Edit tour

Windows Analysis Report
https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9

Overview

General Information

Sample URL:	https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9
Analysis ID:	1582897
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,18307352361888370640,11174853973299101979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=QLDOqSwkd19yHhmt%2FbZqew%3D%3DTAG139 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG139 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=htsGRXHb0aH4KsVP0DRpyGXPjV9R2bs7vicPp4bSVQ59Ictux-7gUy7F1mmlD_xPX5XTow2RvXzpOCPd_HF4bv29mc8DT2UAgthqE5nRRTM1&t=638661570537377670 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=htsGRXHb0aH4KsVP0DRpyGXPjV9R2bs7vicPp4bSVQ59Ictux-7gUy7F1mmlD_xPX5XTow2RvXzpOCPd_HF4bv29mc8DT2UAgthqE5nRRTM1&t=638661570537377670 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: ocemt-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: ocemt-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_83.1.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/1033/initstrings.js
Source: chromecache_83.1.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/blank.js
Source: chromecache_83.1.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/init.js
Source: chromecache_83.1.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/theming.js
Source: chromecache_83.1.dr	String found in binary or memory: https://res.cdn.office.net/teams-js/2.21.0/js/MicrosoftTeams.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: classification engine

Classification label: mal48.win@17/42@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,18307352361888370640,11174853973299101979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,18307352361888370640,11174853973299101979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9	0%	Avira URL Cloud	safe
https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://ocemt-my.sharepoint.com/_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG139	0%	Avira URL Cloud	safe
https://ocemt-my.sharepoint.com/ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f	0%	Avira URL Cloud	safe
https://ocemt-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	0%	Avira URL Cloud	safe
https://ocemt-my.sharepoint.com/_layouts/15/1033/styles/corev15.css?rev=QLDOqSwkd19yHhmt%2FbZqew%3D%3DTAG139	0%	Avira URL Cloud	safe
https://ocemt-my.sharepoint.com/ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	high
www.google.com	142.250.184.228	true	false	high
ocemt-my.sharepoint.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ocemt-my.sharepoint.com/_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG139	false	Avira URL Cloud: safe	unknown
https://ocemt-my.sharepoint.com/ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f	false	Avira URL Cloud: safe	unknown
https://ocemt-my.sharepoint.com/ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f	false	Avira URL Cloud: safe	unknown
https://ocemt-my.sharepoint.com/_layouts/15/1033/styles/corev15.css?rev=QLDOqSwkd19yHhmt%2FbZqew%3D%3DTAG139	false	Avira URL Cloud: safe	unknown
https://ocemt-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	Avira URL Cloud: safe	unknown
https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582897
Start date and time:	2024-12-31 19:36:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/42@6/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 173.194.76.84, 142.250.186.174, 142.250.185.142, 142.250.181.238, 2.23.209.37, 2.23.209.42, 142.250.74.206, 216.58.212.174, 142.250.185.238, 142.250.184.206, 172.217.16.206, 142.250.186.46, 142.250.184.195, 142.250.185.78, 142.250.185.174, 142.250.184.238, 216.58.206.78, 172.202.163.200, 184.28.90.27
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, 201163-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net, update.googleapis.com, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://ocemt-my.sharepoint.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://ocemt-my.sharepoint.com
URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgr... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a common pattern used in ASP.NET web applications for client-side postback handling. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily responsible for managing form submissions and does not exhibit any malicious behavior. While it uses some legacy practices like `__doPostBack`, this is a standard technique in the ASP.NET framework and does not pose a significant security risk on its own." }
//<![CDATA[ var theForm = document.forms['aspnetForm']; if (!theForm) { theForm = document.aspnetForm; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit \|\| (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //
URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgr... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a configuration object for a SharePoint environment. It contains various properties related to the site, user, and tenant settings, but does not exhibit any high-risk behaviors. The script is likely used for legitimate purposes such as analytics, presence, and quality of service (QoS) tracking. While it uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are commonly found in older SharePoint implementations. Overall, this script poses a low risk and is likely part of the normal functionality of the SharePoint platform." }
//<![CDATA[ var g_presenceEnabled = true; var g_wsaEnabled = false; var g_correlationId = 'ee0273a1-d0d8-0000-59c7-f5b6693dd45d'; var g_wsaQoSEnabled = false; var g_wsaQoSDataPoints = []; var g_wsaRUMEnabled = true;var g_wsaLCID = 1033; var g_wsaListTemplateId = null; var _spPageContextInfo={"ListCountLimit":0,"FieldCountLimit":0,"ClientPrefetchBehavior":-1,"IsConsumerListsPaidUser":false,"IsConsumerFilesPaidUser":false,"siteDisabled":false,"isCommonDomainRequestContext":false,"webServerRelativeUrl":"/personal/cgremel_ocemt_edu","webServerRelativeUrlLegacy":"","webAbsoluteUrl":"https://ocemt-my.sharepoint.com/personal/cgremel_ocemt_edu","webAbsoluteUrlLegacy":"","viewId":"","webPropertyFlags2":0,"listId":"","listTemplateId":"","listPermsMask":null,"listUrl":"","listUrlLegacy":"","listTitle":null,"listBaseTemplate":-1,"listBaseType":-1,"listForceCheckout":false,"draftVersionVisibilityType":0,"thirdPartyReplyUrisUpdated":false,"ariaCollectorUrl":"https://browser.pipe.aria.microsoft.com/Collector/3.0/","secureBrokerDomainName":"securebroker.sharepointonline.com","oneDsCollectorUrl":"https://mobile.events.data.microsoft.com/OneCollector/1.0/","driveInfo":{},"vanityUrls":{},"multiGeoInfo":[{"InstanceId":"ee30b60d-38ce-4228-987d-deba1133685e","DataLocation":"","IsDefaultDataLocation":false,"RootSiteUrl":"https://ocemt.sharepoint.com/","MySiteHostUrl":"https://ocemt-my.sharepoint.com/","TenantAdminUrl":"https://ocemt-admin.sharepoint.com/","PortalUrl":"https://ocemt.sharepoint.com/","AdditionalUrls":[]}],"viewOnlyExperienceEnabled":false,"m365GroupsBlockDownloadsExperienceEnabled":false,"readOnlyExperienceEnabled":false,"blockDownloadFileTypePolicyEnabled":false,"authContextLimitedAccessExperienceEnabled":false,"disableBackToClassic":false,"isOAuth":false,"isLocationserviceAvailable":true,"blockDownloadsExperienceEnabled":false,"idleSessionSignOutEnabled":false,"activityBasedTimeoutEnabled":false,"isSmallMediumBizOverQuotaTenant":false,"isFraudTenant":false,"fraudTenantSubscriptionType":"","isTenantOverQuota":null,"fraudTenantAccessRevokeTime":"0001-01-22T00:00:00","e5DevOverQuotaTenantAccessBlockTime":"0001-01-01T00:00:00","e5DevOverQuotaTenantAccessDeactivationTime":"0001-01-01T00:00:00","cdnPrefix":"res-1.cdn.office.net/bld","cdnBaseUrl":null,"routingKey":null,"siteAbsoluteUrl":"https://ocemt-my.sharepoint.com/personal/cgremel_ocemt_edu","siteAbsoluteUrlLegacy":"","siteId":"{4ea47ace-9ef2-4a7a-a46e-5ca2ca6d27d6}","showNGSCDialogForSyncOnTS":true,"supportPoundStorePath":true,"supportPercentStorePath":true,"siteSubscriptionId":"f8f79caf-4b09-4d18-8dab-a9e1fa1f03b7","tenantDisplayName":"Orange County EMT","isMultiGeoTenant":false,"isMultiGeoODBMode":false,"webDomain":"sharepoint.com","isSPO":true,"appSeatsQuota":27.0,"isSelfServiceSiteCreationEnabled":true,"farmLabel":"US_509_Content","farmName":"US_509_BL22_201163_Content","contentDBName":"Content_1013070","serverRequestPath":"/_layouts/15/guestaccess.aspx","layoutsUrl":"_layouts/15","webId":"{239c8f52-9a46-440a-a5c3-1fe31b57dd2a}","webTitle":null,"WebTitleCurrentLCID":0,"webTemplate":null,"webTemplateConfiguration":null,"webDescription":null,"WebDescriptionCurrentLCID":0,"tenantAppVersion":"1","isAppWeb":false,"webLogoUrl":"_layouts/15/images/siteicon.png","webLanguage":1033,"webLanguageName":"en-US","currentLanguage":1033,"currentUICultureName":"en-US","currentCultureName":"en-US","currentCultureLCID":1033,"env":"prod","env2":"prod","cloudType":"prod","nid":17037,"fid":201163,"serverTime":"2024-12-31T18:37:25.2789231Z","siteClientTag":"0$$16.0.25520.12010","crossDomainPhotosEnabled":true,"openInClient":false,"webUIVersion":15,"webPermMasks":{"High":0,"Low":0},"pageListId":null,"pageItemId":-1,"pagePermsMask":null,"pagePersonalizationScope":1,"userEmail":"","userId":0,"userLoginName":null,"userDisplayName":null,"isAnonymousGuestUser":false,"isEmailAuthenticationGuestUser":false,"isExternalGuestUser":false,"isNativeFederatedUser":false,"homeTenantId":null,"requestFilesLinkEnabled":tru
