Edit tour

Windows Analysis Report
https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9

Overview

General Information

Sample URL:	https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9
Analysis ID:	1543651
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1844,i,12198258531799219003,14501588252868035823,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://onedrive.live.com/edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2

HTTP Parser: Base64 decoded: e=4:rOi4rU&at=9

Source: https://onedrive.live.com/error.html

HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9 HTTP/1.1Host: 1drv.msConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /redir?cid=9b14c62c9fcd7f6c&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&ithint=file%2cdocx&e=4%3arOi4rU&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: E=P:bzWqpB333Ig=:UTSaY0ROyk+bAFP1dgIOXJcFsunJkdsLytUg1UHMKUU=:F; xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; xidseq=1
Source: global traffic	HTTP traffic detected: GET /v1.0/token HTTP/1.1Host: api-badgerp.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error.html HTTP/1.1Host: onedrive.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://onedrive.live.com/edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; E=P:vWVbpR333Ig=:Tj5hRGwn4OlV/Jzhxb9BsDH6LNmmabiY3f+uAKjJWF8=:F; xidseq=2; wla42=; MicrosoftApplicationsTelemetryDeviceId=ec1f45ed-86d6-4140-8450-9cba49d08666; ai_session=H4AhIYgcqTUzJSWZN0ZMYB\|1730098597155\|1730098597155
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: onedrive.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onedrive.live.com/error.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; xidseq=2; wla42=; MicrosoftApplicationsTelemetryDeviceId=ec1f45ed-86d6-4140-8450-9cba49d08666; ai_session=H4AhIYgcqTUzJSWZN0ZMYB\|1730098597155\|1730098598630; E=P:I9m+rB333Ig=:xdhk3egTWcyqSRS7o7sAiQPg6fKVAKABgy2v5uiNwU8=:F
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; xidseq=2; wla42=; MicrosoftApplicationsTelemetryDeviceId=ec1f45ed-86d6-4140-8450-9cba49d08666; ai_session=H4AhIYgcqTUzJSWZN0ZMYB\|1730098597155\|1730098598630; E=P:aSjcrB333Ig=:/5HQ5hoRNkUA6VE9C3JCC5MMmkWOh5Ug1m0SRuoOpuc=:F

Source: global traffic	DNS traffic detected: DNS query: 1drv.ms
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api-badgerp.svc.ms
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: my.microsoftpersonalcontent.com

Source: unknown

HTTP traffic detected: POST /v1.0/token HTTP/1.1Host: api-badgerp.svc.msConnection: keep-aliveContent-Length: 48sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: https://onedrive.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_40.2.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_40.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: classification engine

Classification label: unknown0.win@19/9@16/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1844,i,12198258531799219003,14501588252868035823,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1844,i,12198258531799219003,14501588252868035823,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://reactjs.org/link/react-polyfills	0%	URL Reputation	safe
https://my.microsoftpersonalcontent.com	0%	Virustotal		Browse
https://api-badgerp.svc.ms/v1.0/token	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spov-0006.spov-msedge.net	13.107.137.11	true	false	unknown
dual-spo-0005.spo-msedge.net	13.107.138.10	true	false	unknown
www.google.com	142.250.185.228	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.19	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
1drv.ms	13.107.42.12	true	false	unknown
my.microsoftpersonalcontent.com	unknown	unknown	false	unknown
onedrive.live.com	unknown	unknown	false	unknown
api-badgerp.svc.ms	unknown	unknown	false	unknown
m365cdn.nel.measure.office.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://onedrive.live.com/edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2	false		unknown
https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9	false		unknown
https://onedrive.live.com/error.html	false		unknown
https://api-badgerp.svc.ms/v1.0/token	false	0%, Virustotal, Browse	unknown
https://onedrive.live.com/redir?cid=9b14c62c9fcd7f6c&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&ithint=file%2cdocx&e=4%3arOi4rU&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05	false		unknown
https://onedrive.live.com/favicon.ico	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://my.microsoftpersonalcontent.com	chromecache_40.2.dr	false	0%, Virustotal, Browse	unknown
https://reactjs.org/link/react-polyfills	chromecache_40.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.138.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.139.11	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
13.107.137.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.42.12	1drv.ms	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543651
Start date and time:	2024-10-28 07:55:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@19/9@16/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.186.46, 142.251.168.84, 34.104.35.123, 184.28.90.27, 23.38.98.101, 23.38.98.111, 23.38.98.96, 23.38.98.99, 23.38.98.107, 23.38.98.95, 23.38.98.109, 23.38.98.97, 23.38.98.105, 23.38.98.120, 23.38.98.121, 23.38.98.117, 23.38.98.119, 23.38.98.114, 23.38.98.112, 23.38.98.115, 192.229.221.95, 217.20.57.19, 20.109.210.53, 13.85.23.206, 2.16.238.152, 2.16.238.149, 20.42.73.28, 23.38.98.79, 23.38.98.83, 23.38.98.69, 23.38.98.75, 23.38.98.74, 23.38.98.81, 23.38.98.76, 23.38.98.80, 23.38.98.82, 23.38.98.67, 23.38.98.122
Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, browser.events.data.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1894.dscb.akamai.net, clients2.google.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net, res-1-tls.cdn.office.net, glb.sls.prod.dcat.dsp.trafficmanager.net, wise-m.public.cdn.office.net, e40491.dscg.akamaiedge.net, fs.microsoft.com, 188900-ipv4mteg.farm.dprodmgd104.sharepointonline.com.akadns.net, accounts.google.com, odc-web-geo.onedrive.akadns.net, wise.public.cdn.office.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	40516
Entropy (8bit):	7.994393464291555
Encrypted:	true
SSDEEP:	768:qgB3c938FWiiGnimeYVS3lt0cXbJHahvbN:qWM938kiBnSgOo
MD5:	087FB39B93889DE4765AFF5A6CBF7AFA
SHA1:	417F235C243042AB9D1164D8BF5F71FF91AB3071
SHA-256:	EFFF573449C0B1F342951D1038CD0335C0D84BC78B67B74241D7993D55FFDD28
SHA-512:	7F3DD79D932FBF71B441DDD8900AAAE143B12ECBD4B68F6AA49A5EF0E396418B7C017327CF310FAB9553B62010AA09E842FDB8F1A71687C45A67A15F2F966590
Malicious:	false
Reputation:	low
Preview:	[..R.n.s......lq.(I.]d ....S...T..hc.`;..U8Jgl...v.S\..z.1V...j..O.......bK..B.\|..GQ....U{;.....c.2....y..j.. ....x.S..e8iM..<.l.`...C.Yx....../.u.K.. >.\..'8....v.L..5]....W..v..aH.$.H.p}......-...G.7r..w......J..J.6....v........Q.fZV..[.i.....UF........A.&!.....y...s.....d[v....e...]~...O..~..[.O..r...8..~.2..c....a.Q..Z..U..$...{..U.keIe...o.....,..m....S..)C.&...}j...$....J..i.....j...\......?LS..I..z=...D....-.s/P...-.$.@QZ&)k....$.g../....r-.R."..nJv...?.z,.C...u..$U.a..N...O;.A.a...a'a#...`DQ.b......U.{..,K_..j!.N.O:.X..,mR..4W...a....>...J.\|w.........S....q.f.B.!.aN$w.X...n..M0..!@..4..V...q../L.J.9..-E<..._9...%.~..k.S.]ghv.d.aW..P..........Ay..I${..h...s.Y.)........`.f<....%U.I..4')....w..n.w.=x~...&5?]..x../......g........P.......@l.@r..]E....O.D.it.......V.8 j.\|s.U.s<PlU./.Z..g;..j....W;Cl..g.g2......)1.0EkJ....R/..9.~.a.K...9.-..... :V...(.O.d=..7..v...%..4(...M+.O.n..........`.P....W....d.r.........V.0*.3.W],;... .......t..H....

