Edit tour

Windows Analysis Report
https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE

Overview

General Information

Sample URL:	https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE
Analysis ID:	1576370
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Contains functionality to detect virtual machines (SLDT)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Installs a raw input device (often for capturing keystrokes)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file does not import any functions

PE file overlay found

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4460 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

AnyDesk.exe (PID: 7584 cmdline: "C:\Users\user\Downloads\AnyDesk.exe" MD5: 0A269C555E15783351E02629502BF141)

AnyDesk.exe (PID: 1000 cmdline: "C:\Users\user\Downloads\AnyDesk.exe" --local-service MD5: 0A269C555E15783351E02629502BF141)

AnyDesk.exe (PID: 3840 cmdline: "C:\Users\user\Downloads\AnyDesk.exe" --local-control MD5: 0A269C555E15783351E02629502BF141)

chrome.exe (PID: 2872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: POST /personal/stella_pabon_ustabuca_edu_co/_api/SP.OAuth.Token/Acquire() HTTP/1.1Host: mailustabucaedu-my.sharepoint.comConnection: keep-aliveContent-Length: 42sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Odata-Version: 4.0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/json;odata=verboseCollectSPPerfMetrics: SPSQLQueryCountAccept: application/json;odata.metadata=minimalx-requestdigest: 0x7C2EEA0B154A7ED18808E7D57DDD15005E6ECE592BFC25FC469150A1A292396583B1E9E56B847FA8035D380622CFD4DEFE8B8D9A462D787CA9E609B845ECFD29,16 Dec 2024 21:21:36 -0000sec-ch-ua-platform: "Windows"Origin: https://mailustabucaedu-my.sharepoint.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlSNXd2eHY5Z05hVDBvbzdqNzE4b1JNbnlpcENYSURwREg0Y3BaZlNsUkJSdXBQMWdTek1ONXhRQy9jdTIvd2YyNUhiVW13TXN1UFh3YUtDTGNIVklQYk5qc1JHOWFGRC9sNTVqSGpRMStZU3dyV0NJOWRKZ2o3N05lcXc9PTwvU1A+; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=261dde22-c355-4e9a-8b08-7231a0643917; ai_session=dTsDvFSK3YhtxJPPPd2XC4|1734384106193|1734384106224

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cache, no-storePragma: no-cacheContent-Length: 59Content-Type: application/jsonExpires: -1P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlSNXd2eHY5Z05hVDBvbzdqNzE4b1JNbnlpcENYSURwREg0Y3BaZlNsUkJSdXBQMWdTek1ONXhRQy9jdTIvd2YyNUhiVW13TXN1UFh3YUtDTGNIVklQYk5qc1JHOWFGRC9sNTVqSGpRMStZU3dyV0NJOWRKZ2o3N05lcXc9PTwvU1A+; path=/; SameSite=None; secure; HttpOnlyX-NetworkStatistics: 5,4204800,1202,7811,2319060,4204800,4204800,7X-SharePointHealthScore: 0X-VroomVersion: 2.0X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: 64386ea1-e0f6-0000-51c1-3dd4c89102aerequest-id: 64386ea1-e0f6-0000-51c1-3dd4c89102aeMS-CV: oW44ZPbgAABRwT3UyJECrg.0Alt-Svc: h3=":443";ma=86400Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com;SPRequestDuration: 47SPIisLatency: 1X-Powered-By: ASP.NETMicrosoftSh
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cache, no-storePragma: no-cacheContent-Length: 59Content-Type: application/jsonExpires: -1P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlSNXd2eHY5Z05hVDBvbzdqNzE4b1JNbnlpcENYSURwREg0Y3BaZlNsUkJSdXBQMWdTek1ONXhRQy9jdTIvd2YyNUhiVW13TXN1UFh3YUtDTGNIVklQYk5qc1JHOWFGRC9sNTVqSGpRMStZU3dyV0NJOWRKZ2o3N05lcXc9PTwvU1A+; path=/; SameSite=None; secure; HttpOnlyX-NetworkStatistics: 0,4204800,150,91,22633887,0,4204800,6X-SharePointHealthScore: 3X-VroomVersion: 2.0X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: 6a386ea1-70af-0000-5773-0441ee74235crequest-id: 6a386ea1-70af-0000-5773-0441ee74235cMS-CV: oW44aq9wAABXcwRB7nQjXA.0Alt-Svc: h3=":443";ma=86400Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com;SPRequestDuration: 55SPIisLatency: 2X-Powered-By: ASP.NETMicrosoftSharePoint

Source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ad.session_queue.menu.open_external_urlsupporter_request_tile_tstate_icondestinationemailsepa
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Unconfirmed 525032.crdownload.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opengl.org/registry/
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/company#imprint
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/contact/sales
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/en/changelog/windows
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/order
Source: AnyDesk.exe, AnyDesk.exe, 0000000F.00000003.2337592679.00000000047A4000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.2353957851.00000000047A5000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2348253853.000000000479F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2345564594.00000000047A5000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/pricing/teams
Source: AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/pricing/teamsS
Source: AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/pricing/teamsd
Source: AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/pricing/teamse
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/privacy
Source: AnyDesk.exe, 0000000F.00000003.2351617091.0000000004322000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/privacy2
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/terms
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/update
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com
Source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/$
Source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
Source: chromecache_727.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_727.1.dr	String found in binary or memory: https://microsoft.spfx3rdparty.com
Source: AnyDesk.exe, 0000000F.00000003.2337592679.0000000004727000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2346862564.0000000004729000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.com
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2455999925.0000000004FED000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FEB000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2454890713.0000000004F99000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde
Source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.com/password-generator.
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.com/v2
Source: AnyDesk.exe, 0000000F.00000003.2351617091.0000000004322000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.anydesk.com/v2sJ
Source: chromecache_581.1.dr	String found in binary or memory: https://onedrive.cloud.microsoft
Source: chromecache_581.1.dr	String found in binary or memory: https://onedrive.dev.cloud.microsoft
Source: chromecache_727.1.dr	String found in binary or memory: https://onedrive.live.com/_layouts/15/odcauth.aspx
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://order.anydesk.com/trial
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=$
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_652.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FEB000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/account-migration
Source: AnyDesk.exe, 0000000F.00000003.2348615824.0000000004789000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2348154663.0000000004789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/account-migration8
Source: AnyDesk.exe, 0000000F.00000003.2347199507.0000000004782000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2337592679.0000000004789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/account-migrationA
Source: AnyDesk.exe, 0000000F.00000003.2350048988.0000000004789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/account-migrationx
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/anydesk-account
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2452182790.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455999925.0000000004FD3000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FE8000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455931236.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FB9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-alias
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455931236.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004B2F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FB9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/how-do-i-delete-my-anydesk-account
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004B2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/how-do-i-delete-my-anydesk-accountss
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/license-expired-error
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1904873178.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2454379574.0000000004B56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/my-anydesk-ii#user-management
Source: AnyDesk.exe, AnyDesk.exe, 0000000F.00000003.2355628341.0000000004392000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2344864132.0000000004399000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2336101389.0000000004351000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide
Source: AnyDesk.exe, 0000000F.00000003.2348615824.0000000004776000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2347199507.0000000004779000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2346337947.000000000474E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2337592679.0000000004778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guideI
Source: AnyDesk.exe, 00000011.00000003.1904873178.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2454379574.0000000004B56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/s.
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455999925.0000000004FD3000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FE8000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/security-permissions-on-macos
Source: AnyDesk.exe, 0000000F.00000003.2345564594.0000000004775000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2337592679.0000000004775000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2346337947.000000000474E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2347199507.0000000004772000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/security-permissions-on-macos?
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/status-anynet_overload
Source: AnyDesk.exe, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.2349833962.00000000043F4000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2334176466.00000000043C7000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect
Source: AnyDesk.exe, 0000000F.00000003.2349833962.00000000043F4000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2334176466.00000000043C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect.
Source: AnyDesk.exe, 00000011.00000002.2455931236.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnectr.
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_error
Source: AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_errorte
Source: AnyDesk.exe, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004B2F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedly
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004B2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedlyW
Source: AnyDesk.exe, 0000000F.00000003.2336101389.00000000043F7000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2334176466.00000000043C7000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2349833962.00000000043F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedlye.r
Source: AnyDesk.exe, 00000011.00000003.1808277978.0000000004B2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedlyn
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/users
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screen
Source: AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screenh
Source: AnyDesk.exe, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455931236.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FB9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/what-is-full-client-management
Source: AnyDesk.exe, 0000000F.00000003.2349833962.00000000043F4000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2336101389.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2334176466.00000000043C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.anydesk.com/knowledge/what-is-full-client-management.
Source: chromecache_582.1.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/
Source: AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/$
Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 92.223.88.232:443 -> 192.168.2.17:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 89.187.179.132:443 -> 192.168.2.17:50018 version: TLS 1.2

Source: AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp

Binary or memory string: DirectDrawCreateEx

memstr_21576e3f-3

Source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_bdfcc313-f

Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFDA2	15_3_043BFDA2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFDA2	15_3_043BFDA2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFCC9	15_3_043BFCC9
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFCC9	15_3_043BFCC9
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043EE27F	15_3_043EE27F
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043E2763	15_3_043E2763
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_047D45BD	15_3_047D45BD
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_0433510B	15_3_0433510B
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043EEA30	15_3_043EEA30
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043EEA30	15_3_043EEA30
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_0439C058	15_3_0439C058
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043A27DF	15_3_043A27DF
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043EEA30	15_3_043EEA30
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043EEA30	15_3_043EEA30
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_0439C058	15_3_0439C058
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFDA2	15_3_043BFDA2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFDA2	15_3_043BFDA2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFCC9	15_3_043BFCC9
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043BFCC9	15_3_043BFCC9
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 16_3_044CA798	16_3_044CA798
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 16_3_044CA762	16_3_044CA762
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 17_2_04F92B07	17_2_04F92B07

Source: chromecache_544.1.dr	Static PE information: No import functions for PE file found
Source: Unconfirmed 525032.crdownload.0.dr	Static PE information: No import functions for PE file found
Source: Unconfirmed 780313.crdownload.0.dr	Static PE information: No import functions for PE file found
Source: 935c1ae5-49df-4140-b471-088bee52d1d1.tmp.0.dr	Static PE information: No import functions for PE file found
Source: 830a6202-601b-4973-a9bc-4caf5b50ca20.tmp.0.dr	Static PE information: No import functions for PE file found

Source: 935c1ae5-49df-4140-b471-088bee52d1d1.tmp.0.dr	Static PE information: Data appended to the last section found
Source: 830a6202-601b-4973-a9bc-4caf5b50ca20.tmp.0.dr	Static PE information: Data appended to the last section found

Source: 830a6202-601b-4973-a9bc-4caf5b50ca20.tmp.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 935c1ae5-49df-4140-b471-088bee52d1d1.tmp.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal68.evad.win@28/512@49/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_7584_2644517963_0_mtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_1000_2669167912_mtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_13
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_12
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_3840_2670228037_1_mtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcstobjmtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_20
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_4
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_19
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_3
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_18
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_2
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_3840_1740_0
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_901_lsystem_mtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_15
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_14
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_3840_3856_0
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_3840_2670228037_0_mtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_7584_2644517963_1_mtx
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_7
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_6
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_1000_1360_5
Source: C:\Users\user\Downloads\AnyDesk.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor

Source: C:\Users\user\Downloads\AnyDesk.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AnyDesk.exe	String found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide
Source: AnyDesk.exe	String found in binary or memory: /knowledge/quick-start-guide

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4460 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\AnyDesk.exe "C:\Users\user\Downloads\AnyDesk.exe"
Source: C:\Users\user\Downloads\AnyDesk.exe	Process created: C:\Users\user\Downloads\AnyDesk.exe "C:\Users\user\Downloads\AnyDesk.exe" --local-service
Source: C:\Users\user\Downloads\AnyDesk.exe	Process created: C:\Users\user\Downloads\AnyDesk.exe "C:\Users\user\Downloads\AnyDesk.exe" --local-control
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4460 --field-trial-handle=1952,i,3792449684971947536,1701299153115329648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\AnyDesk.exe "C:\Users\user\Downloads\AnyDesk.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Process created: C:\Users\user\Downloads\AnyDesk.exe "C:\Users\user\Downloads\AnyDesk.exe" --local-service	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Process created: C:\Users\user\Downloads\AnyDesk.exe "C:\Users\user\Downloads\AnyDesk.exe" --local-control	Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: windows.system.profile.systemid.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cryptowinrt.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2155fee3-2419-4373-b102-6843707eb41f}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\Downloads\AnyDesk.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp, AnyDesk.exe, 00000010.00000003.1802163933.000000000350D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: AnyDesk.exe, 0000000F.00000000.1769419283.0000000002026000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 525032.crdownload.0.dr
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\win_dwm\win_dwm.pdb source: AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp, AnyDesk.exe, 00000010.00000003.1802163933.000000000350D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-32\win_dwm\win_dwm.pdb source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\ashakhmut\Projects\anydesk\deps\win_system_id\build\win_system_id_dll.pdb source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp, AnyDesk.exe, 00000010.00000003.1802163933.000000000350D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SAS.pdbR source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb: source: Unconfirmed 525032.crdownload.0.dr
Source:	Binary string: SAS.pdb source: AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000002.2384685220.0000000001E4D000.00000004.00000001.01000000.00000006.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Downloads\AnyDesk.exe

Unpacked PE file: 15.2.AnyDesk.exe.f20000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Source: 935c1ae5-49df-4140-b471-088bee52d1d1.tmp.0.dr	Static PE information: real checksum: 0x54879f should be: 0x621e
Source: 830a6202-601b-4973-a9bc-4caf5b50ca20.tmp.0.dr	Static PE information: real checksum: 0x54879f should be: 0xa286

Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043C668B push edx; ret	15_3_043C6638
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043C63C0 pushad ; retf	15_3_043C63E2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043C668B push edx; ret	15_3_043C6638
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043C63C0 pushad ; retf	15_3_043C63E2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE679 push eax; iretd	15_3_043DE67A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE679 push eax; iretd	15_3_043DE67A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE679 push eax; iretd	15_3_043DE67A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE679 push eax; iretd	15_3_043DE67A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEA77 push ecx; iretd	15_3_043DEA82
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEA77 push ecx; iretd	15_3_043DEA82
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEA77 push ecx; iretd	15_3_043DEA82
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEA77 push ecx; iretd	15_3_043DEA82
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DDE71 push edi; iretd	15_3_043DDE72
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DDE71 push edi; iretd	15_3_043DDE72
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DC56B push esp; retf	15_3_043DC572
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEABF push ecx; ret	15_3_043DEAE2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEABF push ecx; ret	15_3_043DEAE2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEABF push ecx; ret	15_3_043DEAE2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEABF push ecx; ret	15_3_043DEAE2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DC5B1 push esp; ret	15_3_043DC5B2
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE699 push eax; retf	15_3_043DE69A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE699 push eax; retf	15_3_043DE69A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE699 push eax; retf	15_3_043DE69A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE699 push eax; retf	15_3_043DE69A
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEC97 push ecx; retf	15_3_043DECAA
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEC97 push ecx; retf	15_3_043DECAA
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEC97 push ecx; retf	15_3_043DECAA
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DEC97 push ecx; retf	15_3_043DECAA
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DDE91 push edi; retf	15_3_043DDE92
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DDE91 push edi; retf	15_3_043DDE92
Source: C:\Users\user\Downloads\AnyDesk.exe	Code function: 15_3_043DE6D9 push eax; ret	15_3_043DE6DA

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 544	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 525032.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\AnyDesk.exe (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\935c1ae5-49df-4140-b471-088bee52d1d1.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\830a6202-601b-4973-a9bc-4caf5b50ca20.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 780313.crdownload	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 544
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 544			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Downloads\AnyDesk.exe

File opened: C:\Users\user\Downloads\AnyDesk.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory

Source: C:\Users\user\Downloads\AnyDesk.exe

Code function: 15_3_047AD42C sldt word ptr [eax]

15_3_047AD42C

Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe TID: 3612	Thread sleep time: -11990383647911201s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe TID: 7688	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe TID: 3412	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe TID: 2152	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe TID: 1244	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard

Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Downloads\AnyDesk.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor

Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: AnyDesk.exe, 0000000F.00000002.2358363342.00000000008B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: AnyDesk.exe, 00000010.00000003.1804899519.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2
Source: AnyDesk.exe, 00000011.00000003.2104085956.0000000002908000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2450622838.0000000002905000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Downloads\AnyDesk.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\AnyDesk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\AnyDesk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	421 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	21 Input Capture	411 Security Software Discovery	Remote Services	21 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	341 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	341 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	133 System Information Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
C:\Users\user\Downloads\AnyDesk.exe (copy)	0%	ReversingLabs
C:\Users\user\Downloads\Unconfirmed 525032.crdownload	0%	ReversingLabs
C:\Users\user\Downloads\Unconfirmed 780313.crdownload	0%	ReversingLabs
Chrome Cache Entry: 544	0%	ReversingLabs

Source	Detection	Scanner	Label
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/AccessDenied.aspx?correlation=7c386ea1%2D402d%2D0000%2D5773%2D00df78b30954	0%	Avira URL Cloud	safe
http://ad.session_queue.menu.open_external_urlsupporter_request_tile_tstate_icondestinationemailsepa	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/download.aspx?SourceUrl=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_api/v2.0/sites/root/lists/74463084-87e5-4e57-b11b-9820afa05836/subscriptions/socketIo?listItemIds=	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/CSPReporting.aspx	0%	Avira URL Cloud	safe
https://onedrive.dev.cloud.microsoft	0%	Avira URL Cloud	safe
https://my.anydesk.	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_api/sp.FavoriteItemCollection.GetFavoriteItems?top=500	0%	Avira URL Cloud	safe
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_api/v2.1/graphql	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	high
MRS-efz.ms-acdc.office.com	52.97.168.210	true	false	high
boot.net.anydesk.com	92.223.88.232	true	false	high
www3.l.google.com	142.250.181.46	true	false	high
mira-ooc.tm-4.office.com	40.99.70.210	true	false	high
www.google.com	142.250.181.68	true	false	high
relay-0b975d23.net.anydesk.com	89.187.179.132	true	false	high
sni1gl.wpc.sigmacdn.net	152.199.21.175	true	false	high
r4.res.office365.com	unknown	unknown	false	high
mailustabucaedu-my.sharepoint.com	unknown	unknown	false	high
m365cdn.nel.measure.office.net	unknown	unknown	false	high
tr-ooc-atm.office.com	unknown	unknown	false	high
spo.nel.measure.office.net	unknown	unknown	false	high
0de36737459e149b92dc3dc5f9409c93.fp.measure.office.com	unknown	unknown	false	unknown
translate.google.com	unknown	unknown	false	high
upload.fp.measure.office.com	unknown	unknown	false	high
config.fp.measure.office.com	unknown	unknown	false	high
tr-ooc-acdc.office.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/AccessDenied.aspx?correlation=7c386ea1%2D402d%2D0000%2D5773%2D00df78b30954	false	Avira URL Cloud: safe	unknown
https://translate.google.com/gen204?nca=te_li&client=te_lib&logld=vTE_20241215	false		high
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_api/v2.0/sites/root/lists/74463084-87e5-4e57-b11b-9820afa05836/subscriptions/socketIo?listItemIds=	false	Avira URL Cloud: safe	unknown
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/download.aspx?SourceUrl=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe	false	Avira URL Cloud: safe	unknown
https://translate.google.com/gen204?sl=es&tl=en&textlen=14&ttt=5258&ttl=3510&ttf=3699&sr=1&nca=te_time&client=te_lib&logld=vTE_20241215	false		high
https://tr-ooc-atm.office.com/apc/trans.gif?87ad23ede15ee2216ce4cb3c7ff5152b	false		high
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/CSPReporting.aspx	false	Avira URL Cloud: safe	unknown
https://mailustabucaedu-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47	false	Avira URL Cloud: safe	unknown
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1	false		unknown
https://mailustabucaedu-my.sharepoint.com/_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D	false	Avira URL Cloud: safe	unknown
https://tr-ooc-atm.office.com/apc/trans.gif?94c6d4131925d6b64a40e0c98fdd325e	false		high
https://mailustabucaedu-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	false	Avira URL Cloud: safe	unknown
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_api/v2.1/graphql	false	Avira URL Cloud: safe	unknown
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe	false		unknown
https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_api/sp.FavoriteItemCollection.GetFavoriteItems?top=500	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.anydesk.com/knowledge/account-migrationx	AnyDesk.exe, 0000000F.00000003.2350048988.0000000004789000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/users	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ad.session_queue.menu.open_external_urlsupporter_request_tile_tstate_icondestinationemailsepa	AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://order.anydesk.com/trial	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2	chromecache_652.1.dr	false		high
https://anydesk.com/update	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/privacy2	AnyDesk.exe, 0000000F.00000003.2351617091.0000000004322000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48	chromecache_582.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/my-anydesk-ii#user-management	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1904873178.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2454379574.0000000004B56000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/	AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect	AnyDesk.exe, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.2349833962.00000000043F4000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2334176466.00000000043C7000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/privacy	AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://datatracker.ietf.org/ipr/1526/	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://policies.google.com/privacy?hl=$	AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.anydesk.com	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2	chromecache_652.1.dr	false		high
https://anydesk.com/terms	AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/what-is-full-client-management	AnyDesk.exe, AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455931236.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FB9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/account-migration	AnyDesk.exe, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FEB000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/what-is-full-client-management.	AnyDesk.exe, 0000000F.00000003.2349833962.00000000043F4000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2336101389.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2334176466.00000000043C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/order	AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/contact/sales	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://my.anydesk.com/password-generator.	AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.anydesk.com/	AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/account-migration8	AnyDesk.exe, 0000000F.00000003.2348615824.0000000004789000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2348154663.0000000004789000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/status-anynet_overload	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/status-desk_rt_ipc_errorte	AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.opengl.org/registry/	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/pricing/teamsd	AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/account-migrationA	AnyDesk.exe, 0000000F.00000003.2347199507.0000000004782000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2337592679.0000000004789000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/pricing/teamse	AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/s.	AnyDesk.exe, 00000011.00000003.1904873178.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2454379574.0000000004B56000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.apache.org/licenses/	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro	AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2455999925.0000000004FED000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FEB000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://anydesk.com/pricing/teamsS	AnyDesk.exe, 0000000F.00000003.2351569373.0000000004721000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/status-desk_rt_ipc_error	AnyDesk.exe, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff	chromecache_652.1.dr	false		high
https://datatracker.ietf.org/ipr/1524/	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://my.anydesk.com/v2	AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2	chromecache_652.1.dr	false		high
https://anydesk.com/company#imprint	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff	chromecache_652.1.dr	false		high
https://my.anydesk.	AnyDesk.exe, 0000000F.00000003.2337592679.0000000004727000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2346862564.0000000004729000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://onedrive.dev.cloud.microsoft	chromecache_581.1.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/anydesk-account	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff	chromecache_652.1.dr	false		high
https://support.anydesk.com/knowledge/how-do-i-delete-my-anydesk-account	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2455931236.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004B2F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.2436763621.0000000004FB9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof	chromecache_652.1.dr	false		high
https://www.google.com/intl/$	AnyDesk.exe, AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff	chromecache_652.1.dr	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo	chromecache_652.1.dr	false		high
https://my.anydesk.com	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.anydesk.com/knowledge/security-permissions-on-macos?	AnyDesk.exe, 0000000F.00000003.2345564594.0000000004775000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2337592679.0000000004775000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2346337947.000000000474E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.2347199507.0000000004772000.00000004.00000020.00020000.00000000.sdmp	false		high
https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 0000000F.00000003.1791144243.0000000004396000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000002.2454890713.0000000004F99000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000011.00000003.1808277978.0000000004AD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w	chromecache_652.1.dr	false		high
https://microsoft.spfx3rdparty.com	chromecache_727.1.dr	false		high
https://support.anydesk.com/knowledge/waiting-for-image-black-screenh	AnyDesk.exe, 00000011.00000002.2455160470.0000000004FA0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://onedrive.live.com/_layouts/15/odcauth.aspx	chromecache_727.1.dr	false		high
https://www.nayuki.io/page/qr-code-generator-library	AnyDesk.exe, 0000000F.00000002.2375012974.000000000181B000.00000002.00000001.01000000.00000006.sdmp, AnyDesk.exe, 0000000F.00000003.1777507817.0000000002F77000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.microsoftonline.com	chromecache_727.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
89.187.179.132	relay-0b975d23.net.anydesk.com	Czech Republic	60068	CDN77GB	false
92.223.88.232	boot.net.anydesk.com	Austria	199524	GCOREAT	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.181.46	www3.l.google.com	United States	15169	GOOGLEUS	false
40.99.70.210	mira-ooc.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.97.168.210	MRS-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1576370
Start date and time:	2024-12-16 22:20:55 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.evad.win@28/512@49/9
EGA Information:	Failed
HCA Information:	Failed

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 64.233.162.84, 172.217.17.46, 2.19.198.80, 23.32.238.8, 104.121.26.245, 92.123.103.19, 92.123.102.250, 92.123.102.210, 92.123.102.218, 172.217.21.42, 217.20.58.101, 142.250.181.99, 142.250.181.74, 20.189.173.9, 142.250.181.106, 172.217.19.170, 172.217.19.234, 142.250.181.10, 142.250.181.42, 172.217.17.42, 172.217.19.202, 172.217.19.10, 142.250.181.138, 172.217.17.74, 216.58.208.234, 216.58.208.227, 13.89.179.8, 52.168.117.170, 52.113.194.132, 172.217.17.35, 142.250.181.142, 104.126.37.9, 104.126.36.248, 13.107.6.163, 104.126.36.65, 104.126.36.8, 40.99.95.242, 40.99.77.66, 52.98.46.162, 52.98.73.226, 52.98.77.66, 40.99.77.162, 52.98.80.210, 40.99.36.82, 172.217.19.206, 20.189.173.13, 92.123.102.99, 92.123.103.16, 92.123.103.106, 92.123.103.11, 92.123.102.96, 92.123.102.106, 92.123.103.107, 23.218.208.109, 52.149.20.212, 152.199.21.175, 4.175.87.197, 13.107.5.88, 40.126.53.18, 2.16.158.170
Excluded domains from analysis (whitelisted): onedscolprdwus08.westus.cloudapp.azure.com, slscr.update.microsoft.com, clientservices.googleapis.com, res-1.cdn.office.net, browser.events.data.trafficmanager.net, mobile.events.data.microsoft.com, clients2.google.com, ocsp.digicert.com, login.live.com, shell.cdn.office.net, update.googleapis.com, www.gstatic.com, onedscolprdeus13.eastus.cloudapp.azure.com, www.bing.com, ecs.office.com, e40491.dscg.akamaiedge.net, fs.microsoft.com, content-autofill.googleapis.com, e19254.dscg.akamaiedge.net, cdn-office.ec.azureedge.net, s-0005-office.config.skype.com, shell.cdn.office.net-c.edgekey.net.globalredir.akadns.net, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, onedscolprdwus12.westus.cloudapp.azure.com, s-0005.s-msedge.net, translate.googleapis.com, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net, ecs.office.trafficmanager.net, mobile.events.data.trafficmanager.net, res-2.cdn.office.net, e40491.dscd.akamaiedge.net, 201410-ipv4v6e.farm.dprodmgd108.s
Execution Graph export aborted for target AnyDesk.exe, PID 1000 because there are no executed function
Execution Graph export aborted for target AnyDesk.exe, PID 3840 because there are no executed function
Execution Graph export aborted for target AnyDesk.exe, PID 7584 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE

Simulations

Behavior and APIs

Time	Type	Description
16:22:36	API Interceptor	1x Sleep call for process: AnyDesk.exe modified

