Edit tour

Windows Analysis Report
https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y

Overview

General Information

Sample URL:	https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y
Analysis ID:	1577190
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected landing page (webpage, office document or email)

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2204,i,11763073008621131279,10746106279034896086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://login.microsoftonline-int.com

Avira URL Cloud: Label: phishing

Phishing

AI detected landing page (webpage, office document or email)

Source: https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?rtime=J_aikTof3Ug

Joe Sandbox AI: Page contains button: 'Cliquez sur tlcharger' Source: '1.2.pages.csv'

Source: https://syndiclair-my.sharepoint.com/personal/ml_syndiclair_fr/_layouts/15/Doc.aspx?sourcedoc={936d047f-a518-429e-a1d6-50d399ade083}&action=view&wd=target%28Untitled%20Section.one%7C6eb30807-2d3e-498c-97c5-1f35a7f17748%2FUntitled%20Page%7Caf5fa34e-78b9-43b8-a285-ae95b5f0ccc0%2F%29&wdorigin=NavigationUrl

HTTP Parser: Total embedded image size: 13227

Source: https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?rtime=J_aikTof3Ug

HTTP Parser: Base64 decoded: {"typ":"JWT","alg":"RS256","x5t":"uXehQJPleVjNCbakUhGD6IyFQQk"}

Source:	Binary string: A.eS+1,A.Usi),this.Wt\|\|(this.awb=!0));return A}wIh(A){return this.Fsc(A)}BEh(){const A=new l.a;for(let E of this.Sj)A.add(this.Pdb(E));return A}AEh(A){if(0<=A&&A<this.Sj.count)return this.Pdb(this.Sj.K(A));k.ULS.sendTraceTag(562947415,3009,15,"Failed to get item {0} from HtmlSplits (size {1}",A,this.Sj.count);return null}OFf(A,E){A=this.Pdb(A);const H=new l.a;if(A&&A.parentNode){let D=!1;for(let C=0;C<A.parentNode.childNodes.length;C++)D?H.add(A.parentNode.childNodes[C]):A.parentNode.childNodes[C]=== source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: A&&(D=!0)}if(H&&H.count&&(A=this.Pdb(E))&&A.parentNode)for(let D of H)A.parentNode.appendChild(D)}lkj(){this.Sj.K(0);for(let A=0;A<this.Sj.count-1;A++){const E=this.Sj.K(A),H=this.CZf(E,this.vM.K(A).VO).Dqj;if(!E\|\|!H)break;A\|\|this.OFf(H,E);H&&(this.Sj.K(A+1)&&this.Sj.K(A+1).parentNode&&this.Sj.K(A+1).parentNode.replaceChild(H,this.Sj.K(A+1)),this.Sj.W(A+1,H))}this.lfg()}Pdb(A){if(Sys.UI.DomElement.containsCssClass(A,v.a.className))return A;for(let E=0;E<A.childNodes.length;E++){const H=A.childNodes[E]; source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: !this.hMi(B.Je.Xe.id))if(this.GOa&&(qb.ULS.sendTraceTag(23171276,365,50,"Incremental action {0} terminated due to inbound revision with ID {1}",this.A6a,this.jv.Je.Xe.id),this.u0b()),!this.XQ.MZb())this.sHc();else if(this.F2\|\|this.UR)this.Aeh(),this.cji()}sHc(B=!1){this.bO();B?this.uXe(null):(B=new Xf.a(2,1,0,this.$re,50),this.Hb.Eb(B))}oWf(B,Y){if(Y&&(1===(Y.Rx&1)\|\|2===(Y.Rx&2))){B=this.F2;const La=this.UR;for(var ta=this.Jh.length-1;0<=ta;ta--)if(this.Jh.K(ta).C_b===Y\|\|this.Jh.K(ta).pdb===Y)this.Jh.removeAt(ta), source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: 1]="pointEraserPenDown";B[B.pointEraserPenMove=2]="pointEraserPenMove";B[B.pointEraserNotSelected=3]="pointEraserNotSelected"})(Ll\|\|(Ll={}));(0,Xb.b)("currentPointEraserState",Ll);class Ri{constructor(B,Y,ta,La,bb,jb,Lb=!1){this.fha=this.Jia=null;this.sEc=Ll.pointEraserNotSelected;this.uYb=B;this.$_f=Y;this.pdb=this.C_b=ta;this.actionId=La;this.Hda=bb;this.Cmb=jb;this.Lqd=Lb}get C_b(){return this.Jia}set C_b(B){this.Jia&&(this.Jia.Rx&=-2);this.Jia=B;this.Jia.Rx\|=1}get pdb(){return this.fha}set pdb(B){this.fha&& source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: this.Ucb,"discardKeyHandler"));wd.a.removeHandler(this.YP,sb.a.Zj,(0,oe.a)(this,this.hbb,"cameraSwitchKeyHandler"));this.pDb&&(this.$Q.removeEventListener("loadeddata",this.pDb),this.pDb=null);this.qDb&&(this.$Q.removeEventListener("loademetaddata",this.qDb),this.qDb=null);super.f7()}jzd(HJ,DB,cJ){return cJ>=HJ/DB?HJ/cJ:DB}kzd(HJ,DB,cJ){return cJ>=HJ/DB?HJ:DBcJ}KMb(HJ,DB,cJ){HJ/=DB;return 1<HJ?cJHJ:cJ}setDimensions(HJ,DB){var cJ=.8Ed.a.A2();const AJ=.8Ed.a.z2()-this.Fme.clientHeight,BJ=HJ/DB, source: chromecache_343.2.dr
Source:	Binary string: C=M(7270),K=M(883);class N{constructor(S,ca){this.cluster=S;this.pIb=ca}}(0,Ba.a)(N,"ImageInfo",null,[]);class P{constructor(S,ca,da,ba,sa,ka,ha,ia,T,ea,la,ra,U,fa,X=null,Ia=null){this.id=S;this.KDb=ca;this.ODb=da;this.NDb=ba;this.MDb=sa;this.LDb=ka;this.PDb=ha;this.igc=ia;this.cya=new N(T,ea);this.k3a=new N(la,ra);this.K_a=new N(U,fa);X&&Ia&&new N(X,Ia)}}(0,Ba.a)(P,"PeoplesWellBaseSettings",null,[]);class R{constructor(){this.Vba=this.pFb=null}}(0,Ba.a)(R,"BreadcrumbControls",null,[]);class y{constructor(S, source: chromecache_435.2.dr, chromecache_404.2.dr
Source:	Binary string: this.jv.Je.Xe;for(this.qHe.start(new Date);this.UR&&Y;){const ie=this.Jh.K(this.hk),Be=this.Jh.K(this.hk-1);Y=ie.Hda&&Be.Hda;this.IA=this.hk;const Qg=Be.Cmb\|\|ie.Cmb,gf=Qg&&ie.Lqd;qb.ULS.sendTraceTag(22607296,365,50,"Performing Undo [IsContinuation: {0}], [AppMode: {1}], [RequiresMerge: {2}], [DisallowUndo: {3}]",Y,gk.a[this.pt],Qg,gf);if(!gf)try{if({Dxa:Sc,returnValue:B}=this.IYe(ie.C_b,Be.pdb,Id,Qg),ta=!!B)Sc?lc=ec.Zic(Sc):ec=this.Jh.K(this.hk).uYb,qd=this.Jh.K(this.IA).$_f,this.Ndd&&this.Ndd(this.Jh.K(this.hk).actionId), source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: this.K4=document.getElementById("ImageDiscardButton");this.ZP=document.getElementById("ImageCaptureButton");this.YP=document.getElementById("CameraSwitchButton");this.gFd();this.pDb=(0,oe.a)(this,this.ICi,"onVideoDataLoaded");this.$Q.addEventListener("loadeddata",this.pDb);this.qDb=(0,oe.a)(this,this.JCi,"onVideoMetaDataLoaded");this.$Q.addEventListener("loadedmetadata",this.qDb);wd.a.addHandler(this.K4,sb.a.click,(0,oe.a)(this,this.MTd,"onDiscardButton"));wd.a.addHandler(this.K4,sb.a.Ue,(0,oe.a)(this, source: chromecache_343.2.dr
Source:	Binary string: this.Jh.K(this.hk).actionId===yd.a.aJb&&(Y=this.Jh.K(this.hk).uYb,this.Jh.removeAt(this.hk));break;case yd.a.XNg:this.iSa&&this.Jh.K(this.hk).actionId===B&&(Y=this.Jh.K(this.hk).uYb,this.Jh.removeAt(this.hk),Gi.b("ApplyDesignerThemeCombineUndo",!0))}this.iSa=!0}return Y}$ce(){if(!(0>this.hk\|\|(this.jv.C7()&&this.jv.jKa(),0>this.hk))){var B=this.jv.Je.Xe;this.Jh.K(this.hk).pdb=B}}Aeh(){this.XQ.MZb()&&(this.iSa=!1,this.D$c=!0)}cji(){if(this.XQ.W2a())for(let B=0;B<this.Jh.length;B++)this.Jh.K(B).Cmb= source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: "RedoFailedWithNoRedoEntries",!0,!0,null),!1;this.uYc.execute(Sc=>{Sc.Erd()});let B=null;var Y=!0;let ta=!1,La=!1;const bb=this.Ob.Lc(7);bb.Ya(this.jv);let jb=this.mV(),Lb=null,ec=null,lc=this.jv.Je.Xe;for(;this.F2&&Y;){Y=this.Jh.K(this.IA);const Sc=this.Jh.K(this.hk);qb.ULS.sendTraceTag(22607301,365,50,"Performing Redo [IsContinuation: {0}] [AppMode: {1}]",this.Jh.K(this.IA).Hda&&this.Jh.K(this.hk).Hda,gk.a[this.pt]);try{if({Dxa:ec,returnValue:B}=this.IYe(Sc.pdb,Y.C_b,lc,Y.Cmb\|\|Sc.Cmb),ta=!!B)ec? source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: continue}H=this.Pdb(H);const D=this.Pdb(this.Sj.K(E-1));if(H&&D)for(;H.firstChild;)D.appendChild(H.firstChild)}return this.Sj.K(A)}Khc(A,E,H){if(!E\|\|!A.Qtd(H))return k.ULS.sendTraceTag(571089538,3009,15,"Html should not be null before split or invalid input"),null;H=this.CZf(E,H).Dqj;if(!E\|\|!H)return k.ULS.sendTraceTag(571089540,3009,15,"Unexpected split result - null"),null;A.dT\|\|this.OFf(H,E);return H}CZf(A,E){A=this.vOa.QSj(this.iF,A,E);0===A.resultCode&&(A.Usi&&A.DOj&&Array.insert(this.iF.Im, source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: (0,ma.a)(Nh,"ImageCaptureDialogHtml",null,[]);class hc extends Kf.a{constructor(HJ,DB,cJ,AJ){super(!1,!1,AJ);this.Fra=null;this.ZK=640;this.si=480;this.yNa=new Ra.a;this.k4b=0;this.qDb=this.pDb=this.$Q=this.L4=this.YP=this.ZP=this.K4=this.Fme=null;this.i_c=HJ;this.$pa=DB;this.Gb=cJ;this.Fe="ImageCaptureDialog";this.HHe=AJ;this.HHe\|\|(this.Xb=1,this.kd(1,Box4Intl.Box4Strings.L_SymbolInsertButtonText),this.YVh())}Bqj(){oa.ULS.sendTraceTag(38596942,324,50,"ImageCaptureDialog:DialogInitialized")}sWh(){this.Bqj(); source: chromecache_343.2.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y HTTP/1.1Host: syndiclair-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/ml_syndiclair_fr/_layouts/15/Doc.aspx?sourcedoc=%7B936d047f-a518-429e-a1d6-50d399ade083%7D&action=default&slrid=8aaf6ea1-a036-a000-d67c-b50d0b0a15e8&originalPath=aHR0cHM6Ly9zeW5kaWNsYWlyLW15LnNoYXJlcG9pbnQuY29tLzpvOi9nL3BlcnNvbmFsL21sX3N5bmRpY2xhaXJfZnIvRW44RWJaTVlwWjVDb2RaUTA1bXQ0SU1CR1pIRUhjU3lsbkllTWgwRG9VTG1adz9ydGltZT1KX2Fpa1RvZjNVZw&CID=2bb11439-8e2b-4b7b-b75e-942a2fe056c9&_SRM=0:G:106 HTTP/1.1Host: syndiclair-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2JkODMyMTgzZTc4N2Q5MGVlMmY0OGRhYzgxNjc1Y2EyOTFjYzUyMjgyMWYxMzc3YjdlZjhhYzdjMzJjNDk1YzUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jYmQ4MzIxODNlNzg3ZDkwZWUyZjQ4ZGFjODE2NzVjYTI5MWNjNTIyODIxZjEzNzdiN2VmOGFjN2MzMmM0OTVjNSwxMzM3ODk4Mjk1NjAwMDAwMDAsMCwxMzM3OTA2OTA1NjgxMDYxODQsMC4wLjAuMCwyNTgsMTBmOWU0NGUtNDJlNC00ZThkLTliYzgtNGFkMTY3NzQyZThjLCwsOGYyZGVkMjctM2RhYi00N2UxLTgyZGYtMTQxYzVjYjQ3Y2I0LDhmMmRlZDI3LTNkYWItNDdlMS04MmRmLTE0MWM1Y2I0N2NiNCw5SFRLY3J2NXZVbXp1N2J0NVoxbG5RLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTAwMTksdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLHFSOTJPbHJlTitVZGFFeUUwQ2JRQ3czMjgzbWlvU0lKNno5M0crNzBJMUk1b09telFaWi9HaXQ1ZTA2enRrNG1Sek9LUUZzQlAwdlBsUzBDUjJ6ci9aaTN6ZkxMNHlmMmt6R2RKZWpZMEpZajhSWFlrdTZGMkxXS3JLRGU1QXNOZlZCbXBGS0wveklCamFhbjN3eFFrZ2pkVjAxaWZBQXVGckd4YzdwY3h4UHVMM1JXaDFCY1FBb3ZKNWUyUGI0SFNQNWp5YlQwMHhPUGdOVDFRYzBHSUZXRFcrQXhGM0x5SDA1NzRKRFJCMmhRdGRFRXpSL0JtOVFNbXJQTUxGMlloYm12S1BsVk9jVmFoTCs2TXRoZGI4bjNzWkRoSU9aazJ5NHhicVVTdjVoZ3pwcmI5MFkybG11Q2hXd05DUmR1a3psbFRkZ2R4dUtNYU4zOHBLOEpMUT09PC9TUD4=