URL: https://ocemt-my.sharepoint.com/WebResource.axd?d=... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a part of the ASP.NET WebForms framework and does not contain any high-risk indicators. It is responsible for handling postback options and client-side callbacks, which are common practices in web development. The code does not exhibit any behaviors associated with dynamic code execution, data exfiltration, or malicious redirects. While it uses some legacy APIs like `XMLHttpRequest`, these are not inherently malicious and are commonly used for legitimate purposes. Overall, the code seems to be a standard implementation of WebForms functionality and poses a low risk." }
function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.validationGroup = validationGroup; this.actionUrl = actionUrl; this.trackFocus = trackFocus; this.clientSubmit = clientSubmit; } function WebForm_DoPostBackWithOptions(options) { var validationResult = true; if (options.validation) { if (typeof(Page_ClientValidate) == 'function') { validationResult = Page_ClientValidate(options.validationGroup); } } if (validationResult) { if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) { theForm.action = options.actionUrl; } if (options.trackFocus) { var lastFocus = theForm.elements["__LASTFOCUS"]; if ((typeof(lastFocus) != "undefined") && (lastFocus != null)) { if (typeof(document.activeElement) == "undefined") { lastFocus.value = options.eventTarget; } else { var active = document.activeElement; if ((typeof(active) != "undefined") && (active != null)) { if ((typeof(active.id) != "undefined") && (active.id != null) && (active.id.length > 0)) { lastFocus.value = active.id; } else if (typeof(active.name) != "undefined") { lastFocus.value = active.name; } } } } } } if (options.clientSubmit) { __doPostBack(options.eventTarget, options.eventArgument); } } var __pendingCallbacks = new Array(); var __synchronousCallBackIndex = -1; function WebForm_DoCallback(eventTarget, eventArgument, eventCallback, context, errorCallback, useAsync) { var postData = __theFormPostData + "__CALLBACKID=" + WebForm_EncodeCallback(eventTarget) + "&__CALLBACKPARAM=" + WebForm_EncodeCallback(eventArgument); if (theForm["__EVENTVALIDATION"]) { postData += "&__EVENTVALIDATION=" + WebForm_EncodeCallback(theForm["__EVENTVALIDATION"].value); } var xmlRequest,e; try { xmlRequest = new XMLHttpRequest(); } catch(e) { try { xmlRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) { } } var setRequestHeaderMethodExists = true; try { setRequestHeaderMethodExists = (xmlRequest && xmlRequest.setRequestHeader); } catch(e) {} var callback = new Object(); callback.eventCallback = eventCallback; callback.context = context; callback.errorCallback = errorCallback; callback.async = useAsync; var callbackIndex = WebForm_FillFirstAvailableSlot(__pendingCallbacks, callback); if (!useAsync) { if (__synchronousCallBackIndex != -1) { __pendingCallbacks[__synchronousCallBackIndex] = null; } __synchronousCallBackIndex = callbackIndex; } if (setRequestHeaderMethodExists) { xmlRequest.onreadystatechange = WebForm_CallbackComplete; callback.xmlRequest = xmlRequest; // e.g. http: var action = theForm.action \|\| document.location.pathname, fragmentIndex = action.indexOf('#'); if (fragmentIndex !== -1) { action = action.substr(0, fragmentIndex); } if (!__nonMSDOMBrowser) { var domain = ""; var path = action; var query = ""; var queryIndex = action.indexOf('?'); if (queryIndex !== -1) { query = action.substr(queryIndex); path = action.s
URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgr... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that checks if the current web page is hosted within the Microsoft Teams web view and, if so, loads the Microsoft Teams JavaScript SDK. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script's purpose is to integrate the current web page with the Microsoft Teams platform, which is a common and expected behavior. While the script uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is considered low-risk." }
// <![CDATA[ function isTeamsWebViewHosted() { return /Teams\/((?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+)).* Electron\/((?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+))/.test(navigator.userAgent) \|\| /[?&]env=TeamsWebView/.test(location.search) \|\| /Teams\/((?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+))(?:\/(\\d+))?/.test(navigator.userAgent) \|\| window.name === 'embedded-page-container'; } if (isTeamsWebViewHosted() === true) { let teamsCodeDom = document.createElement('script'); teamsCodeDom.src = 'https://res.cdn.office.net/teams-js/2.21.0/js/MicrosoftTeams.min.js'; teamsCodeDom.integrity = 'sha384-8IiFmUTxC/bV/D3X+IBPbfibh4oRJIbu7E14dqbrDjvMRs5JDg7p4sz0/JT74f2a'; teamsCodeDom.crossOrigin = 'anonymous'; teamsCodeDom.onload = function () { try { microsoftTeams.initialize(); microsoftTeams.getContext(function (context) { microsoftTeams.app.notifyFailure({message:'Error.asx Handler - ', reason:microsoftTeams.app.FailedReason.Other}); }); } catch (error) {} }; document.head.appendChild(teamsCodeDom); } //
URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "GO BACK TO SITE", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "GO BACK TO SITE", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 17:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.993037538305893
Encrypted:	false
SSDEEP:	48:8EmdOTqib+HVidAKZdA1FehwiZUklqehwy+3:8SHoLy
MD5:	F01B04C902363FAF21A03CF4667D4006
SHA1:	9683F3D577EA7B907B6C0C20D1291877F88CADBD
SHA-256:	F4E5312656C3CDEFAF73C483E854A79989A1E556F7990C5870225F120B88E548
SHA-512:	423FFFDCFEFED960B277F68E556512659C448A768180E72979D678D10F1C5220AFF22EFAA98CF405647407625EF58D1B119DA44E31F6B317507BE7409734157C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....I...[..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 17:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.009323945495616
Encrypted:	false
SSDEEP:	48:8X1mdOTqib+HVidAKZdA1seh/iZUkAQkqeh7y+2:85He9QSy
MD5:	C32A76CB8E7017F8DD990C8CC68FAFBE
SHA1:	AE5F3C18E4BCAC223501C3EC87DA51F15F3511BF
SHA-256:	B5FEAA682E79592F669F53561B7762EC7937E665DADB96607E74128D19CA2FDA
SHA-512:	97F3AB7D9EAB539CA34D0B9C23E9D62D3C43DE24122FF5CC140EB3D2E26F2769F5B773A38619F4979E1C216C6B74952E952F9F0D40DDEF931A43192F8C2B463C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....7...[..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.013042746880967
Encrypted:	false
SSDEEP:	48:8fmdOTqiAHVidAKZdA14meh7sFiZUkmgqeh7sly+BX:8TH8nXy
MD5:	C97B2B92BA661BE591968ECE044A62E5
SHA1:	6E3925874A65E4D13B44ECCFADEF53C2100CF6C7
SHA-256:	43FFBBAEE2EF3C109EFCD5A8E9B48A79E031EC6543C9054A3F4FF3560B02837C
SHA-512:	7B5F880BE37208CA97840FB99938BEAD4FDCE2EBCACD78B3C840F447A267E3736EE8E38EDE053D97FD39CD5A5381C4B16CDC1E81A592E9A7CDCF526425452BE6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 17:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00589352296478
Encrypted:	false
SSDEEP:	48:8/4mdOTqib+HVidAKZdA1TehDiZUkwqehPy+R:8GHVdy
MD5:	EA17515E3847F163CBAF531D836FEB95
SHA1:	9D9B14B507E004A32B31665BA2913E7C04F20261
SHA-256:	378B368449EC42744CB6A57C591B87ADDB46161922F03BF3798CFBC71B44D811
SHA-512:	7F05E244E77C5330BA6748BBA354030C1D99E8C9AFC542ACFEF4FDEF2CF483C37663887F3A630EBA105471BA12E8AE7F637A3A29C13F80EAC493E6D84536F636
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....wU...[..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 17:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.993908529315312
Encrypted:	false
SSDEEP:	48:8zmdOTqib+HVidAKZdA1dehBiZUk1W1qehRy+C:8vHl9xy
MD5:	8294703E16FB25086491A0151F9B3D5C
SHA1:	55EF9581E79BDDA3F40882155CE9CA1FEFFFEBD4
SHA-256:	E737F372ECF75CA2D71423CD0891B80BB525C44FED62A9B10876F8216FD7C797
SHA-512:	47C348558E98BD6C7C4EC8608B9E6E5EB4ACF5740A99EEFFED770B5FDE8FA7710649E2C22888C881140D4F612C741AB40139E188F10ACCCDF95C87281E009BF4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....~g...[..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 17:37:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.006044396673116
Encrypted:	false
SSDEEP:	48:8pmdOTqib+HVidAKZdA1duTeehOuTbbiZUk5OjqehOuTbXy+yT+:8VHNTfTbxWOvTbXy7T
MD5:	036C20BAACE78D5FEDCFA52EDA17D0AE
SHA1:	5E212A78CEFB61291485AE229EE277C6E873F88B
SHA-256:	C71ECDC340B91CBAA10B69E2D35477F1FCE25408DBD94C3EBEB197670BD7F1BC
SHA-512:	3FB2523CB8C8006AAD10CB8BA1172381D4794364634D15F77F2B5AC2CA9F819E672EFDF32ECCF62960B549F3D07D89089963280D2D20E9B936FE6121EA5E7C10
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........[..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	622
Entropy (8bit):	5.030708856292114
Encrypted:	false
SSDEEP:	12:UXRtEohlWNmONv0MBR0/vUvFa9vN8ESve77Lxukm3auDjqHV:Ofa9n2H8qzxukmKuDjkV
MD5:	B45EDFC9FCDB690CCDA004A8483955E0
SHA1:	BAEDF73329EABB32504CAC640538EE3B6B31819F
SHA-256:	E817BF53005172205995AA07E0021BD8254A0204A1177E925F365E838C32D069
SHA-512:	E2709C77BA686FC58FE528EC2C2CEB6B9C84D045018D77FB9B376359F204FB6B889910B6748C978B4FF9712A7611342DF3C8C59711AA42090219DEC0C83778D2
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG139
Preview:	/* _lcid="1033".._LocalBinding */..#ms-error-header..{..margin:118px 0px 16px;..min-height:50px;..}..#ms-error-gobackcont..{..margin-top:28px;..}..#ms-accessDenied-reqDialog..{..max-width:100%;..}..#ms-error-body..{..background-size:auto;..overflow:auto;..width:830px;..margin-right:auto;..margin-left:auto;..}...ms-error-returnLink..{..line-height:19px;..vertical-align:middle;..}...ms-error-detailsFold..{..padding-top:42px;..}...ms-error-techMsg..{..padding-top:28px;..}...ms-error-groupJoinPanel..{..margin-top:15px;..}...ms-error-groupProfileText..{..margin-top:17px;..}...ms-error-separator..{..margin:34px 0px;..}..