Chrome Cache Entry: 38

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (351)
Category:	dropped
Size (bytes):	867
Entropy (8bit):	5.022371014336119
Encrypted:	false
SSDEEP:	12:+yrNYyZevXo5+fY50zRrmNJiN0vm5XqK64crwkQfFBTxKzLEkQfFMxvTdO+kQfVK:FBYKem+fY5IUJQX9c0hF4TdO2/sX
MD5:	508D5DDAE99658C5DADBDD91124580F2
SHA1:	757E67BBD709A1DC061F88105AB69A99012908AA
SHA-256:	56A5A66F6804BA58C32736A87B1DB8CE78B66A5C4F91F21E753B866CF7CE6BA6
SHA-512:	03AE7ADC4FC4B4BC62B01B2853D796650AB3993D4140252856BA4B52E0D52705A5FE5B9D4F970131B6FDCC47D4DFBDF5C93D6CC9648E3BB3142DE09B65C86B24
Malicious:	false
Reputation:	low
Preview:	"use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp\|\|[]).push([["initial.resx"],{186:e=>{e.exports=JSON.parse('{"a":"My files"}')}.,180:e=>{e.exports=JSON.parse('{"m":"Open in Word","h":"Open in Project","b":"Open in Excel","g":"Open in PowerPoint","e":"Open in OneNote","k":"Open in Visio","i":"Open in Publisher","c":"Open in InfoPath","l":"Open in Word Online","f":"Open in PowerPoint Online","a":"Open in Excel Online","d":"Open in OneNote Online","j":"Open in Visio Online"}')}.,205:e=>{e.exports=JSON.parse('{"c":"Still here?","a":"For your security, Personal Vault will automatically lock in 1 minute.","b":"Keep unlocked","f":"Personal Vault didn\\u0027t lock","d":"There was a problem locking your Personal Vault. If this happens again, you can sign out of OneDrive to lock your Personal Vault","e":"Retry"}')}.}]),define("initial.resx",[],{});

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Reputation:	low
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (49535)
Category:	downloaded
Size (bytes):	772777
Entropy (8bit):	5.359301422886437
Encrypted:	false
SSDEEP:	12288:agx87ONuSyGFHJQ9qIslXuAIp6f2/eYHc8CWaYqLy:lqZGFHJQ9qIsFuAIkejc8C0
MD5:	C6D77B4F01A5CD71C41C5AC1367CAA94
SHA1:	6BF37C89FDE94FE2ABECBFF6930D8540FC8381DB
SHA-256:	1DF5CD4A9E8FF36C38EE1D69054EC658B1033DD70CDFA8FBE00035240BADBC2F
SHA-512:	C4F867AA464E90F3BC06707A16B4CCCF3F592ED95BD9204BD95F7DFF09225627AE90749C41E2D4C6DFBE689F1DB8F944B3099F5B8464C2CEF15F0CC854364575
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.010/wacodcowlhostwebpack.manifest/wacodcowlhostwebpack.js
Preview:	/! For license information please see wacodcowlhostwebpack.js.LICENSE.txt /.var __webpack_result__;(()=>{var e=[(e,t,n)=>{"use strict";n.d(t,{a:()=>r,b:()=>c,c:()=>s,d:()=>i,e:()=>d,f:()=>o,g:()=>l});var a=function(e,t){return a=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},a(e,t)};function i(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function n(){this.constructor=e}a(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}var r=function(){return r=Object.assign\|\|function(e){for(var t,n=1,a=arguments.length;n<a;n++)for(var i in t=arguments[n])Object.prototype.hasOwnProperty.call(t,i)&&(e[i]=t[i]);return e},r.apply(this,arguments)};function o(e,t){var n={};for(var a in e)Object.prototype.hasOwnProperty.call(e,a)&&t.indexOf(a)<0&&(n[a]=e[a]);if(null!=e&&"function"=

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (351)
Category:	downloaded
Size (bytes):	867
Entropy (8bit):	5.022371014336119
Encrypted:	false
SSDEEP:	12:+yrNYyZevXo5+fY50zRrmNJiN0vm5XqK64crwkQfFBTxKzLEkQfFMxvTdO+kQfVK:FBYKem+fY5IUJQX9c0hF4TdO2/sX
MD5:	508D5DDAE99658C5DADBDD91124580F2
SHA1:	757E67BBD709A1DC061F88105AB69A99012908AA
SHA-256:	56A5A66F6804BA58C32736A87B1DB8CE78B66A5C4F91F21E753B866CF7CE6BA6
SHA-512:	03AE7ADC4FC4B4BC62B01B2853D796650AB3993D4140252856BA4B52E0D52705A5FE5B9D4F970131B6FDCC47D4DFBDF5C93D6CC9648E3BB3142DE09B65C86B24
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.010/wacodcowlhostwebpack.manifest/en-us/initial.resx.js
Preview:	"use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp\|\|[]).push([["initial.resx"],{186:e=>{e.exports=JSON.parse('{"a":"My files"}')}.,180:e=>{e.exports=JSON.parse('{"m":"Open in Word","h":"Open in Project","b":"Open in Excel","g":"Open in PowerPoint","e":"Open in OneNote","k":"Open in Visio","i":"Open in Publisher","c":"Open in InfoPath","l":"Open in Word Online","f":"Open in PowerPoint Online","a":"Open in Excel Online","d":"Open in OneNote Online","j":"Open in Visio Online"}')}.,205:e=>{e.exports=JSON.parse('{"c":"Still here?","a":"For your security, Personal Vault will automatically lock in 1 minute.","b":"Keep unlocked","f":"Personal Vault didn\\u0027t lock","d":"There was a problem locking your Personal Vault. If this happens again, you can sign out of OneDrive to lock your Personal Vault","e":"Retry"}')}.}]),define("initial.resx",[],{});

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65476)
Category:	downloaded
Size (bytes):	131576
Entropy (8bit):	5.3336550696173
Encrypted:	false
SSDEEP:	1536:WlHzBSZuu6aG6ePs15sqsDCNjiei7NmZuuJizS84Rb/KZAeLh:WlY676ePcegjiX7Nmxn9bKeeV
MD5:	3B09284824C13B8CDC6961C0E67F3882
SHA1:	D3E3DA90328D47BB43887CE0FA6176C936082B43
SHA-256:	6D3D61BC8A71041247CFB1C1CB8A7072CC3030B020B9F43845662EF1A05FA161
SHA-512:	DC7CF432825E9B99DDC25E432DB1DB6A13DCB98AB4C1F844ADF478307783D76E06173D64E960972FE7967DD8F013D913AB5F829C0CF38450D1F685195667EA97
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.010/wacodcowlhostwebpack.manifest/13.js
Preview:	/! For license information please see 13.js.LICENSE.txt /."use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp\|\|[]).push([[13],{223:(e,t,n)=>{n.r(t),n.d(t,{_InMemoryPropertyStorage:()=>ss,_OneDSLogger:()=>os,_SanitizerIds:()=>Fo.a,_getDefaultScrubberConfig:()=>ns.a});var a=n(0),i="function",r="object",o="undefined",s=Object,c=s.prototype,d=s.assign,l=s.create,u=s.defineProperty,f=c.hasOwnProperty,p=null;function m(e){void 0===e&&(e=!0);var t=!1===e?null:p;return t\|\|(typeof globalThis!==o&&(t=globalThis),t\|\|typeof self===o\|\|(t=self),t\|\|typeof window===o\|\|(t=window),t\|\|typeof n.g===o\|\|(t=n.g),p=t),t}function _(e){throw new TypeError(e)}function h(e){if(l)return l(e);if(null==e)return{};var t=typeof e;function n(){}return t!==r&&t!==i&&_("Object prototype may only be an Object:"+e),n.prototype=e,new n}(m()\|\|{}).Symbol,(m()\|\|{}).Reflect;var b,g=function(e,t){return g=s.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var n in t)