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: syndiclair-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: euc-common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /suite/RemoteUls.ashx?usid=0432f7db-cabd-ae00-6b77-ca57e1c556bb&officeserverversion= HTTP/1.1Host: common.online.office.comConnection: keep-aliveContent-Length: 699sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://syndiclair-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://syndiclair-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_252.2.dr, chromecache_437.2.dr, chromecache_282.2.dr, chromecache_424.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_281.2.dr, chromecache_391.2.dr	String found in binary or memory: http://hammerjs.github.io/
Source: chromecache_326.2.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: chromecache_424.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://1drv.ms
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://Office.net
Source: chromecache_287.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.0.min.js
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://apps.apple.com/in/app/microsoft-onenote/id410395246
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://attributes.engagement.office-int.com
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://attributes.engagement.office.com
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://attributes.engagement.officeppe.com
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://c3web.trafficmanager.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/dev
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/stg
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.fluidpreview.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/df
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/gcc
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/prod
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://cdn.hubblecontent.msit.osi.office.net
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/BrowserUls.js
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/CommonDiagnostics.js
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/ExternalResources/js-cookie.js
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/Instrumentation.js
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/LearningTools/LearningTools.js
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/aria-web-telemetry-2.9.0.min.js
Source: chromecache_287.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161841640451_Scripts/pickadate.min.js
Source: chromecache_297.2.dr, chromecache_430.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details16x16.png
Source: chromecache_297.2.dr, chromecache_430.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details32x32.png
Source: chromecache_297.2.dr, chromecache_430.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details48x48.png
Source: chromecache_297.2.dr, chromecache_430.2.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details80x80.png
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://ch5.fluidpreview.office.net/fluid/prod
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://ecs.office.com
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://edog.onenote.com
Source: chromecache_326.2.dr	String found in binary or memory: https://fa000000096.resources.office.net
Source: chromecache_326.2.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
Source: chromecache_383.2.dr, chromecache_253.2.dr	String found in binary or memory: https://fa000000128.resources.office.net
Source: chromecache_383.2.dr, chromecache_253.2.dr	String found in binary or memory: https://fa000000128.resources.office.net:3000/index.html
Source: chromecache_288.2.dr, chromecache_326.2.dr, chromecache_262.2.dr, chromecache_406.2.dr	String found in binary or memory: https://feross.org
Source: chromecache_288.2.dr, chromecache_326.2.dr, chromecache_262.2.dr, chromecache_406.2.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_343.2.dr	String found in binary or memory: https://forms.office.com
Source: chromecache_335.2.dr, chromecache_343.2.dr	String found in binary or memory: https://forms.officeppe.com
Source: chromecache_313.2.dr, chromecache_436.2.dr, chromecache_322.2.dr, chromecache_362.2.dr	String found in binary or memory: https://github.com/OfficeDev/office-js/blob/release/LICENSE.md
Source: chromecache_268.2.dr, chromecache_415.2.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://hedwigtestserver.blob.core.windows.net/builds/
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://hubblecontent.azureedge.eaglex.ic.gov
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://hubblecontent.azureedge.microsoft.scloud
Source: chromecache_262.2.dr, chromecache_406.2.dr	String found in binary or memory: https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://login.live-int.com
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://login.live.com
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://login.microsoftonline-int.com
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://login.windows.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_383.2.dr, chromecache_253.2.dr	String found in binary or memory: https://officeapps.live.com
Source: chromecache_343.2.dr	String found in binary or memory: https://onedrive.live.com
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://osizewuspersimmon001.blob.core.windows.net
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://osiziwuspersimmon002.blob.core.windows.net
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://osizpscuspersimmon000.blob.core.windows.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://outlook-1-cdn.azureedge.eaglex.ic.gov
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://outlook-1-cdn.azureedge.microsoft.scloud
Source: chromecache_265.2.dr, chromecache_342.2.dr	String found in binary or memory: https://pf.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://prod.support.office.com
Source: chromecache_313.2.dr, chromecache_436.2.dr, chromecache_322.2.dr, chromecache_362.2.dr, chromecache_228.2.dr, chromecache_255.2.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_437.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://res-1.cdn.partner.office365.cn
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://res-2.cdn.office.net
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://res-dev.cdn.officeppe.net
Source: chromecache_326.2.dr	String found in binary or memory: https://res-dod.cdn.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://res-dod.cdn.office.net/fluid/dod
Source: chromecache_326.2.dr	String found in binary or memory: https://res-gcch.cdn.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://res-gcch.cdn.office.net/fluid/gcch
Source: chromecache_383.2.dr, chromecache_253.2.dr	String found in binary or memory: https://res-h3.public.cdn.office.net
Source: chromecache_383.2.dr, chromecache_253.2.dr	String found in binary or memory: https://res-h3.sdf.cdn.office.net
Source: chromecache_326.2.dr, chromecache_404.2.dr	String found in binary or memory: https://res-sdf.cdn.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://res-v-sdf.cdn.office.net
Source: chromecache_326.2.dr, chromecache_253.2.dr	String found in binary or memory: https://res.cdn.office.net
Source: chromecache_235.2.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.12.12.1/
Source: chromecache_235.2.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.12.12.1/floodgate.en.bundle.js
Source: chromecache_383.2.dr, chromecache_253.2.dr	String found in binary or memory: https://res.sdf.cdn.office.net
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://roaming.edog.officeapps.live.com/rs/v1/settings
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://roaming.officeapps.live.com/rs/v1/settings
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://roaming.officeapps.partner.office365.cn/rs/v1/settings
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://roaming.osi.apps.mil/rs/v1/settings
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://roaming.osi.office.de/rs/v1/settings
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://roaming.osi.office365.us/rs/v1/settings
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/drawing
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/excel
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/onenote
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/outlook
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/powerpoint
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/project
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/SDX/word
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/home/isAgave=true&helpid=126385
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true&helpid=161255
Source: chromecache_330.2.dr	String found in binary or memory: https://support.office.com/icon32.png
Source: chromecache_432.2.dr, chromecache_330.2.dr	String found in binary or memory: https://support.office.com/icon80.png
Source: chromecache_265.2.dr, chromecache_342.2.dr	String found in binary or memory: https://tb.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://uci.edog.cdn.office.net/mirrored/smartlookup/
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://uciserviceintcdnwus.blob.core.windows.net/mirrored/smartlookup/
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://whiteboard.apps.mil
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://whiteboard.eaglex.ic.gov
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://whiteboard.microsoft.scloud
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://whiteboard.office.com/root/index.fluid.js
Source: chromecache_288.2.dr, chromecache_326.2.dr	String found in binary or memory: https://whiteboard.office365.us
Source: chromecache_265.2.dr, chromecache_342.2.dr	String found in binary or memory: https://www.office.com/launch
Source: chromecache_435.2.dr, chromecache_404.2.dr	String found in binary or memory: https://www.onenote.com
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bs-Latn-BA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cy-GB&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=es-ES&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=eu-ES&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fa-IR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ga-IE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gd-GB&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gl-ES&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hi-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ig-NG&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kn-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ku-Arab-IQ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lb-LU&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lv-LV&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nb-NO&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nn-NO&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=or-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=quz-PE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sd-Arab-PK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=si-LK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-BA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-RS&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sw-KE&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=te-IN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ti-ET&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tt-RU&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ur-PK&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=wo-SN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=xh-ZA&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-TW&temporaryLocalization=true
Source: chromecache_430.2.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: chromecache_288.2.dr, chromecache_326.2.dr

Binary or memory string: new w.a(n.a.Cd());const C=".3gp .aa .aac .aax .act .aiff .amr .ape .au .awb .dct .dss .dvf .flac .gsm .iklax .ivs .m4a .m4b .m4p .mmf .mp3 .mpc .msv .ogg .oga .mogg .opus .ra .rm .raw .sln .tta .vox .wav .webm .wma .wv".split(" ");for(const K of C)D.N9b.add(K)}return D.N9b}static m4h(C){return D.DMh().contains(C)}static h9h(C){C=v.nxh(C);return""!==document.createElement("audio").canPlayType(C)}}D.N9b=null;(0,F.a)(D,"EmbeddedFileReaderUtils",null,[])},74133:function(F,O,d){d.d(O,{a:function(){return f}});