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (456), with no line terminators
Category:	downloaded
Size (bytes):	456
Entropy (8bit):	5.219414285696476
Encrypted:	false
SSDEEP:	6:A+roDEH6IgMbIZc8Z110IkvIKMPAI0qKIKMPAI0qeCMRTxIj+01KyBui9YDre:A+MYcYkc8Z1yI0ASAWCKx2+Wuit
MD5:	C5F9274C9782118972946B9608388D80
SHA1:	8C78C759E1E971202FF330A7702106CC34FA31CA
SHA-256:	0A96C496506784101A5267353995D35844903F97E4B328291746346ED5F0FFD2
SHA-512:	2151C644739F6AAC6E689888F5335940023E9459F85D9953D5B4872C296A0F3B7F89D49E6C6173837BC7C6CB3693137A1AD4E1DE458943AD6F42A6880A653467
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/blank.js
Preview:	function $_global_blank(){if("undefined"==typeof g_all_modules)g_all_modules={};g_all_modules["blank.js"]={version:{rmj:16,rmm:0,rup:25520,rpr:12010}};typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkBegin_blank.js");typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkEnd_blank.js")}function ULSaew(){var a={};a.ULSTeamName="Microsoft SharePoint Foundation";a.ULSFileName="blank.commentedjs";return a}$_global_blank();

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	512795
Entropy (8bit):	5.4420292445968546
Encrypted:	false
SSDEEP:	12288:23OkpWJupsTyhEQLQr4ABnIF7SEyAJU7/:23OkpWJuGTyhEQLQr4ABnIdSEyAm
MD5:	E5737569ABE69E511C66864DF572ADF5
SHA1:	8DE605C7EEBE5D0229651619CF684900E71EEDC5
SHA-256:	E47D7B5DDDBE94B5461E37A1B40D61E5B6D6F2561297019BDE711C37842D9BF2
SHA-512:	1926DA9C1D0B2EB4B4099233ABA8A45A8B0EEECDF85E78AD9D5FA80D32E65AEF6BCDD6D34B7AF22FA8F44067131BAB586355AFA701DFC70F5F428BFCCEF8E1BD
Malicious:	false
Reputation:	low
Preview:	function $_global_core(){if("undefined"==typeof g_all_modules)g_all_modules={};g_all_modules["core.js"]={version:{rmj:16,rmm:0,rup:25520,rpr:12010}};typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkBegin_core.js");SPAnimation={};SPAnimation.g_Curves=new Array(7);SPAnimation.g_Curves[0]=new SPCurve(0,0,0,0,0,0);SPAnimation.g_Curves[1]=new SPCurve(1,1,0,0,0,0);SPAnimation.g_Curves[2]=new SPCurve(2,2,0,0,0,0);SPAnimation.g_Curves[3]=new SPCurve(3,3,.1,.9,.2,1);SPAnimation.g_Curves[4]=new SPCurve(4,3,.42,0,1,1);SPAnimation.g_Curves[5]=new SPCurve(5,3,0,0,.58,1);SPAnimation.g_Curves[6]=new SPCurve(6,3,.42,0,.58,1);SPKeyFrame.prototype={type:0,curveID:0,startTime:0,endTime:0,startValue:0,endValue:0,relativeTo:0,operationType:0};SPAnimation.Attribute={PositionX:1,PositionY:2,Height:3,Width:4,Opacity:5};SPAnimation.ID={Basic_Show:0,Basic_SlowShow:1,Basic_Fade:2,Basic_Move:3,Basic_Size:4,Content_SlideInFadeInRight:5,Content_SlideInFadeInRightInc:6,Content_SlideOutFadeOutRigh