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 07:56:19.365633011 CET	49675	443	192.168.2.4	173.222.162.32
Oct 28, 2024 07:56:23.727370977 CET	49744	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.727396965 CET	443	49744	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.727448940 CET	49744	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.727694988 CET	49745	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.727720022 CET	443	49745	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.728508949 CET	49744	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.728523016 CET	443	49744	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.728579998 CET	49745	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.728812933 CET	49745	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.728826046 CET	443	49745	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.739857912 CET	443	49744	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.742717981 CET	49746	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.742731094 CET	443	49746	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.742889881 CET	49746	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.742942095 CET	49746	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.742952108 CET	443	49746	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.756268024 CET	443	49745	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.756354094 CET	443	49746	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.756418943 CET	49745	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.756728888 CET	49745	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.756741047 CET	443	49745	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.756793022 CET	49747	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.756803036 CET	443	49747	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.758449078 CET	49747	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.760174990 CET	49747	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:23.760186911 CET	443	49747	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:23.771378040 CET	443	49747	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.840737104 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.840758085 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.840816975 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.841083050 CET	49750	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.841120005 CET	443	49750	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.841186047 CET	49750	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.841437101 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.841448069 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.842642069 CET	49750	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.842662096 CET	443	49750	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.866549969 CET	443	49750	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.866677046 CET	49750	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.866885900 CET	49750	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.866898060 CET	443	49750	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.867697001 CET	49751	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.867716074 CET	443	49751	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.867818117 CET	49751	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.868356943 CET	49751	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.868374109 CET	443	49751	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.891421080 CET	443	49751	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:24.891505957 CET	49751	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.891881943 CET	49751	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:24.891894102 CET	443	49751	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.571460009 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.572103977 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.572110891 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.572455883 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.572534084 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.573054075 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.573097944 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.577903986 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.577950954 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.578485012 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.578490019 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.629477978 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.726886034 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.728539944 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.730449915 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.743714094 CET	49749	443	192.168.2.4	13.107.42.12
Oct 28, 2024 07:56:25.743724108 CET	443	49749	13.107.42.12	192.168.2.4
Oct 28, 2024 07:56:25.787451982 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:25.787497997 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:25.787748098 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:25.788235903 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:25.788254976 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.544737101 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.593872070 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.659482956 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.659493923 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.660598040 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.660665989 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.762038946 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:26.762080908 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:26.762191057 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:26.765398026 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.765546083 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.768625975 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.768640041 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.768837929 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:26.768851995 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:26.819031000 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.918544054 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.926728964 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.926820040 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.943104029 CET	49753	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.943120003 CET	443	49753	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.947148085 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.947169065 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:26.947333097 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.947787046 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:26.947798014 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:27.635077953 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:27.635369062 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:27.635387897 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:27.637247086 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:27.637315989 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:27.644320965 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:27.644489050 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:27.693892002 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:27.693900108 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:27.739717007 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:27.943159103 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:27.943515062 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:27.943530083 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:27.944014072 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:27.944664955 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:27.944749117 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:27.944940090 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:27.991331100 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.106029987 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.106965065 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.107039928 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.107053995 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.160743952 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.225503922 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.225541115 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.225579023 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.225622892 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.226711988 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.226737976 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.226802111 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.226810932 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.270312071 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.345336914 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.345361948 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.345418930 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.345463037 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.345470905 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.346302032 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.346344948 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.346388102 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.346395969 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.346419096 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.394134045 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.464698076 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.464720964 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.464761972 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.464771032 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.464818954 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.465054035 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.465102911 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.465157986 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.465312004 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:28.465372086 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.523014069 CET	49755	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:28.523029089 CET	443	49755	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:34.391849041 CET	49724	80	192.168.2.4	93.184.221.240
Oct 28, 2024 07:56:34.397550106 CET	80	49724	93.184.221.240	192.168.2.4
Oct 28, 2024 07:56:34.397618055 CET	49724	80	192.168.2.4	93.184.221.240
Oct 28, 2024 07:56:36.012255907 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.012286901 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.012368917 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.012950897 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.012964010 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.776092052 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.777406931 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.777415991 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.778841972 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.778995037 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.781152964 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.781228065 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.781631947 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:36.781636000 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:36.830756903 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.115829945 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.116676092 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.116724968 CET	443	49778	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.116841078 CET	49778	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.118714094 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.118745089 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.119132042 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.119445086 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.119460106 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.613399982 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:37.613467932 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:37.613554955 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:37.760963917 CET	49754	443	192.168.2.4	142.250.185.228
Oct 28, 2024 07:56:37.760983944 CET	443	49754	142.250.185.228	192.168.2.4
Oct 28, 2024 07:56:37.858171940 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.858483076 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.858491898 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.860270977 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.860466003 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.860670090 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.860750914 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.860805988 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.903331995 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.911665916 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:37.911672115 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:37.958532095 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:38.195246935 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:38.197166920 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:38.197228909 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:38.197725058 CET	49784	443	192.168.2.4	13.107.138.10
Oct 28, 2024 07:56:38.197732925 CET	443	49784	13.107.138.10	192.168.2.4
Oct 28, 2024 07:56:38.211894989 CET	49787	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.211915016 CET	443	49787	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.212222099 CET	49787	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.212223053 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.212244987 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:38.212316990 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.212523937 CET	49787	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.212534904 CET	443	49787	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.212610006 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.212626934 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:38.236053944 CET	443	49787	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.236160040 CET	49787	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.236325026 CET	49787	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.236331940 CET	443	49787	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.236506939 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.236530066 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.236726046 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.236913919 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.236929893 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.983829021 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:38.984039068 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.984059095 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:38.985502005 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:38.985588074 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.985975027 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.986056089 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:38.986112118 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:38.997690916 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.997961044 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:38.997972965 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.999635935 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:38.999712944 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.000782967 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.000869036 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.001018047 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.001029015 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.031332016 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:39.036667109 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:39.036676884 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:39.052257061 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.083503962 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:39.490187883 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:39.490319967 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:39.490417957 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:39.490518093 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.490578890 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.490739107 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.490753889 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.490802050 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.492171049 CET	49788	443	192.168.2.4	13.107.136.10
Oct 28, 2024 07:56:39.492171049 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.492192030 CET	443	49788	13.107.136.10	192.168.2.4
Oct 28, 2024 07:56:39.492206097 CET	443	49789	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.492223978 CET	49789	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.493030071 CET	49790	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.493057966 CET	443	49790	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.493216991 CET	49790	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.493607998 CET	49790	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.493622065 CET	443	49790	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.524724960 CET	443	49790	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.525290966 CET	49791	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.525311947 CET	443	49791	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.525563955 CET	49791	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.525748014 CET	49791	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:39.525759935 CET	443	49791	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.537806034 CET	443	49791	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:39.558057070 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.558058977 CET	49792	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.558077097 CET	443	49792	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:39.558077097 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:39.558192015 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.558192968 CET	49792	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.562903881 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.562905073 CET	49792	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.562916994 CET	443	49792	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:39.562922001 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:39.576605082 CET	443	49792	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:39.576941013 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.576953888 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:39.577284098 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.577413082 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:39.577428102 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.325146914 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.325413942 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.325432062 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.326549053 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.326921940 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.327060938 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.327068090 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.327097893 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.374033928 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.401205063 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.401422024 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.401433945 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.402276039 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.402334929 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.402661085 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.402702093 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.452496052 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.452505112 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.474227905 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.484899998 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.484956026 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.492489100 CET	49793	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.492505074 CET	443	49793	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.498096943 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.524112940 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.571338892 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.670253992 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.670284986 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.670340061 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.670367956 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.670975924 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.670986891 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.671025991 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.671044111 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.671061993 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.671097040 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.671868086 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.671915054 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.672101974 CET	443	49797	13.107.137.11	192.168.2.4
Oct 28, 2024 07:56:40.672153950 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.672173023 CET	49797	443	192.168.2.4	13.107.137.11
Oct 28, 2024 07:56:40.684879065 CET	49806	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:40.684905052 CET	443	49806	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:40.685055017 CET	49806	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:40.685172081 CET	49806	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:40.685189009 CET	443	49806	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:40.697096109 CET	443	49806	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:40.697551012 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:40.697586060 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:40.697679043 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:40.697873116 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:40.697889090 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.466021061 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.466262102 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.466276884 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.469831944 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.469892979 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.470210075 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.470289946 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.470314980 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.511341095 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.520370007 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.520384073 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.567241907 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.622602940 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.622657061 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.622711897 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.622725010 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.622766018 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.623467922 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.623488903 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.623516083 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.623627901 CET	49807	443	192.168.2.4	13.107.139.11
Oct 28, 2024 07:56:41.623702049 CET	443	49807	13.107.139.11	192.168.2.4
Oct 28, 2024 07:56:41.623842001 CET	49807	443	192.168.2.4	13.107.139.11