Source: classification engine

Classification label: mal60.win@19/338@78/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2204,i,11763073008621131279,10746106279034896086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2204,i,11763073008621131279,10746106279034896086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: A.eS+1,A.Usi),this.Wt\|\|(this.awb=!0));return A}wIh(A){return this.Fsc(A)}BEh(){const A=new l.a;for(let E of this.Sj)A.add(this.Pdb(E));return A}AEh(A){if(0<=A&&A<this.Sj.count)return this.Pdb(this.Sj.K(A));k.ULS.sendTraceTag(562947415,3009,15,"Failed to get item {0} from HtmlSplits (size {1}",A,this.Sj.count);return null}OFf(A,E){A=this.Pdb(A);const H=new l.a;if(A&&A.parentNode){let D=!1;for(let C=0;C<A.parentNode.childNodes.length;C++)D?H.add(A.parentNode.childNodes[C]):A.parentNode.childNodes[C]=== source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: A&&(D=!0)}if(H&&H.count&&(A=this.Pdb(E))&&A.parentNode)for(let D of H)A.parentNode.appendChild(D)}lkj(){this.Sj.K(0);for(let A=0;A<this.Sj.count-1;A++){const E=this.Sj.K(A),H=this.CZf(E,this.vM.K(A).VO).Dqj;if(!E\|\|!H)break;A\|\|this.OFf(H,E);H&&(this.Sj.K(A+1)&&this.Sj.K(A+1).parentNode&&this.Sj.K(A+1).parentNode.replaceChild(H,this.Sj.K(A+1)),this.Sj.W(A+1,H))}this.lfg()}Pdb(A){if(Sys.UI.DomElement.containsCssClass(A,v.a.className))return A;for(let E=0;E<A.childNodes.length;E++){const H=A.childNodes[E]; source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: !this.hMi(B.Je.Xe.id))if(this.GOa&&(qb.ULS.sendTraceTag(23171276,365,50,"Incremental action {0} terminated due to inbound revision with ID {1}",this.A6a,this.jv.Je.Xe.id),this.u0b()),!this.XQ.MZb())this.sHc();else if(this.F2\|\|this.UR)this.Aeh(),this.cji()}sHc(B=!1){this.bO();B?this.uXe(null):(B=new Xf.a(2,1,0,this.$re,50),this.Hb.Eb(B))}oWf(B,Y){if(Y&&(1===(Y.Rx&1)\|\|2===(Y.Rx&2))){B=this.F2;const La=this.UR;for(var ta=this.Jh.length-1;0<=ta;ta--)if(this.Jh.K(ta).C_b===Y\|\|this.Jh.K(ta).pdb===Y)this.Jh.removeAt(ta), source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: 1]="pointEraserPenDown";B[B.pointEraserPenMove=2]="pointEraserPenMove";B[B.pointEraserNotSelected=3]="pointEraserNotSelected"})(Ll\|\|(Ll={}));(0,Xb.b)("currentPointEraserState",Ll);class Ri{constructor(B,Y,ta,La,bb,jb,Lb=!1){this.fha=this.Jia=null;this.sEc=Ll.pointEraserNotSelected;this.uYb=B;this.$_f=Y;this.pdb=this.C_b=ta;this.actionId=La;this.Hda=bb;this.Cmb=jb;this.Lqd=Lb}get C_b(){return this.Jia}set C_b(B){this.Jia&&(this.Jia.Rx&=-2);this.Jia=B;this.Jia.Rx\|=1}get pdb(){return this.fha}set pdb(B){this.fha&& source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: this.Ucb,"discardKeyHandler"));wd.a.removeHandler(this.YP,sb.a.Zj,(0,oe.a)(this,this.hbb,"cameraSwitchKeyHandler"));this.pDb&&(this.$Q.removeEventListener("loadeddata",this.pDb),this.pDb=null);this.qDb&&(this.$Q.removeEventListener("loademetaddata",this.qDb),this.qDb=null);super.f7()}jzd(HJ,DB,cJ){return cJ>=HJ/DB?HJ/cJ:DB}kzd(HJ,DB,cJ){return cJ>=HJ/DB?HJ:DBcJ}KMb(HJ,DB,cJ){HJ/=DB;return 1<HJ?cJHJ:cJ}setDimensions(HJ,DB){var cJ=.8Ed.a.A2();const AJ=.8Ed.a.z2()-this.Fme.clientHeight,BJ=HJ/DB, source: chromecache_343.2.dr
Source:	Binary string: C=M(7270),K=M(883);class N{constructor(S,ca){this.cluster=S;this.pIb=ca}}(0,Ba.a)(N,"ImageInfo",null,[]);class P{constructor(S,ca,da,ba,sa,ka,ha,ia,T,ea,la,ra,U,fa,X=null,Ia=null){this.id=S;this.KDb=ca;this.ODb=da;this.NDb=ba;this.MDb=sa;this.LDb=ka;this.PDb=ha;this.igc=ia;this.cya=new N(T,ea);this.k3a=new N(la,ra);this.K_a=new N(U,fa);X&&Ia&&new N(X,Ia)}}(0,Ba.a)(P,"PeoplesWellBaseSettings",null,[]);class R{constructor(){this.Vba=this.pFb=null}}(0,Ba.a)(R,"BreadcrumbControls",null,[]);class y{constructor(S, source: chromecache_435.2.dr, chromecache_404.2.dr
Source:	Binary string: this.jv.Je.Xe;for(this.qHe.start(new Date);this.UR&&Y;){const ie=this.Jh.K(this.hk),Be=this.Jh.K(this.hk-1);Y=ie.Hda&&Be.Hda;this.IA=this.hk;const Qg=Be.Cmb\|\|ie.Cmb,gf=Qg&&ie.Lqd;qb.ULS.sendTraceTag(22607296,365,50,"Performing Undo [IsContinuation: {0}], [AppMode: {1}], [RequiresMerge: {2}], [DisallowUndo: {3}]",Y,gk.a[this.pt],Qg,gf);if(!gf)try{if({Dxa:Sc,returnValue:B}=this.IYe(ie.C_b,Be.pdb,Id,Qg),ta=!!B)Sc?lc=ec.Zic(Sc):ec=this.Jh.K(this.hk).uYb,qd=this.Jh.K(this.IA).$_f,this.Ndd&&this.Ndd(this.Jh.K(this.hk).actionId), source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: this.K4=document.getElementById("ImageDiscardButton");this.ZP=document.getElementById("ImageCaptureButton");this.YP=document.getElementById("CameraSwitchButton");this.gFd();this.pDb=(0,oe.a)(this,this.ICi,"onVideoDataLoaded");this.$Q.addEventListener("loadeddata",this.pDb);this.qDb=(0,oe.a)(this,this.JCi,"onVideoMetaDataLoaded");this.$Q.addEventListener("loadedmetadata",this.qDb);wd.a.addHandler(this.K4,sb.a.click,(0,oe.a)(this,this.MTd,"onDiscardButton"));wd.a.addHandler(this.K4,sb.a.Ue,(0,oe.a)(this, source: chromecache_343.2.dr
Source:	Binary string: this.Jh.K(this.hk).actionId===yd.a.aJb&&(Y=this.Jh.K(this.hk).uYb,this.Jh.removeAt(this.hk));break;case yd.a.XNg:this.iSa&&this.Jh.K(this.hk).actionId===B&&(Y=this.Jh.K(this.hk).uYb,this.Jh.removeAt(this.hk),Gi.b("ApplyDesignerThemeCombineUndo",!0))}this.iSa=!0}return Y}$ce(){if(!(0>this.hk\|\|(this.jv.C7()&&this.jv.jKa(),0>this.hk))){var B=this.jv.Je.Xe;this.Jh.K(this.hk).pdb=B}}Aeh(){this.XQ.MZb()&&(this.iSa=!1,this.D$c=!0)}cji(){if(this.XQ.W2a())for(let B=0;B<this.Jh.length;B++)this.Jh.K(B).Cmb= source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: "RedoFailedWithNoRedoEntries",!0,!0,null),!1;this.uYc.execute(Sc=>{Sc.Erd()});let B=null;var Y=!0;let ta=!1,La=!1;const bb=this.Ob.Lc(7);bb.Ya(this.jv);let jb=this.mV(),Lb=null,ec=null,lc=this.jv.Je.Xe;for(;this.F2&&Y;){Y=this.Jh.K(this.IA);const Sc=this.Jh.K(this.hk);qb.ULS.sendTraceTag(22607301,365,50,"Performing Redo [IsContinuation: {0}] [AppMode: {1}]",this.Jh.K(this.IA).Hda&&this.Jh.K(this.hk).Hda,gk.a[this.pt]);try{if({Dxa:ec,returnValue:B}=this.IYe(Sc.pdb,Y.C_b,lc,Y.Cmb\|\|Sc.Cmb),ta=!!B)ec? source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: continue}H=this.Pdb(H);const D=this.Pdb(this.Sj.K(E-1));if(H&&D)for(;H.firstChild;)D.appendChild(H.firstChild)}return this.Sj.K(A)}Khc(A,E,H){if(!E\|\|!A.Qtd(H))return k.ULS.sendTraceTag(571089538,3009,15,"Html should not be null before split or invalid input"),null;H=this.CZf(E,H).Dqj;if(!E\|\|!H)return k.ULS.sendTraceTag(571089540,3009,15,"Unexpected split result - null"),null;A.dT\|\|this.OFf(H,E);return H}CZf(A,E){A=this.vOa.QSj(this.iF,A,E);0===A.resultCode&&(A.Usi&&A.DOj&&Array.insert(this.iF.Im, source: chromecache_288.2.dr, chromecache_326.2.dr
Source:	Binary string: (0,ma.a)(Nh,"ImageCaptureDialogHtml",null,[]);class hc extends Kf.a{constructor(HJ,DB,cJ,AJ){super(!1,!1,AJ);this.Fra=null;this.ZK=640;this.si=480;this.yNa=new Ra.a;this.k4b=0;this.qDb=this.pDb=this.$Q=this.L4=this.YP=this.ZP=this.K4=this.Fme=null;this.i_c=HJ;this.$pa=DB;this.Gb=cJ;this.Fe="ImageCaptureDialog";this.HHe=AJ;this.HHe\|\|(this.Xb=1,this.kd(1,Box4Intl.Box4Strings.L_SymbolInsertButtonText),this.YVh())}Bqj(){oa.ULS.sendTraceTag(38596942,324,50,"ImageCaptureDialog:DialogInitialized")}sWh(){this.Bqj(); source: chromecache_343.2.dr

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_299.2.dr, chromecache_262.2.dr, chromecache_407.2.dr, chromecache_406.2.dr, chromecache_365.2.dr, chromecache_273.2.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_299.2.dr, chromecache_262.2.dr, chromecache_407.2.dr, chromecache_406.2.dr, chromecache_365.2.dr, chromecache_273.2.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y	0%	Avira URL Cloud	safe
https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://attributes.engagement.officeppe.com	0%	Avira URL Cloud	safe
https://outlook-1-cdn.azureedge.eaglex.ic.gov	0%	Avira URL Cloud	safe
https://whiteboard.microsoft.scloud	0%	Avira URL Cloud	safe
https://cdn.dev.fluidpreview.office.net/fluid/stg	0%	Avira URL Cloud	safe
https://res-1.cdn.partner.office365.cn	0%	Avira URL Cloud	safe
https://attributes.engagement.office-int.com	0%	Avira URL Cloud	safe
https://cdn.dev.fluidpreview.office.net/fluid/dev	0%	Avira URL Cloud	safe
https://login.microsoftonline-int.com	100%	Avira URL Cloud	phishing
https://roaming.osi.office.de/rs/v1/settings	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
wac-0003.wac-msedge.net	52.108.8.12	true	false	high
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	high
www.google.com	142.250.181.132	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
sni1gl.wpc.sigmacdn.net	152.199.21.175	true	false	high
fa000000012.resources.office.net	unknown	unknown	false	high
js.monitor.azure.com	unknown	unknown	false	high
syndiclair-my.sharepoint.com	unknown	unknown	false	unknown
euc-common.online.office.com	unknown	unknown	false	high
fa000000111.resources.office.net	unknown	unknown	false	high
fa000000128.resources.office.net	unknown	unknown	false	high
augloop.office.com	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
storage.live.com	unknown	unknown	false	high
m365cdn.nel.measure.office.net	unknown	unknown	false	high
fa000000110.resources.office.net	unknown	unknown	false	high
onenoteonline.nel.measure.office.net	unknown	unknown	false	high
common.online.office.com	unknown	unknown	false	high
fa000000138.resources.office.net	unknown	unknown	false	high
amcdn.msftauth.net	unknown	unknown	false	high
spoprod-a.akamaihd.net	unknown	unknown	false	high
www.onenote.com	unknown	unknown	false	high
messaging.engagement.office.com	unknown	unknown	false	high
fa000000096.resources.office.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://common.online.office.com/suite/RemoteUls.ashx?usid=0432f7db-cabd-ae00-6b77-ca57e1c556bb&officeserverversion=	false		high
https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://roaming.officeapps.partner.office365.cn/rs/v1/settings	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://cdn.dev.fluidpreview.office.net/fluid/dev	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://cdn.fluidpreview.office.net	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://support.office.com/f1/home?isAgave=true&helpid=161255	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://res-1.cdn.partner.office365.cn	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://login.microsoftonline-int.com	chromecache_432.2.dr, chromecache_330.2.dr	false	Avira URL Cloud: phishing	unknown
https://attributes.engagement.officeppe.com	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true	chromecache_430.2.dr	false		high
http://www.opensource.org/licenses/mit-license.php	chromecache_424.2.dr	false		high
https://res-dev.cdn.officeppe.net	chromecache_435.2.dr, chromecache_404.2.dr	false		high
https://outlook-1-cdn.azureedge.eaglex.ic.gov	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://cdn.dev.fluidpreview.office.net/fluid/stg	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://fa000000128.resources.office.net:3000/index.html	chromecache_383.2.dr, chromecache_253.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://attributes.engagement.office-int.com	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://cdn.fluidpreview.office.net/fluid/prod	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://my.microsoftpersonalcontent.com	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://login.live-int.com	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://forms.office.com	chromecache_343.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://whiteboard.microsoft.scloud	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://1drv.ms	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://fa000000128.resources.office.net	chromecache_383.2.dr, chromecache_253.2.dr	false		high
https://www.onenote.com	chromecache_435.2.dr, chromecache_404.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://support.office.com/f1/SDX/drawing	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://fa000000096.resources.office.net	chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://whiteboard.office.com/root/index.fluid.js	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://Office.net	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_268.2.dr, chromecache_415.2.dr	false		high
https://support.office.com/icon80.png	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2	chromecache_435.2.dr, chromecache_404.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://whiteboard.apps.mil	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://login.windows.net	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=quz-PE&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://github.com/OfficeDev/office-js/blob/release/LICENSE.md	chromecache_313.2.dr, chromecache_436.2.dr, chromecache_322.2.dr, chromecache_362.2.dr	false		high
https://prod.support.office.com	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://ch5.fluidpreview.office.net/fluid/prod	chromecache_288.2.dr, chromecache_326.2.dr	false		high
https://roaming.osi.office.de/rs/v1/settings	chromecache_288.2.dr, chromecache_326.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=hi-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://login.windows-ppe.net	chromecache_432.2.dr, chromecache_330.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=or-IN&temporaryLocalization=true	chromecache_430.2.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true	chromecache_430.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.7
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577190
Start date and time:	2024-12-18 09:02:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@19/338@78/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.164.84, 172.217.17.46, 23.32.238.74, 104.126.37.49, 104.126.37.24, 192.229.221.95, 23.32.238.211, 23.32.238.218, 23.32.238.225, 23.32.238.168, 23.32.238.234, 23.32.238.209, 23.32.238.210, 20.189.173.7, 51.11.192.48, 172.217.17.74, 216.58.208.234, 172.217.19.234, 142.250.181.10, 142.250.181.42, 172.217.19.170, 172.217.19.202, 142.250.181.138, 142.250.181.74, 172.217.17.42, 142.250.181.106, 40.79.141.153, 104.126.36.248, 104.126.36.163, 52.113.194.132, 23.32.239.40, 23.32.239.41, 52.109.120.46, 172.217.17.35, 52.111.252.7, 104.126.36.241, 104.126.36.193, 104.126.36.179, 23.218.209.21, 152.199.19.160, 13.104.158.180, 13.107.6.156, 52.111.229.36, 23.218.209.105, 40.126.53.21, 40.126.53.10, 40.126.53.6, 20.190.181.0, 20.190.181.4, 40.126.53.14, 40.126.53.19, 20.231.128.66, 104.126.37.9, 104.126.36.202, 20.190.177.23, 20.190.177.83, 20.190.177.85, 20.190.147.3, 20.190.177.21, 20.190.177.20, 20.190.177.146, 20.190.147.0, 104.126.37.232,
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, mrodevicemgr.officeapps.live.com, clientservices.googleapis.com, res-1.cdn.office.net, browser.events.data.trafficmanager.net, cdn.onenote.net.edgekey.net, clients2.google.com, prod-campaignaggregator.omexexternallfb.office.net.akadns.net, ocsp.digicert.com, star-azurefd-prod.trafficmanager.net, login.live.com, resources.office.net.edgekey.net, euc-common-geo.wac.trafficmanager.net, update.googleapis.com, csp.microsoft.com, eu-office.events.data.microsoft.com, e40491.dscg.akamaiedge.net, ecs.office.com, fs.microsoft.com, content-autofill.googleapis.com, wise.public.cdn.office.net, www.tm.v4.a.prd.aadg.akadns.net, reverseproxy.onenote.trafficmanager.net, portal-office365-com.b-0004.b-msedge.net, augloop-prod-pb01.centralindia.cloudapp.azure.com, cdn-office.ec.azureedge.net, s-0005-office.config.skype.com, onedscolprdwus06.westus.cloudapp.azure.com, onedscolprdfrc01.francecentral.cloudapp.azure.com, edgedl.me.gvt1.com, nel.measure.office.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y