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	512795
Entropy (8bit):	5.4420292445968546
Encrypted:	false
SSDEEP:	12288:23OkpWJupsTyhEQLQr4ABnIF7SEyAJU7/:23OkpWJuGTyhEQLQr4ABnIdSEyAm
MD5:	E5737569ABE69E511C66864DF572ADF5
SHA1:	8DE605C7EEBE5D0229651619CF684900E71EEDC5
SHA-256:	E47D7B5DDDBE94B5461E37A1B40D61E5B6D6F2561297019BDE711C37842D9BF2
SHA-512:	1926DA9C1D0B2EB4B4099233ABA8A45A8B0EEECDF85E78AD9D5FA80D32E65AEF6BCDD6D34B7AF22FA8F44067131BAB586355AFA701DFC70F5F428BFCCEF8E1BD
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/core.js
Preview:	function $_global_core(){if("undefined"==typeof g_all_modules)g_all_modules={};g_all_modules["core.js"]={version:{rmj:16,rmm:0,rup:25520,rpr:12010}};typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkBegin_core.js");SPAnimation={};SPAnimation.g_Curves=new Array(7);SPAnimation.g_Curves[0]=new SPCurve(0,0,0,0,0,0);SPAnimation.g_Curves[1]=new SPCurve(1,1,0,0,0,0);SPAnimation.g_Curves[2]=new SPCurve(2,2,0,0,0,0);SPAnimation.g_Curves[3]=new SPCurve(3,3,.1,.9,.2,1);SPAnimation.g_Curves[4]=new SPCurve(4,3,.42,0,1,1);SPAnimation.g_Curves[5]=new SPCurve(5,3,0,0,.58,1);SPAnimation.g_Curves[6]=new SPCurve(6,3,.42,0,.58,1);SPKeyFrame.prototype={type:0,curveID:0,startTime:0,endTime:0,startValue:0,endValue:0,relativeTo:0,operationType:0};SPAnimation.Attribute={PositionX:1,PositionY:2,Height:3,Width:4,Opacity:5};SPAnimation.ID={Basic_Show:0,Basic_SlowShow:1,Basic_Fade:2,Basic_Move:3,Basic_Size:4,Content_SlideInFadeInRight:5,Content_SlideInFadeInRightInc:6,Content_SlideOutFadeOutRigh

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (64255), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	280960
Entropy (8bit):	4.922986998146416
Encrypted:	false
SSDEEP:	6144:a8u74URHovNe2r/74S5zyLxexAJxj5CS5Hj8FEbi7UbIWqJhE/rLxqHzDors7AhN:M74ScAm/74S5zyLxzjEv+XN
MD5:	4B233BD413577A6FD6DB63567F87DB50
SHA1:	6BA917F2967BA071B990FF6BE667E4C4FAAEC5B5
SHA-256:	B9611F259A316E18DD1BC396AE40AB5CC261D05AEE6CD4231F9F38F8E92E1DA9
SHA-512:	ACA83BAC86C2C672BB17A8E881FB8081DD45D826D8D32BBCFE55E21C830C912610425F37FAAC5168C7848CDC1636665D463CA395CB042FC7A54630493B908ED6
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".."http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta http-equiv="X-UA-Compatible" content="IE=8"/><meta name="ROBOTS" content="NOHTMLINDEX" /><title>......Error....</title><link id="CssLink-ef64c2a29b6046e0a4fa23bb8946f131" rel="stylesheet" type="text/css" href="/_layouts/15/1033/styles/corev15.css?rev=QLDOqSwkd19yHhmt%2FbZqew%3D%3DTAG139"/>.<link id="CssLink-c37b774e8e7a4d0c94999aff19468bdd" rel="stylesheet" type="text/css" href="/_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG139"/>.<style id="SPThemeHideForms" type="text/css">body {opacity:0 !important}</style><script type="text/javascript">// <![CDATA[ ...var _initGlobalSnapShot = {};try { if

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 40329
Category:	downloaded
Size (bytes):	9984
Entropy (8bit):	7.979200972475404
Encrypted:	false
SSDEEP:	192:/Z/x+yzJpYhEFmtHByePw0JwScHXWumyaxkomNwWs8pQegUOX+B/rHiG:/JP8hEFshyePw8cHXx58k3OWVpQegUO0
MD5:	027A7D52E1CEED8AEF7DC13505B81D36
SHA1:	33CF0BCE6A4C8B44B4A80B3116C978C12EE93FD0
SHA-256:	29061464FB6FCE2326B952EACAA95C3C6183BFEA74C3851390E9838720D372A6
SHA-512:	FCDDEBF6DE759B5079E7DF2432771A866DE1824B119AD8CB3BAE11F9FAA060B943D52F121E4C63E7E20D43F31B2220C1D4E9C24A20004C4B061CD1A0A5EE5AC9
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f
Preview:	...........}ks.H......@a{ebU......h.^.._a..3!k...HB....m.%....?i..e..U@.........wefefefU........O.....?8).we:...?x..eQ.....EQ.:-.`p.e.^....b.W..X.........UQ.......,...4.jV~..tQ........`......Y..,.]........sR..E...M....\.c>H5.t......xW.jt.?6?.c(..`_....B.G..'.<.1.c....o...yZ..cZ.a=K+....l.l...EQ..4.=......L_..Z..4gYuQ\|._!]m1.`Q.uQ....)..=..\|.....2.8G."XY.......]c..\|xT....3@..?..Zm..E.'........2..E gy..<(.Z...8XY..4O2....U...4.0..5.W!}x._i.`.T,.V.G...b/.t..j>...<.((....,."Uo5X}.@QE.b.khU.h...>...Q~=.k.?.....o.0k........GM..X......P^G....=..<fY.U..S....K....H..9:......'...J=).O....#G[m...30k...j.2+.im.(Km3.uxv._.pT.4.>..f.-..UZ.=e...C....._5..xR.:..\U..jR. .....9A..1:1.......a..2...U......YTP..`...l0.9.t.}.'.p.c3q.. {m.,...G1..".L.Aj@.D.h.p......fZ{...eYB......1.Ep.b&..% .c.._i9.).,.eD.'...`.E.i..M3#+6...9+....B..NYB..%..8..?....zv.r..XP..W.../+..e.N........Z..i..... ....4I..iR...8+.>....k...N?....MA.....uU...&...Xyb..u..H....%.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	186722
Entropy (8bit):	5.127936869447186
Encrypted:	false
SSDEEP:	1536:qofu83Pw6jz1+8YZwf7BN6pJsnNxezT8+zacaS8Ob4C//aT5L4DK:883z5+nMDEuvezT8++6kZCe
MD5:	2DE2482829622DE740DB42E04CBCD047
SHA1:	2A88D65A01BDA232B97B24163F66BA7F90A63386
SHA-256:	947D9E7117E8528021EC98FBBD6FE75A4D393A699DFFFFB3A2803EAE42845CEB
SHA-512:	35A2B88CF1FD1505BAD30CF68FB235ED5E5029D4824EC8586452A53E820563229AEA06156B46702C5046DC4BCE0046DFC74E934E215BFDD040B2715D298E8886
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/1033/strings.js
Preview:	var Strings; if (Strings === undefined) { Strings=new Object(); }Strings.CMS=function(){};Strings.CMS.L_SelectAllAltKey_TEXT="false";Strings.CMS.L_SpellCheckKey_VALUE="0x76";Strings.CMS.L_Callout_Usage_Count="<p>{0}</p>view\|\|<p>{0}</p>views";Strings.CMS.L_NoElementStylesWereRemoved_TEXT="The selection did not contain any instances of element styles to remove.";Strings.CMS.L_DecWidthAltKey_TEXT="false";Strings.CMS.L_ExpandedTagNameH4="Heading 4";Strings.CMS.L_DecWidthShiftKey_TEXT="true";Strings.CMS.L_EditImageRenditionsAction="Edit Renditions";Strings.CMS.L_TabBackKey_TEXT="N";Strings.CMS.L_SvrBusySpellchecker_TEXT="The spell checking server was busy";Strings.CMS.L_RemoveLinkShiftKey_TEXT="false";Strings.CMS.L_Show_TEXT="Show";Strings.CMS.L_Title_TEXT="Title:";Strings.CMS.L_ShowSpecific_TEXT="Show the selected item in navigation";Strings.CMS.L_DecHeightShiftKey_TEXT="true";Strings.CMS.L_ChangeColumnWidthAndRowHeightKey_TEXT="W";Strings.CMS.L_UnlinkToolTip_TEXT="Remove Hyperlink";Strin

