8ED3646A340A247CD48F5732BAEA69	8A961A2C1461EB5CD8A9009911970824602F8B79	C459EC1608D98A847AB4C83723E1C4B2DC6E58A7006D5566C529A93113C2EE62
Chrome Cache Entry: 512	HTML document, ASCII text, with CRLF line terminators	D29FA9F2AB3A72F2608E8E82C8C3D1C6	8B21CC06752837B4B6B8FEF8D54F50EB2C7CCA8F	E1B0A10649C4B92F828523EFC2EBE135EA9488179A2816888D1E84F786202DBF
Chrome Cache Entry: 513	ASCII text, with very long lines (5949), with no line terminators	BBF6A2B6E77972F0718F99C86AE3FE92	806E8C002AE178B41819BEAFE123AE09202DF966	78FF6158246E4FA25F994827F90ED69FEEF349AA57449CB404E35C3026BD4B8A
Chrome Cache Entry: 514	ASCII text, with very long lines (7708)	DDD63B48AF585746957581C2465786B8	D57B0B43445D410B476B2FE9EB6C685E297851AE	1F40B9A806FAA70C1C142A9AD7EB4EAA84A3F3A18184ADFF6AEA4B21A2C60A9D

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: {"siteid":"e7b15d85-b450-4045-9a97-fd90105fa5ee","aud":"00000003-0000-0ff1-ce00-000000000000/onedrive.live.com@9188040d-6c67-4c5b-b112-36a304b66dad","exp":"1730213467"}

Source: https://mann.ru.com/9?ai=xd	HTTP Parser: No favicon
Source: https://mann.ru.com/9?ai=xd	HTTP Parser: No favicon
Source: https://mann.ru.com/9?ai=xd&__cf_chl_tk=iBAVvT1q0k_Ls9aZfzbK2qfH49f0zYwhU0jEUzklYIc-1729785099-1.0.1.1-8h8.Ro3xP9Pql1_Emvx.x3Z6MCdAIZ_cuji_ogYf0K8	HTTP Parser: No favicon
Source: https://googleweblight.com/i?u=google.com	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:50207 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:50087 version: TLS 1.2

Source:	Binary string: B.interval),this.pDb=!0,this.khe=new Date,so.show(Yc.a.eci),Jk.tSe()))}eo(B,X,sa){Array.add(this.bR,new Bv.a(!0,B,X,sa));zc.App.hv.MS()}forceOutbound(){}bYa(){return 4!==this._state}QJa(){1===this._state?this.$0a():this.ic&&2===this.ic.status&&(this.BZ(),this.gO.execute(B=>{B.wbb();B.uja();B.DUa()}))}get buf(){return!0}$0a(){var B=this.Jb.fileId?In.a.fmd(this.Jb.ei,"",this.Jb.km):In.a.fmd(wb.AFrameworkApplication.uo,zc.App.vgb,null),X=wb.AFrameworkApplication.J;B.ForceTransform=Ce.WoncaApp.xpc;B.IsNewFile= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: "RetryOnFailure";break;case 0:wb.AFrameworkApplication.oja.RetryReason="None";break;case 4:wb.AFrameworkApplication.oja.RetryReason="RedirectedClusterOnServer"}}gBf(){wb.AFrameworkApplication.oja.RetryStartTime=0<this.Acc?this.nCe.getTime():0;wb.AFrameworkApplication.oja.RetryCountWhileParsing=this.Acc;this.ufi(this.d9a);this.a_i()}a_i(){this.Acc=this.d9a=0}fv(B){this._state=4;B\|\|this.pDb\|\|Jk.tSe()}Mc(B,X,sa,La,eb,lb,Nb,fc=!1){wb.AFrameworkApplication.oja.BootFailed=!0;var mc={};mc.ErrorCode=B;mc.Message= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: !1;let va=0;ca.FW&&(pa=ca.ZA.Cla(V));this.UVf(V,xa,!1);var ra=V.cpBegin;V=V.node;this.ajj(la.a.Fe(V,ra+1));xa=V.pdb(ra);Ka=Ka(xa);xa.blob=Ka;if(ca.YHd&&6===xa.blob.zj){if(0<ra){const wa=V.Ba;va=wa.uXa(ra);0<=va-1&&(ra=wa.K(va-1),xa.$a=new ua.a(xa,ra.$a?ra.$a.fi:u.a.nil),!ca.FW&&ra.hyperlink&&this.Qe.cG(xa.$a))}ca.FW&&(pa?xa.Yk&&(xa.Yk=!1,V.Ba.K(va+1).Yk=!0):xa.$a&&xa.$a.cache.Xr&&this.Qe.cG(xa.$a))}if(D.a.instance.K(57))for(V.lq(),pa=Ka.v8,xa.$a&&pa--,V.wordRunProperties.JYa(Math.max(0,Ka.ef-1),2, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.ow.YD&&(ae.a.instance.K(58)&&this.yQ!==B.Cells.length-1&&(La.yb.enabled=0),this.j$f(La),this.ow=null,this.yQ++);sa=Jk.v9f(X.getTime());1>sa&&(sa=1);if(this.ow\|\|Jk.Xfa(sa)){this.gX+=sa;B=wb.AFrameworkApplication.J.vb("MaxBootDeserializationTimeInMs",0);if(0<B&&this.gX>B)return this.Mc(Yc.a.pzf,CommonUiStrings.CannotOpenFile,!1,!0,!1,null,null),this.Aw.dispose(),!1;this.setActive();return!1}}return!0}pFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm))this.hhh();else{var B= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: case 2:a=Ed.a.Hib}return this.Jj.ja(a,0)}j9i(a){this.Jj.setValue(qs.uRd,a);this.xM()}Hhb(){return this.Jj.ja(qs.uRd,!1)}S3h(){return this.Jj.Oa(qs.uRd)}$2h(){return gc.a.instance.K(13)?this.Jj.Oa(ec.a.Yr)\|\|this.Jj.Oa(Ed.a.Gib)\|\|this.Jj.Oa(Ed.a.Hib):this.Jj.Oa(ec.a.Yr)}xM(){if(ca.a.Mob){var a=Gf.a.instance.Na.Ra.Ga,c=a.node;if(c===this.Maa)this.Maa.rm(16,!0);else{this.Maa=c;c=this.Maa.Ofa();try{this.Maa.pdb(a.cpBegin).UY=!0}finally{c&&c.dispose()}}}}IVi(){if(ca.a.Mob&&this.Maa){var a=0,c=this.Maa.Ofa(); source: chromecache_340.1.dr
Source:	Binary string: sa,La,eb,lb,Nb,fc=null,mc=null,$c=0){super();this.nCe=this.khe=this.aF=this.vi=this.rx=this.nX=this.qh=this.Aw=null;this.gX=this.yQ=0;this.ow=null;this.bR=[];this.Jpe=null;this.d9a=this.Acc=0;this.pDb=this.Fpe=!1;this.pBa=null;this.lia=0;this.va=new hh.a;this.vS=null;this.Jb=B;this.aha=X;this.Ia=sa;this.gO=La;this.Ir=eb;this.S5b=fc;this.cac=Nb;zc.App.hv.register(this);this.bob=!0;this.iU="GraphSpaceRootReplicator";lb&&""!==lb&&(this.iU+="_"+lb);0<$c&&(mc\|\|(mc=zf.TaskManager.instance),mc.Fb(new Zc.a(3, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: BE=H(63763);class Iv{constructor(b){this.fc=b;this.tXc=new Hv.a}qgc(b,e,m,I,U=null,ka=null,Ia=null){b=b.pdb(e);b.li\|\|(b.li=new AE.a(b));b.li.add(new pr(b,m,I,U,ka,Ia));b.isFromErrorRangeSplit=!0}GUf(b){return b.oc&&b.oc.li&&b.oc.li.lXb(e=>e===b,[b.type])?!0:!1}FVi(b,e){if(b.type===e.type&&b.te&&!e.te&&b.oc&&b.oc.li&&b.oc.li.contains(b)&&e.oc&&e.oc.li&&e.oc.li.contains(e)){var m=[b.type];b.oc.li.lXb(I=>I===b,m);e.oc.li.lXb(I=>I===e,m)}}Wyj(b,e,m){if(!e)return!1;m=new Tz.a([m]);for(let I=0;I<b.length;I++){const U= source: chromecache_460.1.dr