Input	Output
URL: https://syndiclair-my.sharepoint.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://syndiclair-my.sharepoint.com
URL: https://syndiclair-my.sharepoint.com/personal/ml_s... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that attempts to load a third-party resource from a trusted domain (res-1.cdn.office.net). It uses standard DOM manipulation techniques to create and append a script element, and includes integrity and cross-origin attributes for security. The script also includes error handling and a callback function, which is a common practice. Overall, this script does not exhibit any high-risk indicators and seems to be part of a legitimate functionality, so the risk score is low." }
function retryScriptLoad() { var head= document.getElementsByTagName('head')[0]; var script = document.createElement('script'); script.src = 'https://res-1.cdn.office.net/wise/owl/owl.slim.8ee466e4c2214560a61c.js'; script.integrity ='sha384-9tjXEfwCswltGahSY7AJuAy60eeDvzEjZdhdK3Rawli3vf2nYTA9T2jPAI6sYdqP'; script.crossOrigin = 'anonymous'; script.onerror = function() { onOwlError() }; script.onload = function() { initPackage(true) }; head.appendChild(script); }
URL: https://syndiclair-my.sharepoint.com/personal/ml_s... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that is part of the Microsoft Office OWL (Office Web Launcher) framework. It is responsible for initializing the OWL package and does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily focused on performance tracking and initialization of the OWL framework, which is a common and expected behavior for such a component. There are no indications of malicious intent or suspicious activities, so the overall risk score is low." }
var loadOwlStartTime = Date.now(); window.performance && window.performance.mark && window.performance.mark('owlLoadOwlStart'); var initPackage = function(reTryAttempted){ window.performance && window.performance.mark && window.performance.mark('owlLoadOwlEnd'); var initPackageParams = {"clientVersion":"20241211.1","exposure":"100","wiseEnvironment":"production","owlBootstrapperDiagnostics":{"getManifestFromRemoteTimeElapsed":15,"loadManifestServerTimeElapsed":0,"loadOwlStartTime":0,"loadOwlEndTime":0},"reTryAttempted":false}; initPackageParams.jsApiUrlInfos = new Map([['OneNote', {"jsApiUrl":"https://res-1.cdn.office.net/wise/owl/onenote-boot.f7755f5282265b91ca08.js","jsApiSri":"sha384-Yi7wC68FWfnKmvCWvJdHtiDh2Mkv4NBtIPJ3DNzhG5IM14OKbzAxxUrO4NcCy6Gx","preloadedInBootStrapper":true}]]); initPackageParams.reTryAttempted = reTryAttempted; initPackageParams.owlBootstrapperDiagnostics.loadOwlStartTime = loadOwlStartTime; initPackageParams.owlBootstrapperDiagnostics.loadOwlEndTime = Date.now(); Microsoft.Office.OWL.initPackage(initPackageParams); onOwlLoad(); };
URL: https://syndiclair-my.sharepoint.com/personal/ml_s... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a configuration and setup code for a web application. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily sets up window variables, loads external libraries, and defines SRI hashes for resource integrity. While it uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility purposes. Overall, the script seems to be part of a legitimate web application and poses a low risk." }
var g_responseEnd = new Date().getTime();window.performance && performance.mark('EUPL.W3CResponseEnd');window['FabricConfig'] = { fontBaseUrl: ''};window['__odsp_culture'] = 'en-us';window['__odspSriHashes'] = {"0":"sha256-uUQU8Areop237dtXVrFpcjyDvQiNgjYJHR3lsl4TWHY=","1":"sha256-mUCLfRmcF93rsnTDFAIyBOM9GpBNAIgfM9HU2UHsUKo=","2":"sha256-k7lLoq3Hp7fJMraDB9DcdtwW7qESA9zpspvOFF6aDYo=","3":"sha256-Ino7EtpWNpadowe/dFafE/NunJ+UxTAZVVTTqTq44LE=","4":"sha256-DZ4gAuTJSzoD+VxWq0zHphr1nXgjgZAdIeUbubvrAYU=","5":"sha256-RATlFZ0IrwhLH8uKhozAVgsIWuJdXazVlYfeGvkpvW4=","6":"sha256-g8Eb2kqke/giJQTtHbZydyu/pLw5tudquvGbYqZyZg0=","7":"sha256-Y9rg5tZ5VUYfhF+6ZH8fkMtpf39WmxtoCnmmOAMJYwQ=","8":"sha256-GYWPtjjsPCIAbUAIe/Aa1AagBK4WUHD/85Rydbsr7Og=","9":"sha256-izDBvjsgK/0xznNN4pbcVvq20y8mXm9TU50mppE3D8Y=","10":"sha256-mK1izyEUKGpNKRbN4uCIBvUL0Y2UCVV4cWQo2r/BXdc=","11":"sha256-fK3rOJwtgo6/9xFZFCWefyaC0d+eSUEpgT/5SCAruEk=","12":"sha256-i5Fb5cwb83/q2eMRUuAW/vf0GinfDXuGxSb+Glo7ABk=","13":"sha256-ekRU5iOi2Tt7/Hv+FmaZGX2oXcEjfuc6k2BemgSsDIk=","14":"sha256-Pi3NR36PGA3XwIvZzNrzspHadsxuCkrSj3NHO5QXIl8=","15":"sha256-kwrGXkaMJu192dvqv7llgDK0zVLdswN3dqEQtCibV28=","16":"sha256-mkSUMECRuwA5/mXXJAsVrX3aPTmPtqzVz1kUzhH2MPM=","17":"sha256-Uoqja4iT1eBOAyLDkiEuxFgYl+0CnVMHHMkjeRjRYMg=","18":"sha256-cx286CD2+BHGbbkTYRTMloVJWAutFud02pv0xfJXv5M=","19":"sha256-k/PBQnw5+0WKFWnnp7LERd3TvXVDF0slEt5Q8MJ839s=","20":"sha256-VNYZ6pZo5eN0uVlDVrMbhLDNYyQBgu2P53s6ak35ih0=","21":"sha256-VBJPqS+mMspQ5CoRTQCn4Y8VUbUmyv0UiwRiGuqqEew=","22":"sha256-quQCYaWr2FWlId1qimRRjSX5O88Yjco9KNz0HxQES+Y=","23":"sha256-FZiu+YRuTKhYTVTXYBGfSnGN2hu+YVUrTTM7YkSYeAg=","24":"sha256-pQ7O+kWCZA/0NZcjQeTbNQ0BaJRqY8oiMWAw015Xyug=","25":"sha256-y4/e3g2WXrvZJW/sxPIMVfxPRrztsnblWRscOHY4FQI=","26":"sha256-G2pgXZpuUngnYOg93JriujzIALOgRI3zvHuPt7M0gZA=","27":"sha256-l/85dfNJA1Sdxtfqw+D5csYD/kb4NBMQgPtlasKwNd8=","28":"sha256-Z/PQAeuINvkfmQeLgmNQZOzf+OCz8JZAK2ZxcDrxouM=","29":"sha256-yJJxNhFGSxA6cpgqK9yHmysUO15MS4LWfI4XWYwJrDg=","30":"sha256-j39hNcKxx1Xj8jWniXv0Jwsf4HtvFkFHbyMddWafYZA=","31":"sha256-gOuxS5TKUyZjM3IwZ5COZFlYhhSyQRvzRpMEYmTwxe0=","32":"sha256-w4rrJ/PypMGaNBFmFU4KYIXkdb1AiezOM9E78IOFDOM=","33":"sha256-0eLEpNzFJI9f3tpBMItT5+YBDPGm2kS4xJip1KxyjW4=","34":"sha256-Pev/Dwqt01kRXE5SXeqCNFGm7WvJuePuu8N0UdT/1b4=","35":"sha256-v031MLxr1JdXnKATe/KeXQgcP3hyEjVE5x6uJeco9BY=","36":"sha256-zGNCe4yYQ1xCBqc7NotzFOPX04SEw80wSfi00SQADRU=","37":"sha256-rmiGbj/aIsq9Ojqu7V6HmFkRNyOnUqU3iF8tXrwgzdM=","38":"sha256-2Ff1oVqhMH7fR5rNmsNYyuXT8+yn8gI8Che/gMzDOKo=","39":"sha256-GOipif9MNOV0TN8dxPIzOPnwGn57mvw8jf+g5Kjq6jM=","40":"sha256-8UZ6cbtYYOV/MyJrI5xmh6gEKYWqOpyfFEQo4Yj+Pa8=","41":"sha256-xJICZLegvWLTJbE/IFmg7LN9CqqPdwY7W5aWhQEqbAg=","42":"sha256-FNIh2p1RAWKn0j/u5qzI2ryR8+pU+M8NCJ78t+R4LDQ=","43":"sha256-Q3DHYaKU1qHfeqXelbKXc4gR2Hnamywhtup6ifMozyo=","44":"sha256-su5PiIPfsXRTH7+0hVhmOrKAjB19F7H+rl3IMWgjDIM=","45":"sha256-guqzqWqfJS4kWODIqAXFQNUv6bNYp6SSxk5NLHOYm9s=","46":"sha256-iDDpCXzuIOI1S+AL9Zyt+XtnX0x8jGiT42Qk+Mo/Gv8=","wacowlhostwebpack.js":"sha256-MeX8MkR4bcuW3miCy/DyEUkAgr2v/7j1lXR6t4YdcaY=","en-us/ondemand.resx":"sha256-bXIsivVYCZJvqyoOkxc2dvUbb3RVOZe5OeqVpqrd6KE=","odsp.react.lib-9ea4d016.js":"sha256-ykZSPQaldxJoW1xrAUMLUw/nb4/VgDF5/Ko0ZncOk6A=","odsp.knockout.lib-447adea9.js":"sha256-c6+YwAv7xpNxAejiB9zdf3Vk+rBfhE++MQEcmROxcoQ=","odsp.aria.lib-ab227069.js":"sha256-EWsiK+pFJn5y2lnG8DNw7cn+Y4QgcFlpwiUGb5OuPwg=","odsp.1ds.lib-9f75f7e2.js":"sha256-+m01kZBxdSIVYn7nfWZGySrx+uiDbPOmKGjx/aCkwMs=","require-f6228139.js":"sha256-5hCMLxTAjOSOskNyjCQBGo5w5g3KIb+lH//Gsbipmcc=","odm-b2a83907.js":"sha256-f8M3ZW6l1WEhRDGag9nVp+DWXlVHfsi4CqdklmuRGOw="};window['__odsp_libraryScripts'] = {"odsp.react.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-9ea4d016.js","odsp.knockout.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-447adea9.js","odsp.aria.lib":"https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-ab227069.js","odsp.1ds.lib":"https://res-1.cdn.office.net/fi
URL: https://syndiclair-my.sharepoint.com/personal/ml_s... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a utility function for loading and managing a WacOwlHost module, which is likely part of a larger application. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on asynchronous loading of a module and handling errors during the process. While it uses some legacy practices like `XDomainRequest`, the overall behavior is consistent with typical application functionality and does not raise significant security concerns." }
var log = function (message) { }; async function loadWacOwlHostAsync(onload) { if (g_wacOwlHost) { onload(g_wacOwlHost); } else { if (typeof require === "undefined") { window.setTimeout(function () { loadWacOwlHostAsync(onload); }, 100); } else { return require(["odsp-next/roots/WacOwlHost"], function ( wacOwlHostModule ) { g_wacOwlHost = wacOwlHostModule.getWacOwlHost(); onload(g_wacOwlHost); }, function(error) { let errorMessage = `An error occurred while loading WacOwlHost async. ${error && error.requireType ? "Error type: " + error.requireType : ""}`; if (error.originalError) { errorMessage += ` Original error message: ${error.originalError.message}`; } reject(errorMessage); }); } } } async function getWacOwlHost() { if (g_wacOwlHost) { return g_wacOwlHost; } if (typeof require === "undefined") { var requireJsScript = document.getElementById('requireJsScriptLink'); await new Promise(function(resolve) { requireJsScript.addEventListener('load', function() { resolve(); }); requireJsScript.addEventListener('error', function(errorMessage) { var message = 'Failed to load RequireJsScript: ' + errorMessage; log(message); throw new Error(message); }); if(typeof require !== "undefined") { resolve(); } }); } g_wacOwlHost = await (new Promise((resolve, reject) => { require(["odsp-next/roots/WacOwlHost"], function(wacOwlHostModule) { resolve(wacOwlHostModule.getWacOwlHost()); }, function(error) { let errorMessage = `An error occurred while loading WacOwlHost. ${error && error.requireType ? "Error type: " + error.requireType : ""}`; if (error.originalError) { errorMessage += ` Original error message: ${error.originalError.message}`; } reject(errorMessage); }); })); return g_wacOwlHost; } var getWacFrame = function (owlContainer) { var frame = undefined; if (!owlContainer) { owlContainer = (container.children.namedItem('owl-container') \|\| container); } for (var i = 0; i < owlContainer.children.length; i++) { if (owlContainer.children[i].tagName === 'IFRAME') { frame = owlContainer.children[i]; if (frame) { return frame; } } } for (var i = 0; i < owlContainer.children.length; i++) { if (owlContainer.children[i].tagName === 'DIV') { frame = getWacFrame(owlContainer.children[i]); if (frame) { return frame; } } } return undefined; }; var getOrigin = function () { if (!this._origin) { this.populateOriginAndClickTime(); } return this._origin; }; var getClickTime = function () { if (!this._clickTime) { this.populateOriginAndClickTime(); } return this._clickTime; }; var populateOriginAndClickTime = function () { try { var origin = this._wopiContextJson.Origin; if (this._wopiContextJson.ClickTime) { this._clickTime = this._wopiContextJson.ClickTime; } else if ( window.sessionStorage && !this._wopiContextJson.ClickTime ) { var queryStr = document.location.search; queryStr = unescape(queryStr); if (queryStr) { var idStart = queryStr.indexOf("sourcedoc="); var idEnd = queryStr.substring(idStart).indexOf("&"); var srcId = idEnd === -1 ? queryStr.substring(idStart) : queryStr.substring(idStart, idStart + idEnd); var userClickKey = "WOPIPerf_UserClick_" + escape(srcId); var userClickTime = window.sessionStorage.getItem(userClickKey); if (userClickTime) { origin = "DocLib"; } window
URL: https://syndiclair-my.sharepoint.com/personal/ml_s... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a part of a web application that interacts with a SharePoint Online environment. It contains variables and objects related to WOPI (Web Application Open Platform Interface) and telemetry, which are common in productivity and collaboration tools. The code does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The interactions are primarily with trusted Microsoft domains, and the behavior is consistent with typical analytics and telemetry functionality. While the code uses some legacy practices, such as the `XDomainRequest` API, these pose minor risks and are not inherently malicious. Overall, this script appears to be a benign part of a legitimate web application." }
var wopiDiagClient = { docFirstFlushTime : new Date().getTime() } ; var wacUiHostSession = null; var wopiContextFlushTime = null; var isEarlyFlushEnabled = false; var firstFlushEndTime = null; var wopiTelemetry = null; var _wopiContextJson ={"HostName":"SharePoint Online","SessionId":"8AAF6EA1-20E2-A000-D67C-B60A1940BD0F","UserId":"","WebAppUrl":"https://FRC-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en%2DUS\u0026rs=fr%2DFR\u0026WOPISrc=https%3A%2F%2Fsyndiclair%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fml%5Fsyndiclair%5Ffr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F936d047fa518429ea1d650d399ade083\u0026wdEnableRoaming=1\u0026mscc=0\u0026wdODB=1\u0026hid=8aaf6ea1-20e2-a000-d67c-b60a1940bd0f","FileName":"toupret","ContentAssembly":false,"ContentAssemblyMode":"","FileSize":0,"FileGetUrl":"https://syndiclair-my.sharepoint.com/personal/ml_syndiclair_fr/_api/v2.0/drives/b!BdXVDoMtH0-Y9xJnaTDb_IA0g1WO8OVFvgAOo_5jxuefQB90foaORqtojtwBGKyS/content?tempauth=v1.eyJzaXRlaWQiOiIwZWQ1ZDUwNS0yZDgzLTRmMWYtOThmNy0xMjY3NjkzMGRiZmMiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvc3luZGljbGFpci1teS5zaGFyZXBvaW50LmNvbUAxMGY5ZTQ0ZS00MmU0LTRlOGQtOWJjOC00YWQxNjc3NDJlOGMiLCJleHAiOiIxNzM0NTQ1MDU3In0.CiMKCXNoYXJpbmdpZBIWOUhUS2NydjV2VW16dTdidDVaMWxuUQoLCgRzbmlkEgMxMDUSCwjK1Z6mk9HPPRAFGgw4LjQ2LjEyMy4xODkiFG1pY3Jvc29mdC5zaGFyZXBvaW50KiwxcFlRY0lHYzNvb3BFa01CMzJ4OUVwQmZERVVZNUt3OVRKS0ZIU1lQUmprPTCSATgBQhChbq-K4iAAoNZ8tgoZQL0PShBoYXNoZWRwcm9vZnRva2VuYgR0cnVlcmEwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNiZDgzMjE4M2U3ODdkOTBlZTJmNDhkYWM4MTY3NWNhMjkxY2M1MjI4MjFmMTM3N2I3ZWY4YWM3YzMyYzQ5NWM1egEwwgFhMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jYmQ4MzIxODNlNzg3ZDkwZWUyZjQ4ZGFjODE2NzVjYTI5MWNjNTIyODIxZjEzNzdiN2VmOGFjN2MzMmM0OTVjNcgBAQ.iFrIGNcnXnIf0puftGfCA91PcqutEg4SNzcjsdfEhIU\u0026version=Published","FileUrlNoAuth":null,"DownloadCode":null,"FileImmutableReason":0,"FontLibUrl":null,"BundleMajorVersion":1,"BundleUrl":"https://syndiclair-my.sharepoint.com/personal/ml_syndiclair_fr/_api/v2.1/drives/b!BdXVDoMtH0-Y9xJnaTDb_IA0g1WO8OVFvgAOo_5jxuefQB90foaORqtojtwBGKyS/streams/content_preview_O{0}/streamContent?tempauth=v1.eyJzaXRlaWQiOiIwZWQ1ZDUwNS0yZDgzLTRmMWYtOThmNy0xMjY3NjkzMGRiZmMiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvc3luZGljbGFpci1teS5zaGFyZXBvaW50LmNvbUAxMGY5ZTQ0ZS00MmU0LTRlOGQtOWJjOC00YWQxNjc3NDJlOGMiLCJleHAiOiIxNzM0NTQ1MDU3In0.CiMKCXNoYXJpbmdpZBIWOUhUS2NydjV2VW16dTdidDVaMWxuUQoLCgRzbmlkEgMxMDQSCwjK1Z6mk9HPPRAFGgw4LjQ2LjEyMy4xODkiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixzcnFYVVgrMTZORU1mL3VhWVpOTGNBWmRCV25UTi90SHdnU3BCTTY4dVlVPTCSATgBQhChbq-K4iAAoNZ8tgoZQL0PShBoYXNoZWRwcm9vZnRva2VuYgR0cnVlcmEwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNiZDgzMjE4M2U3ODdkOTBlZTJmNDhkYWM4MTY3NWNhMjkxY2M1MjI4MjFmMTM3N2I3ZWY4YWM3YzMyYzQ5NWM1egEwwgFhMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jYmQ4MzIxODNlNzg3ZDkwZWUyZjQ4ZGFjODE2NzVjYTI5MWNjNTIyODIxZjEzNzdiN2VmOGFjN2MzMmM0OTVjNcgBAQ.I2M1xFzOamnytwA5M86X8yO4u3GzGKqbTfq-6T0g2KY","BundleUrlNoAuth":null,"BundleCode":null,"ReadOnly":true,"IrmEnabled":false,"LabelIrmed":false,"SupportsZipIt":false,"OpcEnabled":false,"LastModified":1733909249000,"ServerStartTime":1734509057570.7698,"ServerCompleteTime":0,"WopiAction":"Edit","DocUniqueId":"syndiclair-my.sharepoint.com_936d047f-a518-429e-a1d6-50d399ade083","CTag":null,"ETag":"\"{936D047F-A518-429E-A1D6-50D399ADE083},2\"","RumOneUpdate":true,"OpenWacInPlace":false,"HostingPageOrigin":null,"OwletConfig":null,"TemplateInfo":null,"TemplateDriveId":null,"TemplateItemId":null,"BundleStaleness":null,"IsAsyncBundleStale":true,"ViewOnly":false,"DelayLoadResources":true,"Origin":"Sharing.ClientRedirect","Slrid":"8aaf6ea1-a036-a000-d67c-b50d0b0a15e8","WacHostFlightStatus":{"WordViewToUnifiedRead":false},"ClickTime":0,"UniqueClick":"2bb11439-8e2b-4b7b-b75e-942a2fe056c9","HostGeo":"FRA","PredictedOfficeAppEndPoint":"","PredictedOfficeAppEndPointHintForRealSession":false,"PredictedOfficeAppEndPointAccessTime":null,"PreseededSessionKey":null,"PreseededWacSessionId":null,"WacSess
URL: https://syndiclair-my.sharepoint.com/personal/ml_s... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a part of a larger application and contains functionality related to token expiration handling, error logging, and browser history management. While it includes some potentially risky behaviors, such as using `replace()` to update the browser URL, the overall context suggests these are likely legitimate and necessary features for the application's functionality. The script does not exhibit any clear signs of malicious intent or high-risk indicators, and the behaviors can be considered low to moderate risk with proper implementation and context." }
function getRefreshCount() { var regex = new RegExp('[\?&]refreshcount=([^&#]*)'); var rs = regex.exec(location.search); return (rs == null \|\| isNaN(Number(rs[1]))) ? 0 : Number(rs[1]); } function refreshIfNecessary(refreshUri, tokenExpiry) { if (window.refreshIfTokenExpired) { if ( tokenExpiry.getTime() - new Date().getTime() < 300000 && refreshUri ) { window.location.replace( refreshUri + "&refreshcount=" + (getRefreshCount() + 1) ); } } } function fail(errorMessage, error) { if (!isInitCompleted()) { state = 4 ; log("Failed. Error: " + errorMessage); if (!window._spPageContextInfo.killSwitches[ "8BF5A275-2B87-4119-A6FD-FADFB8F1C308" ]) { if (error?.qosErrorName == "EncounteredJsApiError" && error?.errorMessage == "timeout") { logJsapiTimeout(errorMessage, error); } else { logQosOnFailure(errorMessage, 1 , error); } } else{ logQosOnFailure(errorMessage, 1 , error); } if(Microsoft && Microsoft.Office && Microsoft.Office.OWL && isCreateNew && isOwlTwoStepCreateNewEnabled) { Microsoft.Office.OWL.completeCreateNew(getCreateNewFailureParams(errorMessage)); } } }; function logJsapiTimeout(message, errorObject) { var qosStartTime = window.wopiDiagClient.wopiInitTime; loadWacOwlHostAsync(function(wacOwlHost) { if (errorObject?.documentLoadedWithTabSwitch \|\| errorObject?.error?.documentLoadedWithTabSwitch \|\| document.visibilityState !== "visible") { wacOwlHost.logWacInitializationQoS( qosStartTime, 2 , "WacInit timed out for not focus", message); } else { wacOwlHost.logWacInitializationQoS( qosStartTime, 1 , "WacInit timed out", message); } wacOwlHost.logScriptQos( qosStartTime, this._scriptError, this._scriptWarning); }); } function logQosOnFailure(message, qosResult, errorObject) { var qosStartTime = window.wopiDiagClient.wopiInitTime; const defaultResultCode = "WacInit failed"; var resultCode; if (!window._spPageContextInfo.killSwitches[ "B7907FD7-C3C4-4B85-8FB1-F197ED06F7C3" ]) { resultCode = defaultResultCode + (errorObject?.wacErrorName ? (": " + errorObject?.wacErrorName) : ""); } else { resultCode = defaultResultCode; } loadWacOwlHostAsync(function (wacOwlHost) { wacOwlHost.logWacInitializationQoS( qosStartTime, qosResult, resultCode, message, errorObject ); wacOwlHost.logScriptQos( qosStartTime, this._scriptError, this._scriptWarning ); }); } function updateBrowserHistoryForCreateNew() { if (isCreateNew && window.wopiFileInfo && window.wopiFileInfo.NewFilePath) { var filePathToReplace = wopiFileInfo.NewFilePath; try { var url = new URL(wopiFileInfo.NewFilePath); if (url.hostname.startsWith('a830edad9050849odpoc')) { url.hostname = "www.officeppe.com"; url.pathname = "/word/create" + url.pathname; filePathToReplace = url.href; log(wopiFileInfo.NewFilePath); log(filePathToReplace); } } catch(err) { log(err); } history.replaceState( {} , "" , filePathToReplace ); if (wopiFileInfo.UpdatedPageTitle) { document.title = wopiFileInfo.UpdatedPageTitle; } } } async function bootDocument() { try { if (state == 1) { state = 2 ; if (!window._spPageContextInfo.killSwitches[ "3D7B3616-4838-4FA3-943B-4664B4FD4580" ]) { window.wopiDiagClient.wopiInitTime = new Date().getTime(); } setOnTimeout(); updateBrowserHistoryForCreateNew(); var bootParams = getBootParams(); if (!window._spPageContextInfo.killSwitches["F8482CF5-33D3-4F9A-A0AB-52DB5912011A"] && _wopiContextJson.OwletConfig) { var owletConfig = JSON.parse(_wopiContextJson.OwletConfig);
URL: https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?rtime=J_aikTof3Ug Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Cliquez sur tlcharger", "prominent_button_name": "Cliquez sur tlcharger", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?rtime=J_aikTof3Ug Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 07:04:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9850030669432077
Encrypted:	false
SSDEEP:	48:8MdjTnL/lH4ZidAKZdA19ehwiZUklqehqy+3:8YX6rpy
MD5:	D3C6A1CAE775C2E6583ABA8F4EF36790
SHA1:	604CC156C0F82E269371746B3FAB062F26805966
SHA-256:	DA1B5DC1984D1FECB2DFED41D9D78C25836C222214FE472F65B94B21E4E71920
SHA-512:	5D6883B6C10068F8D1D88C82F9E2DDE7A152E1652261E60D975CBE236785BB38B35779BA5E749CBF8B35CE3D67F097C51E9185B3A01E31998189A640F8DAA616
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....{(.j#Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.@....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.@....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.@....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.@..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............0z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 09:04:05.644303083 CET	49675	443	192.168.2.5	23.1.237.91
Dec 18, 2024 09:04:05.691183090 CET	49674	443	192.168.2.5	23.1.237.91
Dec 18, 2024 09:04:06.347428083 CET	49673	443	192.168.2.5	23.1.237.91
Dec 18, 2024 09:04:08.605803967 CET	443	49703	23.1.237.91	192.168.2.5
Dec 18, 2024 09:04:08.605928898 CET	49703	443	192.168.2.5	23.1.237.91
Dec 18, 2024 09:04:12.979379892 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:12.979415894 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:12.979499102 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:12.979979992 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:12.979994059 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:14.682162046 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:14.724632025 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:14.742315054 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:14.742377996 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:14.742474079 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:14.747980118 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:14.747987032 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:14.748788118 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:14.748826027 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:14.748881102 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:14.749315977 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:14.749356985 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:14.749609947 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:14.749622107 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:14.751980066 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:14.752054930 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:14.833987951 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:14.834258080 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:14.882354975 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:14.882369995 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:14.935398102 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:16.288678885 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.289846897 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.289864063 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.289935112 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.290143967 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.290198088 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.291605949 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.291682005 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.291996956 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.292078972 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.294749975 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.294847012 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.295124054 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.295248985 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.295334101 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.295342922 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.340461969 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.340478897 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:16.340493917 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:16.388371944 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.064287901 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.064347982 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.064383984 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.064403057 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.064450979 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.065071106 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.065146923 CET	443	49725	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.065207958 CET	49725	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.066951990 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.067126036 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.838465929 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.838531017 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.838552952 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.838584900 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.838679075 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.864584923 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.864609003 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.864626884 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.864651918 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.864696026 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.864706039 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.880784988 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.880875111 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:17.880886078 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:17.880985975 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.026444912 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.026468992 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.026520014 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.027126074 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.027134895 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.058540106 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.058588982 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.058614016 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.058624029 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.058640957 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.082226038 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.082238913 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.082294941 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.082305908 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.104937077 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.104954958 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.104964018 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.104993105 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.105005026 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.105021954 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.152136087 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.211878061 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.211889029 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.211911917 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.211945057 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.211982965 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.225318909 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.225330114 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.225353003 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.225383997 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.225419044 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.238163948 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.238174915 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.238198042 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.238229990 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.238262892 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.249711990 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.249722004 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.249777079 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.249787092 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.264194012 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.264223099 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.264262915 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.264272928 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.264306068 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.275628090 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.275638103 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.275773048 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.275782108 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.286493063 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.286514997 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.286567926 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.286577940 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.337955952 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.337966919 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.338023901 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.338047981 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.389513969 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.404441118 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.404453993 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.404479980 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.404509068 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.404578924 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.413362026 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.413374901 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.413397074 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.413434029 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.413484097 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.424601078 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.424612045 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.424633026 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.424659967 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.424690962 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.433362007 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.433372974 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.433393002 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.433412075 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.433448076 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.453298092 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.453331947 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.453371048 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.453382969 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.453402996 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.453408003 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.453435898 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.453453064 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.453491926 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.466537952 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.466584921 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.466615915 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.466624975 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.466656923 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.466676950 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.470257044 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.470324993 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.470407963 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.470550060 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.470557928 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.470630884 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:18.470690966 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.471141100 CET	49724	443	192.168.2.5	13.107.136.10
Dec 18, 2024 09:04:18.471157074 CET	443	49724	13.107.136.10	192.168.2.5
Dec 18, 2024 09:04:24.379061937 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:24.379138947 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:04:24.379205942 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:24.802783966 CET	49717	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:04:24.802794933 CET	443	49717	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:12.903917074 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:12.903955936 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:12.904017925 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:12.904531956 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:12.904546976 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:14.593036890 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:14.595727921 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:14.595761061 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:14.596364975 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:14.599561930 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:14.599668980 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:14.653786898 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:24.303814888 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:24.303900957 CET	443	50120	142.250.181.132	192.168.2.5
Dec 18, 2024 09:05:24.303977966 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:24.357693911 CET	50120	443	192.168.2.5	142.250.181.132
Dec 18, 2024 09:05:24.357757092 CET	443	50120	142.250.181.132	192.168.2.5