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (35238), with no line terminators
Category:	dropped
Size (bytes):	35238
Entropy (8bit):	5.390650418562352
Encrypted:	false
SSDEEP:	768:PrxzCC2akwbs7lSZTprPaTrPyrfKwKTZiNOzpCk47S:hsp7ly9rP0S4pCkx
MD5:	C637DE6889D81964119BA1FD124E2454
SHA1:	5DB2B1681BE6FF9A7B26E269CD80D817D41A01BE
SHA-256:	18E8366C8C5590C3D056BA6CA9691B7471D6970EE00D0E22A4B68E517B54F087
SHA-512:	78288767F08DB38F6DC8C366546CECC05DF35C25BCD898B94DCCC5ECCB3ACD7807817BAF813BCA11F4CCAC169A980E4F10EBF4334000C4D2D0F74DCC30BB36EE
Malicious:	false
Reputation:	low
Preview:	var Theming={__namespace:true};Theming_module_def();function Theming_module_def(){Theming.ApplyThemeToCss=tb;Theming.ReplaceCssTextForElement=J;Theming.ThemeInfo=E;Theming.ImageProcessor=R;Theming.Colors={Color:a,ColorApplication:x,HslColor:h};function cb(d,c,e){for(var b=true,a=0;a<c.length;a++)if(d.charCodeAt(e+a)!==c.charCodeAt(a)){b=false;break}return b}var c={text:0,comment:1,string:2,url:3,right_par:4,font_family:5,rgb:6,rgba:7,colon:8,semicolon:9,right_curly:10,color:11};function d(a,b){this.kind=a;this.text=b}function Db(b){var e,a,g,f,l="*/",u="url(",i=")",j="font-family",t="rgb(",s="rgba(",o="#",w=":",y=";",x="}",k=new d(c.text,"");if(!Boolean(b))b="";a=0;f=b.length;m.prototype={kind:0,text:"",getToken:function(){return null}};function m(){}var r={"/":{},"'":{},'"':{},"#":{},")":new d(c.right_par,")"),";":new d(c.semicolon,";"),":":new d(c.colon,":"),"}":new d(c.right_curly,"}"),u:{getToken:q},f:{getToken:n},r:{getToken:p}};function h(c){var a=b.indexOf(")",c);if(a<0)a=f;retu

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	341640
Entropy (8bit):	5.323824396680359
Encrypted:	false
SSDEEP:	1536:k6Bi397Ra/9FjWr5JwiaPyJmbu52JmKI1DS9sw83nm5ZMUuj24S+o0WmuGUmh4jh:Lvf42B9HeD3s
MD5:	40B0CEA92C24775F721E19ADFDB66A7B
SHA1:	89D8CEC1E256DADC84DF80450BABAB75E5B0FC37
SHA-256:	170E6259301B5B6D4EEFB195D85A0DD603E594E54DC82FEBFBA7926914094528
SHA-512:	F871AA46B6C0819BCA5FF4A1F1CF73D8D94DDDF0836202D8F24B8F4587EC286AED93F920067F800F56305A79FA2A6BC0DB38A5456AA77D4E8AD655FFDADB85D6
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/_layouts/15/1033/styles/corev15.css?rev=QLDOqSwkd19yHhmt%2FbZqew%3D%3DTAG139
Preview:	/* _lcid="1033".._LocalBinding /..body,...ms-core-defaultFont,..#pageStatusBar,..#hybridTooltipStatusBar,...ms-status-msg,...js-callout-body..{../ [ReplaceFont(themeFont:"body")] / font-family:"Segoe UI","Segoe",Tahoma,Helvetica,Arial,sans-serif;..font-size:13px;..}..body,...ms-core-defaultFont,...js-callout-body..{../ [ReplaceColor(themeColor:"BodyText")] / color:#444;..}...ms-core-defaultFont..{..font-weight:normal;..text-decoration:none;..white-space:normal;..word-break:normal;..line-height:normal;..}..body..{..margin:0px;..overflow:hidden;../ [ReplaceColor(themeColor:"PageBackground")] / background-color:#fff;..background-size:cover;..background-repeat:no-repeat;..}..html > .ms-core-needIEFilter..{../ [ReplaceBGImage] / -ms-filter:"progid:DXImageTransform.Microsoft.AlphaImageLoader(src='about:blank',sizingMethod='scale');";..}...ms-backgroundImage..{../ [ReplaceBGImage] */ background-image:url();..}..#s4-ribbonrow..{..position:relative;..}..#s4-workspace..{..overflow:auto

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 40329
Category:	dropped
Size (bytes):	9984
Entropy (8bit):	7.979200972475404
Encrypted:	false
SSDEEP:	192:/Z/x+yzJpYhEFmtHByePw0JwScHXWumyaxkomNwWs8pQegUOX+B/rHiG:/JP8hEFshyePw8cHXx58k3OWVpQegUO0
MD5:	027A7D52E1CEED8AEF7DC13505B81D36
SHA1:	33CF0BCE6A4C8B44B4A80B3116C978C12EE93FD0
SHA-256:	29061464FB6FCE2326B952EACAA95C3C6183BFEA74C3851390E9838720D372A6
SHA-512:	FCDDEBF6DE759B5079E7DF2432771A866DE1824B119AD8CB3BAE11F9FAA060B943D52F121E4C63E7E20D43F31B2220C1D4E9C24A20004C4B061CD1A0A5EE5AC9
Malicious:	false
Reputation:	low
Preview:	...........}ks.H......@a{ebU......h.^.._a..3!k...HB....m.%....?i..e..U@.........wefefefU........O.....?8).we:...?x..eQ.....EQ.:-.`p.e.^....b.W..X.........UQ.......,...4.jV~..tQ........`......Y..,.]........sR..E...M....\.c>H5.t......xW.jt.?6?.c(..`_....B.G..'.<.1.c....o...yZ..cZ.a=K+....l.l...EQ..4.=......L_..Z..4gYuQ\|._!]m1.`Q.uQ....)..=..\|.....2.8G."XY.......]c..\|xT....3@..?..Zm..E.'........2..E gy..<(.Z...8XY..4O2....U...4.0..5.W!}x._i.`.T,.V.G...b/.t..j>...<.((....,."Uo5X}.@QE.b.khU.h...>...Q~=.k.?.....o.0k........GM..X......P^G....=..<fY.U..S....K....H..9:......'...J=).O....#G[m...30k...j.2+.im.(Km3.uxv._.pT.4.>..f.-..UZ.=e...C....._5..xR.:..\U..jR. .....9A..1:1.......a..2...U......YTP..`...l0.9.t.}.'.p.c3q.. {m.,...G1..".L.Aj@.D.h.p......fZ{...eYB......1.Ep.b&..% .c.._i9.).,.eD.'...`.E.i..M3#+6...9+....B..NYB..%..8..?....zv.r..XP..W.../+..e.N........Z..i..... ....4I..iR...8+.>....k...N?....MA.....uU...&...Xyb..u..H....%.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	340993
Entropy (8bit):	5.442851002505829
Encrypted:	false
SSDEEP:	6144:BXVJjsUJaW86hPIjcfb+47IunpizIcxdS+MI4Ny6qF+HNJdWLWnAboc3lexR1Yh5:BXVJjsUPV0ugzIE
MD5:	8BF203E2E720364044B336BBC9E5B2E6
SHA1:	413B949C7632511694187628E7CBB3F792172F6C
SHA-256:	FA5D7122CAF408F1DF104D569FF190B7FCCC5715E9EF905F8396832281561EAC
SHA-512:	75E90FA0047AEBDBE491043C80EFA3E35E31C50DD10BF37AACA904C0F17FEF966C8E818F36DA2C3FC0289C1856095FC0C6E577DDD1A84E05159A18506EB9F893
Malicious:	false
Reputation:	low
Preview:	function $_global_init(){if("undefined"==typeof g_all_modules)g_all_modules={};g_all_modules["init.js"]={version:{rmj:16,rmm:0,rup:25520,rpr:12010}};if(-1!=navigator.userAgent.indexOf("ProfilerMark")&&"function"==typeof msWriteProfilerMark)spWriteProfilerMark=function(a){window.msWriteProfilerMark(a)};typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkBegin_init.js");if(typeof OffSwitch=="undefined"){OffSwitch={__namespace:true};OffSwitch_module_def()}if(typeof RuntimeErrors=="undefined"){RuntimeErrors={__namespace:true};RuntimeErrors_module_def()}if(typeof Verify=="undefined"){Verify={__namespace:true};Verify_module_def()}if(typeof Define=="undefined"){Define={__namespace:true};Define_module_def()}if(typeof BrowserDetection=="undefined"){BrowserDetection={__namespace:true};BrowserDetection_module_def()}(function(){b.prototype={firefox:undefined,firefox36up:undefined,firefox3up:undefined,firefox4up:undefined,ie:undefined,ie55up:undefined,ie5up:undefined,ie7down:undefi