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 07:56:22.325566053 CET	53	63108	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:22.410281897 CET	53	51398	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:23.715080023 CET	58290	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:23.715929985 CET	50874	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:23.722649097 CET	53	58290	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:23.724297047 CET	53	50874	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:23.790241003 CET	53	65140	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:25.763801098 CET	49703	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:25.764003038 CET	62643	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:26.660372972 CET	64666	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:26.660921097 CET	63455	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:26.667907953 CET	53	64666	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:26.668361902 CET	53	63455	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:34.746165991 CET	138	138	192.168.2.4	192.168.2.255
Oct 28, 2024 07:56:35.998492002 CET	49291	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:35.998672009 CET	49572	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:36.007469893 CET	53	49291	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:36.010181904 CET	53	49572	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:36.569787025 CET	50851	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:36.570017099 CET	58597	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:38.201119900 CET	50507	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:38.201119900 CET	59415	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:38.202900887 CET	60833	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:38.203093052 CET	63365	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:38.208765030 CET	53	50507	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:38.211541891 CET	53	59415	1.1.1.1	192.168.2.4
Oct 28, 2024 07:56:40.676192045 CET	65381	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:40.676374912 CET	55676	53	192.168.2.4	1.1.1.1
Oct 28, 2024 07:56:40.780993938 CET	53	51120	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 28, 2024 07:56:25.788619995 CET	192.168.2.4	1.1.1.1	c2c5	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 28, 2024 07:56:23.715080023 CET	192.168.2.4	1.1.1.1	0x48bc	Standard query (0)	1drv.ms	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:23.715929985 CET	192.168.2.4	1.1.1.1	0x211f	Standard query (0)	1drv.ms	65	IN (0x0001)	false
Oct 28, 2024 07:56:25.763801098 CET	192.168.2.4	1.1.1.1	0xba41	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:25.764003038 CET	192.168.2.4	1.1.1.1	0xbc18	Standard query (0)	onedrive.live.com	65	IN (0x0001)	false
Oct 28, 2024 07:56:26.660372972 CET	192.168.2.4	1.1.1.1	0x8240	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:26.660921097 CET	192.168.2.4	1.1.1.1	0xdf75	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 28, 2024 07:56:35.998492002 CET	192.168.2.4	1.1.1.1	0xef6e	Standard query (0)	api-badgerp.svc.ms	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:35.998672009 CET	192.168.2.4	1.1.1.1	0xc43f	Standard query (0)	api-badgerp.svc.ms	65	IN (0x0001)	false
Oct 28, 2024 07:56:36.569787025 CET	192.168.2.4	1.1.1.1	0x3a11	Standard query (0)	m365cdn.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:36.570017099 CET	192.168.2.4	1.1.1.1	0x9caf	Standard query (0)	m365cdn.nel.measure.office.net	65	IN (0x0001)	false
Oct 28, 2024 07:56:38.201119900 CET	192.168.2.4	1.1.1.1	0x7c96	Standard query (0)	api-badgerp.svc.ms	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:38.201119900 CET	192.168.2.4	1.1.1.1	0x21fa	Standard query (0)	api-badgerp.svc.ms	65	IN (0x0001)	false
Oct 28, 2024 07:56:38.202900887 CET	192.168.2.4	1.1.1.1	0xc2e6	Standard query (0)	my.microsoftpersonalcontent.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:38.203093052 CET	192.168.2.4	1.1.1.1	0x7b1f	Standard query (0)	my.microsoftpersonalcontent.com	65	IN (0x0001)	false
Oct 28, 2024 07:56:40.676192045 CET	192.168.2.4	1.1.1.1	0x77f9	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:40.676374912 CET	192.168.2.4	1.1.1.1	0x174a	Standard query (0)	onedrive.live.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 28, 2024 07:56:23.722649097 CET	1.1.1.1	192.168.2.4	0x48bc	No error (0)	1drv.ms		13.107.42.12	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:25.771353006 CET	1.1.1.1	192.168.2.4	0xba41	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:25.771353006 CET	1.1.1.1	192.168.2.4	0xba41	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:25.771353006 CET	1.1.1.1	192.168.2.4	0xba41	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:25.771353006 CET	1.1.1.1	192.168.2.4	0xba41	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:25.771353006 CET	1.1.1.1	192.168.2.4	0xba41	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:25.788539886 CET	1.1.1.1	192.168.2.4	0xbc18	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:25.788539886 CET	1.1.1.1	192.168.2.4	0xbc18	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:26.667907953 CET	1.1.1.1	192.168.2.4	0x8240	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:26.668361902 CET	1.1.1.1	192.168.2.4	0xdf75	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 28, 2024 07:56:33.025676966 CET	1.1.1.1	192.168.2.4	0xb111	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:33.025676966 CET	1.1.1.1	192.168.2.4	0xb111	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:33.083389044 CET	1.1.1.1	192.168.2.4	0xc457	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:33.083389044 CET	1.1.1.1	192.168.2.4	0xc457	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.19	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:33.083389044 CET	1.1.1.1	192.168.2.4	0xc457	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:33.083389044 CET	1.1.1.1	192.168.2.4	0xc457	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.35	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:33.083389044 CET	1.1.1.1	192.168.2.4	0xc457	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:36.007469893 CET	1.1.1.1	192.168.2.4	0xef6e	No error (0)	api-badgerp.svc.ms	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:36.007469893 CET	1.1.1.1	192.168.2.4	0xef6e	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:36.007469893 CET	1.1.1.1	192.168.2.4	0xef6e	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:36.010181904 CET	1.1.1.1	192.168.2.4	0xc43f	No error (0)	api-badgerp.svc.ms	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:36.577723980 CET	1.1.1.1	192.168.2.4	0x3a11	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:36.577766895 CET	1.1.1.1	192.168.2.4	0x9caf	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.208765030 CET	1.1.1.1	192.168.2.4	0x7c96	No error (0)	api-badgerp.svc.ms	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.208765030 CET	1.1.1.1	192.168.2.4	0x7c96	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:38.208765030 CET	1.1.1.1	192.168.2.4	0x7c96	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	my.microsoftpersonalcontent.com	lists-e.tm-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	lists-e.tm-rt.sharepoint.com	190720-ipv4mte.gr.global.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	190720-ipv4mte.gr.global.aa-rt.sharepoint.com	190720-ipv4mte.farm.dprodmgd104.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	190720-ipv4mte.farm.dprodmgd104.aa-rt.sharepoint.com	190720-ipv4mteg.farm.dprodmgd104.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	190720-ipv4.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:38.210784912 CET	1.1.1.1	192.168.2.4	0xc2e6	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:38.211479902 CET	1.1.1.1	192.168.2.4	0x7b1f	No error (0)	my.microsoftpersonalcontent.com	lists-e.tm-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.211479902 CET	1.1.1.1	192.168.2.4	0x7b1f	No error (0)	lists-e.tm-rt.sharepoint.com	188900-ipv4mte.gr.global.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.211479902 CET	1.1.1.1	192.168.2.4	0x7b1f	No error (0)	188900-ipv4mte.gr.global.aa-rt.sharepoint.com	188900-ipv4mte.farm.dprodmgd104.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.211479902 CET	1.1.1.1	192.168.2.4	0x7b1f	No error (0)	188900-ipv4mte.farm.dprodmgd104.aa-rt.sharepoint.com	188900-ipv4mteg.farm.dprodmgd104.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:38.211541891 CET	1.1.1.1	192.168.2.4	0x21fa	No error (0)	api-badgerp.svc.ms	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684082031 CET	1.1.1.1	192.168.2.4	0x77f9	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684082031 CET	1.1.1.1	192.168.2.4	0x77f9	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684082031 CET	1.1.1.1	192.168.2.4	0x77f9	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684082031 CET	1.1.1.1	192.168.2.4	0x77f9	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684082031 CET	1.1.1.1	192.168.2.4	0x77f9	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684437037 CET	1.1.1.1	192.168.2.4	0x174a	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:56:40.684437037 CET	1.1.1.1	192.168.2.4	0x174a	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