LLM Input / Output

Input	Output
URL: https://mailustabucaedu-my.sharepoint.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://mailustabucaedu-my.sharepoint.com
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script demonstrates some moderate-risk behaviors, such as dynamic code execution and external data transmission, but it appears to be part of a legitimate web worker implementation. The script fetches and evaluates a web worker script, which is a common practice. However, the use of `eval` and the lack of transparency around the fetched script's contents warrant further review to ensure there are no malicious intentions." }
(function(global) { try { (typeof markPerfStage === 'function' && markPerfStage('spWorkerInit')); const code = "self._messageEvents = []; self.onmessage = function(evt) {self._messageEvents.push(evt);}; fetch(self.location.origin + '/_layouts/15/spwebworkerproxy.ashx').then(function(rsp) {if (rsp.ok) {return rsp.text();} else {return Promise.reject({msg: 'Failed to fetch web worker script.', status: rsp.status, statusText: rsp.statusText});}}).then(function(txt) {try {eval(txt);} catch(evalErr){return Promise.reject({msg: 'Failed to eval: ' + evalErr.toString()});}}).catch(function(err) {setTimeout(function() {throw new Error(JSON.stringify(err));});});"; const blob = new Blob([code], { type: 'text/javascript' }); const blobObjUrl = URL.createObjectURL(blob); global.__spWorker = new Worker(blobObjUrl, {name: 'SP Worker'}); global.__spWorker.addEventListener('message', function(ev) { if (ev.data === 'SPWebWorker started.') { (typeof markPerfStage === 'function' && markPerfStage('spWorkerStarted')); global.__spWorkerStarted = true; URL.revokeObjectURL(blobObjUrl); } }); global.__spWorker.onerror = function(er) { if (er.message.includes('Failed to fetch web worker script') \|\| er.message.includes('Failed to eval') \|\| er.message.includes('Failed to execute')) { global.__spWorkerStarted = false; global.__spWorkerError = er.message; global.__spWorker.terminate(); delete global.__spWorker; URL.revokeObjectURL(blobObjUrl); } }; } catch(e) {}})(self);
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a configuration object for SharePoint, which is a legitimate use case. While it contains some potentially sensitive information like access tokens, this is common for SharePoint integration and does not necessarily indicate malicious behavior. The script does not exhibit any high-risk indicators like dynamic code execution or data exfiltration. Some moderate-risk indicators like external data transmission are present, but the overall context suggests this is likely a benign script used for SharePoint integration." }
var _spPageContextInfo={"ListCountLimit":0,"FieldCountLimit":0,"ClientPrefetchBehavior":0,"IsConsumerListsPaidUser":false,"IsConsumerFilesPaidUser":false,"siteDisabled":false,"isCommonDomainRequestContext":false,"webServerRelativeUrl":"/personal/stella_pabon_ustabuca_edu_co","webServerRelativeUrlLegacy":"","webAbsoluteUrl":"https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co","webAbsoluteUrlLegacy":"","viewId":"","webPropertyFlags2":0,"listId":"{74463084-87e5-4e57-b11b-9820afa05836}","listTemplateId":"","listPermsMask":{"High":48,"Low":134287360},"listUrl":"/personal/stella_pabon_ustabuca_edu_co/Documents","listUrlLegacy":"","listTitle":"Documentos","listBaseTemplate":700,"listBaseType":1,"listForceCheckout":false,"draftVersionVisibilityType":0,"thirdPartyReplyUrisUpdated":false,"ariaCollectorUrl":"https://browser.pipe.aria.microsoft.com/Collector/3.0/","secureBrokerDomainName":"securebroker.sharepointonline.com","oneDsCollectorUrl":"https://mobile.events.data.microsoft.com/OneCollector/1.0/","driveInfo":{".accessToken":"access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbWFpbHVzdGFidWNhZWR1LW15LnNoYXJlcG9pbnQuY29tQGY1N2E1OTQ5LTM3MzgtNDFlZi1hODZlLTAwNDkwYzA4Y2NiNSIsImlzcyI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCIsIm5iZiI6MTczNDM4NDA5NiwiZXhwIjoxNzM0NDA1Njk2LCJpc2xvb3BiYWNrIjoiVHJ1ZSIsIm5hbWVpZCI6IjAjLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzkiLCJuaWkiOiJtaWNyb3NvZnQuc2hhcmVwb2ludCIsImlzdXNlciI6InRydWUiLCJjYWNoZWtleSI6IjBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzkiLCJ0dCI6IjAiLCJ1c2VQZXJzaXN0ZW50Q29va2llIjoiMiJ9.FMGZU-w4Tc2JBo3Ex-ZhAdtEovS95xagbGq87OkFEKk\u0026prooftoken=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAKiIsImlzcyI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEAqIiwibmJmIjoiMTczNDMyMTgyMyIsImV4cCI6IjE3MzQ5MjY2MjMiLCJwcmYiOiJTWmJEVzRvQ2ltOFlITTNPTUhSOWxIUHhMbVRzVlMxT1ptREdxMGJtYjdLRGVGeUswSkc0YXRNMVJMKzY0Y0N0STZhNkRVMnBtR0UxY2xQTUtqTUZxRFo5cjA0bG9yMDNKK2RrMEl4anZFMGpSV0lRUkhhL3F1Y051OHViVnFkYkc4T1BGWEFhMEs5RElrNEZ3aDMyZHlzb1psV3Q4dnBDSGpHcEl3Skc2NTNQTUVXcDRGZnlKaVJFQUxEMXh0SWV1Q0w5NkJGSzVValFhUnRjV3RjQVA0OXhFTkUxZjVhQTlrVHpWMkZBMzZSVTZWMzVuQm1id1ExUXowM2NxRHJKa01veXdIaitYb1dVNy9hbUg2TDJGV0FwU3pwYUxyVzZHbnYwU0hsUlFIa0dndThNeVZqQVROYlhnS1pTb1JiMnVOSUhTMFF6K3dhb05Gajd0UDlvaFE9PSIsImlzdXNlciI6InRydWUiLCJmaWQiOiIyMDE0MTAifQ.NAR5iLxcua1ZJwYGYyNFhCwb9dqFgVnklD6h2snnNutN2Cy5GO9YlHUZuUVdDjKdWwc9LEy4nq-vHORoPdyeQVaPQN609xgX4sWOcQsbPSA2Ow8pezN4ktSyA24RSNH7QRcMXmJJ6SsluTBDD4nM3U75mmcHVKFKSYH99nbY_KSFTAHBvF9vMAlGwXBENzBjCXGcIQiC-zF_M47Yd9dzrNoIRkLxsyqSfXw9mrrrZwko94mF7vsmUxqZyWu3kOcqkI-eEsN7wA51A8WtZH6bUs3FlakhYfPGpakNqjR4OX0yvbbGaWcb0RlzOQ9JjU-C5dp9RVGL6Ctn1L9RRihs-A",".driveUrl":"https://mailustabucaedu-my.sharepoint.com/_api/v2.0/drives/b!771Nw-hAOEayF22yzfj9W7h_l4qL2F5BhrInUw8hAguEMEZ05YdXTrEbmCCvoFg2",".driveAccessToken":"access_token=v1.eyJzaXRlaWQiOiJjMzRkYmRlZi00MGU4LTQ2MzgtYjIxNy02ZGIyY2RmOGZkNWIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbWFpbHVzdGFidWNhZWR1LW15LnNoYXJlcG9pbnQuY29tQGY1N2E1OTQ5LTM3MzgtNDFlZi1hODZlLTAwNDkwYzA4Y2NiNSIsImV4cCI6IjE3MzQ0MDU2OTYifQ.CiMKCXNoYXJpbmdpZBIWRFhxYVpHMUVhMDJ5L3lBTEhLMVpsQQoJCgRzbmlkEgE5EgsImrn1_bSIzz0QBRoMOC40Ni4xMjMuMTg5IhRtaWNyb3NvZnQuc2hhcmVwb2ludCosdXlaL1pJTUhvSjEra2N2dngyaTdweWFwM2tUbmV6NUlIMkJPS0VMOUF2bz0wfTgBQhChbjhe2NAAAFdzCKo77meJShBoYXNoZWRwcm9vZnRva2VuYgR0cnVlcmEwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiM2OWNiZTQ3YTc2NzQ0ZjM3Nzk5ZjkzMTdmZmJlYzRiYTllZjEwYTdiNWJkOTVlNTlhNjhlMzJmMmQ1MDNmY2M5egEwwgFhMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOcgBAQ.AnJLoluX4-J5btMo_X0AHQ_HvhNFLOEMYCzG9CGVB7A",".driveAccessTokenV21"
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a configuration object for SharePoint, containing various properties related to the user's context and environment. While it includes some potentially sensitive information like access tokens, the overall behavior seems to be related to legitimate SharePoint functionality and does not exhibit any high-risk indicators. The script is likely used for internal SharePoint operations and does not pose a significant security risk." }
var _spPageContextInfo={"ListCountLimit":0,"FieldCountLimit":0,"ClientPrefetchBehavior":0,"IsConsumerListsPaidUser":false,"IsConsumerFilesPaidUser":false,"siteDisabled":false,"isCommonDomainRequestContext":false,"webServerRelativeUrl":"/personal/stella_pabon_ustabuca_edu_co","webServerRelativeUrlLegacy":"","webAbsoluteUrl":"https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co","webAbsoluteUrlLegacy":"","viewId":"","webPropertyFlags2":0,"listId":"{74463084-87e5-4e57-b11b-9820afa05836}","listTemplateId":"","listPermsMask":{"High":48,"Low":134287360},"listUrl":"/personal/stella_pabon_ustabuca_edu_co/Documents","listUrlLegacy":"","listTitle":"Documentos","listBaseTemplate":700,"listBaseType":1,"listForceCheckout":false,"draftVersionVisibilityType":0,"thirdPartyReplyUrisUpdated":false,"ariaCollectorUrl":"https://browser.pipe.aria.microsoft.com/Collector/3.0/","secureBrokerDomainName":"securebroker.sharepointonline.com","oneDsCollectorUrl":"https://mobile.events.data.microsoft.com/OneCollector/1.0/","driveInfo":{".accessToken":"access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbWFpbHVzdGFidWNhZWR1LW15LnNoYXJlcG9pbnQuY29tQGY1N2E1OTQ5LTM3MzgtNDFlZi1hODZlLTAwNDkwYzA4Y2NiNSIsImlzcyI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCIsIm5iZiI6MTczNDM4NDExOSwiZXhwIjoxNzM0NDA1NzE5LCJpc2xvb3BiYWNrIjoiVHJ1ZSIsIm5hbWVpZCI6IjAjLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzkiLCJuaWkiOiJtaWNyb3NvZnQuc2hhcmVwb2ludCIsImlzdXNlciI6InRydWUiLCJjYWNoZWtleSI6IjBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzkiLCJ0dCI6IjAiLCJ1c2VQZXJzaXN0ZW50Q29va2llIjoiMiJ9.Kdo8iSht6VgYRIs8yTqUwl-i2mSUA5SGpwx6qF1xAJI\u0026prooftoken=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InVYZWhRSlBsZVZqTkNiYWtVaEdENkl5RlFRayJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAKiIsImlzcyI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEAqIiwibmJmIjoiMTczNDMyODI5MCIsImV4cCI6IjE3MzQ5MzMwOTAiLCJwcmYiOiJVdTdoQ0ZFMyt3UC9RSWM3ZVM2RlR1Z3JSb2pPYUN1TzRnZzZUUC8xR0JzRVlLaFJvNUpmdzN6NFR1ZUdmYXE2T2M4MzRLK01jcWNLeTZ5TGxZbW5ZeXh2Q0dZMDErdWlhdEtQeXNWcU1OQ1NxNkZUZFNJOVV2MTFiVnNoNmo3Q29CdDgrSGtubjJyazBtZzB5VVZOV2ZiS0pFeU1kb29raG1sUGNRblJ6YkpMMEZpSFN4NXV0VU1ic0s3ZnllSjdUOXFObHd6VEMyRHBrQWJVdC8wOEYwZ3FCUUl1aTUyUVFYaEFIOHpjZ1BUQWY3amU2K3R4OXBkcXdaOWdTUTlaVC9BMnBMalorNXh0QXdWbm0vbGhoU2VKLzZHSDkzWFUwdnpISHBuTEErZ3B4WDg4WW5UL2R2T3kwWlQxZXJycmExdEdiK1I5ME9oNW51MHlZYmxRRVE9PSIsImlzdXNlciI6InRydWUiLCJmaWQiOiIyMDE0MTAifQ.R3d3W6b0Q-ipNTRUCpdnZmcGLwEBh7-M9cPBPsoDQ8g8IaBNToAWe5eiw-IVLRf_-79A8Hi2Cr9ewIHG7NtVwdhCI0Hxhh8_QHwQgv01tESMbyLhxts_jHUFBm5oxSiAUkkXjru9V2jIl1WoR5bazsWXQqA4MuqlzmEWj_wR0Hjv6ly6Q3ADlZ_28i9Jy84a-HvOI1_nnLf8GMOCp_O7LFT73f8RCuhpS3ZHlVVh6JaBoeSUR7LRT1xCrt1zL4hlU4n1rJNlIAlwCUZdPWASW4ngwW_go-vt9LLc-1mHjta-HsY5LK-gi88-DIFtEnq85qeMp12OfUDRqyLvICqEHQ",".driveUrl":"https://mailustabucaedu-my.sharepoint.com/_api/v2.0/drives/b!771Nw-hAOEayF22yzfj9W7h_l4qL2F5BhrInUw8hAguEMEZ05YdXTrEbmCCvoFg2",".driveAccessToken":"access_token=v1.eyJzaXRlaWQiOiJjMzRkYmRlZi00MGU4LTQ2MzgtYjIxNy02ZGIyY2RmOGZkNWIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbWFpbHVzdGFidWNhZWR1LW15LnNoYXJlcG9pbnQuY29tQGY1N2E1OTQ5LTM3MzgtNDFlZi1hODZlLTAwNDkwYzA4Y2NiNSIsImV4cCI6IjE3MzQ0MDU3MTkifQ.CiMKCXNoYXJpbmdpZBIWRFhxYVpHMUVhMDJ5L3lBTEhLMVpsQQoJCgRzbmlkEgE5EgsI1tCC2baIzz0QBRoMOC40Ni4xMjMuMTg5IhRtaWNyb3NvZnQuc2hhcmVwb2ludCosdXlaL1pJTUhvSjEra2N2dngyaTdweWFwM2tUbmV6NUlIMkJPS0VMOUF2bz0wfTgBQhChbjhkc8AAAFdzDT5eqWAQShBoYXNoZWRwcm9vZnRva2VuYgR0cnVlcmEwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiM2OWNiZTQ3YTc2NzQ0ZjM3Nzk5ZjkzMTdmZmJlYzRiYTllZjEwYTdiNWJkOTVlNTlhNjhlMzJmMmQ1MDNmY2M5egEwwgFhMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOcgBAQ.jV4vUHABms0KNIymrFFlWVnti3zQTzTlZKnYN-tOb8c",".driveAccessTokenV21"
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a performance measurement utility, which is a common and legitimate practice. It uses the `window.performance.now()` or `Date.now()` methods to record timestamps for various performance stages, and optionally calls `window.performance.mark()` to create performance marks. This functionality is typically used for monitoring and optimizing web application performance, and does not exhibit any high-risk behaviors." }
if(!spfxPerfMarks){var spfxPerfMarks = {};} var markPerfStage=function(key) {if(window.performance && typeof window.performance.now === 'function'){spfxPerfMarks[key]=window.performance.now();} else{spfxPerfMarks[key]=Date.now();} if (window.performance && typeof window.performance.mark === 'function') {window.performance.mark(key);}};
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Office 365 Shell, which is a common component used in Microsoft Office web applications. The code sets up several promises related to the shell's loading and rendering, and it configures the shell's appearance and behavior. While the code uses some dynamic techniques like `Promise` and `window` variables, these are common practices in modern JavaScript development and do not indicate any inherent security risks. The script seems to be focused on rendering the Office 365 suite navigation, which is a standard functionality. Overall, the code exhibits low-risk indicators and appears to be a benign implementation of a well-known Microsoft component." }
window.o365ShellLoadPromiseResolve = undefined; window.o365ShellLoadPromiseReject = undefined; window.o365ShellRenderPromiseResolve = undefined; window.o365ShellRenderPromiseReject = undefined; window.o365ShellPostRenderPromiseResolve = undefined; window.o365ShellPostRenderPromiseReject = undefined; window.o365ShellLoadPromise = new Promise(function (loadResolve, loadReject) { window.o365ShellLoadPromiseResolve = loadResolve, window.o365ShellLoadPromiseReject = loadReject }); window.o365ShellRenderPromise = new Promise(function (renderResolve, renderReject) { window.o365ShellRenderPromiseResolve = renderResolve, window.o365ShellRenderPromiseReject = renderReject }); window.o365ShellPostRenderPromise = new Promise(function (prResolve,prReject) { window.o365ShellPostRenderPromiseResolve = prResolve, window.o365ShellPostRenderPromiseReject = prReject });var executeSuiteNav = function () {var suiteNavPlaceholder = document.createElement('div');suiteNavPlaceholder.id = 'SuiteNavPlaceholder';suiteNavPlaceholder.style = "min-height: 48px";document.body.insertBefore(suiteNavPlaceholder, document.body.firstChild);if (window.o365ShellScriptLoadError) {o365ShellLoadPromiseReject(window.o365ShellScriptLoadError);o365ShellRenderPromiseReject(new Error('SuiteNavLoadError'));o365ShellPostRenderPromiseReject(new Error('SuiteNavLoadError'));return; }o365ShellLoadPromiseResolve();var themeData = { Primary: 'transparent', AppName: '#424242', DefaultText: '#424242', DefaultBackground: 'transparent', HoverText: '#0F6CBD', HoverBackground: '#EBEBEB', SelectedText: '#0F6CBD', SelectedBackground: '#E0E0E0', PressedText: '#115EA3', PressedBackground: '#D6D6D6', SearchBoxBackgroundActive: '#FFFFFF', SearchBoxBackgroundInactive: '#FFFFFF' };var searchQueryViewParam = window.location.search.substring(1).split('&').filter(function (s) { return s.indexOf('q=')===0; })[0]; var searchQuery = searchQueryViewParam ? decodeURIComponent(searchQueryViewParam.substring(2)) : ''; (typeof markPerfStage === 'function' && markPerfStage('suiteNavRenderAsyncStart'));O365Shell.RenderAsync({top: 'SuiteNavPlaceholder', layout: 'Mouse', enableSearchUX: false, initialSearchUXVisibility: false, initialSearchUXPlaceholderText: 'Buscar', initialSearchUXSearchText: searchQuery, enableDelayLoading: true, collapseO365Settings: false, disableDelayLoad: false, disableShellPlus: false, isThinHeader: true, enableLegacyResponsiveBehavior: false, expectSearchBoxSettings: true, darkAccent: '#82C7FF', shellAuthProviderConfig: { type: 'webAadWithMsaProxy', login_Hint: 'urn:spo:anon#69cbe47a76744f37799f9317ffbec4ba9ef10a7b5bd95e59a68e32f2d503fcc9', appSignInUrl: 'https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive', appSignOutUrl: 'https:\u002f\u002fmailustabucaedu-my.sharepoint.com\u002fpersonal\u002fstella_pabon_ustabuca_edu_co/_layouts/15/SignOut.aspx', appSwitchUrl: 'https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive', appSwitchToUrl: function(params) { var n = params && params.nextAccount; if(!n) { return ''; } return (!n.type \|\| n.type.toLowerCase() === 'aad' ? 'https://www.office.com/login?ru=%2Flaunch%2Fonedrive' : 'https://onedrive.live.com/?gologin=1') + (n.memberName ? '&login_hint=' + encodeURIComponent(n.memberName) : ''); }, aad: { appId: '00000003-0000-0ff1-ce00-000000000000', wreply: 'https:\u002f\u002fmailustabucaedu-my.sharepoint.com\u002f_forms\u002fdefault.aspx' }, msa: { siteId:'250206', wreply: 'https:\u002f\u002fmailustabucaedu-my.sharepoint.com\u002f_forms\u002fdefault.aspx' } }, shellDataOverrides: {AccountSwitchingEnabled: true,DisableMASTPopup: true,RoundedCornersSearchBoxEnabled: true, }, supportShyHeaderMode: true, shyHeaderActivationHeight:480, initialRenderData: {
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a fallback mechanism for loading a critical script for the Office 365 suite navigation. It listens for the 'load' and 'error' events on the 'SuiteNavShellCore' element, and if an error occurs, it dynamically creates a new script element and appends it to the document head. This behavior is likely a legitimate part of the Office 365 application and does not demonstrate any high-risk indicators. The script is interacting with known, trusted domains (e.g., 'shell.cdn.office.net') and is not exhibiting any suspicious or malicious activities." }
window.document.getElementById('SuiteNavShellCore').addEventListener('load', function() { (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptAsyncEnd')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoaded = true; });window.document.getElementById('SuiteNavShellCore').addEventListener('error', function() { var scriptElem = document.getElementById('SuiteNavShellCore'); scriptElem.parentNode.removeChild(scriptElem); var newScript = document.createElement('script'); newScript.setAttribute('type', 'text/javascript'); newScript.setAttribute('id', 'SuiteNavShellCore'); newScript.setAttribute('src', 'https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell'); newScript.setAttribute('crossorigin', 'anonymous'); newScript.async = true; newScript.addEventListener('load', function() { (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptAsyncEnd')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoaded = true; }); newScript.addEventListener('error', function() { window.o365ShellScriptLoadError = arguments[0]; (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptError')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoadError = true; }); document.head.appendChild(newScript); });
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a configuration object for the 'FabricConfig' and '__odsp_culture' variables. It also includes a set of SRI (Subresource Integrity) hashes for various resources. While the snippet contains some potentially sensitive information, such as the culture setting and SRI hashes, there are no clear indicators of high-risk behaviors like dynamic code execution, data exfiltration, or malicious redirects. The script seems to be related to a legitimate web application or framework, and the observed behaviors are consistent with typical configuration and resource management tasks. Therefore, the overall risk score is assessed as low." }
var g_responseEnd = new Date().getTime();window.performance && performance.mark('EUPL.W3CResponseEnd');window['FabricConfig'] = { fontBaseUrl: ''};window['__odsp_culture'] = 'es';window['__odspSriHashes'] = {"0":"sha256-VMwr0YOO7PLF8xJ+nA9JYkWs45sZpe1vTnzDaRAWyz0=","1":"sha256-JClbcvMa8qwvGmgYVp9AT1RzKYns5UQp4s3JqlsJBxw=","2":"sha256-Kyco/DmXedlIohdFf6ML1l62Ttepdis2Z5XXRKhwMOA=","3":"sha256-eFp1vFunfGFlMmKIN34YNaRusYWRL1SiaJhWf9uivHU=","4":"sha256-2vWIp7aP9NGQiBrMsO3j3wSc+cxT4wbF3jhGkt2nDs4=","5":"sha256-wCJIZYBFtImmLb05uvpYELaXybwrhpv78vazHp5Gfsc=","6":"sha256-37P/DyEUuxrvUpbcZGxiQiUAZlWGtyf1bNjiUSHkoUE=","7":"sha256-4rj/q2L3TIXtC2KsWZ50xW+raLxB5RUgGsnvkpwMpgQ=","8":"sha256-gy20r3mtjYnOZisXfSnJxqCTBbxXuG674VnnK4o5mtY=","9":"sha256-hiiCFiyrjEwXwqICiAPZMLe68dYQ0C7V6XUTCX84Uoc=","10":"sha256-t95DBXh2fE9NeoZfZANZx5ZCCkZh5bYaSp/I5xplDao=","11":"sha256-SeiqZtQSu5r91vVHKGcBoLo8VWgl6ts+WS4PZ07rpYQ=","12":"sha256-zWJp1WjpeHd8aemvncfd82kxl/82tFFPKqBVPAefEZg=","13":"sha256-PjvtaAjiu71t9So7i2+8bZiqu51+Mf7scbc9WRgquQc=","14":"sha256-aMpJ9Xsj8G97qdWbu4IQYI1NdHHwrGiTi61DgO/92Sk=","15":"sha256-ItNKrHW2G88NJE5xt5MdjLZii0KFey87S9W2kX8GaOs=","16":"sha256-vkyK2J8vSEjGIL6yhiZicyzDo+f3sSym8esc7emhn0I=","17":"sha256-W+336/FhnBZxNaHuguVjQBS+M8I4CfuUFIYQouOqQbU=","18":"sha256-Ff4EdOrhbnfySkF+S89zpDOOqDuxh86+tsA6mqoW20I=","19":"sha256-I1oYYpy4Q1HthISdICiL2SBgTLbsC7rQjKYInDzQBBQ=","20":"sha256-iL/2p4lkFW1bJ8BZ9HODRj0MVjWtA7YT1O1mIx3FNrA=","21":"sha256-0imh24rrcETnn8qGEmNfIwvx3N0DR1mRBW/UvokaJI4=","22":"sha256-SA5A7fAFBKLTam4brBTFvXlHIo4+QGIcUtZN+BIYBT8=","23":"sha256-qdmv89NaDipMf+e0/uhRMxur0QO8icn2KCEP9aK7R4c=","24":"sha256-bl62KQas6BEkBAdE/+Zww+ysw0+s9Ixra5fzu4alugY=","25":"sha256-CN0fzCjhZQuuE9vJnHo4KKMhL4Ep2RFJQzz86rISNvg=","26":"sha256-jjixr2hO42UNdTST3a+kB/7mBGyeJwedGXTmq2Vum6Y=","27":"sha256-fH8FecjMnV18p83jfqmKye7MJbj66+AOCGDPf1fkSAs=","28":"sha256-+IhAWmf/dDqeRHFF4i1CuGUyO1v/tfmbFdIaRnTO0gc=","29":"sha256-vavDhHWd7W/WR6Gmitck0FLYt4eMn3VXgFuHfL9I/60=","30":"sha256-B8uIyMUzHqWhYwmeBkqLnBQI/obPCHIzSqmUOaonOh4=","31":"sha256-LVqUIwp/56K8Xf5lgruW+xDfGXt3YICUeyhLR6Hd8+Y=","32":"sha256-1BSzP/8xja1rXWO/mZQeeeYJoNnoiVeXGHqMNYVyjQU=","33":"sha256-4xvqkqQ42+Vde7ACtapj8kaGfyLr+RL0Xu0opnofJn0=","34":"sha256-I0iQkfG0Z2cek9cCGmLSH9IzHUvyIiGVJ7vEGevxC1U=","35":"sha256-a/kZY1nvl6ZeyzM+4U9y+nacaiPHPduzdLzyBoMZK44=","36":"sha256-88iPIChI4+yyyQiXMXRjXmSlWs0re/99WmoNCJWRGoU=","37":"sha256-2V5DDnGweDmGW8mohihtgOk1xoCa3sabUuSk2Z3C9g4=","38":"sha256-aHPQjK81Lr/a1PgKyFcDoryEptXOdNitoBaZvFNqivY=","39":"sha256-+sPQnkb6lXpreg5vfhkX0ayDDYGdy1R5tAWstsQTgfo=","40":"sha256-RD6n3s+PPGlQDIPX+oK7q6Ot2QKv9BN+VVKL7YJAFVM=","41":"sha256-IMk8yQqduMklZS3s1ofsXJx2KPLfx78G54iNGL93zlM=","42":"sha256-Lz6CacBdEYzbKSnr1HCvqNBHHSnPCds/pd6mW4LBHUo=","43":"sha256-Oh/xpwhNvpxJURj7rTX6HeGLY9tRVJ9/aERINiue/ZY=","44":"sha256-EPb5TKYlwFGCvdN3L72rnC4aDikej8O4WIpQZy6vaUE=","45":"sha256-6K0kxJHHyu1in0U+jwHbEQ6swGE9xPnEdW2Dh6T4lNw=","46":"sha256-DSQ6i7DL6kwrh4wgStC/+gL8suY5kcMnWxq10YQkDII=","47":"sha256-5M0K1dl8Qf+e8qrq2vJwL0N21fgOfCn5HxIMGyDiNgU=","48":"sha256-fyYdcl4z8xRPXooLzh5v6Zl881iRXdeu0+880u0JiHc=","49":"sha256-+J8+lXMpSBbiqvg9D6cglvNV3LAe0gX2hzKKPkM88Kk=","50":"sha256-yx8u3kJheSv6k4xB5Iz8gFEeqS1atGgDsrOtIAffENU=","51":"sha256-uT0Tmv9hSk4udQ7L8qRrsH9M8Zi7BWfmwL7ekcBfkco=","52":"sha256-+aAW7xLYDLgGqd2/r0FDtYPSN6dr7GBW1FMiK5fj484=","53":"sha256-NLcrJSvCeCCL1/jvQlxXex371dDQxWHGV4IIb8oR4rk=","54":"sha256-YiYAat6WBoXGaPVGdm7r5oFaWLlqe2Kr3NDzyCUfKg4=","55":"sha256-VDkvMQCaYvCPUNsVaKqP7ocSOiT2rVnw/T5cfY+Eabg=","56":"sha256-EZvJuaXER2Y4FaOpm4k4uhhpiIB0Z4tQxRH4s3bxyEc=","57":"sha256-Y8iASJQV54TJQFy7OySvJWQbEU93cSdziQaJShhbz+Y=","58":"sha256-0i+gOlqIpgl7qSRS3/Q7wzKL4+v0izRw4SkjnANuWrc=","59":"sha256-9ekGo63aSFlwGMUDVRd++nRhCoW4aMmD/Ix3au5WcoM=","60":"sha256-TWclcI7xUfrVaNRA0JMkscxJ3ZyblKPnhA0BqIudw9c=","61":"sha256-MRWX15G0yBo/uPmnLH/wmJo7hjoakjklt4kTMJbkLDw=","62":"sha256-NLYKAijPWbkxa7OuOuG1FCWdIht6JtKS3IBVJ8mHrn8=","63":"sha256-3StmDhCmQivVrn3s40aZnvhk24zPbSpHuFupUCRVfCE=","64":"sha256-8LW6dWquLEXLJ6v
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Office 365 Shell, which is a common component used in Microsoft's web applications. The code sets up several Promise objects to handle the loading and rendering of the suite navigation, and it also configures the theme data for the navigation. While the code uses some dynamic techniques like `createElement` and `insertBefore`, these are common practices for rendering UI components and do not indicate any malicious intent. The script does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. Overall, this script seems to be a benign implementation of a standard Office 365 feature." }
window.o365ShellLoadPromiseResolve = undefined; window.o365ShellLoadPromiseReject = undefined; window.o365ShellRenderPromiseResolve = undefined; window.o365ShellRenderPromiseReject = undefined; window.o365ShellPostRenderPromiseResolve = undefined; window.o365ShellPostRenderPromiseReject = undefined; window.o365ShellLoadPromise = new Promise(function (loadResolve, loadReject) { window.o365ShellLoadPromiseResolve = loadResolve, window.o365ShellLoadPromiseReject = loadReject }); window.o365ShellRenderPromise = new Promise(function (renderResolve, renderReject) { window.o365ShellRenderPromiseResolve = renderResolve, window.o365ShellRenderPromiseReject = renderReject }); window.o365ShellPostRenderPromise = new Promise(function (prResolve,prReject) { window.o365ShellPostRenderPromiseResolve = prResolve, window.o365ShellPostRenderPromiseReject = prReject });var executeSuiteNav = function () {var suiteNavPlaceholder = document.createElement('div');suiteNavPlaceholder.id = 'SuiteNavPlaceholder';suiteNavPlaceholder.style = "min-height: 48px";document.body.insertBefore(suiteNavPlaceholder, document.body.firstChild);if (window.o365ShellScriptLoadError) {o365ShellLoadPromiseReject(window.o365ShellScriptLoadError);o365ShellRenderPromiseReject(new Error('SuiteNavLoadError'));o365ShellPostRenderPromiseReject(new Error('SuiteNavLoadError'));return; }o365ShellLoadPromiseResolve();var themeData = { Primary: 'transparent', AppName: '#424242', DefaultText: '#424242', DefaultBackground: 'transparent', HoverText: '#0F6CBD', HoverBackground: '#EBEBEB', SelectedText: '#0F6CBD', SelectedBackground: '#E0E0E0', PressedText: '#115EA3', PressedBackground: '#D6D6D6', SearchBoxBackgroundActive: '#FFFFFF', SearchBoxBackgroundInactive: '#FFFFFF' };var searchQueryViewParam = window.location.search.substring(1).split('&').filter(function (s) { return s.indexOf('q=')===0; })[0]; var searchQuery = searchQueryViewParam ? decodeURIComponent(searchQueryViewParam.substring(2)) : ''; (typeof markPerfStage === 'function' && markPerfStage('suiteNavRenderAsyncStart'));O365Shell.RenderAsync({top: 'SuiteNavPlaceholder', layout: 'Mouse', enableSearchUX: false, initialSearchUXVisibility: false, initialSearchUXPlaceholderText: 'Buscar', initialSearchUXSearchText: searchQuery, enableD
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be related to rendering the Office 365 suite navigation, which is a legitimate functionality. It sets up several Promise objects to handle the loading and rendering of the suite navigation, and it also defines some theme data for the navigation. While it uses some dynamic code execution techniques, such as creating a new `Promise` object, this is a common practice in modern JavaScript development and does not necessarily indicate malicious intent. The script does not exhibit any high-risk behaviors, such as data exfiltration or redirects to suspicious domains. Overall, this script seems to be part of a legitimate Office 365 application and poses a low risk." }
window.o365ShellLoadPromiseResolve = undefined; window.o365ShellLoadPromiseReject = undefined; window.o365ShellRenderPromiseResolve = undefined; window.o365ShellRenderPromiseReject = undefined; window.o365ShellPostRenderPromiseResolve = undefined; window.o365ShellPostRenderPromiseReject = undefined; window.o365ShellLoadPromise = new Promise(function (loadResolve, loadReject) { window.o365ShellLoadPromiseResolve = loadResolve, window.o365ShellLoadPromiseReject = loadReject }); window.o365ShellRenderPromise = new Promise(function (renderResolve, renderReject) { window.o365ShellRenderPromiseResolve = renderResolve, window.o365ShellRenderPromiseReject = renderReject }); window.o365ShellPostRenderPromise = new Promise(function (prResolve,prReject) { window.o365ShellPostRenderPromiseResolve = prResolve, window.o365ShellPostRenderPromiseReject = prReject });var executeSuiteNav = function () {var suiteNavPlaceholder = document.createElement('div');suiteNavPlaceholder.id = 'SuiteNavPlaceholder';suiteNavPlaceholder.style = "min-height: 48px";document.body.insertBefore(suiteNavPlaceholder, document.body.firstChild);if (window.o365ShellScriptLoadError) {o365ShellLoadPromiseReject(window.o365ShellScriptLoadError);o365ShellRenderPromiseReject(new Error('SuiteNavLoadError'));o365ShellPostRenderPromiseReject(new Error('SuiteNavLoadError'));return; }o365ShellLoadPromiseResolve();var themeData = { Primary: 'transparent', AppName: '#424242', DefaultText: '#424242', DefaultBackground: 'transparent', HoverText: '#0F6CBD', HoverBackground: '#EBEBEB', SelectedText: '#0F6CBD', SelectedBackground: '#E0E0E0', PressedText: '#115EA3', PressedBackground: '#D6D6D6', SearchBoxBackgroundActive: '#FFFFFF', SearchBoxBackgroundInactive: '#FFFFFF' };var searchQueryViewParam = window.location.search.substring(1).split('&').filter(function (s) { return s.indexOf('q=')===0; })[0]; var searchQuery = searchQueryViewParam ? decodeURIComponent(searchQueryViewParam.substring(2)) : ''; (typeof markPerfStage === 'function' && markPerfStage('suiteNavRenderAsyncStart'));O365Shell.RenderAsync({top: 'SuiteNavPlaceholder', layout: 'Mouse', enableSearchUX: false, initialSearchUXVisibility: false, initialSearchUXPlaceholderText: 'Buscar', initialSearc
URL: https://mailustabucaedu-my.sharepoint.com/personal... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate function that executes a suite navigation feature once, with checks to ensure it is not executed multiple times or in certain specific scenarios. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily focused on managing the execution of the suite navigation functionality, which is a common and expected behavior in web applications. While the script uses some legacy practices like `window.location.search.substring(1).split('&')`, these are low-risk indicators and do not raise significant security concerns. Overall, the script seems to be part of a larger application and does not demonstrate any malicious intent or high-risk activities." }
window.executeSuiteNavOnce = function () { if (!window.hasSuiteNavExecuted && !!window.O365Shell) { (typeof markPerfStage === 'function' && markPerfStage('executeSuiteNavOnceStart')); var params = window.location.search.substring(1).split('&') \|\| []; var shouldExecuteSuiteNav = true; shouldExecuteSuiteNav &= params.indexOf('p=2') === -1; shouldExecuteSuiteNav &= params.indexOf('p=12') === -1; shouldExecuteSuiteNav &= params.indexOf('cl=true') === -1; shouldExecuteSuiteNav &= params.filter(function (x) { return x.indexOf('parent') === 0; }).length === 0 \|\| params.indexOf('p=5') !== -1; try { shouldExecuteSuiteNav &= window.parent === window \|\| window.parent.g_enableSuiteNavInIframe === true; } catch(err) { shouldExecuteSuiteNav = false; } if (shouldExecuteSuiteNav) { executeSuiteNav(); window.hasSuiteNavExecuted = true; } (typeof markPerfStage === 'function' && markPerfStage('executeSuiteNavOnceEnd')); window.isSuiteNavDisabled = !window.hasSuiteNavExecuted; } } executeSuiteNavOnce();
URL: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FD Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Hmm... parece que no podemos obtener una vista previa de este archivo.", "prominent_button_name": "Abrir", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": true }