Source:	Binary string: 1,1E3*$c,vd=>{this.uDg(vd)},132)))}get IBd(){return this.Jpe\|\|(this.Jpe=ib.a.instance.resolve("Wonca.IGraphSpaceRootReplicatorErrorHandler"))}dIg(B){this.va.addHandler(Jk.nwd,B)}get O1(){return 4===this._state?super.O1:1}get eK(){return this.iU}uDg(B){4===this._state\|\|this.pDb\|\|(this.qh?vb.ULS.sendTraceTag(41821144,338,15,"GetCells still processing response when abort call came after {0} ms. Not aborting.",B.interval):(vb.ULS.sendTraceTag(41821145,338,15,"GetCells aborting boot after it did not complete in {0} ms.", source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: X);fr.a.UDb("InitializeLocalCobalt",B.InitializeLocalCobaltStartTime,B.InitializeLocalCobaltEndTime,X);this.Ir.Ac("ServerData",X)}}BZ(){wb.AFrameworkApplication.J.Z("RefactorParseServerResponseIsEnabled")?this.pFi():this.oFi()}oFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm)){if(!(wb.AFrameworkApplication.Uf\|\|ae.a.instance.K(58)&&zc.App.GIf)){var B={["RetryCount"]:this.lia,["StatusCode"]:this.ic.statusCode,["HttpStatus"]:this.ic.httpStatusCode.toString(),["HasResponseObjects"]:!Yo.a.Fva(this.ic.Qm)}; source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: sa,2,fc),$c.hyperlink=null,eb=mc,La=!0;else if(La&&$c.Yk){this.Ind(B,$c,sa,2,fc);$c.Yk=!1;lb=$c.cp;Nb=mc;break}La&&$c.$a&&this.Cc.cG($c.$a)}sa=ad.ParagraphReader.text(B).substring(X.oc.cp,lb);this.fc.replaceTextRange(bi.a.createTextRange(B,X.oc.cp,lb),sa,!0,!1);for(X=eb;X<=Nb;)eb=B.Ba.K(X++),lb=B.pdb(eb.cp+sa.length),eb.$a&&(lb.$a=eb.$a.ld(lb));B.lq()}flc(B,X,sa){sa.wordRunProperties.Euc(X?B-1:B,2);ae.a.instance.K(57)&&(sa.wordRunProperties.EP.W(B,Nk.CharacterPropertiesEditor.u8),sa.wordRunProperties.yZ.W(B, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.i3f(ha);da.a.Keb().then(ia=>{ia.update(ha);return null})}i3f(ha){const {AFrameworkApplication:ia}=d(40343);this.nVc=ha;if(ia.fa){ia.Hmc();ia.fa.lJ(!1);const Y={};Y.activeDivZIndex=ia.fa.dY;ha.dialogHostProperties=Y}ha.dialogButtonsOption=void 0!==ha.dialogButtonsOption&&null!==ha.dialogButtonsOption?ha.dialogButtonsOption:this.lc;ha=this.PDb(1,ha);ha=this.PDb(2,ha);ha=this.PDb(3,ha);ha=this.PDb(4,ha);ha=this.PDb(0,ha);ha.defaultExecutionButton=ha.defaultExecutionButton\|\|this.c6a;ha.hideCloseButton= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: Ga):Va.end<hb.end?Ga++:r++}return R}mJe(r,R){let ja=!1;for(const Ga of R){R=Ga.errorDetails;ja=1===R.proofingType\|\|ja;let Va=r.pdb(Ga.begin);Va.Sm=new Jd(Va,R);Va.isFromErrorRangeSplit=!0;Va=r.pdb(Ga.end);Va.UJ=!0;Va.isFromErrorRangeSplit=!0}ja&&(r.SPb=!1)}uUf(r,R){if(!Lf.a.fh(R)){r=r.Ba;for(const ja of R){R=r.Cz(ja.begin);const Ga=r.Cz(ja.end);R&&R.Sm&&Ga&&Ga.UJ?(R.Sm=null,Ga.UJ=!1):(R=String.format("Could not find and remove ErrorRange from CHPs. Cp Begin: {0}, Cp End: {1}",ja.begin,ja.end),la.ULS.sendTraceTag(37532355, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: rb,Mb){2===Mb&&this.BM(!0,"OnDictationTimeout");return 32}Q9f(){this.uCb\|\|(this.uCb=!0,this.lw.isVisible()?(this.snc("RibbonClicked"),this.uCb=!1):this.showFloatie(),this.yNc())}showFloatie(Wa=!0){na.ULS.sendTraceTag(573190859,394,50,"Show dictation floatie triggered");this.lw.showFloatie((new S.a(this.Wb.KA)).displayName).then(()=>{this.i6a&&(this.i6a.aLc(),this.Wb.dSb=new Date,this.Wb.Pdb\|\|(this.Wb.Pdb=new Date));0===this.IG.Dz()&&(Wa?this.QKa():this.lw&&this.lw.vHf(),this.uCb=!1);this.Wb.$Pb&& source: chromecache_460.1.dr
Source:	Binary string: void 0!==this.Wb.Pdb&&null!==this.Wb.Pdb&&Array.add(this.qf.dataFields,{name:"FirstSeen",string:this.Wb.Pdb.toISOString()});void 0!==this.Wb.dSb&&null!==this.Wb.dSb&&Array.add(this.qf.dataFields,{name:"LastSeen",string:this.Wb.dSb.toISOString()})}onFinalResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Qbd+=b;this.J3c<b&&(this.J3c=b);this.Y3c>b&&(this.Y3c=b)}onPartialResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Tbd+=b;this.M3c<b&&(this.M3c=b);this.Z3c> source: chromecache_460.1.dr

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.17:50090 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: mann.ru.com to https://office.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: mann.ru.com to http://googleweblight.com/i?u=google.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: mann.ru.com to http://googleweblight.com/i?u=google.com

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:50207 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	HTTP traffic detected: GET /o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9 HTTP/1.1Host: 1drv.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/76471F3776916FD0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?resid=76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&ithint=onenote&e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/76471f3776916fd0/_layouts/15/Doc.aspx?sourcedoc=%7Bc2b6a389-6e2d-402f-8346-e7ceb243c74f%7D&action=default&fromShare=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05&slrid=64165da1-90a4-6000-a17a-a7453b5ea7e9&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_cnRpbWU9d3B6TnEwUDAzRWc&CID=e20b8c70-5808-4803-b162-15b8d742ff39&_SRM=0:G:36 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzEzZTcxMTY5ZWUxZjY5OTkzZjJhMzQxYmUxZjcxYTNkNjdlMWE1NTY4M2U1ZWQwNmZkNjMzNjBlYmMzMjE5NzAsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCwxMzM3NDI1ODk2NjAwMDAwMDAsMCwxMzM3NDM0NTA2NjE4MjA0ODcsMC4wLjAuMCwyNTgsOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkLCwsNjQxNjVkYTEtOTBhNC02MDAwLWExN2EtYTc0NTNiNWVhN2U5LDY0MTY1ZGExLTkwYTQtNjAwMC1hMTdhLWE3NDUzYjVlYTdlOSxrS2VISFRXL1JraWkvdlJBWDJ4SEx3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4OTUsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLHFha1B1RytaNzlxWmJkNlVWdm82QkFNKzB3QWNMeERKWkVsZ1N1TDBRT0pYSmtFdUhwNG5XZVN3VjBkZ3g2VHhxbmRGZ0ZyRjlQbTllV3pieE53S29kM1kvYm5VbzVYeEl5NkdGcWI1aFZ3Snp2VTI4Z2FPMFdjYVlFZ3NuMCtFKzNMNktjU3RMOXEzdjR2NFh5NjdMeVZJRVBlLzVCak1MTnB5dGEvYUlRdlh6cWNyTUYxWi93dytteDBvM1BEMGdxQVNkVjk5THNmc3d2ZWtHSVFESy9XSGMvZnQ1VXRKaEhEenZmVnBPRmtiYzFWYzZqdmdBeHNvaEUxSThXNDFGL0h4TjFuVmJESHhDSTFDTE5HNnJMNVY5SVhaN2VTd2RJcXVMeFVkZVpNbTVOUFBNMUZqY2xuT2dBR1J4M2xQOHFITEVxRllLOWIzcE1zY3lpQVU1dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hGEKNxxd99ywXE5&MD=RRr1cbPr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/proofing.ashx?WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266&apitype=LanguageInfo HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=educationuser&WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/proofing.ashx?WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/proofing.ashx?WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fmy.microsoftpersonalcontent.com%2Fpersonal%2F76471f3776916fd0%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fonedrive.live.com%22%2C%22pmshare%22%3Atrue%2C%22redeem%22%3A%22aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZSZhdD05%22%7D&wdenableroaming=1&mscc=1&wdodb=1&hid=64165DA1-30ED-6000-AD14-5BE362F10703.0&uih=onedrivecom&wdlcid=en-US&dchat=1&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1729785063228&jsapi=1&jsapiver=v1&newsession=1&corrid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&sftc=1&sams=1&cac=1&sfp=1&hch=1&hwfh=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtectedAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic	HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build=16.0.18214.41004&waccluster=PUS10 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736