1drv.ms

onedrive.live.com

https:

api-badgerp.svc.ms

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49749	13.107.42.12	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:25 UTC	761	OUT	GET /w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9 HTTP/1.1 Host: 1drv.ms Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 06:56:25 UTC	726	IN	HTTP/1.1 301 Moved Permanently Location: https://onedrive.live.com/redir?cid=9b14c62c9fcd7f6c&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&ithint=file%2cdocx&e=4%3arOi4rU&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05 X-MSNSERVER: SN4PPF4938BFA93 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: WGObO1JgFkC8Y7ZRWKScPw.0 X-AsmVersion: UNKNOWN; 19.1528.1008.2006 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 5FB405F67AAB4405AD00DC016DE2CDB1 Ref B: DFW311000106047 Ref C: 2024-10-28T06:56:25Z Date: Mon, 28 Oct 2024 06:56:25 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49753	13.107.137.11	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:26 UTC	965	OUT	GET /redir?cid=9b14c62c9fcd7f6c&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&ithint=file%2cdocx&e=4%3arOi4rU&at=9&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05 HTTP/1.1 Host: onedrive.live.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 06:56:26 UTC	1322	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 462 Content-Type: text/html; charset=utf-8 Expires: -1 Location: /edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2 Set-Cookie: E=P:bzWqpB333Ig=:UTSaY0ROyk+bAFP1dgIOXJcFsunJkdsLytUg1UHMKUU=:F; domain=.live.com; path=/ Set-Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Mon, 28-Oct-2024 05:16:26 GMT; path=/ X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' sentry.contentvalidation.com sentry.ppe.contentvalidation.com sentry.int.contentvalidation.com X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 7dc88597df-45lmn X-ODWebServer: namsouthce155880-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: D37BBC7BCD2E4FFDBAA074511B49F8EB Ref B: SN1EDGE1519 Ref C: 2024-10-28T06:56:26Z Date: Mon, 28 Oct 2024 06:56:26 GMT Connection: close
2024-10-28 06:56:26 UTC	462	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 65 64 69 74 3f 69 64 3d 39 42 31 34 43 36 32 43 39 46 43 44 37 46 36 43 21 73 63 31 34 35 61 32 33 30 66 30 37 61 34 38 64 33 62 36 66 32 34 63 65 61 33 31 38 37 34 30 37 66 26 61 6d 70 3b 72 65 73 69 64 3d 39 42 31 34 43 36 32 43 39 46 43 44 37 46 36 43 21 73 63 31 34 35 61 32 33 30 66 30 37 61 34 38 64 33 62 36 66 32 34 63 65 61 33 31 38 37 34 30 37 66 26 61 6d 70 3b 63 69 64 3d 39 62 31 34 63 36 32 63 39 66 63 64 37 66 36 63 26 61 6d 70 3b 69 74 68 69 6e 74 3d 66 69 6c 65 25 32 63 64 6f 63 78 26 61 6d 70 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&amp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49755	13.107.137.11	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:27 UTC	1152	OUT	GET /edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2 HTTP/1.1 Host: onedrive.live.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: E=P:bzWqpB333Ig=:UTSaY0ROyk+bAFP1dgIOXJcFsunJkdsLytUg1UHMKUU=:F; xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; xidseq=1
2024-10-28 06:56:28 UTC	798	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 49983 Content-Type: text/html; charset=utf-8 Expires: -1 Set-Cookie: E=P:vWVbpR333Ig=:Tj5hRGwn4OlV/Jzhxb9BsDH6LNmmabiY3f+uAKjJWF8=:F; domain=.live.com; path=/ Set-Cookie: xidseq=2; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Mon, 28-Oct-2024 05:16:28 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Mon, 04-Nov-2024 06:56:28 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 659965d4bf-qfwvb X-ODWebServer: namsouthce375367-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F39ED92C9D1A4CEAAD099A52403AD0B5 Ref B: SN1EDGE1618 Ref C: 2024-10-28T06:56:28Z Date: Mon, 28 Oct 2024 06:56:28 GMT Connection: close
2024-10-28 06:56:28 UTC	169	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 20 73 64 78 5f 68 74 6d 6c 22 20 73 74 79 6c 65 3d 22 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 Data Ascii: <!DOCTYPE html><html lang="en" dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" class=" responsive sdx_html" style=""> <head> <meta http-equiv="
2024-10-28 06:56:28 UTC	8192	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 26 23 35 39 3b 63 68 61 72 73 65 74 26 23 36 31 3b 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 26 23 36 31 3b 35 38 36 34 34 37 39 31 33 2c 20 61 70 70 2d 61 72 67 75 6d 65 6e 74 26 23 36 31 3b 6d 73 2d 77 6f 72 64 26 23 35 38 3b 6f 66 65 26 23 33 37 3b 37 63 75 26 23 33 37 3b 37 63 68 74 74 70 73 26 23 35 38 3b 2f 2f 31 64 72 76 2e 6d 73 2f 77 2f 63 2f 39 62 31 34 63 36 32 63 39 66 63 64 37 66 36 63 2f 45 54 43 69 52 63 46 36 38 4e 4e 49 74 76 4a 4d 36 6a 47 48 51 48 38 42 47 45 65 73 71 2d 62 7a 67 50 33 63 7a 49 30 63 63 68 59 62 4b 51 26 23 36 Data Ascii: Content-Type" content="text/html;charset=utf-8"/><meta name="apple-itunes-app" content="app-id=586447913, app-argument=ms-word:ofe%7cu%7chttps://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ&#6
2024-10-28 06:56:28 UTC	7371	IN	Data Raw: 65 2c 61 72 67 75 6d 65 6e 74 73 5b 31 5d 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 72 28 32 33 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 6e 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 65 2b 22 20 69 73 20 6e 6f 74 20 61 20 73 79 6d 62 6f 6c 22 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 65 26 26 28 22 73 79 6d 62 6f 6c 22 3d 3d 74 79 70 65 6f 66 20 65 7c 7c 21 21 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 22 53 79 6d 62 6f 6c 22 3d 3d 3d 65 Data Ascii: e,arguments[1])}},function(e,t,r){"use strict";var n=r(23);e.exports=function(e){if(!n(e))throw new TypeError(e+" is not a symbol");return e}},function(e,t,r){"use strict";e.exports=function(e){return!!e&&("symbol"==typeof e\|\|!!e.constructor&&"Symbol"===e