URL: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FD Model: Joe Sandbox AI	{ "brands": [ "AnyDesk" ] }
	{ "brands": [ "AnyDesk" ] }
URL: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FD Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Hmm... it seems we can't preview this file.", "prominent_button_name": "Open", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": true }

URL: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FD Model: Joe Sandbox AI	{ "brands": [ "AnyDesk" ] }
	{ "brands": [ "AnyDesk" ] }

Process:	C:\Users\user\Downloads\AnyDesk.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	44289
Entropy (8bit):	4.325414181402032
Encrypted:	false
SSDEEP:	384:P2mwLn6bMsNAl9M+V+dy02zV00nI31YJZbo92u76LRpZPG:7wL62ZlH/KKJZbowG
MD5:	6E072D421590C1439EF49AA130C39664
SHA1:	8BF4BC3B6D11746A3B486E8359BE7A32430A49AE
SHA-256:	90103B544CDA9A16FB61D694F3DC76ABCC6B85A316297C6A09B67153879D6480
SHA-512:	3607575BCBD01AD94D8C6A76FB02577BA05A288829D560AD7C57BC32579919DB26926E927D6A418798B7B2F8B3587877336ED42134DBE04FA2641B666D7EC27E
Malicious:	false
Reputation:	low
Preview:	* * * * * * * * * * * * * * * * * .. info 2024-12-16 21:22:33.232 front 7584 7604 main - AnyDesk Windows Startup .. info 2024-12-16 21:22:33.232 front 7584 7604 main - Version 9.0.1 (release/win_9.0.1 812047892bb64d24b504db1001e7af3aaab7eb1f).. info 2024-12-16 21:22:33.232 front 7584 7604 main - * Checksum a0a1757c53d4cdc207fef3db719fb95b.. info 2024-12-16 21:22:33.232 front 7584 7604 main - * Build 20241204163837.. info 2024-12-16 21:22:33.232 front 7584 7604 main - * Copyright (C) 2024 AnyDesk Software GmbH *.. info 2024-12-16 21:22:33.232 front 7584 7604 main - .. info 2024-12-16 21:22:33.232 front 7584 7604 main - Command Line params: "C:\Users\user\Downloads\AnyDesk.exe

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: mailustabucaedu-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: translate.google.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: boot.net.anydesk.com
Source: global traffic	DNS traffic detected: DNS query: relay-0b975d23.net.anydesk.com
Source: global traffic	DNS traffic detected: DNS query: 0de36737459e149b92dc3dc5f9409c93.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-acdc.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 20:21:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9907576254831443
Encrypted:	false
SSDEEP:	48:8HPjdoT97KnHsWidAKZdA1JehwiZUklqehqy+3:8HPCkMIpy
MD5:	BC31BB04A28FEE2CC9C18556B3959298
SHA1:	2978979AEDAC0D25046E3C8D3B3C4D408873F7E5
SHA-256:	4609520C13326657356FDB2316CA2E90111BF93ECF72CB133D102C05D62393D3
SHA-512:	891710217D9F508008CB67AE30870B765EBB684689C325930EF6852CBF7E57AE28B6FFF2EB73CD16A629F71DD1B2477DC75F59A3EE77026354485B072D136BDF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....o.t{.P......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8}.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 22:21:32.731657028 CET	53	65421	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:32.791656971 CET	53	65496	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:33.315489054 CET	60446	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:33.315741062 CET	61051	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:35.565135002 CET	53	55216	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:36.353363991 CET	62741	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:36.353787899 CET	59659	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:37.322622061 CET	52112	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:37.323086977 CET	50617	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:37.460117102 CET	53	50617	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:37.460306883 CET	53	52112	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:38.070966959 CET	53	54802	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:47.743275881 CET	53	58094	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:47.746395111 CET	53	57296	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:51.224003077 CET	53	49199	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:51.352880955 CET	53	57220	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:51.424664974 CET	53	64791	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:52.540431976 CET	53	58031	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:56.656788111 CET	53	58324	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:56.868992090 CET	51636	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:56.869117975 CET	58296	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:21:57.006730080 CET	53	51636	1.1.1.1	192.168.2.17
Dec 16, 2024 22:21:57.007067919 CET	53	58296	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:02.338815928 CET	60939	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:02.338983059 CET	53680	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:11.366008997 CET	53	54899	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:32.709357977 CET	53	59308	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:33.780075073 CET	53	60000	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:34.283991098 CET	55082	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:34.284214020 CET	63979	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.365741014 CET	61904	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.365940094 CET	49259	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.366862059 CET	64836	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.367008924 CET	56455	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.743588924 CET	56283	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.743719101 CET	54096	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.757169962 CET	49281	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.757431030 CET	62129	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:36.881912947 CET	53	54096	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:37.211618900 CET	63605	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:37.349639893 CET	53	63605	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:38.278347015 CET	58059	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:38.278415918 CET	53995	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:38.880450964 CET	60102	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:38.880646944 CET	57736	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:39.019006968 CET	53	57736	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:39.344641924 CET	138	138	192.168.2.17	192.168.2.255
Dec 16, 2024 22:22:41.246073961 CET	60473	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:41.473176003 CET	53	60473	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:49.509649992 CET	54717	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:49.509861946 CET	51374	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:49.809140921 CET	53	51374	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:52.659008980 CET	52947	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:52.659112930 CET	54115	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:52.802303076 CET	53	54115	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:55.380748987 CET	64070	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:55.380881071 CET	61537	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:55.620704889 CET	53	64070	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:55.685342073 CET	53	61537	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:58.261375904 CET	56373	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:58.261478901 CET	57930	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:22:58.398777962 CET	53	56373	1.1.1.1	192.168.2.17
Dec 16, 2024 22:22:58.399652958 CET	53	57930	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:00.845221043 CET	59491	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:00.845370054 CET	56544	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:00.983017921 CET	53	59491	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:00.983366013 CET	53	56544	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:03.169531107 CET	62754	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:03.169650078 CET	60869	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:03.308016062 CET	53	62754	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:03.309276104 CET	53	60869	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:04.704355001 CET	53	49247	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:05.387243032 CET	57509	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:05.387362003 CET	54525	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:05.524709940 CET	53	54525	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:07.505040884 CET	61357	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:07.505269051 CET	65182	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:07.643379927 CET	53	65182	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:19.647715092 CET	58565	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:19.786272049 CET	53	58565	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:31.986404896 CET	53	60178	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:32.544744968 CET	63200	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:32.544877052 CET	62801	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:34.627518892 CET	53	56161	1.1.1.1	192.168.2.17
Dec 16, 2024 22:23:38.646962881 CET	56261	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:38.647095919 CET	53010	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:38.661679983 CET	55456	53	192.168.2.17	1.1.1.1
Dec 16, 2024 22:23:38.661803007 CET	50675	53	192.168.2.17	1.1.1.1

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 16, 2024 22:21:32.909066916 CET	192.168.2.17	1.1.1.1	c240	(Port unreachable)	Destination Unreachable
Dec 16, 2024 22:22:27.787421942 CET	192.168.2.17	1.1.1.1	c2a7	(Port unreachable)	Destination Unreachable
Dec 16, 2024 22:22:34.617675066 CET	192.168.2.17	1.1.1.1	c287	(Port unreachable)	Destination Unreachable
Dec 16, 2024 22:22:55.685437918 CET	192.168.2.17	1.1.1.1	c267	(Port unreachable)	Destination Unreachable
Dec 16, 2024 22:23:02.560492992 CET	192.168.2.17	1.1.1.1	c240	(Port unreachable)	Destination Unreachable
Dec 16, 2024 22:23:35.182759047 CET	192.168.2.17	1.1.1.1	c2a7	(Port unreachable)	Destination Unreachable
Dec 16, 2024 22:23:39.086250067 CET	192.168.2.17	1.1.1.1	c28c	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 16, 2024 22:21:33.812938929 CET	1.1.1.1	192.168.2.17	0xdbf0	No error (0)	mailustabucaedu-my.sharepoint.com	mailustabucaedu.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.812938929 CET	1.1.1.1	192.168.2.17	0xdbf0	No error (0)	mailustabucaedu.sharepoint.com	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.812938929 CET	1.1.1.1	192.168.2.17	0xdbf0	No error (0)	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.812938929 CET	1.1.1.1	192.168.2.17	0xdbf0	No error (0)	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	mailustabucaedu-my.sharepoint.com	mailustabucaedu.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	mailustabucaedu.sharepoint.com	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	201410-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:21:33.926022053 CET	1.1.1.1	192.168.2.17	0xab46	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:21:36.492038965 CET	1.1.1.1	192.168.2.17	0xa10b	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:36.493927956 CET	1.1.1.1	192.168.2.17	0x973d	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:37.460117102 CET	1.1.1.1	192.168.2.17	0x8fdf	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 16, 2024 22:21:37.460306883 CET	1.1.1.1	192.168.2.17	0xe3ce	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:21:50.570662022 CET	1.1.1.1	192.168.2.17	0xb32	No error (0)	scdn1cc4b.wpc.9aea3.sigmacdn.net	sni1gl.wpc.sigmacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:50.599653006 CET	1.1.1.1	192.168.2.17	0xd5ca	No error (0)	scdn1cc4b.wpc.9aea3.sigmacdn.net	sni1gl.wpc.sigmacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:50.599653006 CET	1.1.1.1	192.168.2.17	0xd5ca	No error (0)	sni1gl.wpc.sigmacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:21:56.744648933 CET	1.1.1.1	192.168.2.17	0xc801	No error (0)	scdn1cc4b.wpc.9aea3.sigmacdn.net	sni1gl.wpc.sigmacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:56.744803905 CET	1.1.1.1	192.168.2.17	0xcd0a	No error (0)	scdn1cc4b.wpc.9aea3.sigmacdn.net	sni1gl.wpc.sigmacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:56.744803905 CET	1.1.1.1	192.168.2.17	0xcd0a	No error (0)	sni1gl.wpc.sigmacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:21:57.006730080 CET	1.1.1.1	192.168.2.17	0x9964	No error (0)	translate.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:21:57.006730080 CET	1.1.1.1	192.168.2.17	0x9964	No error (0)	www3.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:21:57.007067919 CET	1.1.1.1	192.168.2.17	0xec5f	No error (0)	translate.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.477777004 CET	1.1.1.1	192.168.2.17	0x2fc	No error (0)	mailustabucaedu-my.sharepoint.com	mailustabucaedu.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.477777004 CET	1.1.1.1	192.168.2.17	0x2fc	No error (0)	mailustabucaedu.sharepoint.com	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.477777004 CET	1.1.1.1	192.168.2.17	0x2fc	No error (0)	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.477777004 CET	1.1.1.1	192.168.2.17	0x2fc	No error (0)	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	mailustabucaedu-my.sharepoint.com	mailustabucaedu.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	mailustabucaedu.sharepoint.com	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	201410-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:02.478251934 CET	1.1.1.1	192.168.2.17	0x480a	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:34.515882015 CET	1.1.1.1	192.168.2.17	0xcfd3	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:34.617594004 CET	1.1.1.1	192.168.2.17	0x51b2	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.502926111 CET	1.1.1.1	192.168.2.17	0x23eb	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.504517078 CET	1.1.1.1	192.168.2.17	0x5199	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.504750967 CET	1.1.1.1	192.168.2.17	0x9faf	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.504811049 CET	1.1.1.1	192.168.2.17	0x56d5	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.881597996 CET	1.1.1.1	192.168.2.17	0x7f3e	No error (0)	config.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.895303011 CET	1.1.1.1	192.168.2.17	0x98e2	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:36.895627022 CET	1.1.1.1	192.168.2.17	0xab4a	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:37.349639893 CET	1.1.1.1	192.168.2.17	0xb8c9	No error (0)	boot.net.anydesk.com		92.223.88.232	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:38.416102886 CET	1.1.1.1	192.168.2.17	0x35b4	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:38.416202068 CET	1.1.1.1	192.168.2.17	0xfe75	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:39.018388033 CET	1.1.1.1	192.168.2.17	0x770c	No error (0)	config.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:41.473176003 CET	1.1.1.1	192.168.2.17	0x3eaa	No error (0)	relay-0b975d23.net.anydesk.com		89.187.179.132	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:49.920037031 CET	1.1.1.1	192.168.2.17	0xbaee	No error (0)	0de36737459e149b92dc3dc5f9409c93.fp.measure.office.com	itm-mvp.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:52.801918030 CET	1.1.1.1	192.168.2.17	0x1098	No error (0)	0de36737459e149b92dc3dc5f9409c93.fp.measure.office.com	itm-mvp.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	tr-ooc-atm.office.com	mira-ooc.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		40.99.70.210	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		52.98.95.210	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		40.99.68.34	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		40.99.60.2	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		52.98.61.50	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		40.99.32.114	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		40.99.70.178	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.620704889 CET	1.1.1.1	192.168.2.17	0x7849	No error (0)	mira-ooc.tm-4.office.com		40.99.70.194	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:55.685342073 CET	1.1.1.1	192.168.2.17	0x1faa	No error (0)	tr-ooc-atm.office.com	mira-ooc.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	tr-ooc-atm.office.com	mira-ooc.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		40.99.70.210	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		52.98.95.210	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		40.99.68.34	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		40.99.60.2	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		52.98.61.50	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		40.99.32.114	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		40.99.70.178	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.398777962 CET	1.1.1.1	192.168.2.17	0x3e3f	No error (0)	mira-ooc.tm-4.office.com		40.99.70.194	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:22:58.399652958 CET	1.1.1.1	192.168.2.17	0x5daa	No error (0)	tr-ooc-atm.office.com	mira-ooc.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983017921 CET	1.1.1.1	192.168.2.17	0x8771	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983017921 CET	1.1.1.1	192.168.2.17	0x8771	No error (0)	outlook.ms-acdc.office.com	MRS-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983017921 CET	1.1.1.1	192.168.2.17	0x8771	No error (0)	MRS-efz.ms-acdc.office.com		52.97.168.210	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983017921 CET	1.1.1.1	192.168.2.17	0x8771	No error (0)	MRS-efz.ms-acdc.office.com		52.98.200.242	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983017921 CET	1.1.1.1	192.168.2.17	0x8771	No error (0)	MRS-efz.ms-acdc.office.com		52.98.200.130	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983017921 CET	1.1.1.1	192.168.2.17	0x8771	No error (0)	MRS-efz.ms-acdc.office.com		52.98.159.2	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983366013 CET	1.1.1.1	192.168.2.17	0xdcc9	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:00.983366013 CET	1.1.1.1	192.168.2.17	0xdcc9	No error (0)	outlook.ms-acdc.office.com	DXB-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:03.308016062 CET	1.1.1.1	192.168.2.17	0x4e28	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:03.308016062 CET	1.1.1.1	192.168.2.17	0x4e28	No error (0)	outlook.ms-acdc.office.com	MRS-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:03.308016062 CET	1.1.1.1	192.168.2.17	0x4e28	No error (0)	MRS-efz.ms-acdc.office.com		52.97.168.210	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:03.308016062 CET	1.1.1.1	192.168.2.17	0x4e28	No error (0)	MRS-efz.ms-acdc.office.com		52.98.200.242	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:03.308016062 CET	1.1.1.1	192.168.2.17	0x4e28	No error (0)	MRS-efz.ms-acdc.office.com		52.98.159.2	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:03.308016062 CET	1.1.1.1	192.168.2.17	0x4e28	No error (0)	MRS-efz.ms-acdc.office.com		52.98.200.130	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:03.309276104 CET	1.1.1.1	192.168.2.17	0x54fb	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:03.309276104 CET	1.1.1.1	192.168.2.17	0x54fb	No error (0)	outlook.ms-acdc.office.com	DXB-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:05.526005983 CET	1.1.1.1	192.168.2.17	0x25c4	No error (0)	upload.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:07.642766953 CET	1.1.1.1	192.168.2.17	0x778	No error (0)	upload.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:19.786272049 CET	1.1.1.1	192.168.2.17	0xfa56	No error (0)	relay-0b975d23.net.anydesk.com		89.187.179.132	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:33.054470062 CET	1.1.1.1	192.168.2.17	0xc93e	No error (0)	mailustabucaedu-my.sharepoint.com	mailustabucaedu.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.054470062 CET	1.1.1.1	192.168.2.17	0xc93e	No error (0)	mailustabucaedu.sharepoint.com	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.054470062 CET	1.1.1.1	192.168.2.17	0xc93e	No error (0)	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.054470062 CET	1.1.1.1	192.168.2.17	0xc93e	No error (0)	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	mailustabucaedu-my.sharepoint.com	mailustabucaedu.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	mailustabucaedu.sharepoint.com	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	1297-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	201410-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201410-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	201410-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:33.132515907 CET	1.1.1.1	192.168.2.17	0x5e8b	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Dec 16, 2024 22:23:38.784668922 CET	1.1.1.1	192.168.2.17	0x53dc	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:38.784914970 CET	1.1.1.1	192.168.2.17	0xf64d	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:38.892936945 CET	1.1.1.1	192.168.2.17	0x7c0b	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 22:23:39.086148024 CET	1.1.1.1	192.168.2.17	0x9a71	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 22:22:38.938604116 CET	216	OUT	Data Raw: 16 03 01 00 d3 01 00 00 cf 03 03 97 a1 24 1e ea c3 39 eb 70 96 1a 21 ec 5e bf b1 e1 dc 16 4e d3 59 de b6 82 f5 b1 b2 e6 9e ed 0b 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 Data Ascii: $9p!^NY8,0+/$(k#'g93=<5/n#anydesk/9.0.1/windows*(
Dec 16, 2024 22:22:40.191399097 CET	1235	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 6b ef a6 bc e9 87 ee 15 0e fe 84 7c de ab f7 40 df ed f0 be 6c 0a 03 6a 44 4f 57 4e 47 52 44 01 20 88 e9 13 05 92 30 68 0a 5e 67 37 5c 1a 81 ca bd e4 7a 6d fb 25 77 fe 17 18 c2 6a 0f c4 11 59 ff c0 2c 00 00 0b ff Data Ascii: WSk\|@ljDOWNGRD 0h^g7\zm%wjY,OKHE0A0)yA0*H0J10UAnyNet Root CA 21 0Uphilandro Software GmbH10UDE0190227210728Z2902242
Dec 16, 2024 22:22:40.199523926 CET	1094	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 31 32 31 36 32 31 32 32 Data Ascii: 000H010UAnyDesk Client0 241216212235Z20741204212235Z010UAnyDesk Client0"0H0N9G~+bV\|1)DkjIyDU;vsyWGtfw
Dec 16, 2024 22:22:40.596354008 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 1b 8b 60 06 d1 15 e0 3c 63 50 ad d5 3e 0c a2 b7 82 45 6f 5f 5f 12 99 e4 56 f7 01 f1 ef c3 07 f4 fc 12 5a 4a 0b 4f 38 d1 Data Ascii: (`<cP>Eo__VZJO8
Dec 16, 2024 22:22:40.788470984 CET	40	IN	Data Raw: 17 03 03 00 23 1b 8b 60 06 d1 15 e0 3d a5 09 88 e9 38 3a 5c 9a 31 c5 ce af 03 6e 68 04 6e 13 44 51 b3 3c 15 4b 2f 62 08 Data Ascii: #`=8:\1nhnDQ<K/b
Dec 16, 2024 22:22:40.788959026 CET	92	OUT	Data Raw: 17 03 03 00 57 90 fa ac 10 e9 56 64 b7 61 46 98 fd 66 5c ba 01 49 ba 30 5b b4 18 56 03 1d b2 ad 92 d5 0c bf 4f 01 6d 7d 98 fb 66 eb b9 bc b6 aa 8c f1 08 db d1 3e 95 7b d1 a2 a5 19 85 8f 6b 74 9a 10 b9 60 25 fe 1a 7c da d6 d6 b4 15 a3 19 e7 eb ae Data Ascii: WVdaFf\I0[VOm}f>{kt`%\|.#g
Dec 16, 2024 22:22:41.212090015 CET	426	IN	Data Raw: 17 03 03 01 a5 1b 8b 60 06 d1 15 e0 3e ad 3f f2 f8 21 38 ef a8 df 58 30 89 18 d0 5f ac d6 32 0a 0f 33 0a fb 78 05 6c 1d 6d 12 34 51 59 cd 12 7e 48 2b e4 2e bd c4 1b 85 7b f9 e7 a8 bf 00 de 46 6a 0f 4e cc 5f 69 f1 26 c4 09 15 2d 7a 63 ad 09 63 a6 Data Ascii: `>?!8X0_23xlm4QY~H+.{FjN_i&-zcc.;qED\F=gD^DMQBj'#{j%$/&Dc\|{M24Gq+)0>0<~:eJbLrOMD3sD8OI`e(

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 22:22:42.872214079 CET	216	OUT	Data Raw: 16 03 01 00 d3 01 00 00 cf 03 03 c1 f0 d1 45 f3 7b 4e b7 56 72 5a 6c 6b 94 36 d8 45 a5 ac 18 09 b0 27 92 83 1b ab e1 3b 10 dd d9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 Data Ascii: E{NVrZlk6E';8,0+/$(k#'g93=<5/n#anydesk/9.0.1/windows*(
Dec 16, 2024 22:22:43.958466053 CET	1236	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 7a 77 7c f2 54 6a d9 c1 43 f6 96 46 6a 00 23 e1 9f 08 a1 64 ac 26 a1 5c 44 4f 57 4e 47 52 44 01 20 48 6b 36 59 41 88 76 c5 1b ef 2f 10 86 7f 45 fd 0d f9 7e 6b e6 98 cd f5 df 52 7b 46 bc 6a 80 f4 c0 2c 00 00 0b ff Data Ascii: WSzw\|TjCFj#d&\DOWNGRD Hk6YAv/E~kR{Fj,OKHE0A0)yA0*H0J10UAnyNet Root CA 21 0Uphilandro Software GmbH10UDE0190227210728Z2902242
Dec 16, 2024 22:22:43.966253042 CET	1094	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 31 32 31 36 32 31 32 32 Data Ascii: 000H010UAnyDesk Client0 241216212235Z20741204212235Z010UAnyDesk Client0"0H0N9G~+bV\|1)DkjIyDU;vsyWGtfw
Dec 16, 2024 22:22:44.281485081 CET	51	IN	Data Raw: 14 03 03 00 01 01 16 03 03 00 28 3e e3 29 24 39 fc 16 a5 67 e3 8e 06 7e 57 69 fa 17 ea 6e 27 e5 f3 66 a0 52 c7 a2 37 cd 96 5b 36 31 3a 8c ed 3a e5 17 12 Data Ascii: (>)$9g~Win'fR7[61::
Dec 16, 2024 22:22:44.473395109 CET	40	IN	Data Raw: 17 03 03 00 23 3e e3 29 24 39 fc 16 a6 d2 13 9b 08 7d c1 b7 3f fb 48 3c 43 ea cb a3 12 3c a5 e0 12 04 9b dd 36 b5 ca 45 Data Ascii: #>)$9}?H<C<6E
Dec 16, 2024 22:22:44.473911047 CET	92	OUT	Data Raw: 17 03 03 00 57 d5 45 89 79 4f 40 38 e0 16 a8 ba 33 18 8d c9 c0 cf 6f af 6e ca 21 49 8c 28 45 95 c9 12 df 77 db b2 eb 11 3b bf 1d 13 99 2a 49 e1 22 21 3b dc 5f bb b8 e0 01 e3 4b 6d 6d 19 67 e0 56 dd cf 30 40 91 71 a7 df 05 fc 91 27 02 38 14 c0 f8 Data Ascii: WEyO@83on!I(Ew;*I"!;_KmmgV0@q'8~HQV-
Dec 16, 2024 22:22:44.977494955 CET	146	IN	Data Raw: 17 03 03 00 8d 3e e3 29 24 39 fc 16 a7 d1 c0 f8 c2 d5 a8 2a 9c b5 7b bf 33 94 ba c8 47 b2 58 aa cd 7f 4f 2b bd 58 54 38 04 4d 43 96 17 ba d8 9a 0a 3d 55 51 49 36 f5 11 d0 cd 9b 4f 4b 48 86 ed e0 0e ac eb 9a e7 9d b6 a0 07 ce 9a 0a ab dd f1 85 c1 Data Ascii: >)$9*{3GXO+XT8MC=UQI6OKHu<B0?+iz$3-uXIw_^uKG
Dec 16, 2024 22:22:45.017812967 CET	487	OUT	Data Raw: 17 03 03 01 e2 d5 45 89 79 4f 40 38 e1 f9 2b d4 c5 4a a2 dc 06 33 a2 83 96 bd 9b 82 18 f3 12 50 4a a2 c4 d7 0f 52 1b ca fd 1d 8b 19 51 c1 c7 38 90 2f 4f ef 10 40 4c c5 8d 35 e8 2c a5 cf 6e 61 f4 f5 0e ae 1a 61 4b d4 8e 61 d4 78 75 02 27 ab 49 ba Data Ascii: EyO@8+J3PJRQ8/O@L5,naaKaxu'I7_-//7&<0fOr>:\\+Hs8#n2_KL!j?oMF PG+M5PbgJ"zys0cIB\c\|^={V$AP*;:
Dec 16, 2024 22:22:45.017918110 CET	61	OUT	Data Raw: 17 03 03 00 38 d5 45 89 79 4f 40 38 e2 a8 8a a0 59 27 e8 cf da 9c d5 a2 c8 1c 69 f1 0e ea 93 25 9f cb 9c 10 41 4f fd 91 ff 48 8f 5c 3c be 20 90 db 48 da ab f2 69 4e 3c 44 40 c7 5e dc Data Ascii: 8EyO@8Y'i%AOH\< HiN<D@^
Dec 16, 2024 22:22:45.022171021 CET	286	OUT	Data Raw: 17 03 03 01 19 d5 45 89 79 4f 40 38 e3 8d ad e3 3b 3b fb ca 4b 58 ca a6 c8 bc cd d9 cb 6a 15 b2 90 9c d3 10 c6 69 23 c3 b1 69 47 6d cb 5a 7e d5 5d d6 e3 86 c9 01 3f 36 ee 7d 93 ec 3b 91 4d e2 24 20 1f ca 88 ce a5 a9 0e 0e 0f 97 cf c7 db 4e a1 0b Data Ascii: EyO@8;;KXji#iGmZ~]?6};M$ N@[v=UT[OnbvjZ:tP]EW" >8&9!3e9m,m1(&1]\|)V'9T5x\|}#n_jmlR'2g$7eNbXB