Source: global traffic	HTTP traffic detected: GET /files/fabric-cdn-prod_20240129.001/assets/icons/fabric-icons-a13498cf.woff HTTP/1.1Host: res.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build= HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://onedrive.live.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8d7b21294c7d2c94 HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mann.ru.com/9?ai=xd&__cf_chl_rt_tk=iBAVvT1q0k_Ls9aZfzbK2qfH49f0zYwhU0jEUzklYIc-1729785099-1.0.1.1-8h8.Ro3xP9Pql1_Emvx.x3Z6MCdAIZ_cuji_ogYf0K8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build= HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736
Source: global traffic	HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oa/WacOAuth.aspx?replyUrl=https://onenote.officeapps.live.com&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&WacUserType=WOPI&sv=1&msalv3=1 HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US&WOPIsrc=https%3A%2F%2Fmy%2Emicrosoftpersonalcontent%2Ecom%2Fpersonal%2F76471f3776916fd0%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F76471F3776916FD0%21sc2b6a3896e2d402f8346e7ceb243c74f&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9%2EeyJhdWQiOiJ3b3BpL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDkwMTQwMTIyLTg1MTYtMTFlMS04ZWZmLTQ5MzA0OTI0MDE5YiIsIm5iZiI6IjE3Mjk3ODUwNjciLCJleHAiOiIxNzMwMjEzNDY3IiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsIm5paSI6Im1pY3Jvc29mdC5zaGFyZXBvaW50IiwiaXN1c2VyIjoidHJ1ZSIsImNhY2hla2V5IjoiMGguZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMTNlNzExNjllZTFmNjk5OTNmMmEzNDFiZTFmNzFhM2Q2N2UxYTU1NjgzZTVlZDA2ZmQ2MzM2MGViYzMyMTk3MCIsInNoYXJpbmdpZCI6ImtLZUhIVFcvUmtpaS92UkFYMnhITHciLCJpc2xvb3BiYWNrIjoiVHJ1ZSIsImFwcGN0eCI6ImMyYjZhMzg5NmUyZDQwMmY4MzQ2ZTdjZWIyNDNjNzRmO2dGUFZXR3JZZG5lN3JrTmJaUDJoVVYvWWUyQT07RGVmYXVsdDsyNzE0ZWY0ZjViNjE0NTNmYjc0MTFiZTczMWI2MDVkYzs7VHJ1ZTs7OzM4NDA7NjQxNjVkYTEtMzBlZC02MDAwLWFkMTQtNWJlMzYyZjEwNzAzIiwiZmlkIjoiMTkzODk1In0%2EqqR2MljbYVw0Rm4K4jXzgfOFuADCpethkb5Gv67SUEJwjQTknCjidoN0WKR5FhFbXQ%2DCcOn%2DtrVZbKeBJa%2DIXNN8NcVmDwushKwjjGGTm92K1L%5FzbfYFZZANDsXp5NaGKM564QNjfwnBHkMFz2kBdVC1e20I3Db2mD%5FAdL8V99LRXs4xORPgErnFLNjxYlOlleTJGesPYI5JEb7e9Sn%5Fsur3oz7UQIDoYfc9RXyhGrRdQQSYKqnNHjGrHNv54atFJog9IT9AwTp1%2Dzr4QkZurY6r9dZZpAGR%2DzDB2byiZOD5K7WSkgft2L2l0UTAMqMOrNqF%2DY5KuvdT2BCz7W0ZgQ&access_token_ttl=1730213467266 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"haep: 3X-WacFrontEnd: DM3PEPF00014BEAX-UserSessionId: d0fa52e3-0f3d-e35c-d61d-a94526612b29sec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.18214.41004X-Key: FKnkhRu+5j+BXU4OS+9ASxmg7jKgTA8vtRLm9+84Nvg=;wI/3PDglHIP2H0iVs0ptMMCmcs78fWZzVug+3+yUO+w=,638653818706795394X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: PUS10sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fmy.microsoftpersonalcontent.com%2Fpersonal%2F76471f3776916fd0%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F76471F3776916FD0!sc2b6a3896e2d402f8346e7ceb243c74f&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fonedrive.live.com%22%2C%22pmshare%22%3Atrue%2C%22redeem%22%3A%22aHR0cHM6Ly8xZHJ2Lm1zL28vYy83NjQ3MWYzNzc2OTE2ZmQwL0VvbWp0c0l0Ymk5QWcwYm56ckpEeDA4Qmh4VldlcEZvQVhySkZvWWVSOUlaMEE_ZT01OkVGQ2g1YiZzaGFyaW5ndjI9dHJ1ZSZmcm9tU2hhcmU9dHJ1ZS
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js?onload=fSZI2&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mann.ru.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mann.ru.com/9?ai=xdAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8d7b21294c7d2c94 HTTP/1.1Host: mann.ru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js?onload=fSZI2&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mann.ru.com/9?ai=xdAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1725621520:1729702573:tCqhrP7VLKBEthGOwjof52flGbgIGszUdNhEZpSSuH8/8d7b21294c7d2c94/8l5SquBVm5tikoUKjc6upuDRGIHmGo5v7HpD6k.Sc5A-1729785099-1.2.1.1-bd9udQFFrR5GTbbD9wrurPVR6DoeETq3.X3RGsJw0wJpf7J2UCQ3G3HIAtG.lPYA HTTP/1.1Host: mann.ru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8d7b21457ba24766&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8d7b21457ba24766&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /admincenter/admin-main/2024.10.17.1/floodgate.en.bundle.js HTTP/1.1Host: res.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/456159693:1729702700:bw_2NaBwqawLsLBoXaKhO-5XzHcr_1qGeB6RWNXVuQM/8d7b21457ba24766/3_CjyR8B9TJLJuMtHJPmK4XTnFBPv5TsW5rVRddf1Ls-1729785104-1.1.1.1-CMcUI0IrC24Bwi5_XGeN.AnYbOZfl271Hy1XSuv5rzcOZ0QW0f2GEJWcuLDSZKRc HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/learningtools/?et= HTTP/1.1Host: www.onenote.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8d7b21457ba24766/1729785106325/6f3139b1deeb106748e9957d1db230b01f4dc8bcedcbab15d8aaf2da7189cf4a/xaqRYNrtNwA4T8_ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oa/WacOauth.aspx/LogLoadScriptResult HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8d7b21457ba24766/1729785106325/9N0aiT9M7lwIIf7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ou9ka/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8d7b21457ba24766/1729785106325/9N0aiT9M7lwIIf7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oa/OAuth.html HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PUS6-ARRAffinity=eee8025a101a10f0d384ca9c89bafc4edd34b7bf2873caea26377b9fc5eb86b5; PUS11-ARRAffinity=edd9a540e4fd7c880e7328445a8c5a4bd3b1b35fd0929e4317133af397ef9517