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 09:04:08.839688063 CET	53	60460	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:08.844575882 CET	53	49167	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:11.631397963 CET	53	58322	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:12.840775967 CET	59006	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:12.840924978 CET	60820	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:12.978106022 CET	53	59006	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:12.978127956 CET	53	60820	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:13.963459969 CET	58800	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:13.965887070 CET	55387	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:20.784925938 CET	53890	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:20.785077095 CET	56869	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:23.002302885 CET	62421	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:23.002520084 CET	59047	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:24.348777056 CET	60934	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:24.349060059 CET	54469	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:28.433571100 CET	53	61420	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:43.703068972 CET	53	53564	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:43.809721947 CET	53	64142	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:47.414908886 CET	53	59344	1.1.1.1	192.168.2.5
Dec 18, 2024 09:04:50.795357943 CET	52054	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:50.795490026 CET	58331	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:53.073229074 CET	61891	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:04:53.073472023 CET	49239	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:02.813067913 CET	56035	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:02.813210011 CET	50487	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:08.394526005 CET	51206	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:08.394572973 CET	57926	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:08.418891907 CET	53	59507	1.1.1.1	192.168.2.5
Dec 18, 2024 09:05:09.572205067 CET	53522	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:09.572406054 CET	50782	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:10.316056013 CET	53	55463	1.1.1.1	192.168.2.5
Dec 18, 2024 09:05:11.363054037 CET	53432	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:11.363217115 CET	60339	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:11.982312918 CET	50496	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:11.982453108 CET	61594	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:11.983831882 CET	65075	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:11.983974934 CET	62372	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:12.355360985 CET	53	62372	1.1.1.1	192.168.2.5
Dec 18, 2024 09:05:14.097580910 CET	60449	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.098211050 CET	58642	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.152199984 CET	49793	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.152571917 CET	49623	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.153244019 CET	63308	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.153295994 CET	53040	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.188870907 CET	63277	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.189227104 CET	58730	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.189723969 CET	51507	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.189841032 CET	59750	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.190391064 CET	63462	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.190727949 CET	55791	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.191374063 CET	63679	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.191749096 CET	49350	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.236809969 CET	53	58642	1.1.1.1	192.168.2.5
Dec 18, 2024 09:05:14.238836050 CET	57197	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.239310026 CET	64511	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.563134909 CET	54711	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:14.563339949 CET	61650	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.227078915 CET	58635	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.227229118 CET	60380	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.233321905 CET	62760	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.233464003 CET	50413	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.272044897 CET	50059	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.272325993 CET	50547	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.273020029 CET	64911	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.273150921 CET	61069	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.278732061 CET	51273	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.278868914 CET	59581	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.342967033 CET	54370	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:16.343128920 CET	55371	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:18.350709915 CET	54921	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:18.350862980 CET	63289	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:18.488347054 CET	53	63289	1.1.1.1	192.168.2.5
Dec 18, 2024 09:05:18.737134933 CET	58084	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:18.737250090 CET	65090	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:18.768510103 CET	58634	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:18.768671989 CET	62429	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:21.523745060 CET	52838	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:21.523922920 CET	49300	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:22.880333900 CET	61513	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:22.880414009 CET	58215	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.358232021 CET	63180	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.358506918 CET	59603	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.358983994 CET	62870	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.359219074 CET	57646	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.359571934 CET	64113	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.359714031 CET	55161	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.360519886 CET	53140	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.360662937 CET	59229	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.360946894 CET	56939	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:24.361071110 CET	60426	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:26.262702942 CET	51971	53	192.168.2.5	1.1.1.1
Dec 18, 2024 09:05:26.263031006 CET	63015	53	192.168.2.5	1.1.1.1