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:35 UTC	775	OUT	GET /:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-16 21:21:36 UTC	3908	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 399 Content-Type: text/html; charset=utf-8 Location: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,525568,0,8,111860,0,84827,7 X-SharePointHealthScore: 1 X-MS-SPO-CookieValidator: Xid00T7tjpBj1fgIAy8SjzC6P6NuTxFYfLUjjcnx88Pjujx5K6ijZBKzMi/T6x+740uS7y/EUxlJ6C6Ohk4wpDJeyYa/gJk/NyUq4wwJZJPf1mC3pPpeYTzEgJKJj/SD/rARTA2EhuZBxIHRH+/986NXjk6tZBxDLPxLt3xFdsRIiuTuRjN2nurP88Pu2uVhy8Pwi5j+xLbW5wDEap3u1tx5XiYR5wvxv9gNaT0oo7j718oRMnyipCXIDpDH4cpZfSlRBRupP1gSzMN5xQC/cu2/wf25HbUmwMsuPXwaKCLcHVIPbNjsRG9aFD/l55jHjQ1+YSwrWCI9dJgj77Neqw== X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 5e386ea1-10a0-0000-5773-04297ad7c9d0 request-id: 5e386ea1-10a0-0000-5773-04297ad7c9d0 MS-CV: oW44XqAQAABXcwQpetfJ0A.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 420 SPIisLatency: 4 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: EC82DA591F4548508517900B01A5966A Ref B: EWR311000106051 Ref C: 2024-12-16T21:21:35Z Date: Mon, 16 Dec 2024 21:21:35 GMT Connection: close
2024-12-16 21:21:36 UTC	262	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 61 69 6c 75 73 74 61 62 75 63 61 65 64 75 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 73 74 65 6c 6c 61 5f 70 61 62 6f 6e 5f 75 73 74 61 62 75 63 61 5f 65 64 75 5f 63 6f 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 6f 6e 65 64 72 69 76 65 2e 61 73 70 78 3f 69 64 3d 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 73 74 65 6c 6c 61 25 35 46 70 61 62 6f 6e 25 35 46 75 73 74 61 62 75 63 61 25 35 46 65 64 75 25 35 46 63 6f 25 32 46 44 6f 63 75 6d 65 6e 74 73 25 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:36 UTC	2106	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:21:36 UTC	11196	IN	HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,8409600,16,104,1728536,0,3703297,7 X-SharePointHealthScore: 1 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Reporting-Endpoints: cspendpoint="https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/CSPReporting.aspx" X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com .cloud.microsoft app.powerbi.com; Content-Security-Policy-Report-Only: base-uri 'none';;report-to cspendpoint Content-Security-Policy: worker-src 'self' blob:;script-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'unsafe-eval' 'nonce-09ff5636-739d-4455-ad [TRUNCATED] Content-Security-Policy-Report-Only: style-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'self' blob: 'unsafe-inline';connect-src 'self' blob: h [TRUNCATED] X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 5e386ea1-d0d8-0000-5773-08aa3bee6789 request-id: 5e386ea1-d0d8-0000-5773-08aa3bee6789 MS-CV: oW44XtjQAABXcwiqO+5niQ.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 13AEE036C796416A9CFABE1FCBD5E76C Ref B: EWR311000108037 Ref C: 2024-12-16T21:21:36Z Date: Mon, 16 Dec 2024 21:21:35 GMT Connection: close
2024-12-16 21:21:36 UTC	1376	IN	Data Raw: 35 35 39 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 65 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 Data Ascii: 559<!DOCTYPE html><html lang="es-es" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equ
2024-12-16 21:21:36 UTC	3941	IN	Data Raw: 66 35 65 0d 0a 74 65 6e 65 72 28 27 6c 6f 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 28 74 79 70 65 6f 66 20 6d 61 72 6b 50 65 72 66 53 74 61 67 65 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 6d 61 72 6b 50 65 72 66 53 74 61 67 65 28 27 73 75 69 74 65 4e 61 76 53 63 72 69 70 74 41 73 79 6e 63 45 6e 64 27 29 29 3b 20 69 66 20 28 77 69 6e 64 6f 77 2e 65 78 65 63 75 74 65 53 75 69 74 65 4e 61 76 4f 6e 63 65 29 20 7b 20 77 69 6e 64 6f 77 2e 65 78 65 63 75 74 65 53 75 69 74 65 4e 61 76 4f 6e 63 65 28 29 20 7d 20 77 69 6e 64 6f 77 2e 73 68 65 6c 6c 43 6f 72 65 4c 6f 61 64 65 64 20 3d 20 74 72 75 65 3b 20 7d 29 3b 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 53 75 69 74 65 4e 61 76 53 68 Data Ascii: f5etener('load', function() { (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptAsyncEnd')); if (window.executeSuiteNavOnce) { window.executeSuiteNavOnce() } window.shellCoreLoaded = true; });window.document.getElementById('SuiteNavSh
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 65 6c 61 79 4c 6f 61 64 69 6e 67 3a 20 74 72 75 65 2c 20 63 6f 6c 6c 61 70 73 65 4f 33 36 35 53 65 74 74 69 6e 67 73 3a 20 66 61 6c 73 65 2c 20 64 69 73 61 62 6c 65 44 65 6c 61 79 4c 6f 61 64 3a 20 66 61 6c 73 65 2c 20 64 69 73 61 62 6c 65 53 68 65 6c 6c 50 6c 75 73 3a 20 66 61 6c 73 65 2c 20 69 73 54 68 69 6e 48 65 61 64 65 72 3a 20 74 72 75 65 2c 20 65 6e 61 62 6c 65 4c 65 67 61 63 79 52 65 73 70 6f 6e 73 69 76 65 42 65 68 61 76 69 6f 72 3a 20 66 61 6c 73 65 2c 20 65 78 70 65 63 74 53 65 61 72 63 68 42 6f 78 53 65 74 74 69 6e 67 73 3a 20 74 72 75 65 2c 20 64 61 72 6b 41 63 63 65 6e 74 3a 20 27 23 38 32 43 37 46 46 27 2c 20 73 68 65 6c 6c 41 75 74 68 50 72 6f 76 69 64 65 72 43 6f 6e 66 69 67 3a 20 7b 20 74 79 70 65 3a 20 27 77 65 62 41 Data Ascii: 2000elayLoading: true, collapseO365Settings: false, disableDelayLoad: false, disableShellPlus: false, isThinHeader: true, enableLegacyResponsiveBehavior: false, expectSearchBoxSettings: true, darkAccent: '#82C7FF', shellAuthProviderConfig: { type: 'webA
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 62 6c 6f 63 6b 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 54 79 70 65 50 6f 6c 69 63 79 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 61 75 74 68 43 6f 6e 74 65 78 74 4c 69 6d 69 74 65 64 41 63 63 65 73 73 45 78 70 65 72 69 65 6e 63 65 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 64 69 73 61 62 6c 65 42 61 63 6b 54 6f 43 6c 61 73 73 69 63 22 3a 66 61 6c 73 65 2c 22 69 73 4f 41 75 74 68 22 3a 66 61 6c 73 65 2c 22 69 73 4c 6f 63 61 74 69 6f 6e 73 65 72 76 69 63 65 41 76 61 69 6c 61 62 6c 65 22 3a 74 72 75 65 2c 22 62 6c 6f 63 6b 44 6f 77 6e 6c 6f 61 64 73 45 78 70 65 72 69 65 6e 63 65 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 69 64 6c 65 53 65 73 73 69 6f 6e 53 69 67 6e 4f 75 74 45 6e 61 Data Ascii: 2000Enabled":false,"blockDownloadFileTypePolicyEnabled":false,"authContextLimitedAccessExperienceEnabled":false,"disableBackToClassic":false,"isOAuth":false,"isLocationserviceAvailable":true,"blockDownloadsExperienceEnabled":false,"idleSessionSignOutEna
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 33 44 43 2d 38 33 41 36 2d 34 35 37 39 2d 39 43 38 38 2d 42 39 37 31 44 39 36 44 36 42 46 46 22 3a 74 72 75 65 2c 22 38 31 41 31 45 35 42 43 2d 45 37 38 32 2d 34 45 41 35 2d 38 30 42 39 2d 46 45 34 35 32 46 42 36 31 41 44 43 22 3a 74 72 75 65 2c 22 43 39 41 31 35 38 30 30 2d 33 42 41 30 2d 34 33 39 43 2d 38 33 30 44 2d 37 39 41 35 38 44 35 30 33 35 38 34 22 3a 74 72 75 65 2c 22 42 43 39 38 30 39 33 37 2d 45 46 35 34 2d 34 32 30 42 2d 39 43 41 34 2d 35 30 38 33 41 35 37 32 41 44 37 41 22 3a 74 72 75 65 2c 22 38 39 31 41 39 46 44 33 2d 33 32 42 44 2d 34 34 31 44 2d 41 39 42 39 2d 34 45 42 32 32 35 37 39 43 39 44 44 22 3a 74 72 75 65 2c 22 44 32 41 43 35 32 36 35 2d 39 33 37 30 2d 34 44 44 38 2d 41 33 36 43 2d 44 43 43 43 32 37 41 33 32 Data Ascii: 200043DC-83A6-4579-9C88-B971D96D6BFF":true,"81A1E5BC-E782-4EA5-80B9-FE452FB61ADC":true,"C9A15800-3BA0-439C-830D-79A58D503584":true,"BC980937-EF54-420B-9CA4-5083A572AD7A":true,"891A9FD3-32BD-441D-A9B9-4EB22579C9DD":true,"D2AC5265-9370-4DD8-A36C-DCCC27A32
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 42 2d 34 31 39 36 2d 39 38 43 32 2d 34 30 39 38 32 33 34 32 44 34 38 34 22 3a 74 72 75 65 2c 22 42 41 36 41 31 45 33 39 2d 30 43 39 30 2d 34 36 38 45 2d 42 38 37 43 2d 43 44 36 43 45 38 43 31 33 44 32 34 22 3a 74 72 75 65 2c 22 31 33 33 32 32 38 41 30 2d 34 42 32 46 2d 34 32 34 31 2d 38 38 45 37 2d 43 45 33 32 35 33 36 32 32 43 39 46 22 3a 74 72 75 65 2c 22 39 41 46 34 39 32 41 38 2d 30 42 42 41 2d 34 45 35 46 2d 41 36 44 45 2d 34 35 31 35 43 30 44 44 46 45 41 45 22 3a 74 72 75 65 2c 22 39 33 31 37 31 44 39 31 2d 37 37 31 30 2d 34 38 30 35 2d 38 42 39 31 2d 46 35 35 39 32 34 37 41 46 39 41 32 22 3a 74 72 75 65 2c 22 41 35 43 38 46 34 36 41 2d 32 35 41 30 2d 34 38 34 31 2d 39 42 42 46 2d 39 35 43 34 38 36 32 30 37 31 33 42 22 3a 74 72 75 Data Ascii: 2000B-4196-98C2-40982342D484":true,"BA6A1E39-0C90-468E-B87C-CD6CE8C13D24":true,"133228A0-4B2F-4241-88E7-CE3253622C9F":true,"9AF492A8-0BBA-4E5F-A6DE-4515C0DDFEAE":true,"93171D91-7710-4805-8B91-F559247AF9A2":true,"A5C8F46A-25A0-4841-9BBF-95C48620713B":tru
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 38 37 42 2d 34 32 41 46 36 45 33 46 41 46 41 34 22 3a 74 72 75 65 2c 22 35 33 43 45 39 37 31 39 2d 41 33 30 37 2d 34 34 43 46 2d 41 46 36 43 2d 36 31 30 44 38 44 34 31 34 35 34 39 22 3a 74 72 75 65 2c 22 34 34 42 33 32 45 36 46 2d 45 39 30 32 2d 34 34 36 43 2d 38 39 34 38 2d 44 41 45 38 44 31 36 31 33 39 43 43 22 3a 74 72 75 65 2c 22 39 34 30 43 42 46 30 41 2d 37 33 37 44 2d 34 31 36 42 2d 38 45 46 35 2d 42 33 32 31 34 37 34 35 46 33 46 36 22 3a 74 72 75 65 2c 22 38 36 31 33 35 42 45 46 2d 31 38 42 38 2d 34 45 41 38 2d 41 31 34 39 2d 41 41 35 45 32 44 45 43 41 39 35 42 22 3a 74 72 75 65 2c 22 30 31 43 31 46 30 38 36 2d 35 42 42 42 2d 34 30 33 42 2d 39 43 39 43 2d 32 36 39 44 41 35 31 44 44 38 36 34 22 3a 74 72 75 65 2c 22 35 41 38 38 35 Data Ascii: 200087B-42AF6E3FAFA4":true,"53CE9719-A307-44CF-AF6C-610D8D414549":true,"44B32E6F-E902-446C-8948-DAE8D16139CC":true,"940CBF0A-737D-416B-8EF5-B3214745F3F6":true,"86135BEF-18B8-4EA8-A149-AA5E2DECA95B":true,"01C1F086-5BBB-403B-9C9C-269DA51DD864":true,"5A885
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 35 32 39 44 39 38 38 30 22 3a 74 72 75 65 2c 22 46 34 42 33 42 31 42 39 2d 34 42 33 45 2d 34 42 33 44 2d 38 42 33 43 2d 30 42 33 46 34 41 32 42 33 46 37 42 22 3a 74 72 75 65 2c 22 37 33 33 44 41 32 42 44 2d 46 33 34 44 2d 34 39 37 39 2d 38 43 37 42 2d 44 46 37 33 34 32 32 39 31 32 36 37 22 3a 74 72 75 65 2c 22 31 39 38 36 46 31 32 42 2d 42 41 35 30 2d 34 41 36 46 2d 38 36 37 39 2d 41 32 41 30 31 31 44 43 33 43 37 39 22 3a 74 72 75 65 2c 22 44 45 36 43 33 31 43 33 2d 35 36 41 43 2d 34 34 46 46 2d 41 36 37 37 2d 41 43 43 30 37 45 30 38 39 46 44 41 22 3a 74 72 75 65 2c 22 43 41 34 44 32 31 43 45 2d 30 32 36 34 2d 34 36 32 44 2d 39 45 46 33 2d 42 32 39 39 31 41 30 33 39 30 43 31 22 3a 74 72 75 65 2c 22 35 42 31 34 44 34 41 44 2d 34 36 33 33 Data Ascii: 2000529D9880":true,"F4B3B1B9-4B3E-4B3D-8B3C-0B3F4A2B3F7B":true,"733DA2BD-F34D-4979-8C7B-DF7342291267":true,"1986F12B-BA50-4A6F-8679-A2A011DC3C79":true,"DE6C31C3-56AC-44FF-A677-ACC07E089FDA":true,"CA4D21CE-0264-462D-9EF3-B2991A0390C1":true,"5B14D4AD-4633
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 22 3a 74 72 75 65 2c 22 42 46 38 43 45 37 34 30 2d 34 30 34 42 2d 34 30 45 42 2d 42 37 41 32 2d 44 36 37 44 31 33 33 32 38 43 30 45 22 3a 74 72 75 65 2c 22 35 43 43 38 32 44 46 38 2d 36 30 43 39 2d 34 39 38 36 2d 39 33 35 43 2d 33 44 46 31 41 33 39 35 38 30 44 32 22 3a 74 72 75 65 2c 22 46 38 38 36 31 46 46 43 2d 38 33 36 31 2d 34 38 30 35 2d 42 38 44 32 2d 38 35 36 31 33 38 42 38 32 44 43 39 22 3a 74 72 75 65 2c 22 45 46 44 36 45 39 34 37 2d 45 36 42 38 2d 34 44 31 31 2d 38 36 36 32 2d 35 39 30 46 41 42 35 42 39 33 31 36 22 3a 74 72 75 65 2c 22 42 33 33 31 36 32 34 30 2d 43 41 38 31 2d 34 32 31 30 2d 39 41 37 34 2d 30 42 35 43 30 39 32 44 43 35 30 36 22 3a 74 72 75 65 2c 22 46 33 35 31 35 34 43 36 2d 43 32 43 31 2d 34 32 45 46 2d 42 39 Data Ascii: 2000":true,"BF8CE740-404B-40EB-B7A2-D67D13328C0E":true,"5CC82DF8-60C9-4986-935C-3DF1A39580D2":true,"F8861FFC-8361-4805-B8D2-856138B82DC9":true,"EFD6E947-E6B8-4D11-8662-590FAB5B9316":true,"B3316240-CA81-4210-9A74-0B5C092DC506":true,"F35154C6-C2C1-42EF-B9
2024-12-16 21:21:37 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 32 33 46 34 43 32 37 38 2d 38 38 42 32 2d 34 38 42 38 2d 39 36 46 39 2d 30 44 41 36 38 39 36 33 36 33 37 32 22 3a 74 72 75 65 2c 22 30 43 39 32 46 42 35 30 2d 37 45 42 36 2d 34 31 43 39 2d 39 41 38 46 2d 45 31 35 38 32 34 33 37 35 42 33 31 22 3a 74 72 75 65 2c 22 41 34 34 45 44 46 37 42 2d 44 45 46 43 2d 34 46 45 31 2d 42 33 41 43 2d 41 37 43 45 41 30 44 42 43 44 42 35 22 3a 74 72 75 65 2c 22 33 39 34 30 45 30 43 44 2d 35 42 38 35 2d 34 41 45 36 2d 41 33 41 46 2d 41 41 30 44 45 30 35 41 44 30 41 39 22 3a 74 72 75 65 2c 22 43 34 43 42 44 42 44 36 2d 46 45 43 39 2d 34 38 44 44 2d 38 35 34 32 2d 36 33 33 37 36 44 39 36 36 39 31 45 22 3a 74 72 75 65 2c 22 44 45 39 35 30 41 30 41 2d 38 41 36 37 2d 34 31 43 30 2d 41 33 33 34 2d 37 45 34 30 35 Data Ascii: 200023F4C278-88B2-48B8-96F9-0DA689636372":true,"0C92FB50-7EB6-41C9-9A8F-E15824375B31":true,"A44EDF7B-DEFC-4FE1-B3AC-A7CEA0DBCDB5":true,"3940E0CD-5B85-4AE6-A3AF-AA0DE05AD0A9":true,"C4CBDBD6-FEC9-48DD-8542-63376D96691E":true,"DE950A0A-8A67-41C0-A334-7E405

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:48 UTC	2430	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_api/sp.FavoriteItemCollection.GetFavoriteItems?top=500 HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 Authorization: Bearer User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json;odata=verbose CollectSPPerfMetrics: SPSQLQueryCount accept: application/json;odata=verbose x-requestdigest: 0x7C2EEA0B154A7ED18808E7D57DDD15005E6ECE592BFC25FC469150A1A292396583B1E9E56B847FA8035D380622CFD4DEFE8B8D9A462D787CA9E609B845ECFD29,16 Dec 2024 21:21:36 -0000 Caller: ODBWeb sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:21:49 UTC	3485	IN	HTTP/1.1 500 Internal Server Error Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/json;odata=verbose;charset=utf-8 Expires: Sun, 01 Dec 2024 21:21:48 GMT Last-Modified: Mon, 16 Dec 2024 21:21:48 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,8409600,2271,99,4295731,0,5577152,7 X-SharePointHealthScore: 1 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 10 SPRequestDuration: 11 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 61386ea1-00dc-0000-51c1-3de84c68b009 request-id: 61386ea1-00dc-0000-51c1-3de84c68b009 MS-CV: oW44YdwAAABRwT3oTGiwCQ.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 8F20672C004C46899C87FA54D3E60C93 Ref B: EWR311000103045 Ref C: 2024-12-16T21:21:48Z Date: Mon, 16 Dec 2024 21:21:48 GMT Connection: close
2024-12-16 21:21:49 UTC	341	IN	Data Raw: 31 34 65 0d 0a 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 22 2d 31 2c 20 53 79 73 74 65 6d 2e 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 22 2c 22 6d 65 73 73 61 67 65 22 3a 7b 22 6c 61 6e 67 22 3a 22 65 73 2d 45 53 22 2c 22 76 61 6c 75 65 22 3a 22 4e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 66 6f 72 20 63 75 72 72 65 6e 74 20 75 73 65 72 3a 20 4c 6f 67 69 6e 4e 61 6d 65 3a 20 69 3a 30 23 2e 66 7c 6d 65 6d 62 65 72 73 68 69 70 7c 75 72 6e 25 33 61 73 70 6f 25 33 61 61 6e 6f 6e 23 36 39 63 62 65 34 37 61 37 36 37 34 34 66 33 37 37 39 39 66 39 33 31 37 66 66 62 65 63 34 62 61 39 65 66 31 30 61 37 62 35 62 64 39 35 65 35 39 61 36 38 65 33 32 66 32 64 35 30 33 66 63 63 39 2c 20 49 73 45 6d 61 69 6c 41 75 74 68 65 6e 74 69 63 61 74 69 Data Ascii: 14e{"error":{"code":"-1, System.NotSupportedException","message":{"lang":"es-ES","value":"Not supported for current user: LoginName: i:0#.f\|membership\|urn%3aspo%3aanon#69cbe47a76744f37799f9317ffbec4ba9ef10a7b5bd95e59a68e32f2d503fcc9, IsEmailAuthenticati
2024-12-16 21:21:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:50 UTC	2606	OUT	POST /personal/stella_pabon_ustabuca_edu_co/_api/SP.OAuth.Token/Acquire() HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Content-Length: 42 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Odata-Version: 4.0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json;odata=verbose CollectSPPerfMetrics: SPSQLQueryCount Accept: application/json;odata.metadata=minimal x-requestdigest: 0x7C2EEA0B154A7ED18808E7D57DDD15005E6ECE592BFC25FC469150A1A292396583B1E9E56B847FA8035D380622CFD4DEFE8B8D9A462D787CA9E609B845ECFD29,16 Dec 2024 21:21:36 -0000 sec-ch-ua-platform: "Windows" Origin: https://mailustabucaedu-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:21:50 UTC	42	OUT	Data Raw: 7b 22 72 65 73 6f 75 72 63 65 22 3a 22 68 74 74 70 73 3a 2f 2f 67 72 61 70 68 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 7d Data Ascii: {"resource":"https://graph.microsoft.com"}
2024-12-16 21:21:51 UTC	3700	IN	HTTP/1.1 400 Bad Request Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 Expires: Sun, 01 Dec 2024 21:21:51 GMT Last-Modified: Mon, 16 Dec 2024 21:21:51 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,4204800,612,116,9479910,0,4204800,7 X-SharePointHealthScore: 2 X-SP-SERVERSTATE: ReadOnly=0 ODATA-VERSION: 4.0 SPClientServiceRequestDuration: 14 SPRequestDuration: 15 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 62386ea1-0065-0000-51c1-35219806c962 request-id: 62386ea1-0065-0000-51c1-35219806c962 MS-CV: oW44YmUAAABRwTUhmAbJYg.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} X-RequestDigest: 0x20A34321EA63DC9B07AD9363FEADD99F561807F7A527DED16C4ED3D9CC7512B20EE751B284AC4A66A8EEF780546C0BEDD063AD07D23B78C74F41654660A05DEF,16 Dec 2024 21:21:51 -0000 Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 5C9796D96FD44410B0073045CF52E59A Ref B: EWR311000107053 Ref C: 2024-12-16T21:21:51Z Date: Mon, 16 Dec 2024 21:21:50 GMT Connection: close
2024-12-16 21:21:51 UTC	62	IN	Data Raw: 33 38 0d 0a 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 22 31 30 30 31 32 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 55 6e 73 75 70 70 6f 72 74 65 64 20 75 73 65 72 2e 22 7d 7d 0d 0a Data Ascii: 38{"error":{"code":"10012","message":"Unsupported user."}}
2024-12-16 21:21:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:51 UTC	3101	OUT	GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&spartanOneDriveWireframe=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=true&listhandler=v2 HT [TRUNCATED] Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Cache-Control: max-age=0 Accept: / Service-Worker: script Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: serviceworker Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:21:51 UTC	2001	IN	HTTP/1.1 200 OK Cache-Control: max-age=1800 Content-Length: 897 Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,2102272,90,23,10587381,0,2102272,7 Service-Worker-Allowed: / Strict-Transport-Security: max-age=31536000 X-AspNet-Version: 4.0.30319 SPRequestDuration: 19 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E600C35232994547ACAD1FFB1E128B6A Ref B: EWR311000104011 Ref C: 2024-12-16T21:21:51Z Date: Mon, 16 Dec 2024 21:21:51 GMT Connection: close
2024-12-16 21:21:51 UTC	3	IN	Data Raw: 0d 0a 76 Data Ascii: v
2024-12-16 21:21:51 UTC	894	IN	Data Raw: 61 72 20 5f 73 74 61 72 74 54 69 6d 65 3d 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2c 5f 73 74 61 72 74 54 69 6d 65 54 69 63 6b 73 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 0a 76 61 72 20 5f 73 68 6f 75 6c 64 42 79 70 61 73 73 3d 66 61 6c 73 65 3b 0a 76 61 72 20 5f 63 64 6e 42 61 73 65 55 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 66 69 6c 65 73 2f 6f 64 73 70 2d 77 65 62 2d 70 72 6f 64 5f 32 30 32 34 2d 31 32 2d 30 36 2e 30 30 37 2f 27 3b 0a 76 61 72 20 5f 73 77 42 75 69 6c 64 4e 75 6d 62 65 72 3d 27 6f 64 73 70 2d 77 65 62 2d 70 72 6f 64 5f 32 30 32 34 2d 31 32 2d 30 36 2e 30 30 37 27 3b 0a 76 61 72 20 5f 77 77 42 75 69 6c 64 4e 75 6d 62 65 72 3d 27 6f 64 73 70 2d 77 65 62 2d 70 72 6f 64 5f 32 Data Ascii: ar _startTime=performance.now(),_startTimeTicks=Date.now();var _shouldBypass=false;var _cdnBaseUrl='https://res-1.cdn.office.net/files/odsp-web-prod_2024-12-06.007/';var _swBuildNumber='odsp-web-prod_2024-12-06.007';var _wwBuildNumber='odsp-web-prod_2