2024-10-28 06:56:28 UTC	8192	IN	Data Raw: 2c 4c 7d 29 3b 76 61 72 20 72 65 71 75 69 72 65 6a 73 2c 72 65 71 75 69 72 65 2c 64 65 66 69 6e 65 3b 21 66 75 6e 63 74 69 6f 6e 28 67 6c 6f 62 61 6c 29 7b 76 61 72 20 72 65 71 2c 73 2c 68 65 61 64 2c 62 61 73 65 45 6c 65 6d 65 6e 74 2c 64 61 74 61 4d 61 69 6e 2c 73 72 63 2c 69 6e 74 65 72 61 63 74 69 76 65 53 63 72 69 70 74 2c 63 75 72 72 65 6e 74 6c 79 41 64 64 69 6e 67 53 63 72 69 70 74 2c 6d 61 69 6e 53 63 72 69 70 74 2c 73 75 62 50 61 74 68 2c 76 65 72 73 69 6f 6e 3d 22 32 2e 32 2e 30 22 2c 63 6f 6d 6d 65 6e 74 52 65 67 45 78 70 3d 2f 28 5c 2f 5c 2a 28 5b 5c 73 5c 53 5d 2a 3f 29 5c 2a 5c 2f 7c 28 5b 5e 3a 5d 7c 5e 29 5c 2f 5c 2f 28 2e 2a 29 24 29 2f 67 6d 2c 63 6a 73 52 65 71 75 69 72 65 52 65 67 45 78 70 3d 2f 5b 5e 2e 5d 5c 73 2a 72 65 71 75 69 72 Data Ascii: ,L});var requirejs,require,define;!function(global){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.2.0",commentRegExp=/(\/\([\s\S]?)\\/\|([^:]\|^)\/\/(.)$)/gm,cjsRequireRegExp=/[^.]\s*requir
2024-10-28 06:56:28 UTC	8192	IN	Data Raw: 21 65 2e 69 6e 69 74 65 64 26 26 69 29 69 66 28 53 28 72 29 29 61 3d 6e 3d 21 30 3b 65 6c 73 65 7b 6f 2e 70 75 73 68 28 72 29 3b 77 28 72 29 7d 65 6c 73 65 20 69 66 28 21 65 2e 69 6e 69 74 65 64 26 26 65 2e 66 65 74 63 68 65 64 26 26 74 2e 69 73 44 65 66 69 6e 65 29 7b 61 3d 21 30 3b 69 66 28 21 74 2e 70 72 65 66 69 78 29 72 65 74 75 72 6e 20 75 3d 21 31 7d 7d 7d 29 3b 69 66 28 69 26 26 6f 2e 6c 65 6e 67 74 68 29 7b 28 65 3d 6d 61 6b 65 45 72 72 6f 72 28 22 74 69 6d 65 6f 75 74 22 2c 22 4c 6f 61 64 20 74 69 6d 65 6f 75 74 20 66 6f 72 20 6d 6f 64 75 6c 65 73 3a 20 22 2b 6f 2c 6e 75 6c 6c 2c 6f 29 29 2e 63 6f 6e 74 65 78 74 4e 61 6d 65 3d 64 2e 63 6f 6e 74 65 78 74 4e 61 6d 65 3b 72 65 74 75 72 6e 20 6a 28 65 29 7d 75 26 26 65 61 63 68 28 73 2c 66 75 6e 63 Data Ascii: !e.inited&&i)if(S(r))a=n=!0;else{o.push(r);w(r)}else if(!e.inited&&e.fetched&&t.isDefine){a=!0;if(!t.prefix)return u=!1}}});if(i&&o.length){(e=makeError("timeout","Load timeout for modules: "+o,null,o)).contextName=d.contextName;return j(e)}u&&each(s,func
2024-10-28 06:56:28 UTC	8192	IN	Data Raw: 7d 2c 6e 61 6d 65 54 6f 55 72 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 76 61 72 20 6e 2c 69 2c 6f 2c 73 2c 61 2c 75 2c 63 3d 67 65 74 4f 77 6e 28 67 2e 70 6b 67 73 2c 65 29 3b 63 26 26 28 65 3d 63 29 3b 69 66 28 75 3d 67 65 74 4f 77 6e 28 76 2c 65 29 29 72 65 74 75 72 6e 20 64 2e 6e 61 6d 65 54 6f 55 72 6c 28 75 2c 74 2c 72 29 3b 69 66 28 72 65 71 2e 6a 73 45 78 74 52 65 67 45 78 70 2e 74 65 73 74 28 65 29 29 73 3d 65 2b 28 74 7c 7c 22 22 29 3b 65 6c 73 65 7b 6e 3d 67 2e 70 61 74 68 73 3b 66 6f 72 28 6f 3d 28 69 3d 65 2e 73 70 6c 69 74 28 22 2f 22 29 29 2e 6c 65 6e 67 74 68 3b 30 3c 6f 3b 2d 2d 6f 29 69 66 28 61 3d 67 65 74 4f 77 6e 28 6e 2c 69 2e 73 6c 69 63 65 28 30 2c 6f 29 2e 6a 6f 69 6e 28 22 2f 22 29 29 29 7b 69 73 41 72 72 61 79 28 61 Data Ascii: },nameToUrl:function(e,t,r){var n,i,o,s,a,u,c=getOwn(g.pkgs,e);c&&(e=c);if(u=getOwn(v,e))return d.nameToUrl(u,t,r);if(req.jsExtRegExp.test(e))s=e+(t\|\|"");else{n=g.paths;for(o=(i=e.split("/")).length;0<o;--o)if(a=getOwn(n,i.slice(0,o).join("/"))){isArray(a
2024-10-28 06:56:28 UTC	8192	IN	Data Raw: 43 6f 6e 74 65 6e 74 22 3a 31 2c 22 65 6e 61 62 6c 65 41 6c 62 75 6d 73 56 69 65 77 22 3a 31 2c 22 69 73 45 6d 62 65 64 4c 69 6e 6b 44 69 73 61 62 6c 65 64 46 6f 72 56 69 64 65 6f 73 22 3a 31 2c 22 74 68 75 6d 62 6e 61 69 6c 43 72 6f 70 45 6e 61 62 6c 65 64 22 3a 31 2c 22 65 6e 61 62 6c 65 54 61 67 73 56 69 65 77 22 3a 31 2c 22 65 6e 61 62 6c 65 41 6c 62 75 6d 73 52 65 63 69 70 69 65 6e 74 56 69 65 77 22 3a 31 2c 22 63 6f 70 79 41 73 79 6e 63 45 6e 61 62 6c 65 64 22 3a 31 2c 22 69 73 55 73 65 72 49 6e 47 66 52 61 6d 70 22 3a 31 2c 22 78 62 6f 78 4d 75 73 69 63 55 72 6c 22 3a 22 68 74 74 70 73 5c 75 30 30 33 61 5c 75 30 30 32 66 5c 75 30 30 32 66 6d 75 73 69 63 2e 78 62 6f 78 2e 63 6f 6d 5c 75 30 30 32 66 22 2c 22 75 73 65 4e 65 77 46 65 65 64 62 61 63 6b Data Ascii: Content":1,"enableAlbumsView":1,"isEmbedLinkDisabledForVideos":1,"thumbnailCropEnabled":1,"enableTagsView":1,"enableAlbumsRecipientView":1,"copyAsyncEnabled":1,"isUserInGfRamp":1,"xboxMusicUrl":"https\u003a\u002f\u002fmusic.xbox.com\u002f","useNewFeedback
2024-10-28 06:56:28 UTC	1483	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 6e 4e 6f 64 65 43 72 65 61 74 65 64 3a 20 63 6f 6e 66 69 67 2e 6f 6e 4e 6f 64 65 43 72 65 61 74 65 64 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 71 75 69 72 65 6a 73 2e 63 6f 6e 66 69 67 28 70 72 6f 63 65 73 73 43 6f 6e 66 69 67 54 6f 53 75 70 70 6f 72 74 46 61 69 6c 4f 76 65 72 28 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 61 69 74 53 65 63 6f 6e 64 73 3a 20 31 Data Ascii: } }, onNodeCreated: config.onNodeCreated }; } requirejs.config(processConfigToSupportFailOver({ waitSeconds: 1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49778	13.107.138.10	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:36 UTC	517	OUT	OPTIONS /v1.0/token HTTP/1.1 Host: api-badgerp.svc.ms Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://onedrive.live.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://onedrive.