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 18, 2024 09:04:24.899266005 CET	192.168.2.5	1.1.1.1	c2a6	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:05:09.979855061 CET	192.168.2.5	1.1.1.1	c298	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:05:11.770526886 CET	192.168.2.5	1.1.1.1	c270	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:05:14.602104902 CET	192.168.2.5	1.1.1.1	c287	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:05:19.181691885 CET	192.168.2.5	1.1.1.1	c2c2	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:04:16 UTC	758	OUT	GET /:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y HTTP/1.1 Host: syndiclair-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 08:04:17 UTC	4043	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 577 Content-Type: text/html; charset=utf-8 Location: https://syndiclair-my.sharepoint.com/personal/ml_syndiclair_fr/_layouts/15/Doc.aspx?sourcedoc=%7B936d047f-a518-429e-a1d6-50d399ade083%7D&action=default&slrid=8aaf6ea1-a036-a000-d67c-b50d0b0a15e8&originalPath=aHR0cHM6Ly9zeW5kaWNsYWlyLW15LnNoYXJlcG9pbnQuY29tLzpvOi9nL3BlcnNvbmFsL21sX3N5bmRpY2xhaXJfZnIvRW44RWJaTVlwWjVDb2RaUTA1bXQ0SU1CR1pIRUhjU3lsbkllTWgwRG9VTG1adz9ydGltZT1KX2Fpa1RvZjNVZw&CID=2bb11439-8e2b-4b7b-b75e-942a2fe056c9&_SRM=0:G:106 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2JkODMyMTgzZTc4N2Q5MGVlMmY0OGRhYzgxNjc1Y2EyOTFjYzUyMjgyMWYxMzc3YjdlZjhhYzdjMzJjNDk1YzUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jYmQ4MzIxODNlNzg3ZDkwZWUyZjQ4ZGFjODE2NzVjYTI5MWNjNTIyODIxZjEzNzdiN2VmOGFjN2MzMmM0OTVjNSwxMzM3ODk4Mjk1NjAwMDAwMDAsMCwxMzM3OTA2OTA1NjgxMDYxODQsMC4wLjAuMCwyNTgsMTBmOWU0NGUtNDJlNC00ZThkLTliYzgtNGFkMTY3NzQyZThjLCwsOGYyZGVkMjctM2RhYi00N2UxLTgyZGYtMTQxYzVjYjQ3Y2I0LDhmMmRlZDI3LTNkYWItNDdlMS04MmRmLTE0MWM1Y2I0N2NiNCw5SFRLY3J2NXZVbXp1N2J0NVoxbG5RLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTAwMTksdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLHFSOTJPbHJlTitVZGFFeUUwQ2JRQ3czMjgzbWlvU0lKNno5M0crNzBJMUk1b09telFaWi9HaXQ1ZTA2enRrNG1Sek9LUUZzQlAwdlBsUzBDUjJ6ci9aaTN6ZkxMNHlmMmt6R2RKZWpZMEpZajhSWFlrdTZGMkxXS3JLRGU1QXNOZlZCbXBGS0wveklCamFhbjN3eFFrZ2pkVjAxaWZBQXVGckd4YzdwY3h4UHVMM1JXaDFCY1FBb3ZKNWUyUGI0SFNQNWp5YlQwMHhPUGdOVDFRYzBHSUZXRFcrQXhGM0x5SDA1NzRKRFJCMmhRdGRFRXpSL0Jt [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,334658,0,54246,75 X-SharePointHealthScore: 3 X-MS-SPO-CookieValidator: qR92OlreN+UdaEyE0CbQCw3283mioSIJ6z93G+70I1I5oOmzQZZ/Git5e06ztk4mRzOKQFsBP0vPlS0CR2zr/Zi3zfLL4yf2kzGdJejY0JYj8RXYku6F2LWKrKDe5AsNfVBmpFKL/zIBjaan3wxQkgjdV01ifAAuFrGxc7pcxxPuL3RWh1BcQAovJ5e2Pb4HSP5jybT00xOPgNT1Qc0GIFWDW+AxF3LyH0574JDRB2hQtdEEzR/Bm9QMmrPMLF2YhbmvKPlVOcVahL+6Mthdb8n3sZDhIOZk2y4xbqUSv5hgzprb90Y2lmuChWwNCRdukzllTdgdxuKMaN38pK8JLQ== X-AspNet-Version: 4.0.30319 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 8aaf6ea1-f0a5-a000-d67c-b9fee7cc68aa request-id: 8aaf6ea1-f0a5-a000-d67c-b9fee7cc68aa MS-CV: oW6viqXwAKDWfLn+58xoqg.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=10f9e44e-42e4-4e8d-9bc8-4ad167742e8c&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 244 SPIisLatency: 5 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 5490A8A45BF040DF93A49DC8EA8ACAD1 Ref B: EWR311000103049 Ref C: 2024-12-18T08:04:16Z Date: Wed, 18 Dec 2024 08:04:15 GMT Connection: close
2024-12-18 08:04:17 UTC	577	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 79 6e 64 69 63 6c 61 69 72 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 6d 6c 5f 73 79 6e 64 69 63 6c 61 69 72 5f 66 72 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 44 6f 63 2e 61 73 70 78 3f 73 6f 75 72 63 65 64 6f 63 3d 25 37 42 39 33 36 64 30 34 37 66 2d 61 35 31 38 2d 34 32 39 65 2d 61 31 64 36 2d 35 30 64 33 39 39 61 64 65 30 38 33 25 37 44 26 61 6d 70 3b 61 63 74 69 6f 6e 3d 64 65 66 61 75 6c 74 26 61 6d 70 3b 73 6c 72 69 64 3d 38 61 61 66 36 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://syndiclair-my.sharepoint.com/personal/ml_syndiclair_fr/_layouts/15/Doc.aspx?sourcedoc=%7B936d047f-a518-429e-a1d6-50d399ade083%7D&action=default&slrid=8aaf6e