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:58 UTC	2581	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_layouts/15/download.aspx?SourceUrl=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:21:59 UTC	3568	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 5512512 Content-Type: application/octet-stream Accept-Ranges: bytes ETag: "{1AF0A460-0888-41A0-AC4C-73DF69FE3EF6},2" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,1051136,8,14,4375297,0,1051136,7 X-SharePointHealthScore: 3 docID: mailustabucaedu-my.sharepoint.com_c34dbdef-40e8-4638-b217-6db2cdf8fd5b_1af0a460-0888-41a0-ac4c-73df69fe3ef6 X-Download-Options: noopen Content-Disposition: attachment;filename=utf-8''AnyDesk%2Eexe;filename="AnyDesk.exe" CTag: {1AF0A460-0888-41A0-AC4C-73DF69FE3EF6},2,1 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 64386ea1-d046-0000-5773-0e985263063d request-id: 64386ea1-d046-0000-5773-0e985263063d MS-CV: oW44ZEbQAABXcw6YUmMGPQ.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 945CCDE8277B454E815F40B0A7F4A058 Ref B: EWR311000107033 Ref C: 2024-12-16T21:21:58Z Date: Mon, 16 Dec 2024 21:21:58 GMT Connection: close
2024-12-16 21:21:59 UTC	2772	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e9 1c e7 68 ad 7d 89 3b ad 7d 89 3b ad 7d 89 3b c2 0b 22 3b a5 7d 89 3b c2 0b 23 3b ae 7d 89 3b b6 e0 13 3b ac 7d 89 3b c2 0b 14 3b ac 7d 89 3b 52 69 63 68 ad 7d 89 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 83 77 50 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0a 00 00 2a 00 00 00 a2 53 00 00 1e 10 01 e5 1c 00 00 00 10 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$h};};};";};#;};;};;};Rich};PELwPg"*S
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: 6a 00 50 ff 76 30 ff 56 04 5e c9 c2 08 00 83 ec 10 53 56 8b f1 83 66 30 00 57 e8 b6 fe ff ff 8b 40 30 8b 78 0c 83 c7 0c 8b 1f eb 28 6a 0a 6a 0a 68 04 62 50 01 68 04 b6 14 31 e8 bb 06 00 00 83 c4 0c 50 ff 73 30 e8 f9 fe ff ff 83 c4 0c 85 c0 74 0b 8b 1b 3b df 75 d4 e9 92 00 00 00 8b 5b 18 85 db 0f 84 87 00 00 00 8b 43 3c 8b 7c 18 78 83 64 24 0c 00 03 fb 8b 47 1c 03 c3 55 8b 6f 20 89 44 24 1c 8b 47 24 03 c3 03 eb 83 7f 18 00 89 44 24 18 76 57 8b 44 24 10 8b 44 85 00 6a 16 03 c3 68 ec 61 50 01 68 11 40 70 40 89 44 24 20 e8 f9 05 00 00 50 ff 74 24 24 e8 b3 fe ff ff 83 c4 14 85 c0 74 0f ff 44 24 10 8b 44 24 10 3b 47 18 72 c3 eb 18 8b 4c 24 10 8b 44 24 18 0f b7 04 48 8b 4c 24 1c 8b 04 81 03 c3 89 46 04 89 5e 30 5d 83 7e 30 00 0f 84 5d 01 00 00 6a 0a 68 e0 61 50 Data Ascii: jPv0V^SVf0W@0x(jjhbPh1Ps0t;u[C<\|xd$GUo D$G$D$vWD$DjhaPh@p@D$ Pt$$tD$D$;GrL$D$HL$F^0]~0]jhaP
2024-12-16 21:21:59 UTC	1324	IN	Data Raw: 7e 58 01 3b eb b1 8b 45 08 01 03 eb aa 8b 44 24 08 56 8b 74 24 08 ff 76 10 50 ff 50 04 83 66 10 00 59 59 5e c3 83 7c 24 0c 05 73 04 6a 04 58 c3 8b 54 24 08 0f b6 42 04 0f b6 4a 03 c1 e0 08 0b c1 0f b6 4a 02 c1 e0 08 0b c1 0f b6 4a 01 c1 e0 08 0b c1 b9 00 10 00 00 3b c1 73 02 8b c1 8b 4c 24 04 89 41 0c 8a 12 80 fa e1 73 c0 56 0f b6 c2 99 6a 09 5e f7 fe 6a 05 5e 0f b6 c0 89 11 99 f7 fe 5e 89 41 08 89 51 04 33 c0 c3 8b 48 04 03 08 56 be 00 03 00 00 d3 e6 81 c6 36 07 00 00 83 7f 10 00 74 05 3b 77 54 74 20 53 57 e8 5d ff ff ff 8d 04 36 50 53 ff 13 83 c4 10 89 47 10 89 77 54 85 c0 75 05 6a 02 58 5e c3 33 c0 5e c3 55 8b ec 83 ec 10 ff 75 10 8d 45 f0 ff 75 0c 50 e8 43 ff ff ff 83 c4 0c 85 c0 75 1f 53 8b 5d 14 57 8b 7d 08 8d 45 f0 e8 92 ff ff ff 85 c0 75 09 56 8d Data Ascii: ~X;ED$Vt$vPPfYY^\|$sjXT$BJJJ;sL$AsVj^j^^AQ3HV6t;wTt SW]6PSGwTujX^3^UuEuPCuS]W}EuV
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: 74 ee 00 00 32 5c c4 60 96 a3 73 8d 59 d5 00 00 2e 69 74 65 78 74 00 00 2e 74 65 78 74 00 00 00 2e 63 75 73 74 6f 6d 00 61 30 61 31 37 35 37 63 35 33 64 34 63 64 63 32 30 37 66 65 66 33 64 62 37 31 39 66 62 39 35 62 00 00 00 00 72 65 6c 65 61 73 65 2f 77 69 6e 5f 39 2e 30 2e 31 00 00 00 38 31 32 30 34 37 38 39 32 62 62 36 34 64 32 34 62 35 30 34 64 62 31 30 30 31 65 37 61 66 33 61 61 61 62 37 65 62 31 66 00 00 00 00 01 01 01 00 01 00 00 00 00 01 02 02 03 03 03 03 52 53 44 53 44 04 fd 64 54 26 90 40 aa 00 a1 ad 9a b4 6d 64 01 00 00 00 43 3a 5c 42 75 69 6c 64 62 6f 74 5c 61 64 2d 77 69 6e 64 6f 77 73 2d 33 32 5c 62 75 69 6c 64 5c 72 65 6c 65 61 73 65 5c 61 70 70 2d 33 32 5c 77 69 6e 5f 6c 6f 61 64 65 72 5c 41 6e 79 44 65 73 6b 2e 70 64 62 00 00 00 00 00 00 Data Ascii: t2\`sY.itext.text.customa0a1757c53d4cdc207fef3db719fb95brelease/win_9.0.1812047892bb64d24b504db1001e7af3aaab7eb1fRSDSDdT&@mdC:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: 47 6b aa 28 34 fa ab 3b 4f eb bb 25 d8 71 e3 74 c5 43 6a e8 e1 fb ba ef 72 4d 5b 9e 2e a2 8b 8f fa 20 20 5a 53 24 f2 55 6c 40 e7 e8 45 67 26 90 b3 1f dd fd 1a ca c3 7a 4e bd e5 70 b1 22 04 89 4f 59 39 30 c1 0f c0 2e 35 b8 20 17 50 8c 8c 84 a6 f1 ae d7 c5 9e 43 a1 a3 fa fe cc e0 ab 25 ba d1 b1 2a d3 7c f3 01 0b 6a c4 18 1a 75 ef 22 33 29 15 e7 bd ea 6d de da 8c c8 6d 5f 6a 48 1c 23 9d 93 85 1e 5c a2 a7 8e 63 50 3d d1 31 5b 49 07 da b4 0a 46 a5 c1 09 21 ca 8a ce 03 77 bf 47 25 af 88 1c f5 51 d6 15 89 28 2b 98 d7 38 ef 05 9f 16 69 19 00 98 99 a7 75 36 b1 43 87 ae e6 8d ad d0 6b 62 46 12 ab 84 32 b7 09 73 e2 f9 e3 12 1b 52 b9 59 91 ca bb 7a 69 49 8f 9f ac 3e e9 72 7f 25 b5 9d 4c 64 cb 18 80 e9 11 77 04 a8 8e 98 57 ec e3 f2 da c1 66 a8 50 b0 1f 4c db 1a 5e c9 Data Ascii: Gk(4;O%qtCjrM[. ZS$Ul@Eg&zNp"OY90.5 PC%*\|ju"3)mm_jH#\cP=1[IF!wG%Q(+8iu6CkbF2sRYziI>r%LdwWfPL^
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: 04 a8 1b fb 10 51 ee 42 97 e8 62 01 de 88 e8 05 59 09 ca 72 ec 7e df ac 7d ad 29 6b bc f1 cf a7 fe e8 46 55 0c 35 6e d7 f9 19 28 42 88 48 2c 4b c3 fa 03 21 50 df f6 01 e2 5c 8e 39 6e 08 91 7a 69 68 cf b1 fc 30 e7 ad b9 d0 cd 7d d5 64 a2 a2 10 4a 18 2c bc eb cd 36 bb 15 9e 11 dc 6d 50 97 28 c9 45 54 8d 05 24 7e bb 4a 70 90 1b fd bb 04 d7 8d 91 3c d8 2c 88 79 0d 50 10 b6 72 9d 96 83 f2 94 a2 3a 53 f6 35 9a 64 4c ac e5 42 3e 28 9a 00 f9 ae 1f cd 89 0a a8 03 00 dd 14 5a 93 fb 2a c8 62 96 79 27 2e 94 3e ee c0 73 67 c7 e7 39 d7 5e 3c 30 8d 51 8d 86 d5 8b e5 ca e7 12 b2 6b a8 69 99 4b 96 20 5e 74 d2 19 c9 4c aa 73 7e f3 a7 25 c9 ce 14 96 7f 65 a5 77 44 df c8 72 2b fd 5c 30 05 60 43 b0 d4 b4 18 9a c2 81 a5 d0 34 a8 c8 63 10 d9 c0 4d 71 f4 7d 12 49 8a b7 40 29 f7 Data Ascii: QBbYr~})kFU5n(BH,K!P\9nzih0}dJ,6mP(ET$~Jp<,yPr:S5dLB>(Z*by'.>sg9^<0QkiK ^tLs~%ewDr+\0`C4cMq}I@)
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: ef 6d 65 0f 4b b9 5b 99 57 2f 14 2c f3 f8 b6 e3 61 a2 21 81 22 4d 6c e0 5d 36 f7 27 1b ee a8 93 7a 00 2f d1 91 7a 1d 0e c9 3b 8d 7f 33 8a a4 72 76 46 13 ff 54 0f ef 22 42 2a 66 80 7a 94 68 dd 38 59 dc b4 4a 11 5b 76 eb 31 cb ad a8 19 15 bb ff 34 9e a7 84 ca bc 64 e1 4c e7 92 dc 4c bf 34 e1 96 d9 2c 51 91 0a 61 b1 d1 2e 74 fb 01 7d dd 9b eb a5 c7 37 f8 53 f1 c1 92 e4 05 41 00 53 f5 a7 c2 49 57 68 f8 5e 46 93 fc 8d 00 1f c7 2d c9 6c 11 9e ad cb 7f 94 e3 60 0a 4d 85 49 d0 1b d0 ce 45 0c 9c 3e 56 6d d3 45 f2 62 4f f8 f9 17 71 e3 4d f1 24 22 83 b6 09 fa ea 77 fe 94 be 82 bf 3b ae fb bf 8a 42 e4 92 36 ba f4 30 cf 46 6d ff 75 c1 8c 60 37 2e 8c f4 4c 31 cb ce ce 3c b9 6a 7b 09 ee 4c 73 58 25 38 f3 e5 5a e3 5f f0 da 5f 96 5d 7f 05 2f 09 8e df 98 ff 74 25 7b 28 ce Data Ascii: meK[W/,a!"Ml]6'z/z;3rvFT"B*fzh8YJ[v14dLL4,Qa.t}7SASIWh^F-l`MIE>VmEbOqM$"w;B60Fmu`7.L1<j{LsX%8Z__]/t%{(
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: b6 24 da 0d c9 da fc 95 a9 1f ee f0 62 69 14 ec 2e b8 ee 51 01 81 1a 67 7c 59 3e d4 e8 23 35 e5 eb 49 8d 64 6d 09 25 5d 73 b2 87 63 4e 48 d8 72 d2 1a d0 3b 23 b7 53 3a d6 4d 37 b1 52 fc a8 f1 58 2c 16 89 e2 2f 24 8f fd 93 88 b4 df fc 5a e5 db dc 9e 8d 25 40 89 4a 1e 2d c0 d6 40 d5 ac 02 1b ae 9e b4 b7 f9 1c 58 de fe 49 d5 d3 c8 c8 08 0a c4 9c fc 6d 20 ce 92 bf 36 3b da 9f 07 5a d4 ee c6 25 8a ec 41 b3 b2 f0 c0 b4 54 39 9b a4 84 94 af 5a 5c 83 5f b2 72 90 c4 dc e4 b7 f7 f1 2b 5e 48 1f b9 b9 f5 67 63 f1 95 9d 2f df f8 9c a7 af 26 00 5c ad 49 4e 22 91 a7 ba 67 35 da 94 b3 32 12 ec ef 85 b3 a9 ca 86 9f 5d 71 a6 c6 0e 29 40 de 6b 99 e5 b8 f0 ca cb e3 42 04 91 60 4f 77 46 9f ac 91 c5 26 32 5e 52 fd 23 77 60 97 e9 d0 63 b5 c9 03 f7 c0 15 8f cd f5 a9 bb 04 78 93 Data Ascii: $bi.Qg\|Y>#5Idm%]scNHr;#S:M7RX,/$Z%@J-@XIm 6;Z%AT9Z\_r+^Hgc/&\IN"g52]q)@kB`OwF&2^R#w`cx
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: 65 c5 62 c6 60 d7 4f 9d 4d 45 5a c8 e1 ed 92 1f 76 62 bc fd 2e 06 44 f5 d0 6e f1 3c b5 6e be 57 96 cc a2 cd 79 04 26 7e 2e 74 32 59 2f 1a 6c c0 ea 52 fc e1 2e 18 93 bc 0f cc 87 70 44 d8 9f ac f5 45 48 ca ba 37 55 89 22 d8 d6 76 dc 95 38 9c 5b bb a7 f1 2b fd 13 52 b9 6c 09 eb 6d 59 64 38 1c e4 65 28 9e 8b 58 8b e1 04 83 26 83 37 97 bc f9 47 66 b8 38 dc 03 5e f9 1a 03 9d 65 1d d7 ba 85 5f 5c 14 67 ba 87 26 29 8d 12 a4 4c cf 62 09 55 60 6e 26 bf 49 78 5c e3 41 cd 49 1b ae 94 a2 18 75 cd 64 8b 3d 7e b4 fc e2 95 28 ea 60 66 6e f4 07 5c 22 e1 63 e3 e0 89 0e be 3c 9d 23 aa 4f 18 aa 69 1a 81 01 ff 59 21 59 37 59 c4 aa 0e 0b 9d c2 1e 28 a2 09 9d 7e 84 79 96 13 01 aa 41 50 b9 91 c6 18 9a b0 47 0c f0 17 6f ab d7 d6 21 02 36 aa b0 f7 07 6a 0e c5 90 5d b0 49 20 fc b4 Data Ascii: eb`OMEZvb.Dn<nWy&~.t2Y/lR.pDEH7U"v8[+RlmYd8e(X&7Gf8^e_\g&)LbU`n&Ix\AIud=~(`fn\"c<#OiY!Y7Y(~yAPGo!6j]I
2024-12-16 21:21:59 UTC	8192	IN	Data Raw: fe 50 da 42 ac db d7 38 e3 ad df d2 aa 96 3d 70 86 ed 50 66 b8 aa cc 4b 48 b1 f5 99 10 d0 c9 ea f1 f8 d8 21 c3 71 58 dd 20 81 52 c3 d1 ac 1c d5 2d fa 7f 49 b1 14 df 1b 7d 53 8c 37 c2 4d 51 9d f8 20 ac 21 37 93 37 19 6c a5 94 26 8f a2 ad ff 18 91 d8 ed 03 3c 05 9d e5 eb 3b de 2b cc 05 48 18 f9 b3 9d e5 ab 2d 8b 5d 5e 4c 95 a8 5e 73 ff 38 b8 03 9b a1 7b 15 03 ed f9 a7 33 78 67 6a 98 e6 c1 88 84 24 a4 4e e6 0e 00 3e 1e 47 90 3a 85 dd 70 f9 31 56 b7 16 cd 15 32 40 70 7e 00 ec c0 56 b3 5e bf f2 35 35 f9 3f 52 21 29 02 a2 1d 38 8a dd 06 b7 46 3a f4 0b 96 08 f5 99 47 f6 07 97 2d 4a e0 9d b9 49 1e 66 21 99 09 e3 bf 4f e7 63 cc 27 69 b4 60 96 51 9c bb 55 58 a6 35 b9 d4 a1 92 b1 c6 29 99 c6 5b 72 1a 5f 5c c3 0a 0e 00 dc e0 02 95 5f d6 d6 9c e6 34 8a 7d 3b 9c 65 3b Data Ascii: PB8=pPfKH!qX R-I}S7MQ !77l&<;+H-]^L^s8{3xgj$N>G:p1V2@p~V^55?R!)8F:G-JIf!Oc'i`QUX5)[r_\_4};e;

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:58 UTC	743	OUT	GET /gen204?nca=te_li&client=te_lib&logld=vTE_20241215 HTTP/1.1 Host: translate.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mailustabucaedu-my.sharepoint.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-16 21:21:59 UTC	1755	IN	HTTP/1.1 204 No Content Content-Type: image/gif; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 16 Dec 2024 21:21:59 GMT Cross-Origin-Resource-Policy: cross-origin P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: script-src 'report-sample' 'nonce-fwg8D2QsQ70EEpqb2M1qHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/TranslateApiHttp/web-reports?context=eJzjktDikmJw1ZBicEqfwRoExH9krrJ6911lFeLm-L65aTebwILXUxKUlJLyC-NLihLzinMSS1KLU4vKUovijQyMTAyNDE31DCziCwwAg2gYqQ" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: NID=520=sBEiYQPcxJjWrWHmTcw4px0umXjRr47epCVdDClGRZC1V205GAybJYumPoUCCQXoBIgLTZ9s00_P4XSy9DYsHJgpJgVoNTgb94aZKwAq5oE5Wesq33LZgT4t5v10siOY1fF3pj4MDWnW1kjXeLq6eoT56oxhS0vwJnId5dW34G7_9y4I1n8_Peim; expires=Tue, 17-Jun-2025 21:21:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:59 UTC	2561	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:21:59 UTC	11231	IN	HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,1051136,6,7,2952307,0,1051136,6 X-SharePointHealthScore: 0 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Reporting-Endpoints: cspendpoint="https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/CSPReporting.aspx" X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com .cloud.microsoft app.powerbi.com; Content-Security-Policy-Report-Only: base-uri 'none';;report-to cspendpoint Content-Security-Policy: worker-src 'self' blob:;script-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'unsafe-eval' 'nonce-7f7a5337-4e9a-47fe-bb [TRUNCATED] Content-Security-Policy-Report-Only: style-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'self' blob: 'unsafe-inline';connect-src 'self' blob: h [TRUNCATED] X-Service-Worker-Application-Id: STS X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 64386ea1-c073-0000-5773-0d3e5ea96010 request-id: 64386ea1-c073-0000-5773-0d3e5ea96010 MS-CV: oW44ZHPAAABXcw0+XqlgEA.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 2DCDDD31894D419AA9170A3FFEDDF602 Ref B: EWR311000103029 Ref C: 2024-12-16T21:21:59Z Date: Mon, 16 Dec 2024 21:21:59 GMT Connection: close
2024-12-16 21:21:59 UTC	369	IN	Data Raw: 31 36 61 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 65 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 Data Ascii: 16a<!DOCTYPE html><html lang="es-es" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equ
2024-12-16 21:21:59 UTC	4914	IN	Data Raw: 31 33 32 61 0d 0a 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 3c 74 69 74 6c 65 3e 0d 0a 09 4f 6e 65 44 72 69 76 65 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 69 6d 61 67 65 73 2f 6f 64 62 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 72 65 76 3d 34 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 76 6e 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 69 63 6f 6e 22 20 69 64 3d 22 66 61 76 69 63 6f 6e 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 3c 73 63 Data Ascii: 132a.0, minimum-scale=1.0, user-scalable=no" /><title>OneDrive</title><link rel="shortcut icon" href="/_layouts/15/images/odbfavicon.ico?rev=47" type="image/vnd.microsoft.icon" id="favicon" /></head> <body style="margin: 0; padding: 0;"> <sc
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 68 55 58 53 65 61 72 63 68 54 65 78 74 3a 20 73 65 61 72 63 68 51 75 65 72 79 2c 20 65 6e 61 62 6c 65 44 65 6c 61 79 4c 6f 61 64 69 6e 67 3a 20 74 72 75 65 2c 20 63 6f 6c 6c 61 70 73 65 4f 33 36 35 53 65 74 74 69 6e 67 73 3a 20 66 61 6c 73 65 2c 20 64 69 73 61 62 6c 65 44 65 6c 61 79 4c 6f 61 64 3a 20 66 61 6c 73 65 2c 20 64 69 73 61 62 6c 65 53 68 65 6c 6c 50 6c 75 73 3a 20 66 61 6c 73 65 2c 20 69 73 54 68 69 6e 48 65 61 64 65 72 3a 20 74 72 75 65 2c 20 65 6e 61 62 6c 65 4c 65 67 61 63 79 52 65 73 70 6f 6e 73 69 76 65 42 65 68 61 76 69 6f 72 3a 20 66 61 6c 73 65 2c 20 65 78 70 65 63 74 53 65 61 72 63 68 42 6f 78 53 65 74 74 69 6e 67 73 3a 20 74 72 75 65 2c 20 64 61 72 6b 41 63 63 65 6e 74 3a 20 27 23 38 32 43 37 46 46 27 2c 20 73 68 65 Data Ascii: 2000hUXSearchText: searchQuery, enableDelayLoading: true, collapseO365Settings: false, disableDelayLoad: false, disableShellPlus: false, isThinHeader: true, enableLegacyResponsiveBehavior: false, expectSearchBoxSettings: true, darkAccent: '#82C7FF', she
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 63 48 78 31 63 6d 34 6c 4d 32 46 7a 63 47 38 6c 4d 32 46 68 62 6d 39 75 49 7a 59 35 59 32 4a 6c 4e 44 64 68 4e 7a 59 33 4e 44 52 6d 4d 7a 63 33 4f 54 6c 6d 4f 54 4d 78 4e 32 5a 6d 59 6d 56 6a 4e 47 4a 68 4f 57 56 6d 4d 54 42 68 4e 32 49 31 59 6d 51 35 4e 57 55 31 4f 57 45 32 4f 47 55 7a 4d 6d 59 79 5a 44 55 77 4d 32 5a 6a 59 7a 6e 49 41 51 45 2e 71 35 7a 4e 53 52 6c 66 54 6b 69 68 53 6f 67 63 6d 78 33 6f 4c 59 54 79 4b 75 54 67 54 49 73 54 54 36 58 4c 65 77 66 43 5f 64 49 22 7d 2c 22 76 61 6e 69 74 79 55 72 6c 73 22 3a 7b 7d 2c 22 6d 75 6c 74 69 47 65 6f 49 6e 66 6f 22 3a 5b 7b 22 49 6e 73 74 61 6e 63 65 49 64 22 3a 22 66 66 63 64 36 36 61 65 2d 65 33 37 33 2d 34 66 62 31 2d 39 63 38 34 2d 33 39 32 30 65 38 36 33 31 39 65 39 22 2c 22 44 Data Ascii: 2000cHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYznIAQE.q5zNSRlfTkihSogcmx3oLYTyKuTgTIsTT6XLewfC_dI"},"vanityUrls":{},"multiGeoInfo":[{"InstanceId":"ffcd66ae-e373-4fb1-9c84-3920e86319e9","D
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 2d 46 43 39 45 2d 34 37 37 45 2d 38 33 41 37 2d 31 30 46 37 41 39 45 36 34 39 44 32 22 3a 74 72 75 65 2c 22 38 44 44 33 35 43 39 39 2d 41 31 39 34 2d 34 30 45 41 2d 41 42 30 43 2d 30 43 36 39 44 39 43 39 34 41 38 36 22 3a 74 72 75 65 2c 22 44 43 44 38 46 32 42 31 2d 35 36 30 31 2d 34 37 37 37 2d 42 37 31 34 2d 38 37 46 44 37 35 32 34 41 31 42 30 22 3a 74 72 75 65 2c 22 38 38 30 30 41 41 36 32 2d 36 46 46 36 2d 34 38 39 39 2d 39 45 45 39 2d 37 38 41 46 35 31 42 35 44 39 32 30 22 3a 74 72 75 65 2c 22 36 42 36 39 32 45 39 43 2d 37 41 31 44 2d 34 32 32 46 2d 38 38 33 37 2d 43 34 35 31 46 46 41 36 32 38 30 45 22 3a 74 72 75 65 2c 22 43 31 37 44 39 41 35 42 2d 44 46 38 32 2d 34 32 34 36 2d 42 39 42 45 2d 32 45 45 45 37 34 38 35 43 45 45 34 22 Data Ascii: 2000-FC9E-477E-83A7-10F7A9E649D2":true,"8DD35C99-A194-40EA-AB0C-0C69D9C94A86":true,"DCD8F2B1-5601-4777-B714-87FD7524A1B0":true,"8800AA62-6FF6-4899-9EE9-78AF51B5D920":true,"6B692E9C-7A1D-422F-8837-C451FFA6280E":true,"C17D9A5B-DF82-4246-B9BE-2EEE7485CEE4"
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 45 33 2d 39 31 34 41 2d 38 39 45 37 30 41 37 46 46 45 42 30 22 3a 74 72 75 65 2c 22 35 42 35 46 32 41 44 30 2d 37 45 43 32 2d 34 32 46 38 2d 39 33 45 44 2d 30 44 36 34 36 33 34 35 43 30 36 39 22 3a 74 72 75 65 2c 22 43 32 38 34 35 36 34 31 2d 35 35 43 45 2d 34 42 42 38 2d 39 44 35 36 2d 33 41 41 34 41 36 32 44 46 34 35 43 22 3a 74 72 75 65 2c 22 37 44 34 36 36 35 41 33 2d 33 30 36 35 2d 34 31 43 42 2d 38 44 33 45 2d 45 32 36 39 39 44 30 34 30 30 37 31 22 3a 74 72 75 65 2c 22 31 35 38 43 41 43 35 43 2d 37 30 30 35 2d 34 41 41 41 2d 38 43 31 41 2d 36 38 36 35 33 41 34 31 32 37 36 45 22 3a 74 72 75 65 2c 22 45 44 30 39 33 45 34 31 2d 36 32 32 43 2d 34 39 41 30 2d 41 38 39 36 2d 36 35 46 43 31 37 32 32 43 44 33 38 22 3a 74 72 75 65 2c 22 46 Data Ascii: 2000E3-914A-89E70A7FFEB0":true,"5B5F2AD0-7EC2-42F8-93ED-0D646345C069":true,"C2845641-55CE-4BB8-9D56-3AA4A62DF45C":true,"7D4665A3-3065-41CB-8D3E-E2699D040071":true,"158CAC5C-7005-4AAA-8C1A-68653A41276E":true,"ED093E41-622C-49A0-A896-65FC1722CD38":true,"F
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 42 41 41 35 30 35 31 32 45 31 42 30 22 3a 74 72 75 65 2c 22 42 37 34 34 44 32 37 44 2d 31 34 34 38 2d 34 42 30 37 2d 41 45 36 37 2d 44 35 34 36 33 32 35 42 38 39 43 34 22 3a 74 72 75 65 2c 22 32 42 44 44 34 37 44 31 2d 46 39 45 42 2d 34 31 30 39 2d 41 36 45 31 2d 41 37 35 37 44 30 44 33 44 32 46 43 22 3a 74 72 75 65 2c 22 46 41 33 34 31 46 43 42 2d 32 45 44 37 2d 34 34 32 45 2d 39 33 30 38 2d 36 33 38 32 41 30 46 34 45 38 44 36 22 3a 74 72 75 65 2c 22 31 38 46 37 30 41 35 41 2d 35 32 41 42 2d 34 41 34 35 2d 42 37 42 32 2d 31 46 37 46 46 39 43 46 41 38 35 36 22 3a 74 72 75 65 2c 22 33 41 39 38 37 30 37 46 2d 35 39 42 43 2d 34 42 38 41 2d 41 38 38 35 2d 43 37 33 36 46 31 34 31 31 30 35 33 22 3a 74 72 75 65 2c 22 32 42 43 36 39 37 39 32 2d Data Ascii: 2000BAA50512E1B0":true,"B744D27D-1448-4B07-AE67-D546325B89C4":true,"2BDD47D1-F9EB-4109-A6E1-A757D0D3D2FC":true,"FA341FCB-2ED7-442E-9308-6382A0F4E8D6":true,"18F70A5A-52AB-4A45-B7B2-1F7FF9CFA856":true,"3A98707F-59BC-4B8A-A885-C736F1411053":true,"2BC69792-
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 44 39 36 22 3a 74 72 75 65 2c 22 44 41 44 37 36 42 36 46 2d 43 34 30 44 2d 34 35 38 38 2d 38 44 43 37 2d 31 34 33 43 36 43 37 41 31 36 44 45 22 3a 74 72 75 65 2c 22 46 39 46 35 35 35 42 37 2d 31 45 35 34 2d 34 31 46 35 2d 39 39 30 41 2d 31 39 38 42 30 44 31 32 33 30 41 34 22 3a 74 72 75 65 2c 22 43 34 39 32 35 46 45 32 2d 32 36 39 31 2d 34 32 32 38 2d 42 45 32 35 2d 33 41 31 35 30 30 41 34 33 42 35 41 22 3a 74 72 75 65 2c 22 38 34 34 39 30 35 36 44 2d 37 43 45 45 2d 34 32 38 43 2d 41 37 35 42 2d 39 36 34 34 32 43 43 43 36 35 37 36 22 3a 74 72 75 65 2c 22 36 44 31 46 42 45 45 39 2d 44 34 35 32 2d 34 31 43 43 2d 39 34 36 45 2d 43 38 35 46 35 35 42 36 35 32 34 32 22 3a 74 72 75 65 2c 22 39 38 46 39 31 44 38 32 2d 36 35 34 37 2d 34 37 38 Data Ascii: 20004D96":true,"DAD76B6F-C40D-4588-8DC7-143C6C7A16DE":true,"F9F555B7-1E54-41F5-990A-198B0D1230A4":true,"C4925FE2-2691-4228-BE25-3A1500A43B5A":true,"8449056D-7CEE-428C-A75B-96442CCC6576":true,"6D1FBEE9-D452-41CC-946E-C85F55B65242":true,"98F91D82-6547-478
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 75 65 2c 22 43 43 38 41 30 43 35 46 2d 33 36 41 33 2d 34 43 42 44 2d 39 41 34 33 2d 45 37 43 39 36 41 46 34 39 30 36 37 22 3a 74 72 75 65 2c 22 42 43 39 37 36 45 30 42 2d 39 30 39 33 2d 34 30 43 33 2d 38 31 43 37 2d 46 37 39 42 42 38 31 42 36 30 30 32 22 3a 74 72 75 65 2c 22 30 30 43 39 34 46 32 30 2d 31 37 41 45 2d 34 31 30 43 2d 41 36 30 30 2d 41 39 31 46 42 43 43 31 31 35 43 44 22 3a 74 72 75 65 2c 22 34 30 35 45 36 30 30 30 2d 39 37 39 42 2d 34 45 38 35 2d 42 39 31 45 2d 41 41 42 30 31 32 38 34 30 30 37 36 22 3a 74 72 75 65 2c 22 33 36 37 45 35 43 35 39 2d 35 38 34 35 2d 34 36 36 41 2d 38 33 39 30 2d 33 33 30 41 37 39 45 34 33 31 30 36 22 3a 74 72 75 65 2c 22 36 36 33 46 32 39 36 35 2d 42 34 33 32 2d 34 34 46 43 2d 39 46 39 35 2d 32 Data Ascii: 2000ue,"CC8A0C5F-36A3-4CBD-9A43-E7C96AF49067":true,"BC976E0B-9093-40C3-81C7-F79BB81B6002":true,"00C94F20-17AE-410C-A600-A91FBCC115CD":true,"405E6000-979B-4E85-B91E-AAB012840076":true,"367E5C59-5845-466A-8390-330A79E43106":true,"663F2965-B432-44FC-9F95-2
2024-12-16 21:22:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 32 39 32 2d 39 43 39 45 2d 34 33 41 32 2d 38 43 33 30 2d 45 46 32 36 34 34 35 41 31 36 43 46 22 3a 74 72 75 65 2c 22 37 36 39 43 30 46 37 30 2d 32 34 43 41 2d 34 37 36 42 2d 39 45 35 46 2d 38 44 42 39 39 34 33 34 33 32 45 36 22 3a 74 72 75 65 2c 22 44 45 38 46 38 37 30 33 2d 36 42 41 33 2d 34 33 42 37 2d 41 38 45 43 2d 32 30 32 39 32 38 34 36 32 46 36 41 22 3a 74 72 75 65 2c 22 30 34 31 45 34 34 37 35 2d 30 36 33 39 2d 34 35 38 34 2d 38 38 39 33 2d 31 35 42 30 35 44 32 43 43 43 38 42 22 3a 74 72 75 65 2c 22 42 43 33 43 31 30 32 30 2d 31 36 37 31 2d 34 41 38 32 2d 42 34 42 36 2d 42 36 31 45 33 45 32 38 35 46 44 34 22 3a 74 72 75 65 2c 22 39 44 44 45 44 33 32 31 2d 30 43 38 38 2d 31 31 45 45 2d 39 38 35 43 2d 45 30 34 46 34 33 45 36 37 Data Ascii: 20004292-9C9E-43A2-8C30-EF26445A16CF":true,"769C0F70-24CA-476B-9E5F-8DB9943432E6":true,"DE8F8703-6BA3-43B7-A8EC-202928462F6A":true,"041E4475-0639-4584-8893-15B05D2CCC8B":true,"BC3C1020-1671-4A82-B4B6-B61E3E285FD4":true,"9DDED321-0C88-11EE-985C-E04F43E67