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23437), with CRLF line terminators
Category:	downloaded
Size (bytes):	23594
Entropy (8bit):	5.107347306409284
Encrypted:	false
SSDEEP:	384:zyWvVsT5pTtxJOyNm7lMqasjI8LWv3n8wyM:zJsT5pTt7kK+M
MD5:	964FCB2BAF87049DC68975291AE89431
SHA1:	D0CD8C989D44BC531472B632868D3FB2DE4B3184
SHA-256:	B8F7BD568E379502CF0C00027581D2761C7DC14B166F5D25FC048A0B56B7BFBB
SHA-512:	03CB58D197A776F9C315C2A14B9C034D88C7B7E9F4247C5698396F4FE7363A22FC2042A24C02A245C7E035DD2862F88E8EF46A7E5A269EDC2B69E39752A52987
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/1033/initstrings.js
Preview:	var Strings; if (Strings === undefined) { Strings=new Object(); }Strings.STS=function(){};Strings.STS.L_NewTab="New tab";Strings.STS.L_CalloutLastEditedNameAndDate="Changed by ^1 on ^2";Strings.STS.L_CalloutSourceUrlHeader="Location";Strings.STS.L_SPDiscBestUndo="Remove best reply";Strings.STS.L_SPClientManage="manage";Strings.STS.L_SPAddNewWiki="new Wiki page";Strings.STS.L_SPCategorySortRecent="Recent";Strings.STS.L_ViewSelectorTitle="Change View";Strings.STS.L_SPDiscNumberOfLikes="{0} likes\|\|{0} like\|\|{0} likes";Strings.STS.L_Timeline_DfltViewName="Timeline";Strings.STS.L_TimelineToday="Today";Strings.STS.L_SPDiscNoPreviewAvailable="No preview available for this reply";Strings.STS.L_NODOCView="There are no documents in this view.";Strings.STS.L_SPBlogPostAuthorCategories="by {0} in {1}";Strings.STS.L_SPBlogsNoItemsInCategory="There are no posts in this category.";Strings.STS.L_QRCodeDescription="Scan this QR code with your phone or tablet to open {0}";Strings.STS.L_RelativeDateTime

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/WebResource.axd?d=htsGRXHb0aH4KsVP0DRpyGXPjV9R2bs7vicPp4bSVQ59Ictux-7gUy7F1mmlD_xPX5XTow2RvXzpOCPd_HF4bv29mc8DT2UAgthqE5nRRTM1&t=638661570537377670
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (35238), with no line terminators
Category:	downloaded
Size (bytes):	35238
Entropy (8bit):	5.390650418562352
Encrypted:	false
SSDEEP:	768:PrxzCC2akwbs7lSZTprPaTrPyrfKwKTZiNOzpCk47S:hsp7ly9rP0S4pCkx
MD5:	C637DE6889D81964119BA1FD124E2454
SHA1:	5DB2B1681BE6FF9A7B26E269CD80D817D41A01BE
SHA-256:	18E8366C8C5590C3D056BA6CA9691B7471D6970EE00D0E22A4B68E517B54F087
SHA-512:	78288767F08DB38F6DC8C366546CECC05DF35C25BCD898B94DCCC5ECCB3ACD7807817BAF813BCA11F4CCAC169A980E4F10EBF4334000C4D2D0F74DCC30BB36EE
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/theming.js
Preview:	var Theming={__namespace:true};Theming_module_def();function Theming_module_def(){Theming.ApplyThemeToCss=tb;Theming.ReplaceCssTextForElement=J;Theming.ThemeInfo=E;Theming.ImageProcessor=R;Theming.Colors={Color:a,ColorApplication:x,HslColor:h};function cb(d,c,e){for(var b=true,a=0;a<c.length;a++)if(d.charCodeAt(e+a)!==c.charCodeAt(a)){b=false;break}return b}var c={text:0,comment:1,string:2,url:3,right_par:4,font_family:5,rgb:6,rgba:7,colon:8,semicolon:9,right_curly:10,color:11};function d(a,b){this.kind=a;this.text=b}function Db(b){var e,a,g,f,l="*/",u="url(",i=")",j="font-family",t="rgb(",s="rgba(",o="#",w=":",y=";",x="}",k=new d(c.text,"");if(!Boolean(b))b="";a=0;f=b.length;m.prototype={kind:0,text:"",getToken:function(){return null}};function m(){}var r={"/":{},"'":{},'"':{},"#":{},")":new d(c.right_par,")"),";":new d(c.semicolon,";"),":":new d(c.colon,":"),"}":new d(c.right_curly,"}"),u:{getToken:q},f:{getToken:n},r:{getToken:p}};function h(c){var a=b.indexOf(")",c);if(a<0)a=f;retu

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 102804
Category:	downloaded
Size (bytes):	25609
Entropy (8bit):	7.992070293592458
Encrypted:	true
SSDEEP:	768:65FO8CctusRS+4iLLuVC9Vri5MLPMTleAD5:8FbxwsR/4iAz5MbMl5
MD5:	B62553925BD98826C60457D2EB6B9A46
SHA1:	84DBBB6D9B36A587C21B5A56B1D9E587E33BA943
SHA-256:	C58166FE4DF4BA8F25A960C21451EAF841D97F6F552F104E43431C9DB1C2E2CC
SHA-512:	7B6872144AE308224FF671A1EC63F040A40115888790CF6834AD85D517471CE5DAD3EC297EE751FB196B55118A181017151F7F06FCE0F2F26FF94E8EEC070033
Malicious:	false
Reputation:	low
URL:	https://ocemt-my.sharepoint.com/ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f
Preview:	............r.I.(.>f..d..B6. )U/.(....mGRuw.... I..B..X...<.O..p}.=#.P.>s.Y...D,..........................'.......;.'..2.Uu5.C..%..v.M&;T...u1.T.=...m....'_z.......4.&?~.__....".db00..IR..\|.(tj6+.y.$.L.$..."..FIx3+..tG%.7...N.'..........A9....9;.O...j...Y\|8.........LW........h&.%WW...\|\.Q..Tr....$\..?-&....}O...w..$R}....W.k.+.._..q...P..dR......`^.j]0.L..9......)...."...I....,.K..j...`1.a9-.`..-p..O..t...\|Bo..Uu.~.t...uB9S.J.o..Fe<.....A.SM.....d>.].HO..Qx...ao....a.J..h6K..q7.N.n'..Ga78....v..n...>..0.I.X?...$=...x..H..&.V.+.h..GyTJ....AT...x.Jl...X..t.H4...$9..^u....r9rq3.._..a...^I.{{.Ch....@.l.....@..BW.[..8~6.U3].I#....8....H`...4..I..6...I...Q1...W^]>...P.KJ.L......A...>.@hf.M...RP..)m.F...Wp{.!.R.".j.....!soO..]k...a."eo.S,...G\|n.\|!F[..O../.aR...$.\..4.N.-p1..}...2...r\a[`e.E..{H..?.....J.ak.Y...P......DP.d.?...<..Y.8....%d...@..e.....exc..g...b.....<z....7*8!...n..wG0.C..f..Y5....qE..p....2.rH-..r.S........q..R.$Q^q....!....