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:04:17 UTC	2236	OUT	GET /personal/ml_syndiclair_fr/_layouts/15/Doc.aspx?sourcedoc=%7B936d047f-a518-429e-a1d6-50d399ade083%7D&action=default&slrid=8aaf6ea1-a036-a000-d67c-b50d0b0a15e8&originalPath=aHR0cHM6Ly9zeW5kaWNsYWlyLW15LnNoYXJlcG9pbnQuY29tLzpvOi9nL3BlcnNvbmFsL21sX3N5bmRpY2xhaXJfZnIvRW44RWJaTVlwWjVDb2RaUTA1bXQ0SU1CR1pIRUhjU3lsbkllTWgwRG9VTG1adz9ydGltZT1KX2Fpa1RvZjNVZw&CID=2bb11439-8e2b-4b7b-b75e-942a2fe056c9&_SRM=0:G:106 HTTP/1.1 Host: syndiclair-my.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2JkODMyMTgzZTc4N2Q5MGVlMmY0OGRhYzgxNjc1Y2EyOTFjYzUyMjgyMWYxMzc3YjdlZjhhYzdjMzJjNDk1YzUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jYmQ4MzIxODNlNzg3ZDkwZWUyZjQ4ZGFjODE2NzVjYTI5MWNjNTIyODIxZjEzNzdiN2VmOGFjN2MzMmM0OTVjNSwxMzM3ODk4Mjk1NjAwMDAwMDAsMCwxMzM3OTA2OTA1NjgxMDYxODQsMC4wLjAuMCwyNTgsMTBmOWU0NGUtNDJlNC00ZThkLTliYzgtNGFkMTY3NzQyZThjLCwsOGYyZGVkMjctM2RhYi00N2UxLTgyZGYtMTQxYzVjYjQ3Y2I0LDhmMmRlZDI3LTNkYWItNDdlMS04MmRmLTE0MWM1Y2I0N2NiNCw5SFRLY3J2NXZVbXp1N2J0NVoxbG5RLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTAwMTksdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLHFSOTJPbHJlTitVZGFFeUUwQ2JRQ3czMjgzbWlvU0lKNno5M0crNzBJMUk1b09telFaWi9HaXQ1ZTA2enRrNG1Sek9LUUZzQlAwdlBsUzBDUjJ6ci9aaTN6ZkxMNHlmMmt6R2RKZWpZMEpZajhSWFlrdTZGMkxXS3JLRGU1QXNOZlZCbXBGS0wveklCamFhbjN3eFFrZ2pkVjAxaWZBQXVGckd4YzdwY3h4UHVMM1JXaDFCY1FBb3ZKNWUyUGI0SFNQNWp5YlQwMHhPUGdOVDFRYzBHSUZXRFcrQXhGM0x5SDA1NzRKRFJCMmhRdGRFRXpSL0JtOVFN [TRUNCATED]
2024-12-18 08:04:17 UTC	3336	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Expires: -1 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2JkODMyMTgzZTc4N2Q5MGVlMmY0OGRhYzgxNjc1Y2EyOTFjYzUyMjgyMWYxMzc3YjdlZjhhYzdjMzJjNDk1YzUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jYmQ4MzIxODNlNzg3ZDkwZWUyZjQ4ZGFjODE2NzVjYTI5MWNjNTIyODIxZjEzNzdiN2VmOGFjN2MzMmM0OTVjNSwxMzM3ODk4Mjk1NjAwMDAwMDAsMCwxMzM3OTA2OTA1NjgxMDYxODQsMC4wLjAuMCwyNTgsMTBmOWU0NGUtNDJlNC00ZThkLTliYzgtNGFkMTY3NzQyZThjLCwsOGYyZGVkMjctM2RhYi00N2UxLTgyZGYtMTQxYzVjYjQ3Y2I0LDhmMmRlZDI3LTNkYWItNDdlMS04MmRmLTE0MWM1Y2I0N2NiNCw5SFRLY3J2NXZVbXp1N2J0NVoxbG5RLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTAwMTksdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLHFSOTJPbHJlTitVZGFFeUUwQ2JRQ3czMjgzbWlvU0lKNno5M0crNzBJMUk1b09telFaWi9HaXQ1ZTA2enRrNG1Sek9LUUZzQlAwdlBsUzBDUjJ6ci9aaTN6ZkxMNHlmMmt6R2RKZWpZMEpZajhSWFlrdTZGMkxXS3JLRGU1QXNOZlZCbXBGS0wveklCamFhbjN3eFFrZ2pkVjAxaWZBQXVGckd4YzdwY3h4UHVMM1JXaDFCY1FBb3ZKNWUyUGI0SFNQNWp5YlQwMHhPUGdOVDFRYzBHSUZXRFcrQXhGM0x5SDA1NzRKRFJCMmhRdGRFRXpSL0Jt [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,168,0,26343,76 X-SharePointHealthScore: 3 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Server-Timing: LT; desc=0, RS; desc=G, RD; dur=106 X-AspNet-Version: 4.0.30319 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 8aaf6ea1-20e2-a000-d67c-b60a1940bd0f request-id: 8aaf6ea1-20e2-a000-d67c-b60a1940bd0f MS-CV: oW6viuIgAKDWfLYKGUC9Dw.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=10f9e44e-42e4-4e8d-9bc8-4ad167742e8c&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 69FD5A6A321C4DBAADDA241F233A561F Ref B: EWR311000106053 Ref C: 2024-12-18T08:04:17Z Date: Wed, 18 Dec 2024 08:04:16 GMT Connection: close
2024-12-18 08:04:17 UTC	834	IN	Data Raw: 33 33 62 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 09 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 0d 0a 09 09 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0d 0a 09 09 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f Data Ascii: 33b<!DOCTYPE html><html lang="en-us" dir="ltr"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><metaname="viewport"content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no
2024-12-18 08:04:17 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 09 09 3e 0d 0a 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 76 61 72 20 77 6f 70 69 44 69 61 67 43 6c 69 65 6e 74 20 3d 20 7b 20 64 6f 63 46 69 72 73 74 46 6c 75 73 68 54 69 6d 65 20 3a 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 20 7d 20 3b 0d 0a 09 09 76 61 72 20 77 61 63 55 69 48 6f 73 74 53 65 73 73 69 6f 6e 20 3d 20 6e 75 6c 6c 3b 0d 0a 09 09 76 61 72 20 77 6f 70 69 43 6f 6e 74 65 78 74 46 6c 75 73 68 54 69 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 09 09 76 61 72 20 69 73 45 61 72 6c 79 46 6c 75 73 68 45 6e 61 62 6c 65 64 20 3d 20 66 61 6c 73 65 3b 0d 0a 09 09 76 61 72 20 66 69 72 73 74 46 6c 75 73 68 45 6e 64 54 69 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a Data Ascii: 2000><script type="text/javascript">var wopiDiagClient = { docFirstFlushTime : new Date().getTime() } ;var wacUiHostSession = null;var wopiContextFlushTime = null;var isEarlyFlushEnabled = false;var firstFlushEndTime = null;
2024-12-18 08:04:17 UTC	4152	IN	Data Raw: 31 30 33 30 0d 0a 36 36 34 33 31 30 35 34 2c 2d 31 33 39 37 38 32 37 33 39 37 2c 2d 31 32 34 33 33 39 36 31 36 31 2c 31 34 33 37 38 39 31 35 33 39 2c 2d 39 31 34 33 38 32 35 34 38 2c 2d 39 39 37 31 36 39 36 37 30 2c 38 39 36 30 32 36 34 35 36 2c 2d 31 34 30 39 36 33 38 31 30 2c 2d 36 31 34 32 31 30 38 33 36 2c 37 31 30 34 31 32 36 36 37 2c 2d 38 31 32 35 31 37 37 33 39 2c 2d 35 37 35 36 39 35 34 34 30 2c 33 34 32 36 30 31 31 33 34 2c 2d 36 38 30 34 37 37 32 34 30 2c 31 35 35 31 38 37 34 35 33 35 2c 2d 31 37 36 36 38 38 31 33 31 2c 2d 36 38 36 38 33 34 35 37 2c 2d 32 31 33 35 31 38 38 30 39 38 2c 2d 31 34 31 33 39 30 31 31 38 2c 2d 31 35 36 33 37 30 31 30 36 2c 32 30 36 33 35 30 35 33 39 39 2c 2d 31 32 37 36 36 35 38 35 37 35 2c 32 30 34 31 36 39 39 36 35 Data Ascii: 103066431054,-1397827397,-1243396161,1437891539,-914382548,-997169670,896026456,-140963810,-614210836,710412667,-812517739,-575695440,342601134,-680477240,1551874535,-176688131,-68683457,-2135188098,-141390118,-156370106,2063505399,-1276658575,204169965
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 39 2d 39 38 31 36 2d 37 32 39 37 41 46 44 38 45 39 36 41 22 3a 31 2c 22 38 38 32 42 41 30 39 30 2d 34 39 36 33 2d 34 37 30 32 2d 39 44 35 33 2d 39 42 45 43 32 42 42 34 43 43 35 45 22 3a 31 2c 22 45 35 39 43 36 31 30 35 2d 41 34 31 34 2d 34 45 38 35 2d 39 30 46 39 2d 39 42 30 39 38 31 39 31 39 46 45 31 22 3a 31 2c 22 34 46 43 37 44 46 46 34 2d 32 31 44 34 2d 34 30 36 39 2d 38 38 42 36 2d 30 41 44 36 35 32 45 46 30 39 34 32 22 3a 31 2c 22 44 42 39 44 32 32 33 41 2d 38 36 35 42 2d 34 33 44 30 2d 39 45 34 38 2d 33 38 32 32 43 30 42 46 44 45 37 31 22 3a 31 2c 22 39 38 42 35 43 44 35 36 2d 31 33 34 35 2d 34 35 34 41 2d 41 39 44 31 2d 30 36 38 44 39 42 32 42 44 42 38 30 22 3a 31 2c 22 45 31 42 38 36 41 39 35 2d 33 31 45 35 2d 34 39 42 36 2d 38 Data Ascii: 20009-9816-7297AFD8E96A":1,"882BA090-4963-4702-9D53-9BEC2BB4CC5E":1,"E59C6105-A414-4E85-90F9-9B0981919FE1":1,"4FC7DFF4-21D4-4069-88B6-0AD652EF0942":1,"DB9D223A-865B-43D0-9E48-3822C0BFDE71":1,"98B5CD56-1345-454A-A9D1-068D9B2BDB80":1,"E1B86A95-31E5-49B6-8
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 37 39 45 36 2d 34 44 36 37 2d 41 42 30 45 2d 34 34 32 32 39 39 42 32 31 39 36 39 22 3a 31 2c 22 39 46 37 41 42 39 42 36 2d 36 42 35 45 2d 34 45 46 32 2d 42 35 33 37 2d 39 32 42 32 35 45 39 44 34 46 42 35 22 3a 31 2c 22 32 33 38 33 46 42 39 37 2d 43 33 45 33 2d 34 43 33 31 2d 39 46 33 41 2d 37 31 32 31 32 31 42 37 43 39 33 41 22 3a 31 2c 22 42 34 45 31 42 43 39 35 2d 32 43 43 37 2d 34 32 36 44 2d 42 38 38 36 2d 36 43 34 34 34 37 42 31 32 36 37 38 22 3a 31 2c 22 32 32 38 35 43 37 33 31 2d 35 33 44 42 2d 34 32 42 31 2d 39 35 44 41 2d 31 34 44 36 42 42 39 44 37 35 38 30 22 3a 31 2c 22 37 42 39 30 37 34 38 44 2d 35 38 45 44 2d 34 32 42 34 2d 39 35 32 45 2d 32 38 38 37 30 36 42 42 45 45 44 46 22 3a 31 2c 22 35 42 44 41 41 42 45 34 2d 35 31 45 Data Ascii: 200079E6-4D67-AB0E-442299B21969":1,"9F7AB9B6-6B5E-4EF2-B537-92B25E9D4FB5":1,"2383FB97-C3E3-4C31-9F3A-712121B7C93A":1,"B4E1BC95-2CC7-426D-B886-6C4447B12678":1,"2285C731-53DB-42B1-95DA-14D6BB9D7580":1,"7B90748D-58ED-42B4-952E-288706BBEEDF":1,"5BDAABE4-51E
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 33 42 31 42 31 42 39 2d 30 42 33 45 2d 34 42 33 42 2d 38 42 33 42 2d 30 42 33 42 31 42 33 42 31 42 33 42 22 3a 31 2c 22 44 42 44 37 38 31 45 46 2d 30 34 44 37 2d 34 44 30 34 2d 42 45 33 32 2d 45 30 43 35 44 30 31 32 31 44 38 35 22 3a 31 2c 22 44 41 45 31 41 42 34 36 2d 46 34 44 44 2d 34 39 44 44 2d 39 41 31 45 2d 46 35 39 41 46 44 46 42 33 39 33 36 22 3a 31 2c 22 37 35 46 30 38 36 31 30 2d 30 32 42 34 2d 34 46 34 43 2d 39 41 36 34 2d 37 44 35 34 32 37 34 30 35 36 41 42 22 3a 31 2c 22 36 38 33 43 38 46 33 43 2d 42 37 30 46 2d 34 45 43 39 2d 42 32 32 38 2d 45 41 34 43 36 38 37 39 46 38 36 36 22 3a 31 2c 22 42 32 37 42 33 32 46 32 2d 31 34 38 42 2d 34 37 37 31 2d 39 32 41 32 2d 42 33 39 31 43 39 31 46 33 36 35 36 22 3a 31 2c 22 35 35 30 30 Data Ascii: 20003B1B1B9-0B3E-4B3B-8B3B-0B3B1B3B1B3B":1,"DBD781EF-04D7-4D04-BE32-E0C5D0121D85":1,"DAE1AB46-F4DD-49DD-9A1E-F59AFDFB3936":1,"75F08610-02B4-4F4C-9A64-7D54274056AB":1,"683C8F3C-B70F-4EC9-B228-EA4C6879F866":1,"B27B32F2-148B-4771-92A2-B391C91F3656":1,"5500
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 42 38 22 3a 31 2c 22 43 38 39 38 44 46 33 42 2d 45 36 41 33 2d 34 46 44 35 2d 41 32 39 43 2d 45 32 42 30 32 32 36 44 38 38 34 38 22 3a 31 2c 22 30 46 44 36 37 39 33 34 2d 45 35 43 35 2d 34 36 41 38 2d 42 41 32 37 2d 44 45 34 35 30 30 45 35 33 30 37 31 22 3a 31 2c 22 41 46 42 35 30 38 41 37 2d 39 45 35 45 2d 34 39 38 39 2d 38 35 46 30 2d 36 46 41 36 31 42 39 36 32 43 41 46 22 3a 31 2c 22 41 35 44 41 46 46 42 30 2d 36 35 32 45 2d 34 45 45 31 2d 41 36 33 38 2d 45 32 39 30 30 38 39 45 31 44 45 37 22 3a 31 2c 22 37 38 37 39 31 44 34 30 2d 45 30 41 44 2d 34 34 41 37 2d 38 42 39 43 2d 37 44 34 41 34 45 34 43 36 37 33 33 22 3a 31 2c 22 32 37 30 46 33 34 34 32 2d 43 43 31 39 2d 34 42 39 42 2d 42 37 37 31 2d 43 30 34 44 37 44 36 44 37 44 45 30 22 Data Ascii: 2000B8":1,"C898DF3B-E6A3-4FD5-A29C-E2B0226D8848":1,"0FD67934-E5C5-46A8-BA27-DE4500E53071":1,"AFB508A7-9E5E-4989-85F0-6FA61B962CAF":1,"A5DAFFB0-652E-4EE1-A638-E290089E1DE7":1,"78791D40-E0AD-44A7-8B9C-7D4A4E4C6733":1,"270F3442-CC19-4B9B-B771-C04D7D6D7DE0"
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 45 45 37 31 37 30 43 34 33 43 22 3a 31 2c 22 41 31 45 31 34 32 31 30 2d 36 41 46 42 2d 31 31 45 46 2d 39 36 43 33 2d 31 30 37 43 36 31 33 33 30 46 38 43 22 3a 31 2c 22 35 30 30 39 43 31 36 35 2d 38 31 36 34 2d 34 42 30 31 2d 38 44 43 43 2d 31 34 41 36 43 46 35 32 43 35 32 42 22 3a 31 2c 22 42 43 45 46 36 43 36 31 2d 44 36 34 39 2d 34 42 41 34 2d 39 41 31 31 2d 41 34 37 38 42 41 30 31 34 33 32 46 22 3a 31 2c 22 42 39 46 43 30 38 34 33 2d 35 46 42 35 2d 34 45 38 41 2d 39 41 38 37 2d 45 34 33 30 38 45 37 38 36 33 44 36 22 3a 31 2c 22 34 31 36 32 43 30 35 36 2d 45 35 34 32 2d 34 38 44 35 2d 38 37 42 44 2d 41 37 41 31 31 38 38 31 38 38 32 38 22 3a 31 2c 22 45 38 32 45 45 39 30 36 2d 46 44 33 41 2d 34 38 39 31 2d 42 30 36 37 2d 43 32 39 32 34 Data Ascii: 2000EE7170C43C":1,"A1E14210-6AFB-11EF-96C3-107C61330F8C":1,"5009C165-8164-4B01-8DCC-14A6CF52C52B":1,"BCEF6C61-D649-4BA4-9A11-A478BA01432F":1,"B9FC0843-5FB5-4E8A-9A87-E4308E7863D6":1,"4162C056-E542-48D5-87BD-A7A118818828":1,"E82EE906-FD3A-4891-B067-C2924
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 2d 39 46 44 33 2d 37 32 30 31 31 37 43 31 38 32 46 31 22 3a 31 2c 22 32 45 30 35 30 34 39 37 2d 41 31 45 45 2d 34 45 39 35 2d 38 32 32 43 2d 33 36 32 36 41 45 39 39 37 36 32 33 22 3a 31 2c 22 41 45 39 45 35 32 31 43 2d 32 31 30 44 2d 34 46 33 36 2d 39 34 38 44 2d 41 30 36 45 42 41 37 42 38 36 31 44 22 3a 31 2c 22 31 37 34 43 30 42 31 45 2d 38 32 30 36 2d 34 39 38 45 2d 39 31 42 46 2d 34 41 31 45 34 36 38 38 35 33 34 42 22 3a 31 2c 22 37 42 37 30 46 34 37 36 2d 31 32 41 30 2d 34 37 42 44 2d 38 33 33 37 2d 38 41 30 41 41 38 37 39 33 33 34 30 22 3a 31 2c 22 38 35 35 36 45 43 39 34 2d 46 38 42 35 2d 34 35 37 41 2d 38 35 39 41 2d 38 46 44 33 42 39 41 31 31 39 35 38 22 3a 31 2c 22 31 37 39 46 42 45 45 35 2d 39 35 35 32 2d 34 34 43 34 2d 41 30 Data Ascii: 2000-9FD3-720117C182F1":1,"2E050497-A1EE-4E95-822C-3626AE997623":1,"AE9E521C-210D-4F36-948D-A06EBA7B861D":1,"174C0B1E-8206-498E-91BF-4A1E4688534B":1,"7B70F476-12A0-47BD-8337-8A0AA8793340":1,"8556EC94-F8B5-457A-859A-8FD3B9A11958":1,"179FBEE5-9552-44C4-A0
2024-12-18 08:04:18 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 39 33 36 2d 34 45 35 41 2d 39 37 39 43 2d 37 32 41 39 32 36 39 39 36 44 44 36 22 3a 31 2c 22 37 36 30 39 34 32 38 45 2d 33 43 38 45 2d 34 30 34 38 2d 41 35 43 32 2d 41 43 33 33 35 43 42 33 45 33 42 34 22 3a 31 2c 22 45 33 38 34 38 30 45 43 2d 38 46 46 46 2d 34 41 32 35 2d 39 30 31 43 2d 30 42 43 46 32 39 35 33 46 39 42 31 22 3a 31 2c 22 36 44 43 42 45 35 37 42 2d 44 41 35 46 2d 34 33 30 39 2d 42 39 36 31 2d 34 33 36 32 33 33 31 44 41 32 38 46 22 3a 31 2c 22 37 31 45 37 32 34 38 36 2d 31 42 37 32 2d 34 38 30 31 2d 38 31 33 31 2d 44 42 38 36 45 34 37 30 43 32 31 30 22 3a 31 2c 22 33 33 33 30 32 33 35 36 2d 36 35 46 44 2d 34 45 41 42 2d 41 36 31 34 2d 42 39 39 31 34 37 31 42 39 31 31 46 22 3a 31 2c 22 33 36 45 45 46 46 39 33 2d 43 33 31 46 Data Ascii: 2000936-4E5A-979C-72A926996DD6":1,"7609428E-3C8E-4048-A5C2-AC335CB3E3B4":1,"E38480EC-8FFF-4A25-901C-0BCF2953F9B1":1,"6DCBE57B-DA5F-4309-B961-4362331DA28F":1,"71E72486-1B72-4801-8131-DB86E470C210":1,"33302356-65FD-4EAB-A614-B991471B911F":1,"36EEFF93-C31F