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 06:56:37 UTC	549	IN	HTTP/1.1 200 OK Allow: OPTIONS, TRACE, GET, HEAD, POST Public: OPTIONS, TRACE, GET, HEAD, POST X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: appid,cache-control,canary,content-type,x-forcecache,authorization Access-Control-Allow-Methods: GET, POST, OPTIONS X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 728FC515F23649A18DC45709B358BCDE Ref B: DFW311000110039 Ref C: 2024-10-28T06:56:36Z Date: Mon, 28 Oct 2024 06:56:36 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49784	13.107.138.10	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:37 UTC	613	OUT	POST /v1.0/token HTTP/1.1 Host: api-badgerp.svc.ms Connection: keep-alive Content-Length: 48 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: https://onedrive.live.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://onedrive.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 06:56:37 UTC	48	OUT	Data Raw: 7b 22 61 70 70 69 64 22 3a 22 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 34 38 31 37 31 30 61 34 22 7d Data Ascii: {"appid":"00000000-0000-0000-0000-0000481710a4"}
2024-10-28 06:56:38 UTC	602	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 981 Content-Type: application/json; charset=utf-8 Expires: -1 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: appid,cache-control,canary,content-type,x-forcecache,authorization Access-Control-Allow-Methods: GET, POST, OPTIONS X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: FC62ECECBDF44BB09ECD2EE8098CD5CD Ref B: DFW311000107017 Ref C: 2024-10-28T06:56:37Z Date: Mon, 28 Oct 2024 06:56:37 GMT Connection: close
2024-10-28 06:56:38 UTC	981	IN	Data Raw: 7b 22 61 75 74 68 53 63 68 65 6d 65 22 3a 22 62 61 64 67 65 72 22 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 68 62 47 63 69 4f 69 4a 53 55 7a 49 31 4e 69 49 73 49 6d 74 70 5a 43 49 36 49 6b 51 33 4d 6a 6c 42 52 44 6c 46 51 6a 5a 46 4e 54 52 43 4d 6a 63 78 4d 6b 55 78 4e 6a 55 77 52 6b 49 7a 51 30 51 30 51 7a 6b 33 51 30 4a 46 4f 45 4a 42 4d 54 63 69 4c 43 4a 34 4e 58 51 69 4f 69 49 78 65 57 31 30 62 6e 4a 69 62 46 4e 35 59 31 4d 30 56 31 56 51 63 7a 67 78 54 57 77 34 64 6d 39 31 61 47 4d 69 4c 43 4a 30 65 58 41 69 4f 69 4a 4b 56 31 51 69 66 51 2e 65 79 4a 68 64 57 51 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 39 75 5a 57 52 79 61 58 5a 6c 4c 6d 4e 76 62 53 38 69 4c 43 4a 70 63 33 4d 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 4a 68 5a 47 64 6c 63 69 35 7a Data Ascii: {"authScheme":"badger","token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ3MjlBRDlFQjZFNTRCMjcxMkUxNjUwRkIzQ0Q0Qzk3Q0JFOEJBMTciLCJ4NXQiOiIxeW10bnJibFN5Y1M0V1VQczgxTWw4dm91aGMiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL29uZWRyaXZlLmNvbS8iLCJpc3MiOiJodHRwczovL2JhZGdlci5z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49788	13.107.136.10	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:38 UTC	352	OUT	GET /v1.0/token HTTP/1.1 Host: api-badgerp.svc.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 06:56:39 UTC	630	IN	HTTP/1.1 405 Method Not Allowed Cache-Control: no-cache Pragma: no-cache Allow: POST Content-Length: 72 Content-Type: application/json; charset=utf-8 Expires: -1 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: appid,cache-control,canary,content-type,x-forcecache,authorization Access-Control-Allow-Methods: GET, POST, OPTIONS X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 18C38E3256614129990848097DF9A92B Ref B: DFW311000106017 Ref C: 2024-10-28T06:56:39Z Date: Mon, 28 Oct 2024 06:56:38 GMT Connection: close
2024-10-28 06:56:39 UTC	72	IN	Data Raw: 7b 22 4d 65 73 73 61 67 65 22 3a 22 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 68 74 74 70 20 6d 65 74 68 6f 64 20 27 47 45 54 27 2e 22 7d Data Ascii: {"Message":"The requested resource does not support http method 'GET'."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49789	13.107.139.11	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:38 UTC	860	OUT	OPTIONS /_api/v2.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05/driveItem?action=Edit&$select=id,openWith,officebundle,currentUserRole,eTag,name,size,content.downloadUrl,file,sharepointIds,sensitivityLabel,webUrl,webDavUrl,parentReference,vault HTTP/1.1 Host: my.microsoftpersonalcontent.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: authorization,prefer Origin: https://onedrive.live.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://onedrive.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 06:56:39 UTC	2777	IN	HTTP/1.1 200 OK Cache-Control: private P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" WWW-Authenticate: Wlid1.1 realm="WindowsLive", fault="BadContextToken", policy="MBI_SSL", ver="7.5.0.0", target="ssl.live.com", siteId="ssl.live.com" X-NetworkStatistics: 0,525568,0,0,57438,0,91252,58 Access-Control-Allow-Origin: * Access-Control-Max-Age: 2592000 Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Type, Content-Version, CTag, ETag, Location, RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset, Retry-After, spclientservicerequestduration, SPRequestDuration, SPRequestGuid, Timing-Allow-Origin, Transfer-Encoding, WWW-Authenticate, X-Fluid-Epoch, X-Fluid-Retries, X-Fluid-SLTelemetry, X-Fluid-Telemetry, X-MoveState, x-ms-diagnostics, Reauthid, X-Cache-Origin, X-MSEdge-Ref, X-ErrorCode, X-Errorsource, X-Errortype Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, TRACE, CONNECT, PATCH, MERGE Access-Control-Allow-Headers: authorization,prefer X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 66415ea1-80cb-6000-caaf-fc5a6f650fdd request-id: 66415ea1-80cb-6000-caaf-fc5a6f650fdd MS-CV: oV5BZsuAAGDKr/xab2UP3Q.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-SN1r5e&frontEnd=AFD&RemoteIP=155.94.241.