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/office.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/456159693:1729702700:bw_2NaBwqawLsLBoXaKhO-5XzHcr_1qGeB6RWNXVuQM/8d7b21457ba24766/3_CjyR8B9TJLJuMtHJPmK4XTnFBPv5TsW5rVRddf1Ls-1729785104-1.1.1.1-CMcUI0IrC24Bwi5_XGeN.AnYbOZfl271Hy1XSuv5rzcOZ0QW0f2GEJWcuLDSZKRc HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/office.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/onenote-web-16.00.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/en-us/office_strings.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/en-us/office_strings.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mann.ru.com/9?ai=xd&__cf_chl_tk=iBAVvT1q0k_Ls9aZfzbK2qfH49f0zYwhU0jEUzklYIc-1729785099-1.0.1.1-8h8.Ro3xP9Pql1_Emvx.x3Z6MCdAIZ_cuji_ogYf0K8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1725621520:1729702573:tCqhrP7VLKBEthGOwjof52flGbgIGszUdNhEZpSSuH8/8d7b21294c7d2c94/8l5SquBVm5tikoUKjc6upuDRGIHmGo5v7HpD6k.Sc5A-1729785099-1.2.1.1-bd9udQFFrR5GTbbD9wrurPVR6DoeETq3.X3RGsJw0wJpf7J2UCQ3G3HIAtG.lPYA HTTP/1.1Host: mann.ru.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9/?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hGEKNxxd99ywXE5&MD=RRr1cbPr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /9/?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl; PHPSESSID=ee216e2ea437411e5f1102ec936b8bda
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/onenote-web-16.00.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/telemetry/oteljs_agave.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i?u=google.com HTTP/1.1Host: googleweblight.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/telemetry/oteljs_agave.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=55edf4066f784f9cb200f3a55a9a986b&HASH=55ed&LV=202410&V=4&LU=1729785079651; MS0=7a3954b9346c47e9b94ff411c49524fb
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleweblight.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleweblight.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: googleweblight.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleweblight.com/i?u=google.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=0XQA8ZwbIMSLhCU2UUfXHhgtFNzJhFXBmKeT5GG3CJ41FvJnX_bC3B36ID9cxMrrpZtF_noafZkd144n4bU1hojZB-IPle6ayz595wJAxJAmKajHbITb6f2-rJzX2MRr5HD5DX1snt90VwpKF_SwxNtglnA1Ju1ylsF5BBoLmwM
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build=16.0.18214.41004&waccluster=PUS10 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx?perfTag=GetChanges_1 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /9?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl; PHPSESSID=ee216e2ea437411e5f1102ec936b8bda
Source: global traffic	HTTP traffic detected: GET /9/?ai=xd HTTP/1.1Host: mann.ru.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=IxHwDdy.6S0zwXCOBrG7rZnPowUDN3tgqx9paQHhtqw-1729785099-1.2.1.1-PvzABpRgae20rcR6dLyZqBBFnHmY7K7Ud2GzLze_IJ_qU.AX4fQUic2T1j1YCMUjQhwVlZkKh8ghwUH1lOyuM26oaHTJMEJ7tOHn5fYkvxhjSymGnIj.2Mnndh39M3_Ga7t5N1ZvFZJ_ACiIp3XWr.pa8REwg4aX7zsL6hAYHPPbd7Ydcsxu1e.YaR2_fGkVGlOUbg0BX3N6Q30qoTlkDsUe9oWWb9IKBhJt7dO7VtlYMqVw9WcSuy0cgQhci6FdFZJF2YwslpklQHby6VO5JljwZIaQfgfiXva8ramrbKY9nzar1L0KnZJoIj5.ewyvrsjz8XDFOtrPzcmFg850_wosKz5JaHH9CPi_kzyiCJ.SyjhcSWzi7bRZUPlhPcG.N8QfXZ0fjhXHGcoa.QEVNUVn2i9GMrDZbBL_J0O4GRdagpZ_eY4w8vEhCR1jf5Tl; PHPSESSID=ee216e2ea437411e5f1102ec936b8bda
Source: global traffic	HTTP traffic detected: GET /i?u=google.com HTTP/1.1Host: googleweblight.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=0XQA8ZwbIMSLhCU2UUfXHhgtFNzJhFXBmKeT5GG3CJ41FvJnX_bC3B36ID9cxMrrpZtF_noafZkd144n4bU1hojZB-IPle6ayz595wJAxJAmKajHbITb6f2-rJzX2MRr5HD5DX1snt90VwpKF_SwxNtglnA1Ju1ylsF5BBoLmwM
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx?perfTag=GetChanges_2 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29&build=16.0.18214.41004&waccluster=PUS10 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ShCLSessionID=1729785093977_0.7255023029099736; MicrosoftApplicationsTelemetryDeviceId=3c3b78a1-3a31-4340-a5ab-f4e47c1e658e
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: googleweblight.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=0XQA8ZwbIMSLhCU2UUfXHhgtFNzJhFXBmKeT5GG3CJ41FvJnX_bC3B36ID9cxMrrpZtF_noafZkd144n4bU1hojZB-IPle6ayz595wJAxJAmKajHbITb6f2-rJzX2MRr5HD5DX1snt90VwpKF_SwxNtglnA1Ju1ylsF5BBoLmwM
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS10&usid=d0fa52e3-0f3d-e35c-d61d-a94526612b29 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 1drv.ms
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: mann.ru.com
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: office.com
Source: global traffic	DNS traffic detected: DNS query: www.office.com
Source: global traffic	DNS traffic detected: DNS query: googleweblight.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: f158c54b-2c75-4ad7-9ac5-e11e09a4db9eX-UserSessionId: f158c54b-2c75-4ad7-9ac5-e11e09a4db9eStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: DM3PEPF0001571AX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS1X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: DM3PEPF0001571AX-WacFrontEnd: DM3PEPF0001571AX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_controlX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_controlX-MSEdge-Ref: Ref A: 98218F36BD2243AAB5575FF339F2986D Ref B: DFW311000102027 Ref C: 2024-10-24T15:51:18ZDate: Thu, 24 Oct 2024 15:51:17 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: privateContent-Length: 1233Content-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 79b8d9b0-f549-459d-94dc-f04b9e8ecd5cX-UserSessionId: d0fa52e3-0f3d-e35c-d61d-a94526612b29Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: DM3PEPF00014BE9X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS10X-Partitioning-Enabled: trueX-OFFICEFD: DM3PEPF00014BE9X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_controlX-MSEdge-Features: afd_waccluster,afd_wordslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_controlX-MSEdge-Ref: Ref A: 29D2D05105674004AB4948A5C3DDC542 Ref B: DFW311000105033 Ref C: 2024-10-24T15:51:42ZDate: Thu, 24 Oct 2024 15:51:42 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:44 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: tCEMzyW5GHCi7oYkQMiS0vexNxTBNHKCv9k=$noOUKRWFrOxQuaRoReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFjkaPjdYSTrp7g7xwTJ6hB3TDSfN5idp%2BQOxm%2BmhPdZQccgGPcVTeRgjR656WGiDj9JtIawkAcXE7hihYXXjaWBVq%2BkQwh0GSrOOtnSu9K6D5O3XdscCMFuYaspGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7b21495fbe4869-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1163&delivery_rate=2592658&cwnd=251&unsent_bytes=0&cid=bdac616681f34e0f&ts=155&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: zikKUz1eTWghoUzU/Pmzwy0AFZSMRH2qH3o=$6YAvRgW5E3Cq0OBvcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7b215f1c120b82-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:51 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: NX7Kp09Ts1oGtO81MGkKDkvBao4EruaKpNg=$ok1hFy+wVSNEloKeServer: cloudflareCF-RAY: 8d7b2173de69e5ea-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 24 Oct 2024 15:51:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:51:53 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 7iZr1xIRoRzFEv5blcDPbZfiNKLo0oCH2HE=$foDoPB9I9lgTTerrcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nssyju5GCRf0COfkmqw%2BC1hmChGlBkz0DDFSFXRqdnLOnyiyxpehNaeJIZM9d20dtG%2BpIHyrxdtUVPdRLiOw4DeXoj%2FL0pYqx6AdR50YvPpoxADv%2FDfA7r3pvkD%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7b2181883fe534-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1163&delivery_rate=2592658&cwnd=251&unsent_bytes=0&cid=54195dee12e481c2&ts=165&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 24 Oct 2024 15:52:02 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-4gnNJz6vy-cHlrVVy8jhww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/WebLightFeaturePhoneHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com;report-uri /_/WebLightFeaturePhoneHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/WebLightFeaturePhoneHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 3fef5cd3-0b5f-4804-8e7c-9f02d2919f41X-UserSessionId: 3fef5cd3-0b5f-4804-8e7c-9f02d2919f41Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: DM3PEPF0001570FX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS1X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: DM3PEPF0001570FX-WacFrontEnd: DM3PEPF0001570FX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_visioslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 4B4C4C8E004E4CC2B1D2DDCE79C2A1EB Ref B: DFW311000103009 Ref C: 2024-10-24T15:52:15ZDate: Thu, 24 Oct 2024 15:52:14 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: e38e3d5b-5251-49cd-b6be-ce8db51fe3b3X-UserSessionId: e38e3d5b-5251-49cd-b6be-ce8db51fe3b3Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF00017C7EX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS11X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF00017C7EX-WacFrontEnd: SN3PEPF00017C7EX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_controlX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_controlX-MSEdge-Ref: Ref A: 4898764B71EF4D1EAFB527BB7B8A4D49 Ref B: DFW311000103029 Ref C: 2024-10-24T15:52:16ZDate: Thu, 24 Oct 2024 15:52:15 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 7f4dc36d-634d-4959-b1e1-ebc317a262baX-UserSessionId: 7f4dc36d-634d-4959-b1e1-ebc317a262baStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF00017C98X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS11X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF00017C98X-WacFrontEnd: SN3PEPF00017C98X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wordcapacity_control,afd_onenoteslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 2A11AA0E0A374F58983CFCBCE91136A0 Ref B: DFW311000107045 Ref C: 2024-10-24T15:52:18ZDate: Thu, 24 Oct 2024 15:52:18 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 80e95a53-73c2-4418-9e25-110b63749a44X-UserSessionId: 80e95a53-73c2-4418-9e25-110b63749a44Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF000091D1X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS6X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF000091D1X-WacFrontEnd: SN3PEPF000091D1X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: AA33744F5E274FA6B41537EEA318FA60 Ref B: DFW311000107047 Ref C: 2024-10-24T15:52:25ZDate: Thu, 24 Oct 2024 15:52:25 GMTConnection: close

Source: chromecache_295.1.dr, chromecache_341.1.dr, chromecache_305.1.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_366.1.dr	String found in binary or memory: http://hammerjs.github.io/
Source: chromecache_323.1.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: chromecache_341.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://1drv.ms
Source: chromecache_358.1.dr, chromecache_507.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.3.min.js
Source: chromecache_460.1.dr	String found in binary or memory: https://aka.ms/MathAssistantSupport?client_id=onenote_wac&platform_id=web&correlation_id=
Source: chromecache_460.1.dr	String found in binary or memory: https://aka.ms/OfficeAddinOverview
Source: chromecache_460.1.dr	String found in binary or memory: https://aka.ms/Officeaddins
Source: chromecache_460.1.dr	String found in binary or memory: https://api.addins.omex.office.net/
Source: chromecache_340.1.dr	String found in binary or memory: https://apps.apple.com/in/app/microsoft-onenote/id410395246
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://attributes.engagement.office-int.com
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://attributes.engagement.office.com
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://attributes.engagement.officeppe.com
Source: chromecache_460.1.dr	String found in binary or memory: https://augloop-int.officeppe.com/v2
Source: chromecache_460.1.dr	String found in binary or memory: https://augloop.office.com/v2