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:21:59 UTC	800	OUT	GET /gen204?sl=es&tl=en&textlen=14&ttt=5258&ttl=3510&ttf=3699&sr=1&nca=te_time&client=te_lib&logld=vTE_20241215 HTTP/1.1 Host: translate.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mailustabucaedu-my.sharepoint.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-16 21:22:00 UTC	1755	IN	HTTP/1.1 204 No Content Content-Type: image/gif; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 16 Dec 2024 21:21:59 GMT Cross-Origin-Resource-Policy: cross-origin P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-qrxTKIEh-oPkKC0qpxg9Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self' Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/TranslateApiHttp/web-reports?context=eJzjktDikmJw0gDi9BmsQUD8R-Yqq3ffVVYhHo7vm5t2swn8-L3hCLOSUlJ-YXxJUWJecU5iSWpxalFZalG8kYGRiaGRoamegUV8gQEAs8QZkg" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: NID=520=EvUd6p943hA8ftUoYwyzU9AIGyBMh2aKHNgCpxJntJgOO-AR_vTa52g5m9nXhdfMwcomdODcsne1uQerFr3DwV_XBx0gfwvxYiW2LmvP13ffONbsZfzAG0ENcIIGRedv-4jFqVXKP8Mcc0R8pmbWzVwWaK63ISQpV1ecOixxWrZLDYnZsEmcmB-A; expires=Tue, 17-Jun-2025 21:21:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:00 UTC	3009	OUT	GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Accept: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&spartanOneDriveWireframe=true&streamViewServerLoad=true&streamInlineScr [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:01 UTC	2056	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 6514043 Content-Type: application/json ETag: "5625413_sts_default_en-us" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 8,1051136,7,18214,6549848,1051136,1051136,7 X-Language: en-US X-STSClient-Language: en-US X-SPClient-Language: en-US CachedManifest: False X-AspNet-Version: 4.0.30319 SPRequestDuration: 209 SPIisLatency: 2 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: A1BDD9F01D7B4DBC86B2C514C2387495 Ref B: EWR311000103011 Ref C: 2024-12-16T21:22:01Z Date: Mon, 16 Dec 2024 21:22:00 GMT Connection: close
2024-12-16 21:22:01 UTC	90	IN	Data Raw: 7b 22 73 74 73 22 3a 7b 22 65 6e 2d 55 53 22 3a 7b 22 53 50 4c 49 53 54 22 3a 7b 22 73 63 72 69 70 74 50 61 74 68 44 61 74 61 22 3a 7b 22 61 72 69 61 2d 6d 69 6e 69 22 3a 22 61 72 69 61 2d 6d 69 6e 69 2d 62 31 64 33 65 62 32 65 22 2c 22 63 75 73 74 6f 6d 66 6f 72 6d 61 Data Ascii: {"sts":{"en-US":{"SPLIST":{"scriptPathData":{"aria-mini":"aria-mini-b1d3eb2e","customforma
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 74 74 65 72 2d 6d 69 6e 69 22 3a 22 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 2d 66 63 64 30 30 31 33 33 22 2c 22 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 2e 72 65 73 78 22 3a 22 65 6e 2d 75 73 2f 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 2e 72 65 73 78 2d 33 35 37 33 66 35 32 64 22 2c 22 72 6f 6f 73 74 65 72 65 64 69 74 6f 72 2d 6d 69 6e 69 22 3a 22 72 6f 6f 73 74 65 72 65 64 69 74 6f 72 2d 6d 69 6e 69 2d 34 39 39 38 34 36 33 64 22 2c 22 72 6f 6f 73 74 65 72 65 64 69 74 6f 72 2d 6d 69 6e 69 2e 72 65 73 78 22 3a 22 65 6e 2d 75 73 2f 72 6f 6f 73 74 65 72 65 64 69 74 6f 72 2d 6d 69 6e 69 2e 72 65 73 78 2d 63 62 35 32 32 34 33 33 22 2c 22 73 70 65 63 74 72 65 76 69 65 77 65 72 2d 6d 69 6e 69 22 3a 22 73 Data Ascii: tter-mini":"customformatter-mini-fcd00133","customformatter-mini.resx":"en-us/customformatter-mini.resx-3573f52d","roostereditor-mini":"roostereditor-mini-4998463d","roostereditor-mini.resx":"en-us/roostereditor-mini.resx-cb522433","spectreviewer-mini":"s
2024-12-16 21:22:01 UTC	6168	IN	Data Raw: 65 22 2c 22 6e 53 65 22 2c 22 52 37 65 22 2c 22 57 37 65 22 2c 22 7a 37 65 22 2c 22 62 53 65 22 2c 22 51 53 65 22 2c 22 48 53 65 22 2c 22 71 53 65 22 2c 22 57 53 65 22 2c 22 4b 53 65 22 2c 22 47 53 65 22 2c 22 7a 53 65 22 2c 22 56 53 65 22 2c 22 6a 53 65 22 2c 22 42 53 65 22 2c 22 4f 53 65 22 2c 22 4c 53 65 22 2c 22 4d 53 65 22 2c 22 45 53 65 22 2c 22 6b 53 65 22 2c 22 41 53 65 22 2c 22 46 53 65 22 2c 22 77 53 65 22 2c 22 55 53 65 22 2c 22 59 53 65 22 2c 22 4e 53 65 22 2c 22 52 53 65 22 2c 22 49 53 65 22 2c 22 44 53 65 22 2c 22 43 53 65 22 2c 22 78 53 65 22 2c 22 79 53 65 22 2c 22 76 53 65 22 2c 22 53 53 65 22 2c 22 67 53 65 22 2c 22 4a 53 65 22 2c 22 50 53 65 22 2c 22 54 53 65 22 2c 22 58 53 65 22 2c 22 6e 39 65 22 2c 22 24 34 65 22 2c 22 74 39 65 22 2c Data Ascii: e","nSe","R7e","W7e","z7e","bSe","QSe","HSe","qSe","WSe","KSe","GSe","zSe","VSe","jSe","BSe","OSe","LSe","MSe","ESe","kSe","ASe","FSe","wSe","USe","YSe","NSe","RSe","ISe","DSe","CSe","xSe","ySe","vSe","SSe","gSe","JSe","PSe","TSe","XSe","n9e","$4e","t9e",
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 2c 22 42 37 22 2c 22 4e 37 22 2c 22 52 37 22 2c 22 55 37 22 2c 22 54 37 22 2c 22 46 37 22 2c 22 50 37 22 2c 22 4d 37 22 2c 22 41 37 22 2c 22 67 37 22 2c 22 6c 37 22 2c 22 66 37 22 2c 22 4c 37 22 2c 22 72 62 22 2c 22 62 37 22 2c 22 6d 37 22 2c 22 70 37 22 2c 22 45 37 22 2c 22 77 37 22 2c 22 78 37 22 2c 22 49 37 22 2c 22 43 37 22 2c 22 44 37 22 2c 22 64 37 22 2c 22 6f 37 22 2c 22 72 37 22 2c 22 73 37 22 2c 22 69 37 22 2c 22 61 37 22 2c 22 6e 37 22 2c 22 74 5f 22 2c 22 61 5f 22 2c 22 6e 5f 22 2c 22 59 36 22 2c 22 4a 36 22 2c 22 24 6d 22 2c 22 65 5f 22 2c 22 57 6d 22 2c 22 5a 6d 22 2c 22 42 6d 22 2c 22 56 6d 22 2c 22 6a 6d 22 2c 22 4e 6d 22 2c 22 51 6d 22 2c 22 59 6d 22 2c 22 48 6d 22 2c 22 24 36 22 2c 22 58 6d 22 2c 22 47 6d 22 2c 22 5a 36 22 2c 22 4a 6d 22 Data Ascii: ,"B7","N7","R7","U7","T7","F7","P7","M7","A7","g7","l7","f7","L7","rb","b7","m7","p7","E7","w7","x7","I7","C7","D7","d7","o7","r7","s7","i7","a7","n7","t_","a_","n_","Y6","J6","$m","e_","Wm","Zm","Bm","Vm","jm","Nm","Qm","Ym","Hm","$6","Xm","Gm","Z6","Jm"
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 22 54 48 22 2c 22 55 48 22 2c 22 53 47 22 2c 22 48 6a 22 2c 22 42 38 22 2c 22 59 38 22 2c 22 6a 38 22 2c 22 56 38 22 2c 22 51 38 22 2c 22 6a 47 22 2c 22 45 46 22 2c 22 69 47 22 2c 22 50 47 22 2c 22 41 47 22 2c 22 4c 47 22 2c 22 4d 47 22 2c 22 42 47 22 2c 22 24 78 22 2c 22 74 43 22 2c 22 65 43 22 2c 22 5f 43 22 2c 22 66 4b 22 2c 22 5f 4b 22 2c 22 70 4b 22 2c 22 6d 4b 22 2c 22 59 64 22 2c 22 65 6c 22 2c 22 4a 64 22 2c 22 43 38 22 2c 22 6b 38 22 2c 22 77 38 22 2c 22 41 38 22 2c 22 4c 38 22 2c 22 4f 38 22 2c 22 47 6f 22 2c 22 50 6f 22 2c 22 43 47 22 2c 22 6c 47 22 2c 22 66 47 22 2c 22 76 47 22 2c 22 63 47 22 2c 22 56 47 22 2c 22 64 47 22 2c 22 57 47 22 2c 22 61 6e 22 2c 22 4d 52 22 2c 22 6e 47 22 2c 22 43 54 22 2c 22 67 6e 22 2c 22 5a 7a 22 2c 22 24 7a 22 2c Data Ascii: "TH","UH","SG","Hj","B8","Y8","j8","V8","Q8","jG","EF","iG","PG","AG","LG","MG","BG","$x","tC","eC","_C","fK","_K","pK","mK","Yd","el","Jd","C8","k8","w8","A8","L8","O8","Go","Po","CG","lG","fG","vG","cG","VG","dG","WG","an","MR","nG","CT","gn","Zz","$z",
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 65 22 2c 22 70 43 65 22 2c 22 79 57 65 22 2c 22 45 51 65 22 2c 22 6d 52 65 22 2c 22 5f 52 65 22 2c 22 62 55 65 22 2c 22 67 46 65 22 2c 22 45 4e 65 22 2c 22 43 35 65 22 2c 22 70 44 65 22 2c 22 53 4d 65 22 2c 22 6c 4d 65 22 2c 22 65 6a 65 22 2c 22 78 42 65 22 2c 22 43 42 65 22 2c 22 54 4e 65 22 2c 22 50 4e 65 22 2c 22 4d 4e 65 22 2c 22 6b 4e 65 22 2c 22 4c 4e 65 22 2c 22 41 4e 65 22 2c 22 77 35 65 22 2c 22 4f 35 65 22 2c 22 4f 42 65 22 2c 22 4d 42 65 22 2c 22 72 4d 65 22 2c 22 69 4d 65 22 2c 22 61 4d 65 22 2c 22 52 6b 65 22 2c 22 45 6b 65 22 2c 22 64 4d 65 22 2c 22 77 4d 65 22 2c 22 78 4d 65 22 2c 22 56 6b 65 22 2c 22 7a 6b 65 22 2c 22 48 6b 65 22 2c 22 63 4d 65 22 2c 22 44 4d 65 22 2c 22 49 4d 65 22 2c 22 4f 4d 65 22 2c 22 77 6b 65 22 2c 22 62 44 65 22 2c Data Ascii: e","pCe","yWe","EQe","mRe","_Re","bUe","gFe","ENe","C5e","pDe","SMe","lMe","eje","xBe","CBe","TNe","PNe","MNe","kNe","LNe","ANe","w5e","O5e","OBe","MBe","rMe","iMe","aMe","Rke","Eke","dMe","wMe","xMe","Vke","zke","Hke","cMe","DMe","IMe","OMe","wke","bDe",
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 65 22 2c 22 75 70 65 22 2c 22 6a 66 65 22 2c 22 42 66 65 22 2c 22 7a 66 65 22 2c 22 56 66 65 22 2c 22 6e 6d 65 22 2c 22 59 33 65 22 2c 22 47 33 65 22 2c 22 4b 33 65 22 2c 22 51 33 65 22 2c 22 48 33 65 22 2c 22 58 33 65 22 2c 22 73 62 65 22 2c 22 76 66 65 22 2c 22 50 68 65 22 2c 22 72 62 65 22 2c 22 45 67 65 22 2c 22 68 67 65 22 2c 22 4c 75 65 22 2c 22 78 68 65 22 2c 22 64 67 65 22 2c 22 57 75 65 22 2c 22 50 76 65 22 2c 22 6f 75 65 22 2c 22 49 75 65 22 2c 22 61 75 65 22 2c 22 45 64 65 22 2c 22 5a 68 65 22 2c 22 65 62 65 22 2c 22 51 68 65 22 2c 22 4a 68 65 22 2c 22 58 68 65 22 2c 22 71 68 65 22 2c 22 6f 67 65 22 2c 22 5f 62 65 22 2c 22 62 62 65 22 2c 22 70 62 65 22 2c 22 64 62 65 22 2c 22 75 62 65 22 2c 22 6c 62 65 22 2c 22 63 62 65 22 2c 22 79 75 65 22 2c Data Ascii: e","upe","jfe","Bfe","zfe","Vfe","nme","Y3e","G3e","K3e","Q3e","H3e","X3e","sbe","vfe","Phe","rbe","Ege","hge","Lue","xhe","dge","Wue","Pve","oue","Iue","aue","Ede","Zhe","ebe","Qhe","Jhe","Xhe","qhe","oge","_be","bbe","pbe","dbe","ube","lbe","cbe","yue",
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 58 22 2c 22 5f 58 22 2c 22 67 58 22 2c 22 68 58 22 2c 22 62 58 22 2c 22 6e 58 22 2c 22 51 58 22 2c 22 4b 4a 22 2c 22 24 4a 22 2c 22 5a 4a 22 2c 22 63 58 22 2c 22 4a 4a 22 2c 22 6f 58 22 2c 22 66 58 22 2c 22 58 58 22 2c 22 24 58 22 2c 22 43 58 22 2c 22 59 4a 22 2c 22 44 58 22 2c 22 47 58 22 2c 22 45 58 22 2c 22 4e 58 22 2c 22 42 58 22 2c 22 52 58 22 2c 22 75 58 22 2c 22 6c 58 22 2c 22 76 58 22 2c 22 70 58 22 2c 22 6e 5a 22 2c 22 54 58 22 2c 22 69 5a 22 2c 22 4f 58 22 2c 22 41 58 22 2c 22 48 58 22 2c 22 77 58 22 2c 22 73 58 22 2c 22 4a 58 22 2c 22 49 58 22 2c 22 5a 58 22 2c 22 74 5a 22 2c 22 65 5a 22 2c 22 78 58 22 2c 22 46 58 22 2c 22 53 58 22 2c 22 71 4a 22 2c 22 69 58 22 2c 22 72 58 22 2c 22 57 4a 22 2c 22 51 4a 22 2c 22 4b 58 22 2c 22 71 58 22 2c 22 74 Data Ascii: X","_X","gX","hX","bX","nX","QX","KJ","$J","ZJ","cX","JJ","oX","fX","XX","$X","CX","YJ","DX","GX","EX","NX","BX","RX","uX","lX","vX","pX","nZ","TX","iZ","OX","AX","HX","wX","sX","JX","IX","ZX","tZ","eZ","xX","FX","SX","qJ","iX","rX","WJ","QJ","KX","qX","t
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 42 43 22 2c 22 50 43 22 2c 22 54 43 22 2c 22 77 43 22 2c 22 4d 43 22 2c 22 41 43 22 2c 22 6b 43 22 2c 22 45 43 22 2c 22 4c 43 22 2c 22 4e 67 74 22 2c 22 61 64 22 2c 22 5f 67 74 22 2c 22 66 35 22 2c 22 58 65 22 2c 22 42 6f 22 2c 22 4f 44 22 2c 22 5a 65 22 2c 22 53 74 22 2c 22 43 67 74 22 2c 22 59 67 74 22 2c 22 4f 67 74 22 2c 22 48 6f 22 2c 22 41 67 74 22 2c 22 73 35 22 2c 22 63 35 22 2c 22 4c 44 22 2c 22 64 35 22 2c 22 6c 35 22 2c 22 77 67 74 22 2c 22 4b 50 22 2c 22 70 6c 22 2c 22 7a 35 22 2c 22 6b 67 74 22 2c 22 7a 67 74 22 2c 22 57 67 74 22 2c 22 4b 67 74 22 2c 22 46 67 74 22 2c 22 6a 67 74 22 2c 22 48 67 74 22 2c 22 6d 44 22 2c 22 43 44 22 2c 22 5f 44 22 2c 22 6a 6f 22 2c 22 4c 73 22 2c 22 70 44 22 2c 22 56 6f 22 2c 22 64 44 22 2c 22 66 44 22 2c 22 6c Data Ascii: BC","PC","TC","wC","MC","AC","kC","EC","LC","Ngt","ad","_gt","f5","Xe","Bo","OD","Ze","St","Cgt","Ygt","Ogt","Ho","Agt","s5","c5","LD","d5","l5","wgt","KP","pl","z5","kgt","zgt","Wgt","Kgt","Fgt","jgt","Hgt","mD","CD","_D","jo","Ls","pD","Vo","dD","fD","l
2024-12-16 21:22:01 UTC	8192	IN	Data Raw: 61 74 61 22 3a 6e 75 6c 6c 7d 2c 22 53 50 4c 49 53 54 46 4f 52 49 54 45 4d 53 53 43 4f 50 45 22 3a 7b 22 73 63 72 69 70 74 50 61 74 68 44 61 74 61 22 3a 7b 22 61 72 69 61 2d 6d 69 6e 69 22 3a 22 61 72 69 61 2d 6d 69 6e 69 2d 62 31 64 33 65 62 32 65 22 2c 22 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 22 3a 22 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 2d 30 39 34 38 30 36 30 34 22 2c 22 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 2e 72 65 73 78 22 3a 22 65 6e 2d 75 73 2f 63 75 73 74 6f 6d 66 6f 72 6d 61 74 74 65 72 2d 6d 69 6e 69 2e 72 65 73 78 2d 31 35 34 31 31 37 31 32 22 2c 22 72 6f 6f 73 74 65 72 65 64 69 74 6f 72 2d 6d 69 6e 69 22 3a 22 72 6f 6f 73 74 65 72 65 64 69 74 6f 72 2d 6d 69 6e 69 2d 36 32 30 Data Ascii: ata":null},"SPLISTFORITEMSSCOPE":{"scriptPathData":{"aria-mini":"aria-mini-b1d3eb2e","customformatter-mini":"customformatter-mini-09480604","customformatter-mini.resx":"en-us/customformatter-mini.resx-15411712","roostereditor-mini":"roostereditor-mini-620

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:01 UTC	2378	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_api/v2.0/sites/root/lists/74463084-87e5-4e57-b11b-9820afa05836/subscriptions/socketIo?listItemIds= HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-Type: application/json;odata=verbose Prefer: NotificationSession sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:01 UTC	3294	IN	HTTP/1.1 403 Forbidden Cache-Control: no-cache, no-store Pragma: no-cache Content-Length: 59 Content-Type: application/json Expires: -1 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 5,4204800,1202,7811,2319060,4204800,4204800,7 X-SharePointHealthScore: 0 X-VroomVersion: 2.0 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 64386ea1-e0f6-0000-51c1-3dd4c89102ae request-id: 64386ea1-e0f6-0000-51c1-3dd4c89102ae MS-CV: oW44ZPbgAABRwT3UyJECrg.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 47 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C86040129461458AAC6463DE7EE3292B Ref B: EWR311000108025 Ref C: 2024-12-16T21:22:01Z Date: Mon, 16 Dec 2024 21:22:01 GMT Connection: close
2024-12-16 21:22:01 UTC	59	IN	Data Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 22 61 63 63 65 73 73 44 65 6e 69 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 63 63 65 73 73 20 64 65 6e 69 65 64 22 7d 7d Data Ascii: {"error":{"code":"accessDenied","message":"Access denied"}}

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:01 UTC	2263	OUT	GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:02 UTC	1979	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Fri, 13 Dec 2024 04:03:24 GMT Accept-Ranges: bytes ETag: "8a92bcf4134ddb1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,2102272,0,44,9343955,0,2102272,7 SPRequestDuration: 7 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 0C22704EB3D64B76A1AA8101E02AB2B3 Ref B: EWR311000104037 Ref C: 2024-12-16T21:22:02Z Date: Mon, 16 Dec 2024 21:22:02 GMT Connection: close
2024-12-16 21:22:02 UTC	2191	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @
2024-12-16 21:22:02 UTC	5695	IN	Data Raw: 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff dc 8a 0f ff e6 9f 21 ff e6 9f 21 ff e0 92 15 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 cf 00 00 00 00 d4 78 00 60 d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff cf 74 01 ff bf 69 02 ff bf 6c 06 ff d0 80 0e ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 cf df 90 14 10 00 00 00 00 00 00 00 00 d4 78 00 cf d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff Data Ascii: xxxxx!!x`xxxxxxxxxxxxxxxxtilxxxxxxxxxxx

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\AnyDesk\ad.trace

C:\Users\user\AppData\Roaming\AnyDesk\global_cache\device-id.cache

C:\Users\user\AppData\Roaming\AnyDesk\service.conf

C:\Users\user\AppData\Roaming\AnyDesk\system.conf

C:\Users\user\AppData\Roaming\AnyDesk\user.conf

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\15E3YL0AMZGISQ8NHXAY.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms~RF3b14f0.TMP (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms~RF3b1500.TMP (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N77AVB3V7SFMW2G5P9EB.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XTITK5HF1XBGJ6TUKKYA.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\830a6202-601b-4973-a9bc-4caf5b50ca20.tmp

C:\Users\user\Downloads\935c1ae5-49df-4140-b471-088bee52d1d1.tmp

C:\Users\user\Downloads\AnyDesk.exe (copy)

C:\Users\user\Downloads\Unconfirmed 525032.crdownload

Windows Analysis Report
https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:02 UTC	1777	OUT	GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:02 UTC	3226	IN	HTTP/1.1 200 OK Cache-Control: max-age=600 Transfer-Encoding: chunked Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,525568,0,15,3855298,0,270387,7 X-SharePointHealthScore: 3 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 65386ea1-9024-0000-51c1-38566773c7b2 request-id: 65386ea1-9024-0000-51c1-38566773c7b2 MS-CV: oW44ZSSQAABRwThWZ3PHsg.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 03E77D97CEAB40D38239703782E4656A Ref B: EWR311000103039 Ref C: 2024-12-16T21:22:02Z Date: Mon, 16 Dec 2024 21:22:02 GMT Connection: close
2024-12-16 21:22:02 UTC	706	IN	Data Raw: 32 62 62 0d 0a 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 20 3d 20 7b 7d 3b 0a 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 65 79 29 20 7b 69 66 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 7d 20 65 6c 73 65 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 7d 20 69 66 20 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f Data Ascii: 2bbself._perfMarks = {};self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.perfo
2024-12-16 21:22:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:04 UTC	1777	OUT	GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:04 UTC	1975	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Fri, 13 Dec 2024 04:03:24 GMT Accept-Ranges: bytes ETag: "8a92bcf4134ddb1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,382684,0,301387,7 SPRequestDuration: 9 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: FF9C7F00487A4DB392E94E1554D84B86 Ref B: EWR311000105031 Ref C: 2024-12-16T21:22:04Z Date: Mon, 16 Dec 2024 21:22:04 GMT Connection: close
2024-12-16 21:22:04 UTC	2188	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @
2024-12-16 21:22:04 UTC	5698	IN	Data Raw: 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff dc 8a 0f ff e6 9f 21 ff e6 9f 21 ff e0 92 15 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 cf 00 00 00 00 d4 78 00 60 d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff cf 74 01 ff bf 69 02 ff bf 6c 06 ff d0 80 0e ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 ff df 90 14 cf df 90 14 10 00 00 00 00 00 00 00 00 d4 78 00 cf d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 78 00 ff d4 Data Ascii: xxxxx!!x`xxxxxxxxxxxxxxxxtilxxxxxxxxxx