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (456), with no line terminators
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.219414285696476
Encrypted:	false
SSDEEP:	6:A+roDEH6IgMbIZc8Z110IkvIKMPAI0qKIKMPAI0qeCMRTxIj+01KyBui9YDre:A+MYcYkc8Z1yI0ASAWCKx2+Wuit
MD5:	C5F9274C9782118972946B9608388D80
SHA1:	8C78C759E1E971202FF330A7702106CC34FA31CA
SHA-256:	0A96C496506784101A5267353995D35844903F97E4B328291746346ED5F0FFD2
SHA-512:	2151C644739F6AAC6E689888F5335940023E9459F85D9953D5B4872C296A0F3B7F89D49E6C6173837BC7C6CB3693137A1AD4E1DE458943AD6F42A6880A653467
Malicious:	false
Reputation:	low
Preview:	function $_global_blank(){if("undefined"==typeof g_all_modules)g_all_modules={};g_all_modules["blank.js"]={version:{rmj:16,rmm:0,rup:25520,rpr:12010}};typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkBegin_blank.js");typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkEnd_blank.js")}function ULSaew(){var a={};a.ULSTeamName="Microsoft SharePoint Foundation";a.ULSFileName="blank.commentedjs";return a}$_global_blank();

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	340993
Entropy (8bit):	5.442851002505829
Encrypted:	false
SSDEEP:	6144:BXVJjsUJaW86hPIjcfb+47IunpizIcxdS+MI4Ny6qF+HNJdWLWnAboc3lexR1Yh5:BXVJjsUPV0ugzIE
MD5:	8BF203E2E720364044B336BBC9E5B2E6
SHA1:	413B949C7632511694187628E7CBB3F792172F6C
SHA-256:	FA5D7122CAF408F1DF104D569FF190B7FCCC5715E9EF905F8396832281561EAC
SHA-512:	75E90FA0047AEBDBE491043C80EFA3E35E31C50DD10BF37AACA904C0F17FEF966C8E818F36DA2C3FC0289C1856095FC0C6E577DDD1A84E05159A18506EB9F893
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25520.12010/init.js
Preview:	function $_global_init(){if("undefined"==typeof g_all_modules)g_all_modules={};g_all_modules["init.js"]={version:{rmj:16,rmm:0,rup:25520,rpr:12010}};if(-1!=navigator.userAgent.indexOf("ProfilerMark")&&"function"==typeof msWriteProfilerMark)spWriteProfilerMark=function(a){window.msWriteProfilerMark(a)};typeof spWriteProfilerMark=="function"&&spWriteProfilerMark("perfMarkBegin_init.js");if(typeof OffSwitch=="undefined"){OffSwitch={__namespace:true};OffSwitch_module_def()}if(typeof RuntimeErrors=="undefined"){RuntimeErrors={__namespace:true};RuntimeErrors_module_def()}if(typeof Verify=="undefined"){Verify={__namespace:true};Verify_module_def()}if(typeof Define=="undefined"){Define={__namespace:true};Define_module_def()}if(typeof BrowserDetection=="undefined"){BrowserDetection={__namespace:true};BrowserDetection_module_def()}(function(){b.prototype={firefox:undefined,firefox36up:undefined,firefox3up:undefined,firefox4up:undefined,ie:undefined,ie55up:undefined,ie5up:undefined,ie7down:undefi

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23437), with CRLF line terminators
Category:	dropped
Size (bytes):	23594
Entropy (8bit):	5.107347306409284
Encrypted:	false
SSDEEP:	384:zyWvVsT5pTtxJOyNm7lMqasjI8LWv3n8wyM:zJsT5pTt7kK+M
MD5:	964FCB2BAF87049DC68975291AE89431
SHA1:	D0CD8C989D44BC531472B632868D3FB2DE4B3184
SHA-256:	B8F7BD568E379502CF0C00027581D2761C7DC14B166F5D25FC048A0B56B7BFBB
SHA-512:	03CB58D197A776F9C315C2A14B9C034D88C7B7E9F4247C5698396F4FE7363A22FC2042A24C02A245C7E035DD2862F88E8EF46A7E5A269EDC2B69E39752A52987
Malicious:	false
Reputation:	low
Preview:	var Strings; if (Strings === undefined) { Strings=new Object(); }Strings.STS=function(){};Strings.STS.L_NewTab="New tab";Strings.STS.L_CalloutLastEditedNameAndDate="Changed by ^1 on ^2";Strings.STS.L_CalloutSourceUrlHeader="Location";Strings.STS.L_SPDiscBestUndo="Remove best reply";Strings.STS.L_SPClientManage="manage";Strings.STS.L_SPAddNewWiki="new Wiki page";Strings.STS.L_SPCategorySortRecent="Recent";Strings.STS.L_ViewSelectorTitle="Change View";Strings.STS.L_SPDiscNumberOfLikes="{0} likes\|\|{0} like\|\|{0} likes";Strings.STS.L_Timeline_DfltViewName="Timeline";Strings.STS.L_TimelineToday="Today";Strings.STS.L_SPDiscNoPreviewAvailable="No preview available for this reply";Strings.STS.L_NODOCView="There are no documents in this view.";Strings.STS.L_SPBlogPostAuthorCategories="by {0} in {1}";Strings.STS.L_SPBlogsNoItemsInCategory="There are no posts in this category.";Strings.STS.L_QRCodeDescription="Scan this QR code with your phone or tablet to open {0}";Strings.STS.L_RelativeDateTime

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 102804
Category:	dropped
Size (bytes):	25609
Entropy (8bit):	7.992070293592458
Encrypted:	true
SSDEEP:	768:65FO8CctusRS+4iLLuVC9Vri5MLPMTleAD5:8FbxwsR/4iAz5MbMl5
MD5:	B62553925BD98826C60457D2EB6B9A46
SHA1:	84DBBB6D9B36A587C21B5A56B1D9E587E33BA943
SHA-256:	C58166FE4DF4BA8F25A960C21451EAF841D97F6F552F104E43431C9DB1C2E2CC
SHA-512:	7B6872144AE308224FF671A1EC63F040A40115888790CF6834AD85D517471CE5DAD3EC297EE751FB196B55118A181017151F7F06FCE0F2F26FF94E8EEC070033
Malicious:	false
Reputation:	low
Preview:	............r.I.(.>f..d..B6. )U/.(....mGRuw.... I..B..X...<.O..p}.=#.P.>s.Y...D,..........................'.......;.'..2.Uu5.C..%..v.M&;T...u1.T.=...m....'_z.......4.&?~.__....".db00..IR..\|.(tj6+.y.$.L.$..."..FIx3+..tG%.7...N.'..........A9....9;.O...j...Y\|8.........LW........h&.%WW...\|\.Q..Tr....$\..?-&....}O...w..$R}....W.k.+.._..q...P..dR......`^.j]0.L..9......)...."...I....,.K..j...`1.a9-.`..-p..O..t...\|Bo..Uu.~.t...uB9S.J.o..Fe<.....A.SM.....d>.].HO..Qx...ao....a.J..h6K..q7.N.n'..Ga78....v..n...>..0.I.X?...$=...x..H..&.V.+.h..GyTJ....AT...x.Jl...X..t.H4...$9..^u....r9rq3.._..a...^I.{{.Ch....@.l.....@..BW.[..8~6.U3].I#....8....H`...4..I..6...I...Q1...W^]>...P.KJ.L......A...>.@hf.M...RP..)m.F...Wp{.!.R.".j.....!soO..]k...a."eo.S,...G\|n.\|!F[..O../.aR...$.\..4.N.-p1..}...2...r\a[`e.E..{H..?.....J.ak.Y...P......DP.d.?...<..Y.8....%d...@..e.....exc..g...b.....<z....7*8!...n..wG0.C..f..Y5....qE..p....2.rH-..r.S........q..R.$Q^q....!....

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	186722
Entropy (8bit):	5.127936869447186
Encrypted:	false
SSDEEP:	1536:qofu83Pw6jz1+8YZwf7BN6pJsnNxezT8+zacaS8Ob4C//aT5L4DK:883z5+nMDEuvezT8++6kZCe
MD5:	2DE2482829622DE740DB42E04CBCD047
SHA1:	2A88D65A01BDA232B97B24163F66BA7F90A63386
SHA-256:	947D9E7117E8528021EC98FBBD6FE75A4D393A699DFFFFB3A2803EAE42845CEB
SHA-512:	35A2B88CF1FD1505BAD30CF68FB235ED5E5029D4824EC8586452A53E820563229AEA06156B46702C5046DC4BCE0046DFC74E934E215BFDD040B2715D298E8886
Malicious:	false
Reputation:	low
Preview:	var Strings; if (Strings === undefined) { Strings=new Object(); }Strings.CMS=function(){};Strings.CMS.L_SelectAllAltKey_TEXT="false";Strings.CMS.L_SpellCheckKey_VALUE="0x76";Strings.CMS.L_Callout_Usage_Count="<p>{0}</p>view\|\|<p>{0}</p>views";Strings.CMS.L_NoElementStylesWereRemoved_TEXT="The selection did not contain any instances of element styles to remove.";Strings.CMS.L_DecWidthAltKey_TEXT="false";Strings.CMS.L_ExpandedTagNameH4="Heading 4";Strings.CMS.L_DecWidthShiftKey_TEXT="true";Strings.CMS.L_EditImageRenditionsAction="Edit Renditions";Strings.CMS.L_TabBackKey_TEXT="N";Strings.CMS.L_SvrBusySpellchecker_TEXT="The spell checking server was busy";Strings.CMS.L_RemoveLinkShiftKey_TEXT="false";Strings.CMS.L_Show_TEXT="Show";Strings.CMS.L_Title_TEXT="Title:";Strings.CMS.L_ShowSpecific_TEXT="Show the selected item in navigation";Strings.CMS.L_DecHeightShiftKey_TEXT="true";Strings.CMS.L_ChangeColumnWidthAndRowHeightKey_TEXT="W";Strings.CMS.L_UnlinkToolTip_TEXT="Remove Hyperlink";Strin