Source: chromecache_507.1.dr	String found in binary or memory: https://augloop.office.com/v2;394866fc-eedb-4f01-8536-3ff84b16be2a;liveprofilecard.access;https://sh
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/dev
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/stg
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/df
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/gcc
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/prod
Source: chromecache_340.1.dr	String found in binary or memory: https://cdn.hubblecontent.msit.osi.office.net
Source: chromecache_340.1.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details16x16.png
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details32x32.png
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details48x48.png
Source: chromecache_288.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details80x80.png
Source: chromecache_460.1.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://ecs.office.com
Source: chromecache_340.1.dr	String found in binary or memory: https://edog.onenote.com
Source: chromecache_323.1.dr	String found in binary or memory: https://fa000000096.resources.office.net
Source: chromecache_323.1.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://fa000000128.resources.office.net
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://fa000000128.resources.office.net:3000/index.html
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_460.1.dr, chromecache_311.1.dr	String found in binary or memory: https://forms.office.com
Source: chromecache_460.1.dr	String found in binary or memory: https://forms.office.com/Pages/OneNoteMathAddinFunctionPage.aspx
Source: chromecache_460.1.dr, chromecache_381.1.dr, chromecache_311.1.dr	String found in binary or memory: https://forms.officeppe.com
Source: chromecache_387.1.dr, chromecache_418.1.dr	String found in binary or memory: https://github.com/OfficeDev/office-js/blob/release/LICENSE.md
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_340.1.dr	String found in binary or memory: https://hedwigtestserver.blob.core.windows.net/builds/
Source: chromecache_340.1.dr	String found in binary or memory: https://hubblecontent.azureedge.eaglex.ic.gov
Source: chromecache_340.1.dr	String found in binary or memory: https://hubblecontent.azureedge.microsoft.scloud
Source: chromecache_460.1.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore/flyoutdetails/
Source: chromecache_296.1.dr	String found in binary or memory: https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map
Source: chromecache_276.1.dr, chromecache_323.1.dr, chromecache_482.1.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_460.1.dr	String found in binary or memory: https://office.visualstudio.com/DefaultCollection/OC/_wiki/wikis/OC.wiki/22688/Using-Dictation-on-yo
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://officeapps.live.com
Source: chromecache_311.1.dr	String found in binary or memory: https://onedrive.live.com
Source: chromecache_507.1.dr	String found in binary or memory: https://onenote.officeapps.live.com
Source: chromecache_340.1.dr	String found in binary or memory: https://osizewuspersimmon001.blob.core.windows.net
Source: chromecache_340.1.dr	String found in binary or memory: https://osiziwuspersimmon002.blob.core.windows.net
Source: chromecache_340.1.dr	String found in binary or memory: https://osizpscuspersimmon000.blob.core.windows.net
Source: chromecache_385.1.dr, chromecache_264.1.dr	String found in binary or memory: https://pf.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_460.1.dr	String found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474836617/Product_42949677398/Asset_e
Source: chromecache_349.1.dr, chromecache_387.1.dr, chromecache_418.1.dr, chromecache_329.1.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_305.1.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_340.1.dr	String found in binary or memory: https://res-dev.cdn.officeppe.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-dod.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-dod.cdn.office.net/fluid/dod
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-gcch.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://res-gcch.cdn.office.net/fluid/gcch
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res-h3.public.cdn.office.net
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res-h3.sdf.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr, chromecache_340.1.dr	String found in binary or memory: https://res-sdf.cdn.office.net
Source: chromecache_318.1.dr, chromecache_276.1.dr, chromecache_323.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res.cdn.office.net
Source: chromecache_281.1.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.10.17.1/
Source: chromecache_281.1.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.10.17.1/floodgate.en.bundle.js
Source: chromecache_318.1.dr, chromecache_299.1.dr	String found in binary or memory: https://res.sdf.cdn.office.net
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.edog.officeapps.live.com/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.officeapps.live.com/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.officeapps.partner.office365.cn/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.osi.apps.mil/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.osi.office.de/rs/v1/settings
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://roaming.osi.office365.us/rs/v1/settings
Source: chromecache_311.1.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/suggestions
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
Source: chromecache_340.1.dr	String found in binary or memory: https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
Source: chromecache_385.1.dr, chromecache_264.1.dr	String found in binary or memory: https://tb.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_340.1.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/
Source: chromecache_340.1.dr	String found in binary or memory: https://uci.edog.cdn.office.net/mirrored/smartlookup/