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 242 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25409 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 7443E4046EA645538296C461517ADE6C Ref B: SN1EDGE2210 Ref C: 2024-10-28T06:56:39Z Date: Mon, 28 Oct 2024 06:56:38 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49793	13.107.137.11	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:40 UTC	1308	OUT	GET /error.html HTTP/1.1 Host: onedrive.live.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://onedrive.live.com/edit?id=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&resid=9B14C62C9FCD7F6C!sc145a230f07a48d3b6f24cea3187407f&cid=9b14c62c9fcd7f6c&ithint=file%2cdocx&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3cvYy85YjE0YzYyYzlmY2Q3ZjZjL0VUQ2lSY0Y2OE5OSXR2Sk02akdIUUg4QkdFZXNxLWJ6Z1AzY3pJMGNjaFliS1E_ZT00OnJPaTRyVSZhdD05&migratedtospo=true&wdo=2 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; E=P:vWVbpR333Ig=:Tj5hRGwn4OlV/Jzhxb9BsDH6LNmmabiY3f+uAKjJWF8=:F; xidseq=2; wla42=; MicrosoftApplicationsTelemetryDeviceId=ec1f45ed-86d6-4140-8450-9cba49d08666; ai_session=H4AhIYgcqTUzJSWZN0ZMYB\|1730098597155\|1730098597155
2024-10-28 06:56:40 UTC	661	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 1109 Content-Type: text/html Expires: -1 Last-Modified: Tue, 24 Sep 2024 17:32:48 GMT Accept-Ranges: bytes ETag: "0e0e4c5a7edb1:0" Set-Cookie: E=P:I9m+rB333Ig=:xdhk3egTWcyqSRS7o7sAiQPg6fKVAKABgy2v5uiNwU8=:F; domain=.live.com; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 659965d4bf-zcmd7 X-ODWebServer: namsouthce375367-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 7312A88E12DA42B0A2358ABFAEF06E32 Ref B: SN1EDGE1908 Ref C: 2024-10-28T06:56:40Z Date: Mon, 28 Oct 2024 06:56:39 GMT Connection: close
2024-10-28 06:56:40 UTC	1109	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 4f 6e 65 44 72 69 76 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 38 38 25 3b 0d 0a 20 20 Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <title>Microsoft OneDrive</title> <style type="text/css"> body { font-family:"Segoe UI", arial, sans-serif; font-size:88%;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49797	13.107.137.11	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:40 UTC	894	OUT	GET /favicon.ico HTTP/1.1 Host: onedrive.live.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://onedrive.live.com/error.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; xidseq=2; wla42=; MicrosoftApplicationsTelemetryDeviceId=ec1f45ed-86d6-4140-8450-9cba49d08666; ai_session=H4AhIYgcqTUzJSWZN0ZMYB\|1730098597155\|1730098598630; E=P:I9m+rB333Ig=:xdhk3egTWcyqSRS7o7sAiQPg6fKVAKABgy2v5uiNwU8=:F
2024-10-28 06:56:40 UTC	664	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 7886 Content-Type: image/x-icon Expires: -1 Last-Modified: Tue, 24 Sep 2024 17:33:02 GMT Accept-Ranges: bytes ETag: "01b3dcea7edb1:0" Set-Cookie: E=P:aSjcrB333Ig=:/5HQ5hoRNkUA6VE9C3JCC5MMmkWOh5Ug1m0SRuoOpuc=:F; domain=.live.com; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 659965d4bf-zcmd7 X-ODWebServer: namsouthce375367-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E3F5C592E2B54D298F20735CCCED8040 Ref B: SN1EDGE2411 Ref C: 2024-10-28T06:56:40Z Date: Mon, 28 Oct 2024 06:56:40 GMT Connection: close
2024-10-28 06:56:40 UTC	1656	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @
2024-10-28 06:56:40 UTC	6230	IN	Data Raw: 00 ff d7 7e 05 ff e2 96 19 ff e9 a5 26 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff e9 a7 27 ff e4 9b 1d ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d5 7b 03 ff dc 8a 0f ff e7 a2 23 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff e6 9f 21 ff e0 92 15 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 Data Ascii: ~&((((((((((((((('xxxxxxxxx{#((((((((((((!xxxxxx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49807	13.107.139.11	443	5480	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:56:41 UTC	646	OUT	GET /favicon.ico HTTP/1.1 Host: onedrive.live.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: xid=bb97bd91-527d-4364-b786-afd456be5e6a&&ODSP-ODWEB-ODCF&348; xidseq=2; wla42=; MicrosoftApplicationsTelemetryDeviceId=ec1f45ed-86d6-4140-8450-9cba49d08666; ai_session=H4AhIYgcqTUzJSWZN0ZMYB\|1730098597155\|1730098598630; E=P:aSjcrB333Ig=:/5HQ5hoRNkUA6VE9C3JCC5MMmkWOh5Ug1m0SRuoOpuc=:F
2024-10-28 06:56:41 UTC	664	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 7886 Content-Type: image/x-icon Expires: -1 Last-Modified: Tue, 24 Sep 2024 17:33:02 GMT Accept-Ranges: bytes ETag: "01b3dcea7edb1:0" Set-Cookie: E=P:okZurR333Ig=:iYlb9BhqeWaZSgQ5xAbqgL1usFOaO1eJQchYSnvcq8Y=:F; domain=.live.com; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 7dc88597df-mfhhc X-ODWebServer: namsouthce155880-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 356963E826964C47BFE9BBCAB18D4F72 Ref B: SN1EDGE2214 Ref C: 2024-10-28T06:56:41Z Date: Mon, 28 Oct 2024 06:56:40 GMT Connection: close
2024-10-28 06:56:41 UTC	3530	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @
2024-10-28 06:56:41 UTC	4356	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Target ID:	0
Start time:	02:56:14
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	02:56:20
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1844,i,12198258531799219003,14501588252868035823,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	02:56:22
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 37

Chrome Cache Entry: 38

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4584, Parent PID: 1440

General

Chronological Activities

Analysis Process: chrome.exePID: 5480, Parent PID: 4584

General

Chronological Activities

Analysis Process: chrome.exePID: 6180, Parent PID: 1440

Windows Analysis Report
https://1drv.ms/w/c/9b14c62c9fcd7f6c/ETCiRcF68NNItvJM6jGHQH8BGEesq-bzgP3czI0cchYbKQ?e=4%3arOi4rU&at=9