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:04 UTC	1770	OUT	GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:04 UTC	3281	IN	HTTP/1.1 200 OK Cache-Control: max-age=600 Transfer-Encoding: chunked Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295 X-SharePointHealthScore: 3 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 65386ea1-60a8-0000-51c1-3b49b5adbea7 request-id: 65386ea1-60a8-0000-51c1-3b49b5adbea7 MS-CV: oW44ZahgAABRwTtJta2+pw.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E3CFD79E1DD2410EBF6EBD6BA8CC6CC4 Ref B: EWR311000107045 Ref C: 2024-12-16T21:22:04Z Date: Mon, 16 Dec 2024 21:22:04 GMT Connection: close
2024-12-16 21:22:04 UTC	706	IN	Data Raw: 32 62 62 0d 0a 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 20 3d 20 7b 7d 3b 0a 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 65 79 29 20 7b 69 66 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 7d 20 65 6c 73 65 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 7d 20 69 66 20 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f Data Ascii: 2bbself._perfMarks = {};self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.perfo
2024-12-16 21:22:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:04 UTC	2322	OUT	POST /personal/stella_pabon_ustabuca_edu_co/_api/v2.1/graphql HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Content-Length: 507 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" accept: application/json;odata=verbose Content-Type: application/json;odata=verbose X-ServiceWorker-Strategy: CacheFirst sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://mailustabucaedu-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:04 UTC	507	OUT	Data Raw: 7b 22 71 75 65 72 79 22 3a 22 71 75 65 72 79 20 28 5c 6e 20 20 20 20 20 20 20 20 24 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 51 75 65 72 79 53 74 72 69 6e 67 3a 20 53 74 72 69 6e 67 21 5c 6e 20 20 20 20 20 20 20 20 29 5c 6e 20 20 20 20 20 20 7b 5c 6e 20 20 20 20 20 20 5c 6e 20 20 20 20 20 20 6c 65 67 61 63 79 20 7b 5c 6e 20 20 20 20 20 20 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 28 5c 6e 20 20 20 20 20 20 71 75 65 72 79 53 74 72 69 6e 67 3a 20 24 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 51 75 65 72 79 53 74 72 69 6e 67 5c 6e 20 20 20 20 20 20 29 20 20 20 20 20 20 20 20 20 20 5c 6e 20 20 20 20 20 20 5c 6e 20 20 20 20 7d 5c 6e 20 20 20 20 20 20 5c 6e 20 20 20 20 20 20 5c 6e 20 20 70 65 72 66 20 7b 5c 6e 20 20 20 20 65 78 65 63 75 74 69 6f 6e 54 69 6d 65 5c 6e 20 Data Ascii: {"query":"query (\n $spoSuiteLinksQueryString: String!\n )\n {\n \n legacy {\n spoSuiteLinks(\n queryString: $spoSuiteLinksQueryString\n ) \n \n }\n \n \n perf {\n executionTime\n
2024-12-16 21:22:05 UTC	3206	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 25930 Content-Type: application/json P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,1051136,294,29,357230,0,1051136,7 X-SharePointHealthScore: 2 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 65386ea1-a0ca-0000-5d95-3d59fb5c1387 request-id: 65386ea1-a0ca-0000-5d95-3d59fb5c1387 MS-CV: oW44ZcqgAABdlT1Z+1wThw.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 33F71843511343EE919DFAFC7D26345B Ref B: EWR311000108017 Ref C: 2024-12-16T21:22:05Z Date: Mon, 16 Dec 2024 21:22:04 GMT Connection: close
2024-12-16 21:22:05 UTC	1047	IN	Data Raw: 7b 22 64 61 74 61 22 3a 7b 22 6c 65 67 61 63 79 22 3a 7b 22 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 22 3a 7b 0a 20 22 53 50 53 75 69 74 65 56 65 72 73 69 6f 6e 22 3a 32 2c 0a 20 22 53 50 49 73 4d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 0a 20 22 43 73 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 73 68 61 72 65 64 2e 33 38 34 61 61 63 65 35 66 39 38 61 38 36 32 32 66 34 32 31 63 66 35 39 39 33 35 37 62 36 38 64 2e 63 73 73 22 2c 0a 20 22 4a 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 62 6f 6f 74 73 74 72 Data Ascii: {"data":{"legacy":{"spoSuiteLinks":{ "SPSuiteVersion":2, "SPIsMobile":false, "CssUrl":"https://res-1.cdn.office.net/shellux/suiteux.shell.shared.384aace5f98a8622f421cf599357b68d.css", "JsUrl":"https://res-1.cdn.office.net/shellux/suiteux.shell.bootstr
2024-12-16 21:22:05 UTC	8192	IN	Data Raw: 66 61 6c 73 65 2c 5c 22 41 70 70 73 50 69 6e 6e 65 64 44 61 74 61 5c 22 3a 6e 75 6c 6c 2c 5c 22 41 70 70 73 55 70 64 61 74 65 54 69 6d 65 53 70 61 6e 5c 22 3a 31 34 34 30 30 30 30 30 2c 5c 22 41 72 69 61 54 65 6c 65 6d 65 74 72 79 45 6e 61 62 6c 65 64 5c 22 3a 74 72 75 65 2c 5c 22 41 72 69 61 54 65 6c 65 6d 65 74 72 79 53 65 72 76 65 72 52 65 71 75 65 73 74 49 6e 66 6c 75 78 43 6f 6e 74 72 6f 6c 5c 22 3a 35 2c 5c 22 41 72 69 61 54 65 6c 65 6d 65 74 72 79 54 65 6e 61 6e 74 54 6f 6b 65 6e 5c 22 3a 5c 22 63 36 63 31 39 30 61 31 62 37 33 63 34 61 36 33 62 62 61 38 39 38 33 35 64 35 34 36 63 66 32 38 2d 66 32 61 30 34 38 32 66 2d 61 30 30 64 2d 34 38 64 39 2d 38 32 32 65 2d 65 38 39 63 63 38 39 65 62 36 34 64 2d 37 36 38 38 5c 22 2c 5c 22 41 72 69 61 54 65 6c Data Ascii: false,\"AppsPinnedData\":null,\"AppsUpdateTimeSpan\":14400000,\"AriaTelemetryEnabled\":true,\"AriaTelemetryServerRequestInfluxControl\":5,\"AriaTelemetryTenantToken\":\"c6c190a1b73c4a63bba89835d546cf28-f2a0482f-a00d-48d9-822e-e89cc89eb64d-7688\",\"AriaTel
2024-12-16 21:22:05 UTC	4061	IN	Data Raw: 62 63 38 31 65 63 66 66 66 33 64 63 2e 6a 73 5c 22 2c 5c 22 73 65 61 72 63 68 2d 62 6f 78 2d 63 6f 6e 74 61 69 6e 65 72 2d 70 6c 75 67 69 6e 73 5f 64 69 73 74 5f 6f 6e 64 65 6d 61 6e 64 5f 6a 73 5c 22 3a 5c 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 73 65 61 72 63 68 2d 62 6f 78 2d 63 6f 6e 74 61 69 6e 65 72 2d 70 6c 75 67 69 6e 73 5f 64 69 73 74 5f 6f 6e 64 65 6d 61 6e 64 5f 6a 73 2e 34 36 64 34 61 64 36 63 37 64 63 62 33 37 64 36 32 31 34 36 2e 6a 73 5c 22 2c 5c 22 73 65 61 72 63 68 62 6f 78 5c 22 3a 5c 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 Data Ascii: bc81ecfff3dc.js\",\"search-box-container-plugins_dist_ondemand_js\":\"https://res-1.cdn.office.net/shellux/suiteux.shell.search-box-container-plugins_dist_ondemand_js.46d4ad6c7dcb37d62146.js\",\"searchbox\":\"https://res-1.cdn.office.net/shellux/suiteux.s
2024-12-16 21:22:05 UTC	8192	IN	Data Raw: 49 64 5c 22 3a 5c 22 53 68 61 72 65 70 6f 69 6e 74 5c 22 7d 22 2c 22 43 6f 6d 6d 75 6e 69 74 79 4c 69 6e 6b 22 3a 7b 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 6e 75 6c 6c 2c 22 42 72 61 6e 64 42 61 72 54 65 78 74 22 3a 6e 75 6c 6c 2c 22 46 6f 6e 74 49 63 6f 6e 43 73 73 22 3a 6e 75 6c 6c 2c 22 49 64 22 3a 22 53 68 65 6c 6c 43 6f 6d 6d 75 6e 69 74 79 22 2c 22 4d 65 6e 75 4e 61 6d 65 22 3a 6e 75 6c 6c 2c 22 53 65 72 76 69 63 65 49 64 22 3a 6e 75 6c 6c 2c 22 53 75 62 4c 69 6e 6b 73 22 3a 6e 75 6c 6c 2c 22 54 61 72 67 65 74 57 69 6e 64 6f 77 22 3a 22 5f 62 6c 61 6e 6b 22 2c 22 54 65 78 74 22 3a 22 43 6f 6d 6d 75 6e 69 74 79 22 2c 22 54 69 74 6c 65 22 3a 22 43 6f 6d 6d 75 6e 69 74 79 22 2c 22 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6e 73 77 65 Data Ascii: Id\":\"Sharepoint\"}","CommunityLink":{"BackgroundColor":null,"BrandBarText":null,"FontIconCss":null,"Id":"ShellCommunity","MenuName":null,"ServiceId":null,"SubLinks":null,"TargetWindow":"_blank","Text":"Community","Title":"Community","Url":"https://answe
2024-12-16 21:22:05 UTC	4438	IN	Data Raw: 67 36 70 42 6c 4b 4e 33 61 66 48 4f 51 31 72 48 45 36 65 78 72 71 77 6c 6c 4a 78 50 52 31 4b 64 76 46 32 6d 43 41 5a 2f 72 67 72 75 64 49 55 55 79 4a 67 56 6f 35 2b 38 63 63 4b 73 65 4f 47 56 62 4d 6a 7a 65 44 58 78 45 43 59 66 4e 64 4e 72 76 58 73 4a 75 70 6d 36 54 55 43 34 4b 72 78 2b 77 71 55 79 73 79 32 65 37 4d 50 36 66 2f 30 44 72 4e 4f 71 6b 63 52 73 68 37 62 6a 51 50 50 42 5a 45 79 62 30 34 71 37 68 36 56 67 53 39 4d 2f 63 4e 4e 50 78 73 6c 43 34 58 4b 35 35 49 4e 54 65 58 6d 35 4c 44 41 35 55 36 66 67 74 75 51 42 6d 4e 35 2f 41 42 62 63 65 52 71 70 4c 63 43 5a 5a 73 6a 66 6a 42 54 64 76 46 47 4f 7a 31 4b 49 61 36 31 4c 68 67 37 30 78 74 46 45 39 55 4b 65 2f 4a 32 46 79 76 43 57 76 77 7a 55 4d 41 49 72 75 6d 43 48 63 46 71 4f 38 31 2f 51 55 6a 35 Data Ascii: g6pBlKN3afHOQ1rHE6exrqwllJxPR1KdvF2mCAZ/rgrudIUUyJgVo5+8ccKseOGVbMjzeDXxECYfNdNrvXsJupm6TUC4Krx+wqUysy2e7MP6f/0DrNOqkcRsh7bjQPPBZEyb04q7h6VgS9M/cNNPxslC4XK55INTeXm5LDA5U6fgtuQBmN5/ABbceRqpLcCZZsjfjBTdvFGOz1KIa61Lhg70xtFE9UKe/J2FyvCWvwzUMAIrumCHcFqO81/QUj5

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:07 UTC	1792	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_api/v2.1/graphql HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:07 UTC	3200	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 87 Content-Type: application/json P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,525568,0,28,4302647,0,525568,6 X-SharePointHealthScore: 1 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 66386ea1-205d-0000-51c1-37436d3ed8f8 request-id: 66386ea1-205d-0000-51c1-37436d3ed8f8 MS-CV: oW44Zl0gAABRwTdDbT7Y+A.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: FA7AEBAE983E4B09B108186C0E37913D Ref B: EWR311000105045 Ref C: 2024-12-16T21:22:07Z Date: Mon, 16 Dec 2024 21:22:07 GMT Connection: close
2024-12-16 21:22:07 UTC	87	IN	Data Raw: 7b 22 65 72 72 6f 72 73 22 3a 5b 7b 22 6d 65 73 73 61 67 65 22 3a 22 41 20 71 75 65 72 79 20 69 73 20 72 65 71 75 69 72 65 64 2e 22 2c 22 65 78 74 65 6e 73 69 6f 6e 73 22 3a 7b 22 63 6f 64 65 22 3a 22 45 58 45 43 55 54 49 4f 4e 5f 45 52 52 4f 52 22 7d 7d 5d 7d Data Ascii: {"errors":[{"message":"A query is required.","extensions":{"code":"EXECUTION_ERROR"}}]}

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:10 UTC	2769	OUT	POST /personal/stella_pabon_ustabuca_edu_co/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%27&RootFolder=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&TryNewExperienceSingle=TRUE HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Content-Length: 201 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Service-Worker-Prefetch-And-Coalesce: true sec-ch-ua-mobile: ?0 Authorization: Bearer User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CollectSPPerfMetrics: SPSQLQueryCount Content-Type: application/json;odata=verbose accept: application/json;odata=verbose X-SP-REQUESTRESOURCES: listUrl=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments X-ServiceWorker-Strategy: CacheFirst sec-ch-ua-platform: "Windows" Origin: https://mailustabucaedu-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:10 UTC	201	OUT	Data Raw: 7b 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 5f 5f 6d 65 74 61 64 61 74 61 22 3a 7b 22 74 79 70 65 22 3a 22 53 50 2e 52 65 6e 64 65 72 4c 69 73 74 44 61 74 61 50 61 72 61 6d 65 74 65 72 73 22 7d 2c 22 52 65 6e 64 65 72 4f 70 74 69 6f 6e 73 22 3a 35 36 39 31 31 34 33 2c 22 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 56 61 6c 75 65 46 69 6c 74 65 72 46 6f 72 54 61 78 6f 6e 6f 6d 79 46 69 65 6c 64 73 22 3a 74 72 75 65 2c 22 41 64 64 52 65 71 75 69 72 65 64 46 69 65 6c 64 73 22 3a 74 72 75 65 2c 22 52 65 71 75 69 72 65 46 6f 6c 64 65 72 43 6f 6c 6f 72 69 6e 67 46 69 65 6c 64 73 22 3a 74 72 75 65 7d 7d Data Ascii: {"parameters":{"__metadata":{"type":"SP.RenderListDataParameters"},"RenderOptions":5691143,"AllowMultipleValueFilterForTaxonomyFields":true,"AddRequiredFields":true,"RequireFolderColoringFields":true}}
2024-12-16 21:22:11 UTC	3586	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Expires: Sun, 01 Dec 2024 21:22:11 GMT Last-Modified: Mon, 16 Dec 2024 21:22:11 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] Set-Cookie: CannotPreviewLists=1; expires=Tue, 17-Dec-2024 21:22:11 GMT; path=/personal/stella_pabon_ustabuca_edu_co/Documents; secure X-NetworkStatistics: 0,1051136,0,24,564137,0,745365,7 X-SharePointHealthScore: 2 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 156 SPRequestDuration: 157 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 67386ea1-a04b-0000-51c1-315fd49447c6 request-id: 67386ea1-a04b-0000-51c1-315fd49447c6 MS-CV: oW44Z0ugAABRwTFf1JRHxg.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C1000203E73B4CA89A98040CD0A684F7 Ref B: EWR311000104053 Ref C: 2024-12-16T21:22:11Z Date: Mon, 16 Dec 2024 21:22:10 GMT Connection: close
2024-12-16 21:22:11 UTC	2366	IN	Data Raw: 39 33 37 0d 0a 7b 22 77 70 71 22 3a 22 22 2c 22 54 65 6d 70 6c 61 74 65 73 22 3a 7b 7d 2c 22 4c 69 73 74 44 61 74 61 22 3a 7b 20 22 52 6f 77 22 20 3a 20 0a 5b 5d 2c 22 46 69 72 73 74 52 6f 77 22 20 3a 20 31 2c 0d 0a 22 46 6f 6c 64 65 72 50 65 72 6d 69 73 73 69 6f 6e 73 22 20 3a 20 22 30 78 33 30 30 38 30 33 31 30 32 37 22 0d 0a 2c 22 4c 61 73 74 52 6f 77 22 20 3a 20 30 2c 0d 0a 22 52 6f 77 4c 69 6d 69 74 22 20 3a 20 33 30 0d 0a 2c 22 46 69 6c 74 65 72 4c 69 6e 6b 22 20 3a 20 22 3f 52 6f 6f 74 46 6f 6c 64 65 72 3d 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 73 74 65 6c 6c 61 25 35 46 70 61 62 6f 6e 25 35 46 75 73 74 61 62 75 63 61 25 35 46 65 64 75 25 35 46 63 6f 25 32 46 44 6f 63 75 6d 65 6e 74 73 25 32 46 5a 69 70 25 32 46 41 6e 79 44 65 73 6b 25 32 45 65 Data Ascii: 937{"wpq":"","Templates":{},"ListData":{ "Row" : [],"FirstRow" : 1,"FolderPermissions" : "0x3008031027","LastRow" : 0,"RowLimit" : 30,"FilterLink" : "?RootFolder=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Ee
2024-12-16 21:22:11 UTC	2000	IN	Data Raw: 37 63 39 0d 0a 61 64 4f 6e 6c 79 22 3a 20 22 54 52 55 45 22 2c 0a 22 53 6f 72 74 61 62 6c 65 22 3a 20 22 46 41 4c 53 45 22 2c 0a 22 72 6f 6c 65 22 3a 20 22 43 6f 6d 70 75 74 65 64 22 2c 0a 22 61 72 69 61 4c 61 62 65 6c 22 3a 20 22 43 6f 6d 70 61 72 74 69 72 22 2c 0a 22 54 79 70 65 22 3a 20 22 43 6f 6d 70 75 74 65 64 22 2c 0a 22 46 69 6c 74 65 72 61 62 6c 65 22 3a 20 22 46 41 4c 53 45 22 2c 0a 22 41 6c 6c 6f 77 47 72 69 64 45 64 69 74 69 6e 67 22 3a 20 22 46 41 4c 53 45 22 2c 0a 22 43 6c 69 65 6e 74 53 69 64 65 43 6f 6d 70 6f 6e 65 6e 74 49 64 22 3a 20 22 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 22 2c 0a 22 50 69 6e 6e 65 64 54 6f 46 69 6c 74 65 72 73 50 61 6e 65 22 3a 20 22 46 41 4c 53 45 Data Ascii: 7c9adOnly": "TRUE","Sortable": "FALSE","role": "Computed","ariaLabel": "Compartir","Type": "Computed","Filterable": "FALSE","AllowGridEditing": "FALSE","ClientSideComponentId": "00000000-0000-0000-0000-000000000000","PinnedToFiltersPane": "FALSE
2024-12-16 21:22:11 UTC	4046	IN	Data Raw: 66 63 37 0d 0a 75 59 67 52 30 63 6e 56 6c 63 6d 45 77 61 43 35 6d 66 47 31 6c 62 57 4a 6c 63 6e 4e 6f 61 58 42 38 64 58 4a 75 4a 54 4e 68 63 33 42 76 4a 54 4e 68 59 57 35 76 62 69 4d 32 4f 57 4e 69 5a 54 51 33 59 54 63 32 4e 7a 51 30 5a 6a 4d 33 4e 7a 6b 35 5a 6a 6b 7a 4d 54 64 6d 5a 6d 4a 6c 59 7a 52 69 59 54 6c 6c 5a 6a 45 77 59 54 64 69 4e 57 4a 6b 4f 54 56 6c 4e 54 6c 68 4e 6a 68 6c 4d 7a 4a 6d 4d 6d 51 31 4d 44 4e 6d 59 32 4d 35 65 67 45 77 77 67 46 68 4d 43 4d 75 5a 6e 78 74 5a 57 31 69 5a 58 4a 7a 61 47 6c 77 66 48 56 79 62 69 55 7a 59 58 4e 77 62 79 55 7a 59 57 46 75 62 32 34 6a 4e 6a 6c 6a 59 6d 55 30 4e 32 45 33 4e 6a 63 30 4e 47 59 7a 4e 7a 63 35 4f 57 59 35 4d 7a 45 33 5a 6d 5a 69 5a 57 4d 30 59 6d 45 35 5a 57 59 78 4d 47 45 33 59 6a 56 69 5a Data Ascii: fc7uYgR0cnVlcmEwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiM2OWNiZTQ3YTc2NzQ0ZjM3Nzk5ZjkzMTdmZmJlYzRiYTllZjEwYTdiNWJkOTVlNTlhNjhlMzJmMmQ1MDNmY2M5egEwwgFhMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZ
2024-12-16 21:22:11 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 2e 74 72 61 6e 73 66 6f 72 6d 55 72 6c 22 20 3a 20 22 7b 2e 6d 65 64 69 61 42 61 73 65 55 72 6c 7d 5c 75 30 30 32 66 74 72 61 6e 73 66 6f 72 6d 5c 75 30 30 32 66 7b 2e 6d 65 74 68 6f 64 7d 3f 70 72 6f 76 69 64 65 72 3d 73 70 6f 26 69 6e 70 75 74 46 6f 72 6d 61 74 3d 7b 2e 66 69 6c 65 54 79 70 65 7d 26 63 73 3d 7b 2e 63 61 6c 6c 65 72 53 74 61 63 6b 7d 26 64 6f 63 69 64 3d 7b 2e 73 70 49 74 65 6d 55 72 6c 7d 26 7b 2e 64 72 69 76 65 41 63 63 65 73 73 54 6f 6b 65 6e 7d 22 0d 0a 2c 20 22 2e 74 68 75 6d 62 6e 61 69 6c 55 72 6c 22 20 3a 20 22 7b 2e 6d 65 64 69 61 42 61 73 65 55 72 6c 7d 5c 75 30 30 32 66 74 72 61 6e 73 66 6f 72 6d 5c 75 30 30 32 66 74 68 75 6d 62 6e 61 69 6c 3f 70 72 6f 76 69 64 65 72 3d 73 70 6f 26 69 6e 70 75 74 46 6f 72 6d Data Ascii: 2000.transformUrl" : "{.mediaBaseUrl}\u002ftransform\u002f{.method}?provider=spo&inputFormat={.fileType}&cs={.callerStack}&docid={.spItemUrl}&{.driveAccessToken}", ".thumbnailUrl" : "{.mediaBaseUrl}\u002ftransform\u002fthumbnail?provider=spo&inputForm
2024-12-16 21:22:11 UTC	4154	IN	Data Raw: 31 30 33 32 0d 0a 74 72 75 65 2c 5c 22 73 69 74 65 53 75 62 73 63 72 69 70 74 69 6f 6e 49 64 5c 22 3a 5c 22 66 35 37 61 35 39 34 39 2d 33 37 33 38 2d 34 31 65 66 2d 61 38 36 65 2d 30 30 34 39 30 63 30 38 63 63 62 35 5c 22 2c 5c 22 74 65 6e 61 6e 74 44 69 73 70 6c 61 79 4e 61 6d 65 5c 22 3a 5c 22 55 6e 69 76 65 72 73 69 64 61 64 20 53 61 6e 74 6f 20 54 6f 6d c3 a1 73 20 42 75 63 61 72 61 6d 61 6e 67 61 5c 22 2c 5c 22 69 73 4d 75 6c 74 69 47 65 6f 54 65 6e 61 6e 74 5c 22 3a 66 61 6c 73 65 2c 5c 22 69 73 4d 75 6c 74 69 47 65 6f 4f 44 42 4d 6f 64 65 5c 22 3a 66 61 6c 73 65 2c 5c 22 77 65 62 44 6f 6d 61 69 6e 5c 22 3a 5c 22 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 5c 22 2c 5c 22 69 73 53 50 4f 5c 22 3a 74 72 75 65 2c 5c 22 61 70 70 53 65 61 74 73 51 75 6f 74 Data Ascii: 1032true,\"siteSubscriptionId\":\"f57a5949-3738-41ef-a86e-00490c08ccb5\",\"tenantDisplayName\":\"Universidad Santo Toms Bucaramanga\",\"isMultiGeoTenant\":false,\"isMultiGeoODBMode\":false,\"webDomain\":\"sharepoint.com\",\"isSPO\":true,\"appSeatsQuot
2024-12-16 21:22:11 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 38 37 34 30 35 33 36 32 2c 2d 32 31 34 33 32 36 38 33 32 30 2c 31 31 31 34 38 38 30 2c 32 32 34 34 37 34 35 2c 35 33 36 39 30 35 37 32 39 2c 33 35 32 5d 2c 5c 22 45 43 53 45 78 70 46 65 61 74 75 72 65 73 5c 22 3a 5b 5c 22 4f 72 67 41 73 73 65 74 73 49 6e 42 43 50 61 67 65 43 6f 6e 74 65 78 74 5c 22 2c 5c 22 53 50 4f 43 6c 69 65 6e 74 43 61 6e 61 72 79 46 6c 69 67 68 74 5c 22 5d 2c 5c 22 65 78 70 65 72 69 6d 65 6e 74 44 61 74 61 5c 22 3a 5c 22 41 41 41 43 41 42 49 41 49 42 45 41 41 41 49 41 49 41 49 6e 63 53 41 42 45 42 41 51 59 58 63 43 45 41 41 58 49 68 41 41 49 41 41 53 45 41 41 67 45 48 41 42 41 51 42 79 49 41 49 52 41 42 49 68 41 41 41 43 41 42 41 41 41 47 41 67 41 41 41 67 49 42 45 69 4a 79 41 41 45 41 41 42 45 41 63 41 41 43 45 43 Data Ascii: 200087405362,-2143268320,1114880,2244745,536905729,352],\"ECSExpFeatures\":[\"OrgAssetsInBCPageContext\",\"SPOClientCanaryFlight\"],\"experimentData\":\"AAACABIAIBEAAAIAIAIncSABEBAQYXcCEAAXIhAAIAASEAAgEHABAQByIAIRABIhAAACABAAAGAgAAAgIBEiJyAAEAABEAcAACEC
2024-12-16 21:22:11 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 43 31 32 32 33 32 39 5c 22 3a 74 72 75 65 2c 5c 22 36 39 43 42 41 35 30 35 2d 43 46 43 43 2d 34 35 36 34 2d 42 34 33 44 2d 32 33 31 35 43 45 36 32 44 41 30 33 5c 22 3a 74 72 75 65 2c 5c 22 31 39 33 41 38 41 32 36 2d 30 34 31 33 2d 31 31 45 44 2d 42 39 33 39 2d 30 32 34 32 41 43 31 32 30 30 30 32 5c 22 3a 74 72 75 65 2c 5c 22 45 41 35 36 36 38 35 43 2d 32 38 32 44 2d 34 41 33 31 2d 39 31 38 38 2d 43 46 45 41 39 42 35 39 33 32 39 45 5c 22 3a 74 72 75 65 2c 5c 22 30 41 36 38 38 30 46 39 2d 33 36 44 34 2d 34 39 39 34 2d 42 36 39 33 2d 45 43 44 35 44 41 36 46 31 41 43 36 5c 22 3a 74 72 75 65 2c 5c 22 36 30 45 45 33 35 45 45 2d 33 45 37 34 2d 34 45 34 44 2d 42 35 31 41 2d 30 45 46 42 33 38 31 32 37 30 30 33 5c 22 3a 74 72 75 65 2c 5c 22 41 33 Data Ascii: 2000C122329\":true,\"69CBA505-CFCC-4564-B43D-2315CE62DA03\":true,\"193A8A26-0413-11ED-B939-0242AC120002\":true,\"EA56685C-282D-4A31-9188-CFEA9B59329E\":true,\"0A6880F9-36D4-4994-B693-ECD5DA6F1AC6\":true,\"60EE35EE-3E74-4E4D-B51A-0EFB38127003\":true,\"A3
2024-12-16 21:22:11 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 43 43 38 5c 22 3a 74 72 75 65 2c 5c 22 32 30 45 41 37 38 45 30 2d 34 39 35 39 2d 34 37 38 43 2d 42 38 34 38 2d 38 46 41 39 37 32 42 39 38 39 44 34 5c 22 3a 74 72 75 65 2c 5c 22 34 30 35 31 42 42 37 43 2d 33 34 39 32 2d 30 39 36 32 2d 39 37 37 35 2d 42 45 46 42 32 30 42 42 45 36 46 31 5c 22 3a 74 72 75 65 2c 5c 22 37 31 46 44 34 38 30 46 2d 36 41 38 44 2d 34 44 37 44 2d 38 42 43 31 2d 44 36 41 37 41 31 41 38 38 42 33 38 5c 22 3a 74 72 75 65 2c 5c 22 35 43 42 30 39 36 44 33 2d 32 33 45 33 2d 34 46 39 42 2d 42 41 43 46 2d 39 39 33 32 36 39 38 35 37 42 42 44 5c 22 3a 74 72 75 65 2c 5c 22 30 42 34 41 42 43 46 44 2d 35 38 37 37 2d 34 42 45 32 2d 42 46 35 31 2d 45 42 36 30 42 42 30 39 46 37 38 46 5c 22 3a 74 72 75 65 2c 5c 22 43 35 45 46 32 42 Data Ascii: 2000CC8\":true,\"20EA78E0-4959-478C-B848-8FA972B989D4\":true,\"4051BB7C-3492-0962-9775-BEFB20BBE6F1\":true,\"71FD480F-6A8D-4D7D-8BC1-D6A7A1A88B38\":true,\"5CB096D3-23E3-4F9B-BACF-993269857BBD\":true,\"0B4ABCFD-5877-4BE2-BF51-EB60BB09F78F\":true,\"C5EF2B
2024-12-16 21:22:12 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 22 3a 74 72 75 65 2c 5c 22 42 39 30 44 41 35 46 39 2d 42 41 37 35 2d 34 42 43 43 2d 41 33 45 30 2d 39 46 39 41 42 45 30 36 46 46 35 39 5c 22 3a 74 72 75 65 2c 5c 22 32 46 34 44 39 30 43 42 2d 33 44 38 30 2d 34 43 32 35 2d 42 39 37 39 2d 38 35 33 39 34 43 45 39 39 42 30 42 5c 22 3a 74 72 75 65 2c 5c 22 38 32 42 42 39 44 35 31 2d 44 34 45 32 2d 34 42 32 42 2d 39 31 32 43 2d 34 30 39 35 43 34 32 39 35 35 42 36 5c 22 3a 74 72 75 65 2c 5c 22 44 33 33 42 36 45 36 45 2d 44 43 46 43 2d 34 39 30 46 2d 39 37 41 31 2d 32 42 45 41 34 39 43 35 37 30 34 32 5c 22 3a 74 72 75 65 2c 5c 22 43 42 32 33 46 36 38 41 2d 38 41 37 32 2d 34 41 30 34 2d 39 33 44 30 2d 37 30 36 44 44 38 31 41 36 41 35 33 5c 22 3a 74 72 75 65 2c 5c 22 33 41 42 32 45 35 42 31 2d 41 Data Ascii: 2000":true,\"B90DA5F9-BA75-4BCC-A3E0-9F9ABE06FF59\":true,\"2F4D90CB-3D80-4C25-B979-85394CE99B0B\":true,\"82BB9D51-D4E2-4B2B-912C-4095C42955B6\":true,\"D33B6E6E-DCFC-490F-97A1-2BEA49C57042\":true,\"CB23F68A-8A72-4A04-93D0-706DD81A6A53\":true,\"3AB2E5B1-A