Source: chromecache_340.1.dr	String found in binary or memory: https://uciserviceintcdnwus.blob.core.windows.net/mirrored/smartlookup/
Source: chromecache_435.1.dr, chromecache_433.1.dr	String found in binary or memory: https://usc-onenote.officeapps.live.com/o/RemoteUls.ashx
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.apps.mil
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.eaglex.ic.gov
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.microsoft.scloud
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.office.com/root/index.fluid.js
Source: chromecache_276.1.dr, chromecache_323.1.dr	String found in binary or memory: https://whiteboard.office365.us
Source: chromecache_358.1.dr, chromecache_507.1.dr	String found in binary or memory: https://wise-m-backup.public.onecdn.static.microsoft/wise/owl/sharedauthclientmsal.39dcdf70a24344361
Source: chromecache_358.1.dr, chromecache_507.1.dr	String found in binary or memory: https://wise.public.cdn.office.net/wise/owl/sharedauthclientmsal.39dcdf70a2434436117b.js
Source: chromecache_385.1.dr, chromecache_264.1.dr	String found in binary or memory: https://www.office.com/launch
Source: chromecache_340.1.dr	String found in binary or memory: https://www.onenote.com
Source: chromecache_460.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/mathassistant
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bs-Latn-BA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cy-GB&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=es-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=eu-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fa-IR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ga-IE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gd-GB&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gl-ES&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hi-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ig-NG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kn-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ku-Arab-IQ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lb-LU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lv-LV&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nb-NO&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nn-NO&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=or-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=quz-PE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sd-Arab-PK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=si-LK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-BA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-RS&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sw-KE&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=te-IN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ti-ET&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tt-RU&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ur-PK&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=wo-SN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=xh-ZA&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-TW&temporaryLocalization=true
Source: chromecache_288.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:50087 version: TLS 1.2

Source: chromecache_276.1.dr, chromecache_323.1.dr

Source: classification engine

Classification label: mal48.win@29/394@118/22

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,1742604777212346186,10490191622210278842,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,1742604777212346186,10490191622210278842,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: B.interval),this.pDb=!0,this.khe=new Date,so.show(Yc.a.eci),Jk.tSe()))}eo(B,X,sa){Array.add(this.bR,new Bv.a(!0,B,X,sa));zc.App.hv.MS()}forceOutbound(){}bYa(){return 4!==this._state}QJa(){1===this._state?this.$0a():this.ic&&2===this.ic.status&&(this.BZ(),this.gO.execute(B=>{B.wbb();B.uja();B.DUa()}))}get buf(){return!0}$0a(){var B=this.Jb.fileId?In.a.fmd(this.Jb.ei,"",this.Jb.km):In.a.fmd(wb.AFrameworkApplication.uo,zc.App.vgb,null),X=wb.AFrameworkApplication.J;B.ForceTransform=Ce.WoncaApp.xpc;B.IsNewFile= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: "RetryOnFailure";break;case 0:wb.AFrameworkApplication.oja.RetryReason="None";break;case 4:wb.AFrameworkApplication.oja.RetryReason="RedirectedClusterOnServer"}}gBf(){wb.AFrameworkApplication.oja.RetryStartTime=0<this.Acc?this.nCe.getTime():0;wb.AFrameworkApplication.oja.RetryCountWhileParsing=this.Acc;this.ufi(this.d9a);this.a_i()}a_i(){this.Acc=this.d9a=0}fv(B){this._state=4;B\|\|this.pDb\|\|Jk.tSe()}Mc(B,X,sa,La,eb,lb,Nb,fc=!1){wb.AFrameworkApplication.oja.BootFailed=!0;var mc={};mc.ErrorCode=B;mc.Message= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: !1;let va=0;ca.FW&&(pa=ca.ZA.Cla(V));this.UVf(V,xa,!1);var ra=V.cpBegin;V=V.node;this.ajj(la.a.Fe(V,ra+1));xa=V.pdb(ra);Ka=Ka(xa);xa.blob=Ka;if(ca.YHd&&6===xa.blob.zj){if(0<ra){const wa=V.Ba;va=wa.uXa(ra);0<=va-1&&(ra=wa.K(va-1),xa.$a=new ua.a(xa,ra.$a?ra.$a.fi:u.a.nil),!ca.FW&&ra.hyperlink&&this.Qe.cG(xa.$a))}ca.FW&&(pa?xa.Yk&&(xa.Yk=!1,V.Ba.K(va+1).Yk=!0):xa.$a&&xa.$a.cache.Xr&&this.Qe.cG(xa.$a))}if(D.a.instance.K(57))for(V.lq(),pa=Ka.v8,xa.$a&&pa--,V.wordRunProperties.JYa(Math.max(0,Ka.ef-1),2, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.ow.YD&&(ae.a.instance.K(58)&&this.yQ!==B.Cells.length-1&&(La.yb.enabled=0),this.j$f(La),this.ow=null,this.yQ++);sa=Jk.v9f(X.getTime());1>sa&&(sa=1);if(this.ow\|\|Jk.Xfa(sa)){this.gX+=sa;B=wb.AFrameworkApplication.J.vb("MaxBootDeserializationTimeInMs",0);if(0<B&&this.gX>B)return this.Mc(Yc.a.pzf,CommonUiStrings.CannotOpenFile,!1,!0,!1,null,null),this.Aw.dispose(),!1;this.setActive();return!1}}return!0}pFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm))this.hhh();else{var B= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: case 2:a=Ed.a.Hib}return this.Jj.ja(a,0)}j9i(a){this.Jj.setValue(qs.uRd,a);this.xM()}Hhb(){return this.Jj.ja(qs.uRd,!1)}S3h(){return this.Jj.Oa(qs.uRd)}$2h(){return gc.a.instance.K(13)?this.Jj.Oa(ec.a.Yr)\|\|this.Jj.Oa(Ed.a.Gib)\|\|this.Jj.Oa(Ed.a.Hib):this.Jj.Oa(ec.a.Yr)}xM(){if(ca.a.Mob){var a=Gf.a.instance.Na.Ra.Ga,c=a.node;if(c===this.Maa)this.Maa.rm(16,!0);else{this.Maa=c;c=this.Maa.Ofa();try{this.Maa.pdb(a.cpBegin).UY=!0}finally{c&&c.dispose()}}}}IVi(){if(ca.a.Mob&&this.Maa){var a=0,c=this.Maa.Ofa(); source: chromecache_340.1.dr