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:04:22 UTC	726	OUT	POST /suite/RemoteUls.ashx?usid=0432f7db-cabd-ae00-6b77-ca57e1c556bb&officeserverversion= HTTP/1.1 Host: common.online.office.com Connection: keep-alive Content-Length: 699 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://syndiclair-my.sharepoint.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://syndiclair-my.sharepoint.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 08:04:22 UTC	699	OUT	Data Raw: 7b 22 54 22 3a 31 37 33 34 35 30 39 30 35 39 34 38 32 2c 22 4c 22 3a 5b 7b 22 47 22 3a 35 32 31 31 36 34 32 33 38 2c 22 54 22 3a 34 2c 22 4d 22 3a 22 4f 6e 65 4e 6f 74 65 4a 73 41 70 69 56 32 47 61 74 65 3a 20 44 69 73 61 62 6c 65 64 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 37 36 35 37 38 35 38 34 2c 22 54 22 3a 34 2c 22 4d 22 3a 22 4c 65 61 6e 20 55 69 20 48 6f 73 74 3a 20 62 6f 6f 74 41 70 70 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 34 36 31 38 32 30 34 38 2c 22 54 22 3a 36 2c 22 4d 22 3a 22 42 6f 6f 74 41 70 70 3a 20 4c 6f 61 64 20 64 6f 63 75 6d 65 6e 74 20 72 65 74 75 72 6e 65 64 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 35 33 37 32 36 32 38 35 2c 22 Data Ascii: {"T":1734509059482,"L":[{"G":521164238,"T":4,"M":"OneNoteJsApiV2Gate: Disabled","C":3027,"D":50},{"G":576578584,"T":4,"M":"Lean Ui Host: bootApp","C":3027,"D":50},{"G":546182048,"T":6,"M":"BootApp: Load document returned","C":3027,"D":50},{"G":553726285,"

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:04:22 UTC	708	OUT	POST /suite/RemoteTelemetry.ashx?usid=0432f7db-cabd-ae00-6b77-ca57e1c556bb HTTP/1.1 Host: common.online.office.com Connection: keep-alive Content-Length: 685 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://syndiclair-my.sharepoint.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://syndiclair-my.sharepoint.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 08:04:22 UTC	685	OUT	Data Raw: 7b 22 64 22 3a 7b 22 61 22 3a 22 4f 6e 65 4e 6f 74 65 22 2c 22 62 22 3a 22 65 6e 2d 55 53 22 2c 22 63 22 3a 22 55 6e 69 66 69 65 64 55 69 48 6f 73 74 22 2c 22 64 22 3a 22 55 4e 49 46 49 45 44 55 49 48 4f 53 54 22 2c 22 6a 22 3a 22 32 30 32 34 31 32 31 31 2e 31 22 2c 22 72 22 3a 66 61 6c 73 65 2c 22 73 22 3a 22 22 2c 22 77 22 3a 22 30 34 33 32 66 37 64 62 2d 63 61 62 64 2d 61 65 30 30 2d 36 62 37 37 2d 63 61 35 37 65 31 63 35 35 36 62 62 22 2c 22 78 22 3a 22 53 68 61 72 69 6e 67 2e 43 6c 69 65 6e 74 52 65 64 69 72 65 63 74 22 2c 22 79 22 3a 22 31 30 66 39 65 34 34 65 2d 34 32 65 34 2d 34 65 38 64 2d 39 62 63 38 2d 34 61 64 31 36 37 37 34 32 65 38 63 22 2c 22 7a 22 3a 22 73 68 61 72 65 70 6f 69 6e 74 63 6f 6d 22 2c 22 61 63 22 3a 22 64 6f 63 61 73 70 78 22 Data Ascii: {"d":{"a":"OneNote","b":"en-US","c":"UnifiedUiHost","d":"UNIFIEDUIHOST","j":"20241211.1","r":false,"s":"","w":"0432f7db-cabd-ae00-6b77-ca57e1c556bb","x":"Sharing.ClientRedirect","y":"10f9e44e-42e4-4e8d-9bc8-4ad167742e8c","z":"sharepointcom","ac":"docaspx"

Target ID:	0
Start time:	03:04:00
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	03:04:06
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2204,i,11763073008621131279,10746106279034896086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	03:04:12
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 222

Chrome Cache Entry: 223

Chrome Cache Entry: 224

Chrome Cache Entry: 225

Chrome Cache Entry: 226

Chrome Cache Entry: 227

Chrome Cache Entry: 228

Chrome Cache Entry: 229

Chrome Cache Entry: 230

Chrome Cache Entry: 231

Chrome Cache Entry: 232

Chrome Cache Entry: 233

Chrome Cache Entry: 234

Chrome Cache Entry: 235

Chrome Cache Entry: 236

Chrome Cache Entry: 237

Chrome Cache Entry: 238

Chrome Cache Entry: 239

Chrome Cache Entry: 240

Windows Analysis Report
https://syndiclair-my.sharepoint.com/:o:/g/personal/ml_syndiclair_fr/En8EbZMYpZ5CodZQ05mt4IMBGZHEHcSylnIeMh0DoULmZw?e=UkXb4Y