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:13 UTC	2036	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%27&RootFolder=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&TryNewExperienceSingle=TRUE HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:14 UTC	3466	IN	HTTP/1.1 405 Method Not Allowed Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/xml;charset=utf-8 Expires: Sun, 01 Dec 2024 21:22:14 GMT Last-Modified: Mon, 16 Dec 2024 21:22:14 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 0,4204800,45,38,11136142,0,4204800,7 X-SharePointHealthScore: 0 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 27 SPRequestDuration: 28 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 68386ea1-5006-0000-5773-03683ce70044 request-id: 68386ea1-5006-0000-5773-03683ce70044 MS-CV: oW44aAZQAABXcwNoPOcARA.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F4D0C448CBAB417C97AD2D1DA1C035A9 Ref B: EWR311000106021 Ref C: 2024-12-16T21:22:14Z Date: Mon, 16 Dec 2024 21:22:14 GMT Connection: close
2024-12-16 21:22:14 UTC	454	IN	Data Raw: 31 62 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 6d 3a 65 72 72 6f 72 20 78 6d 6c 6e 73 3a 6d 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 64 6f 2f 32 30 30 37 2f 30 38 2f 64 61 74 61 73 65 72 76 69 63 65 73 2f 6d 65 74 61 64 61 74 61 22 3e 3c 6d 3a 63 6f 64 65 3e 2d 31 2c 20 4d 69 63 72 6f 73 6f 66 74 2e 53 68 61 72 65 50 6f 69 6e 74 2e 43 6c 69 65 6e 74 2e 43 6c 69 65 6e 74 53 65 72 76 69 63 65 45 78 63 65 70 74 69 6f 6e 3c 2f 6d 3a 63 6f 64 65 3e 3c 6d 3a 6d 65 73 73 61 67 65 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 45 53 22 3e 45 6c 20 6d c3 a9 74 6f 64 6f 20 48 54 54 50 20 27 47 45 54 27 20 6e 6f 20 73 65 20 70 75 65 Data Ascii: 1bf<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code>-1, Microsoft.SharePoint.Client.ClientServiceException</m:code><m:message xml:lang="es-ES">El mtodo HTTP 'GET' no se pue
2024-12-16 21:22:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:15 UTC	2870	OUT	POST /personal/stella_pabon_ustabuca_edu_co/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive Content-Length: 821 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" x-ms-cc: t ScenarioType: AUO sec-ch-ua-mobile: ?0 Authorization: Bearer User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CollectSPPerfMetrics: SPSQLQueryCount Content-Type: application/json;odata=verbose accept: application/json;odata=verbose X-ClientService-ClientTag: ODB Web X-SP-REQUESTRESOURCES: listUrl=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments X-ServiceWorker-Strategy: CacheFirst x-requestdigest: 0x103DED0DEBF4F659E629410E191C96D8B291C76B47D36393A61114AE3419CA1F3D246909A9579B000FC9B8F5D0251CA6E98C9C3DBA5122327AE77F4D409B1444,16 Dec 2024 21:21:59 -0000 sec-ch-ua-platform: "Windows" Origin: https://mailustabucaedu-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:15 UTC	821	OUT	Data Raw: 7b 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 5f 5f 6d 65 74 61 64 61 74 61 22 3a 7b 22 74 79 70 65 22 3a 22 53 50 2e 52 65 6e 64 65 72 4c 69 73 74 44 61 74 61 50 61 72 61 6d 65 74 65 72 73 22 7d 2c 22 52 65 6e 64 65 72 4f 70 74 69 6f 6e 73 22 3a 31 30 35 32 36 37 39 2c 22 56 69 65 77 58 6d 6c 22 3a 22 3c 56 69 65 77 20 3e 3c 51 75 65 72 79 3e 3c 2f 51 75 65 72 79 3e 3c 56 69 65 77 46 69 65 6c 64 73 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 44 6f 63 49 63 6f 6e 5c 22 2f 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 4c 69 6e 6b 46 69 6c 65 6e 61 6d 65 5c 22 2f 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 4d 6f 64 69 66 69 65 64 5c 22 2f 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 45 64 69 74 6f 72 5c 22 2f 3e 3c 46 Data Ascii: {"parameters":{"__metadata":{"type":"SP.RenderListDataParameters"},"RenderOptions":1052679,"ViewXml":"<View ><Query></Query><ViewFields><FieldRef Name=\"DocIcon\"/><FieldRef Name=\"LinkFilename\"/><FieldRef Name=\"Modified\"/><FieldRef Name=\"Editor\"/><F
2024-12-16 21:22:16 UTC	3461	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Expires: Sun, 01 Dec 2024 21:22:15 GMT Last-Modified: Mon, 16 Dec 2024 21:22:15 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 5,2102272,189,29723,6552883,2102272,2102272,7 X-SharePointHealthScore: 3 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 62 SPRequestDuration: 63 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 68386ea1-806d-0000-51c1-329adbb59eef request-id: 68386ea1-806d-0000-51c1-329adbb59eef MS-CV: oW44aG2AAABRwTKa27We7w.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F70E1AB02FA84F5B8BE89E8E0C364933 Ref B: EWR311000103011 Ref C: 2024-12-16T21:22:15Z Date: Mon, 16 Dec 2024 21:22:15 GMT Connection: close
2024-12-16 21:22:16 UTC	3527	IN	Data Raw: 64 63 30 0d 0a 7b 22 77 70 71 22 3a 22 22 2c 22 54 65 6d 70 6c 61 74 65 73 22 3a 7b 7d 2c 22 4c 69 73 74 44 61 74 61 22 3a 7b 20 22 52 6f 77 22 20 3a 20 0a 5b 5d 2c 22 46 69 72 73 74 52 6f 77 22 20 3a 20 31 2c 0d 0a 22 46 6f 6c 64 65 72 50 65 72 6d 69 73 73 69 6f 6e 73 22 20 3a 20 22 30 78 33 30 30 38 30 31 31 30 30 30 22 0d 0a 2c 22 4c 61 73 74 52 6f 77 22 20 3a 20 30 2c 0d 0a 22 52 6f 77 4c 69 6d 69 74 22 20 3a 20 31 0d 0a 2c 22 46 69 6c 74 65 72 4c 69 6e 6b 22 20 3a 20 22 3f 22 0a 2c 22 46 6f 72 63 65 4e 6f 48 69 65 72 61 72 63 68 79 22 20 3a 20 22 31 22 0a 2c 22 48 69 65 72 61 72 63 68 79 48 61 73 49 6e 64 65 6e 74 69 6f 6e 22 20 3a 20 22 22 0a 2c 22 43 75 72 72 65 6e 74 46 6f 6c 64 65 72 50 72 69 6e 63 69 70 61 6c 43 6f 75 6e 74 22 20 3a 20 22 30 22 Data Ascii: dc0{"wpq":"","Templates":{},"ListData":{ "Row" : [],"FirstRow" : 1,"FolderPermissions" : "0x3008011000","LastRow" : 0,"RowLimit" : 1,"FilterLink" : "?","ForceNoHierarchy" : "1","HierarchyHasIndention" : "","CurrentFolderPrincipalCount" : "0"
2024-12-16 21:22:16 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 6e 6c 79 22 3a 20 22 54 52 55 45 22 2c 0a 22 72 6f 6c 65 22 3a 20 22 4c 6f 6f 6b 75 70 22 2c 0a 22 61 72 69 61 4c 61 62 65 6c 22 3a 20 22 4e 5c 75 30 30 66 61 6d 65 72 6f 20 73 65 63 75 6e 64 61 72 69 6f 20 64 65 20 65 6c 65 6d 65 6e 74 6f 22 2c 0a 22 46 72 6f 6d 42 61 73 65 54 79 70 65 22 3a 20 22 54 52 55 45 22 2c 0a 22 48 61 73 50 72 65 66 69 78 22 3a 20 22 54 52 55 45 22 2c 0a 22 54 79 70 65 22 3a 20 22 4c 6f 6f 6b 75 70 22 2c 0a 22 41 6c 6c 6f 77 47 72 69 64 45 64 69 74 69 6e 67 22 3a 20 22 46 41 4c 53 45 22 2c 0a 22 43 6c 69 65 6e 74 53 69 64 65 43 6f 6d 70 6f 6e 65 6e 74 49 64 22 3a 20 22 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 22 2c 0a 22 50 69 6e 6e 65 64 54 6f Data Ascii: 2000nly": "TRUE","role": "Lookup","ariaLabel": "N\u00famero secundario de elemento","FromBaseType": "TRUE","HasPrefix": "TRUE","Type": "Lookup","AllowGridEditing": "FALSE","ClientSideComponentId": "00000000-0000-0000-0000-000000000000","PinnedTo
2024-12-16 21:22:16 UTC	1334	IN	Data Raw: 35 32 66 0d 0a 75 62 32 34 6a 4e 6a 6c 6a 59 6d 55 30 4e 32 45 33 4e 6a 63 30 4e 47 59 7a 4e 7a 63 35 4f 57 59 35 4d 7a 45 33 5a 6d 5a 69 5a 57 4d 30 59 6d 45 35 5a 57 59 78 4d 47 45 33 59 6a 56 69 5a 44 6b 31 5a 54 55 35 59 54 59 34 5a 54 4d 79 5a 6a 4a 6b 4e 54 41 7a 5a 6d 4e 6a 4f 62 49 42 45 30 5a 70 62 47 56 7a 4c 6c 4a 6c 59 57 52 58 63 6d 6c 30 5a 53 35 42 62 47 7a 49 41 51 45 2e 4a 37 50 61 46 4a 6b 6f 6e 2d 49 4e 73 38 4a 4b 57 74 41 4a 69 63 74 54 4c 2d 58 31 46 70 4e 77 72 51 4f 69 31 32 53 6f 6c 71 45 22 0d 0a 2c 20 22 2e 64 72 69 76 65 41 63 63 65 73 73 43 6f 64 65 56 32 31 22 20 3a 20 22 76 31 2e 65 79 4a 7a 61 58 52 6c 61 57 51 69 4f 69 4a 6a 4d 7a 52 6b 59 6d 52 6c 5a 69 30 30 4d 47 55 34 4c 54 51 32 4d 7a 67 74 59 6a 49 78 4e 79 30 32 5a Data Ascii: 52fub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjObIBE0ZpbGVzLlJlYWRXcml0ZS5BbGzIAQE.J7PaFJkon-INs8JKWtAJictTL-X1FpNwrQOi12SolqE", ".driveAccessCodeV21" : "v1.eyJzaXRlaWQiOiJjMzRkYmRlZi00MGU4LTQ2MzgtYjIxNy02Z
2024-12-16 21:22:16 UTC	4274	IN	Data Raw: 31 30 61 61 0d 0a 64 69 61 70 2e 73 76 63 2e 6d 73 22 0d 0a 2c 20 22 2e 6d 65 64 69 61 42 61 73 65 55 72 6c 53 65 63 6f 6e 64 61 72 79 22 20 3a 20 22 68 74 74 70 73 3a 5c 75 30 30 32 66 5c 75 30 30 32 66 73 6f 75 74 68 63 65 6e 74 72 61 6c 75 73 31 2d 6d 65 64 69 61 70 2e 73 76 63 2e 6d 73 22 0d 0a 2c 20 22 2e 70 75 73 68 43 68 61 6e 6e 65 6c 42 61 73 65 55 72 6c 22 20 3a 20 22 68 74 74 70 73 3a 5c 75 30 30 32 66 5c 75 30 30 32 66 65 61 73 74 75 73 30 2e 70 75 73 68 6e 70 2e 73 76 63 2e 6d 73 22 0d 0a 2c 20 22 2e 63 61 6c 6c 65 72 53 74 61 63 6b 22 20 3a 20 22 66 46 4e 51 54 77 22 0d 0a 2c 20 22 2e 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 20 3a 20 22 36 38 33 38 36 65 61 31 2d 38 30 36 64 2d 30 30 30 30 2d 35 31 63 31 2d 33 32 39 61 64 62 62 35 39 65 65 Data Ascii: 10aadiap.svc.ms", ".mediaBaseUrlSecondary" : "https:\u002f\u002fsouthcentralus1-mediap.svc.ms", ".pushChannelBaseUrl" : "https:\u002f\u002feastus0.pushnp.svc.ms", ".callerStack" : "fFNQTw", ".correlationId" : "68386ea1-806d-0000-51c1-329adbb59ee
2024-12-16 21:22:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:17 UTC	2563	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_layouts/15/download.aspx?SourceUrl=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://mailustabucaedu-my.sharepoint.com/personal/stella_pabon_ustabuca_edu_co/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip%2FAnyDesk%2Eexe&parent=%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%2FZip&ga=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED] If-None-Match: "{1AF0A460-0888-41A0-AC4C-73DF69FE3EF6},2"
2024-12-16 21:22:18 UTC	3579	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 5512512 Content-Type: application/octet-stream Accept-Ranges: bytes ETag: "{1AF0A460-0888-41A0-AC4C-73DF69FE3EF6},2" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 6,2102272,510,10151,2960150,2102272,2102272,7 X-SharePointHealthScore: 0 docID: mailustabucaedu-my.sharepoint.com_c34dbdef-40e8-4638-b217-6db2cdf8fd5b_1af0a460-0888-41a0-ac4c-73df69fe3ef6 X-Download-Options: noopen Content-Disposition: attachment;filename=utf-8''AnyDesk%2Eexe;filename="AnyDesk.exe" CTag: {1AF0A460-0888-41A0-AC4C-73DF69FE3EF6},2,1 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 68386ea1-c0f7-0000-5773-0d55ff761ca0 request-id: 68386ea1-c0f7-0000-5773-0d55ff761ca0 MS-CV: oW44aPfAAABXcw1V/3YcoA.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E81E85E8F9D840799AF73069B0BA15F1 Ref B: EWR311000103029 Ref C: 2024-12-16T21:22:18Z Date: Mon, 16 Dec 2024 21:22:17 GMT Connection: close
2024-12-16 21:22:18 UTC	3068	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e9 1c e7 68 ad 7d 89 3b ad 7d 89 3b ad 7d 89 3b c2 0b 22 3b a5 7d 89 3b c2 0b 23 3b ae 7d 89 3b b6 e0 13 3b ac 7d 89 3b c2 0b 14 3b ac 7d 89 3b 52 69 63 68 ad 7d 89 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 83 77 50 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0a 00 00 2a 00 00 00 a2 53 00 00 1e 10 01 e5 1c 00 00 00 10 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$h};};};";};#;};;};;};Rich};PELwPg"*S
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: c4 0c 50 8d 46 08 50 8b ce e8 b0 fe ff ff 6a 18 68 b4 61 50 01 68 be 53 ce 17 e8 65 05 00 00 83 c4 0c 50 8d 46 0c 50 8b ce e8 90 fe ff ff 6a 0f 68 a4 61 50 01 68 69 0b b3 26 e8 45 05 00 00 83 c4 0c 50 8d 46 10 50 8b ce e8 70 fe ff ff 6a 12 68 90 61 50 01 68 30 45 92 3d e8 25 05 00 00 83 c4 0c 50 8d 46 14 50 8b ce e8 50 fe ff ff 6a 07 68 88 61 50 01 68 9a 40 36 22 e8 05 05 00 00 83 c4 0c 50 8d 46 18 50 8b ce e8 30 fe ff ff 6a 14 68 70 61 50 01 68 04 cd 9c 14 e8 e5 04 00 00 83 c4 0c 50 8d 46 1c 50 8b ce e8 10 fe ff ff 6a 11 68 5c 61 50 01 68 e9 bf 3e 67 e8 c5 04 00 00 83 c4 0c 50 8d 46 20 50 8b ce e8 f0 fd ff ff 6a 11 68 48 61 50 01 68 96 9b d2 68 e8 a5 04 00 00 83 c4 0c 50 8d 46 24 50 8b ce e8 d0 fd ff ff 6a 16 68 30 61 50 01 68 79 5c b6 7d e8 85 04 00 00 Data Ascii: PFPjhaPhSePFPjhaPhi&EPFPpjhaPh0E=%PFPPjhaPh@6"PFP0jhpaPhPFPjh\aPh>gPF PjhHaPhhPF$Pjh0aPhy\}
2024-12-16 21:22:18 UTC	1028	IN	Data Raw: 6a 06 58 eb 71 ff 75 28 8d 45 90 ff 75 1c 89 4d a4 ff 75 18 89 4d a0 50 e8 88 ff ff ff 83 c4 10 85 c0 75 52 8b 45 08 89 45 a4 8d 45 90 50 89 7d b8 e8 20 fc ff ff 89 1e 8b 5d 24 53 ff 75 20 8d 45 90 56 ff 75 10 57 50 e8 6b fc ff ff 8b f0 83 c4 1c 85 f6 75 08 83 3b 03 75 03 6a 06 5e 8b 45 b4 8b 4d 0c ff 75 28 89 01 8d 45 90 50 e8 73 fe ff ff 59 59 8b c6 5f 5e 5b c9 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: jXqu(EuMuMPuREEEP} ]$Su EVuWPku;uj^EMu(EPsYY_^[
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: 74 ee 00 00 32 5c c4 60 96 a3 73 8d 59 d5 00 00 2e 69 74 65 78 74 00 00 2e 74 65 78 74 00 00 00 2e 63 75 73 74 6f 6d 00 61 30 61 31 37 35 37 63 35 33 64 34 63 64 63 32 30 37 66 65 66 33 64 62 37 31 39 66 62 39 35 62 00 00 00 00 72 65 6c 65 61 73 65 2f 77 69 6e 5f 39 2e 30 2e 31 00 00 00 38 31 32 30 34 37 38 39 32 62 62 36 34 64 32 34 62 35 30 34 64 62 31 30 30 31 65 37 61 66 33 61 61 61 62 37 65 62 31 66 00 00 00 00 01 01 01 00 01 00 00 00 00 01 02 02 03 03 03 03 52 53 44 53 44 04 fd 64 54 26 90 40 aa 00 a1 ad 9a b4 6d 64 01 00 00 00 43 3a 5c 42 75 69 6c 64 62 6f 74 5c 61 64 2d 77 69 6e 64 6f 77 73 2d 33 32 5c 62 75 69 6c 64 5c 72 65 6c 65 61 73 65 5c 61 70 70 2d 33 32 5c 77 69 6e 5f 6c 6f 61 64 65 72 5c 41 6e 79 44 65 73 6b 2e 70 64 62 00 00 00 00 00 00 Data Ascii: t2\`sY.itext.text.customa0a1757c53d4cdc207fef3db719fb95brelease/win_9.0.1812047892bb64d24b504db1001e7af3aaab7eb1fRSDSDdT&@mdC:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: 47 6b aa 28 34 fa ab 3b 4f eb bb 25 d8 71 e3 74 c5 43 6a e8 e1 fb ba ef 72 4d 5b 9e 2e a2 8b 8f fa 20 20 5a 53 24 f2 55 6c 40 e7 e8 45 67 26 90 b3 1f dd fd 1a ca c3 7a 4e bd e5 70 b1 22 04 89 4f 59 39 30 c1 0f c0 2e 35 b8 20 17 50 8c 8c 84 a6 f1 ae d7 c5 9e 43 a1 a3 fa fe cc e0 ab 25 ba d1 b1 2a d3 7c f3 01 0b 6a c4 18 1a 75 ef 22 33 29 15 e7 bd ea 6d de da 8c c8 6d 5f 6a 48 1c 23 9d 93 85 1e 5c a2 a7 8e 63 50 3d d1 31 5b 49 07 da b4 0a 46 a5 c1 09 21 ca 8a ce 03 77 bf 47 25 af 88 1c f5 51 d6 15 89 28 2b 98 d7 38 ef 05 9f 16 69 19 00 98 99 a7 75 36 b1 43 87 ae e6 8d ad d0 6b 62 46 12 ab 84 32 b7 09 73 e2 f9 e3 12 1b 52 b9 59 91 ca bb 7a 69 49 8f 9f ac 3e e9 72 7f 25 b5 9d 4c 64 cb 18 80 e9 11 77 04 a8 8e 98 57 ec e3 f2 da c1 66 a8 50 b0 1f 4c db 1a 5e c9 Data Ascii: Gk(4;O%qtCjrM[. ZS$Ul@Eg&zNp"OY90.5 PC%*\|ju"3)mm_jH#\cP=1[IF!wG%Q(+8iu6CkbF2sRYziI>r%LdwWfPL^
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: 04 a8 1b fb 10 51 ee 42 97 e8 62 01 de 88 e8 05 59 09 ca 72 ec 7e df ac 7d ad 29 6b bc f1 cf a7 fe e8 46 55 0c 35 6e d7 f9 19 28 42 88 48 2c 4b c3 fa 03 21 50 df f6 01 e2 5c 8e 39 6e 08 91 7a 69 68 cf b1 fc 30 e7 ad b9 d0 cd 7d d5 64 a2 a2 10 4a 18 2c bc eb cd 36 bb 15 9e 11 dc 6d 50 97 28 c9 45 54 8d 05 24 7e bb 4a 70 90 1b fd bb 04 d7 8d 91 3c d8 2c 88 79 0d 50 10 b6 72 9d 96 83 f2 94 a2 3a 53 f6 35 9a 64 4c ac e5 42 3e 28 9a 00 f9 ae 1f cd 89 0a a8 03 00 dd 14 5a 93 fb 2a c8 62 96 79 27 2e 94 3e ee c0 73 67 c7 e7 39 d7 5e 3c 30 8d 51 8d 86 d5 8b e5 ca e7 12 b2 6b a8 69 99 4b 96 20 5e 74 d2 19 c9 4c aa 73 7e f3 a7 25 c9 ce 14 96 7f 65 a5 77 44 df c8 72 2b fd 5c 30 05 60 43 b0 d4 b4 18 9a c2 81 a5 d0 34 a8 c8 63 10 d9 c0 4d 71 f4 7d 12 49 8a b7 40 29 f7 Data Ascii: QBbYr~})kFU5n(BH,K!P\9nzih0}dJ,6mP(ET$~Jp<,yPr:S5dLB>(Z*by'.>sg9^<0QkiK ^tLs~%ewDr+\0`C4cMq}I@)
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: ef 6d 65 0f 4b b9 5b 99 57 2f 14 2c f3 f8 b6 e3 61 a2 21 81 22 4d 6c e0 5d 36 f7 27 1b ee a8 93 7a 00 2f d1 91 7a 1d 0e c9 3b 8d 7f 33 8a a4 72 76 46 13 ff 54 0f ef 22 42 2a 66 80 7a 94 68 dd 38 59 dc b4 4a 11 5b 76 eb 31 cb ad a8 19 15 bb ff 34 9e a7 84 ca bc 64 e1 4c e7 92 dc 4c bf 34 e1 96 d9 2c 51 91 0a 61 b1 d1 2e 74 fb 01 7d dd 9b eb a5 c7 37 f8 53 f1 c1 92 e4 05 41 00 53 f5 a7 c2 49 57 68 f8 5e 46 93 fc 8d 00 1f c7 2d c9 6c 11 9e ad cb 7f 94 e3 60 0a 4d 85 49 d0 1b d0 ce 45 0c 9c 3e 56 6d d3 45 f2 62 4f f8 f9 17 71 e3 4d f1 24 22 83 b6 09 fa ea 77 fe 94 be 82 bf 3b ae fb bf 8a 42 e4 92 36 ba f4 30 cf 46 6d ff 75 c1 8c 60 37 2e 8c f4 4c 31 cb ce ce 3c b9 6a 7b 09 ee 4c 73 58 25 38 f3 e5 5a e3 5f f0 da 5f 96 5d 7f 05 2f 09 8e df 98 ff 74 25 7b 28 ce Data Ascii: meK[W/,a!"Ml]6'z/z;3rvFT"B*fzh8YJ[v14dLL4,Qa.t}7SASIWh^F-l`MIE>VmEbOqM$"w;B60Fmu`7.L1<j{LsX%8Z__]/t%{(
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: b6 24 da 0d c9 da fc 95 a9 1f ee f0 62 69 14 ec 2e b8 ee 51 01 81 1a 67 7c 59 3e d4 e8 23 35 e5 eb 49 8d 64 6d 09 25 5d 73 b2 87 63 4e 48 d8 72 d2 1a d0 3b 23 b7 53 3a d6 4d 37 b1 52 fc a8 f1 58 2c 16 89 e2 2f 24 8f fd 93 88 b4 df fc 5a e5 db dc 9e 8d 25 40 89 4a 1e 2d c0 d6 40 d5 ac 02 1b ae 9e b4 b7 f9 1c 58 de fe 49 d5 d3 c8 c8 08 0a c4 9c fc 6d 20 ce 92 bf 36 3b da 9f 07 5a d4 ee c6 25 8a ec 41 b3 b2 f0 c0 b4 54 39 9b a4 84 94 af 5a 5c 83 5f b2 72 90 c4 dc e4 b7 f7 f1 2b 5e 48 1f b9 b9 f5 67 63 f1 95 9d 2f df f8 9c a7 af 26 00 5c ad 49 4e 22 91 a7 ba 67 35 da 94 b3 32 12 ec ef 85 b3 a9 ca 86 9f 5d 71 a6 c6 0e 29 40 de 6b 99 e5 b8 f0 ca cb e3 42 04 91 60 4f 77 46 9f ac 91 c5 26 32 5e 52 fd 23 77 60 97 e9 d0 63 b5 c9 03 f7 c0 15 8f cd f5 a9 bb 04 78 93 Data Ascii: $bi.Qg\|Y>#5Idm%]scNHr;#S:M7RX,/$Z%@J-@XIm 6;Z%AT9Z\_r+^Hgc/&\IN"g52]q)@kB`OwF&2^R#w`cx
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: 65 c5 62 c6 60 d7 4f 9d 4d 45 5a c8 e1 ed 92 1f 76 62 bc fd 2e 06 44 f5 d0 6e f1 3c b5 6e be 57 96 cc a2 cd 79 04 26 7e 2e 74 32 59 2f 1a 6c c0 ea 52 fc e1 2e 18 93 bc 0f cc 87 70 44 d8 9f ac f5 45 48 ca ba 37 55 89 22 d8 d6 76 dc 95 38 9c 5b bb a7 f1 2b fd 13 52 b9 6c 09 eb 6d 59 64 38 1c e4 65 28 9e 8b 58 8b e1 04 83 26 83 37 97 bc f9 47 66 b8 38 dc 03 5e f9 1a 03 9d 65 1d d7 ba 85 5f 5c 14 67 ba 87 26 29 8d 12 a4 4c cf 62 09 55 60 6e 26 bf 49 78 5c e3 41 cd 49 1b ae 94 a2 18 75 cd 64 8b 3d 7e b4 fc e2 95 28 ea 60 66 6e f4 07 5c 22 e1 63 e3 e0 89 0e be 3c 9d 23 aa 4f 18 aa 69 1a 81 01 ff 59 21 59 37 59 c4 aa 0e 0b 9d c2 1e 28 a2 09 9d 7e 84 79 96 13 01 aa 41 50 b9 91 c6 18 9a b0 47 0c f0 17 6f ab d7 d6 21 02 36 aa b0 f7 07 6a 0e c5 90 5d b0 49 20 fc b4 Data Ascii: eb`OMEZvb.Dn<nWy&~.t2Y/lR.pDEH7U"v8[+RlmYd8e(X&7Gf8^e_\g&)LbU`n&Ix\AIud=~(`fn\"c<#OiY!Y7Y(~yAPGo!6j]I
2024-12-16 21:22:18 UTC	8192	IN	Data Raw: fe 50 da 42 ac db d7 38 e3 ad df d2 aa 96 3d 70 86 ed 50 66 b8 aa cc 4b 48 b1 f5 99 10 d0 c9 ea f1 f8 d8 21 c3 71 58 dd 20 81 52 c3 d1 ac 1c d5 2d fa 7f 49 b1 14 df 1b 7d 53 8c 37 c2 4d 51 9d f8 20 ac 21 37 93 37 19 6c a5 94 26 8f a2 ad ff 18 91 d8 ed 03 3c 05 9d e5 eb 3b de 2b cc 05 48 18 f9 b3 9d e5 ab 2d 8b 5d 5e 4c 95 a8 5e 73 ff 38 b8 03 9b a1 7b 15 03 ed f9 a7 33 78 67 6a 98 e6 c1 88 84 24 a4 4e e6 0e 00 3e 1e 47 90 3a 85 dd 70 f9 31 56 b7 16 cd 15 32 40 70 7e 00 ec c0 56 b3 5e bf f2 35 35 f9 3f 52 21 29 02 a2 1d 38 8a dd 06 b7 46 3a f4 0b 96 08 f5 99 47 f6 07 97 2d 4a e0 9d b9 49 1e 66 21 99 09 e3 bf 4f e7 63 cc 27 69 b4 60 96 51 9c bb 55 58 a6 35 b9 d4 a1 92 b1 c6 29 99 c6 5b 72 1a 5f 5c c3 0a 0e 00 dc e0 02 95 5f d6 d6 9c e6 34 8a 7d 3b 9c 65 3b Data Ascii: PB8=pPfKH!qX R-I}S7MQ !77l&<;+H-]^L^s8{3xgj$N>G:p1V2@p~V^55?R!)8F:G-JIf!Oc'i`QUX5)[r_\_4};e;

Timestamp	Bytes transferred	Direction	Data
2024-12-16 21:22:17 UTC	1940	OUT	GET /personal/stella_pabon_ustabuca_edu_co/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fstella%5Fpabon%5Fustabuca%5Fedu%5Fco%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1 Host: mailustabucaedu-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVYaVlS [TRUNCATED]
2024-12-16 21:22:18 UTC	3476	IN	HTTP/1.1 405 Method Not Allowed Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/xml;charset=utf-8 Expires: Sun, 01 Dec 2024 21:22:18 GMT Last-Modified: Mon, 16 Dec 2024 21:22:18 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjE0LDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzY5Y2JlNDdhNzY3NDRmMzc3OTlmOTMxN2ZmYmVjNGJhOWVmMTBhN2I1YmQ5NWU1OWE2OGUzMmYyZDUwM2ZjYzksMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNjljYmU0N2E3Njc0NGYzNzc5OWY5MzE3ZmZiZWM0YmE5ZWYxMGE3YjViZDk1ZTU5YTY4ZTMyZjJkNTAzZmNjOSwxMzM3ODg1Nzk5NjAwMDAwMDAsMCwxMzM3ODk0NDA5NjEzNjM1NTIsMC4wLjAuMCwyNTgsZjU3YTU5NDktMzczOC00MWVmLWE4NmUtMDA0OTBjMDhjY2I1LCwsMjI2Y2RjZmUtMjZjMy00NTk1LTg1Y2EtYmEyNWNjNzE1YzdiLDIyNmNkY2ZlLTI2YzMtNDU5NS04NWNhLWJhMjVjYzcxNWM3YixEWHFhWkcxRWEwMnkveUFMSEsxWmxBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDE0MTAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLDdGQWdTSzVqb3NiNjhxRkRtVGlFWlhFQnlhRSxYaWQwMFQ3dGpwQmoxZmdJQXk4U2p6QzZQNk51VHhGWWZMVWpqY254ODhQanVqeDVLNmlqWkJLek1pL1Q2eCs3NDB1Uzd5L0VVeGxKNkM2T2hrNHdwREpleVlhL2dKay9OeVVxNHd3SlpKUGYxbUMzcFBwZVlUekVnSktKai9TRC9yQVJUQTJFaHVaQnhJSFJIKy85ODZOWGprNnRaQnhETFB4THQzeEZkc1JJaXVUdVJqTjJudXJQODhQdTJ1Vmh5OFB3aTVqK3hMYlc1d0RFYXAzdTF0eDVY [TRUNCATED] X-NetworkStatistics: 14,8409600,4467,14392,4075917,8409600,173688,6 X-SharePointHealthScore: 1 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 22 SPRequestDuration: 23 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 69386ea1-6001-0000-51c1-37d8d62d8ee4 request-id: 69386ea1-6001-0000-51c1-37d8d62d8ee4 MS-CV: oW44aQFgAABRwTfY1i2O5A.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f57a5949-3738-41ef-a86e-00490c08ccb5&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F091BD714167418E8ECE63F50C1B5BEB Ref B: EWR311000103035 Ref C: 2024-12-16T21:22:18Z Date: Mon, 16 Dec 2024 21:22:18 GMT Connection: close
2024-12-16 21:22:18 UTC	454	IN	Data Raw: 31 62 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 6d 3a 65 72 72 6f 72 20 78 6d 6c 6e 73 3a 6d 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 64 6f 2f 32 30 30 37 2f 30 38 2f 64 61 74 61 73 65 72 76 69 63 65 73 2f 6d 65 74 61 64 61 74 61 22 3e 3c 6d 3a 63 6f 64 65 3e 2d 31 2c 20 4d 69 63 72 6f 73 6f 66 74 2e 53 68 61 72 65 50 6f 69 6e 74 2e 43 6c 69 65 6e 74 2e 43 6c 69 65 6e 74 53 65 72 76 69 63 65 45 78 63 65 70 74 69 6f 6e 3c 2f 6d 3a 63 6f 64 65 3e 3c 6d 3a 6d 65 73 73 61 67 65 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 45 53 22 3e 45 6c 20 6d c3 a9 74 6f 64 6f 20 48 54 54 50 20 27 47 45 54 27 20 6e 6f 20 73 65 20 70 75 65 Data Ascii: 1bf<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code>-1, Microsoft.SharePoint.Client.ClientServiceException</m:code><m:message xml:lang="es-ES">El mtodo HTTP 'GET' no se pue
2024-12-16 21:22:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0