Source:	Binary string: sa,La,eb,lb,Nb,fc=null,mc=null,$c=0){super();this.nCe=this.khe=this.aF=this.vi=this.rx=this.nX=this.qh=this.Aw=null;this.gX=this.yQ=0;this.ow=null;this.bR=[];this.Jpe=null;this.d9a=this.Acc=0;this.pDb=this.Fpe=!1;this.pBa=null;this.lia=0;this.va=new hh.a;this.vS=null;this.Jb=B;this.aha=X;this.Ia=sa;this.gO=La;this.Ir=eb;this.S5b=fc;this.cac=Nb;zc.App.hv.register(this);this.bob=!0;this.iU="GraphSpaceRootReplicator";lb&&""!==lb&&(this.iU+="_"+lb);0<$c&&(mc\|\|(mc=zf.TaskManager.instance),mc.Fb(new Zc.a(3, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: BE=H(63763);class Iv{constructor(b){this.fc=b;this.tXc=new Hv.a}qgc(b,e,m,I,U=null,ka=null,Ia=null){b=b.pdb(e);b.li\|\|(b.li=new AE.a(b));b.li.add(new pr(b,m,I,U,ka,Ia));b.isFromErrorRangeSplit=!0}GUf(b){return b.oc&&b.oc.li&&b.oc.li.lXb(e=>e===b,[b.type])?!0:!1}FVi(b,e){if(b.type===e.type&&b.te&&!e.te&&b.oc&&b.oc.li&&b.oc.li.contains(b)&&e.oc&&e.oc.li&&e.oc.li.contains(e)){var m=[b.type];b.oc.li.lXb(I=>I===b,m);e.oc.li.lXb(I=>I===e,m)}}Wyj(b,e,m){if(!e)return!1;m=new Tz.a([m]);for(let I=0;I<b.length;I++){const U= source: chromecache_460.1.dr
Source:	Binary string: 1,1E3*$c,vd=>{this.uDg(vd)},132)))}get IBd(){return this.Jpe\|\|(this.Jpe=ib.a.instance.resolve("Wonca.IGraphSpaceRootReplicatorErrorHandler"))}dIg(B){this.va.addHandler(Jk.nwd,B)}get O1(){return 4===this._state?super.O1:1}get eK(){return this.iU}uDg(B){4===this._state\|\|this.pDb\|\|(this.qh?vb.ULS.sendTraceTag(41821144,338,15,"GetCells still processing response when abort call came after {0} ms. Not aborting.",B.interval):(vb.ULS.sendTraceTag(41821145,338,15,"GetCells aborting boot after it did not complete in {0} ms.", source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: X);fr.a.UDb("InitializeLocalCobalt",B.InitializeLocalCobaltStartTime,B.InitializeLocalCobaltEndTime,X);this.Ir.Ac("ServerData",X)}}BZ(){wb.AFrameworkApplication.J.Z("RefactorParseServerResponseIsEnabled")?this.pFi():this.oFi()}oFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm)){if(!(wb.AFrameworkApplication.Uf\|\|ae.a.instance.K(58)&&zc.App.GIf)){var B={["RetryCount"]:this.lia,["StatusCode"]:this.ic.statusCode,["HttpStatus"]:this.ic.httpStatusCode.toString(),["HasResponseObjects"]:!Yo.a.Fva(this.ic.Qm)}; source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: sa,2,fc),$c.hyperlink=null,eb=mc,La=!0;else if(La&&$c.Yk){this.Ind(B,$c,sa,2,fc);$c.Yk=!1;lb=$c.cp;Nb=mc;break}La&&$c.$a&&this.Cc.cG($c.$a)}sa=ad.ParagraphReader.text(B).substring(X.oc.cp,lb);this.fc.replaceTextRange(bi.a.createTextRange(B,X.oc.cp,lb),sa,!0,!1);for(X=eb;X<=Nb;)eb=B.Ba.K(X++),lb=B.pdb(eb.cp+sa.length),eb.$a&&(lb.$a=eb.$a.ld(lb));B.lq()}flc(B,X,sa){sa.wordRunProperties.Euc(X?B-1:B,2);ae.a.instance.K(57)&&(sa.wordRunProperties.EP.W(B,Nk.CharacterPropertiesEditor.u8),sa.wordRunProperties.yZ.W(B, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: this.i3f(ha);da.a.Keb().then(ia=>{ia.update(ha);return null})}i3f(ha){const {AFrameworkApplication:ia}=d(40343);this.nVc=ha;if(ia.fa){ia.Hmc();ia.fa.lJ(!1);const Y={};Y.activeDivZIndex=ia.fa.dY;ha.dialogHostProperties=Y}ha.dialogButtonsOption=void 0!==ha.dialogButtonsOption&&null!==ha.dialogButtonsOption?ha.dialogButtonsOption:this.lc;ha=this.PDb(1,ha);ha=this.PDb(2,ha);ha=this.PDb(3,ha);ha=this.PDb(4,ha);ha=this.PDb(0,ha);ha.defaultExecutionButton=ha.defaultExecutionButton\|\|this.c6a;ha.hideCloseButton= source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: Ga):Va.end<hb.end?Ga++:r++}return R}mJe(r,R){let ja=!1;for(const Ga of R){R=Ga.errorDetails;ja=1===R.proofingType\|\|ja;let Va=r.pdb(Ga.begin);Va.Sm=new Jd(Va,R);Va.isFromErrorRangeSplit=!0;Va=r.pdb(Ga.end);Va.UJ=!0;Va.isFromErrorRangeSplit=!0}ja&&(r.SPb=!1)}uUf(r,R){if(!Lf.a.fh(R)){r=r.Ba;for(const ja of R){R=r.Cz(ja.begin);const Ga=r.Cz(ja.end);R&&R.Sm&&Ga&&Ga.UJ?(R.Sm=null,Ga.UJ=!1):(R=String.format("Could not find and remove ErrorRange from CHPs. Cp Begin: {0}, Cp End: {1}",ja.begin,ja.end),la.ULS.sendTraceTag(37532355, source: chromecache_276.1.dr, chromecache_323.1.dr
Source:	Binary string: rb,Mb){2===Mb&&this.BM(!0,"OnDictationTimeout");return 32}Q9f(){this.uCb\|\|(this.uCb=!0,this.lw.isVisible()?(this.snc("RibbonClicked"),this.uCb=!1):this.showFloatie(),this.yNc())}showFloatie(Wa=!0){na.ULS.sendTraceTag(573190859,394,50,"Show dictation floatie triggered");this.lw.showFloatie((new S.a(this.Wb.KA)).displayName).then(()=>{this.i6a&&(this.i6a.aLc(),this.Wb.dSb=new Date,this.Wb.Pdb\|\|(this.Wb.Pdb=new Date));0===this.IG.Dz()&&(Wa?this.QKa():this.lw&&this.lw.vHf(),this.uCb=!1);this.Wb.$Pb&& source: chromecache_460.1.dr
Source:	Binary string: void 0!==this.Wb.Pdb&&null!==this.Wb.Pdb&&Array.add(this.qf.dataFields,{name:"FirstSeen",string:this.Wb.Pdb.toISOString()});void 0!==this.Wb.dSb&&null!==this.Wb.dSb&&Array.add(this.qf.dataFields,{name:"LastSeen",string:this.Wb.dSb.toISOString()})}onFinalResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Qbd+=b;this.J3c<b&&(this.J3c=b);this.Y3c>b&&(this.Y3c=b)}onPartialResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Tbd+=b;this.M3c<b&&(this.M3c=b);this.Z3c> source: chromecache_460.1.dr

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_265.1.dr, chromecache_286.1.dr, chromecache_296.1.dr, chromecache_450.1.dr, chromecache_476.1.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_265.1.dr, chromecache_286.1.dr, chromecache_296.1.dr, chromecache_450.1.dr, chromecache_476.1.dr	Binary or memory string: ",DisconnectVirtualMachine:"

ID:	1541336
Product:	CloudBasic
Start time:	17:50:30
Start date:	24.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://1drv.ms/o/c/76471f3776916fd0/EomjtsItbi9Ag0bnzrJDx08BhxVWepFoAXrJFoYeR9IZ0A?e=5%3aEFCh5b&sharingv2=true&fromShare=true&at=9