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 19:37:23.967443943 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:23.967477083 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:23.967556953 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:23.967869997 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:23.967888117 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:23.967978001 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:23.968049049 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:23.968063116 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:23.968193054 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:23.968205929 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.539932966 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.540265083 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.540276051 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.541160107 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.541239977 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.542192936 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.542244911 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.542382956 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.542388916 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.560579062 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.560843945 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.560863972 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.561934948 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.561996937 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.562282085 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.562346935 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.585756063 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.616743088 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:24.616753101 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:24.664747000 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.440387964 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.440414906 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.440515041 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.440535069 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.440577984 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.441344976 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.441354990 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.441423893 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.441431999 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.442094088 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.442173004 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.442178011 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.442214012 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.451535940 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.451590061 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.451617956 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.451666117 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.451931953 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.451946020 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.495327950 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.527086020 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.527192116 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.527200937 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.527790070 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.527857065 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.527863979 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.528188944 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.528249025 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.528254986 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.529138088 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.529196024 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.529201984 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.569744110 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.587125063 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587153912 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587223053 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.587238073 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587821007 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587830067 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587858915 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587877989 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.587888002 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.587910891 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.588514090 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.588542938 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.588572025 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.588581085 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.588618994 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.614918947 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.614927053 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.614999056 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.615004063 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615025043 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615031004 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615068913 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.615087032 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.615092039 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615556002 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615629911 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.615637064 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615852118 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.615906954 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.615916014 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.616602898 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.616645098 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.616719961 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.616730928 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.616760969 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.617583036 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.617641926 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.617649078 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.617805958 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.617857933 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.617863894 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.665735960 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.679333925 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.679343939 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.679440022 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.679450989 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.679723024 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.679753065 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.679790974 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.679800034 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.680440903 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.680499077 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.680505991 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.680989981 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.681046009 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.681051970 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.700506926 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.700571060 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.700602055 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.700608015 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.700653076 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.701272011 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.701327085 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.701332092 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.701781988 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.701849937 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.701857090 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.702487946 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.702505112 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.702548027 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.702553034 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.702584028 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.703329086 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.703341961 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.703397989 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.703403950 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.704417944 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.704432011 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.704499006 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.705235004 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.705245972 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.705574989 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.705593109 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.705646038 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.705651045 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.705651045 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.705704927 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.705758095 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.705918074 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.705938101 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.705982924 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.706284046 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.706295013 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.706300020 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.706307888 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.706345081 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.706352949 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.706383944 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.706489086 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.706501007 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.707099915 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.707118988 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.707174063 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.707180023 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.728744984 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.760718107 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.770026922 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770037889 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770066023 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770107031 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.770148993 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.770267963 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770276070 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770339966 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.770349979 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770744085 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770771980 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770807028 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.770816088 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.770833969 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.771255016 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.771334887 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.771342993 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.771373034 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.771424055 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.771434069 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.771962881 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.772020102 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.772027969 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.772109032 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.772166014 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.772173882 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.772989988 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.773051023 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.773058891 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787206888 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787235975 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787286043 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787292004 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787331104 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787338972 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787658930 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787674904 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787710905 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787715912 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787738085 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787756920 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787828922 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787844896 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787884951 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787894964 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.787899971 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.787935019 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.788033962 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.788079977 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.788130999 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.788140059 CET	443	49707	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.788151026 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.788183928 CET	49707	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.824731112 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.860953093 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.860961914 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.860989094 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861040115 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.861079931 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.861140966 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861148119 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861197948 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.861205101 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861448050 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861471891 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861498117 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.861506939 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861517906 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.861566067 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.861618996 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.861627102 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.862337112 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.862360954 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.862394094 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.862401962 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.862432003 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.862968922 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.862982988 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.863038063 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.863046885 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.865879059 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.865901947 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.865936995 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.865943909 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.865967035 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.866502047 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.866514921 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.866565943 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.866574049 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.867047071 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.867062092 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.867113113 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.867121935 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.867132902 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.867738008 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.867750883 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.867816925 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.867825031 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.920742035 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.953725100 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.953744888 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.953813076 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.953820944 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.953881979 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.954065084 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.954081059 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.954128981 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.954137087 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.954179049 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.954555988 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.954571009 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.954624891 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.954631090 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.954665899 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.955058098 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955074072 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955132961 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.955141068 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955188990 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.955599070 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955616951 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955662012 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.955670118 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955727100 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.955900908 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955940962 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.955970049 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.955976963 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.956002951 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:25.956005096 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.956053972 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.956281900 CET	49708	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:25.956290007 CET	443	49708	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.030252934 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.030543089 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.030575037 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.030910015 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.031254053 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.031337976 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.031407118 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.079343081 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.192826986 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.192912102 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.192971945 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.194051981 CET	49709	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.194068909 CET	443	49709	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.256458998 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.256700993 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.256720066 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.256927967 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.257476091 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.257503986 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.257755041 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.257819891 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.258116007 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.258168936 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.258266926 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.258271933 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.258563995 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.258626938 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.258871078 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.258929014 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.258953094 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.264767885 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.264945030 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.264959097 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.265444994 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.265714884 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.265769958 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.265795946 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.303329945 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.304738045 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.305270910 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.305290937 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.307332039 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.319730997 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.351730108 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.388747931 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.389332056 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.389338970 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.393624067 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.393678904 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.393690109 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.393699884 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.393742085 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.407461882 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.407479048 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.407535076 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.407561064 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.408271074 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.408278942 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.408301115 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.408335924 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.408344984 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.408354044 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.408428907 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.408463955 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.408828020 CET	49711	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.408843994 CET	443	49711	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.459860086 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.459882975 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.459955931 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.460138083 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.460148096 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.475332975 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.475378036 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.475419998 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.475426912 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.475475073 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.475476980 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.475529909 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.475780964 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.475792885 CET	443	49712	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.475820065 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.475858927 CET	49712	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.478545904 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.478596926 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.478668928 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.478888035 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.478900909 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.480588913 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.480607033 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.480655909 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.480664015 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.481292963 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.481301069 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.481338978 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.481345892 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.481939077 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.482004881 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.482011080 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.482060909 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.569040060 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.569169998 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.569178104 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.569292068 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.569339991 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.569379091 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.569390059 CET	443	49710	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.569396973 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.569447994 CET	49710	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.572068930 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.572092056 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:26.572170019 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.572365999 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:26.572380066 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.047483921 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.047713041 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.047734976 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.048628092 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.048702002 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.048969984 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.049032927 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.049092054 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.063348055 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.063595057 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.063606977 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.064518929 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.064589024 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.064996958 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.065047979 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.065188885 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.065193892 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.091375113 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.101723909 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.101744890 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.117748022 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.137186050 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.148783922 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.160134077 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.160145998 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.161505938 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.161587954 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.164024115 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.164166927 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.164166927 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.206229925 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.206262112 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.206326008 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.206340075 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.206379890 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.208203077 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.208210945 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.208280087 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.208287954 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.209366083 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210166931 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210175991 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210205078 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210227966 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.210239887 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210275888 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.210288048 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.210294008 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210319042 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210357904 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.210722923 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.210730076 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210860968 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210902929 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.210910082 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.210947037 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.226110935 CET	49718	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.226125956 CET	443	49718	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.258763075 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.313646078 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.313694954 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.313776970 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.314713955 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.314729929 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450709105 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450721025 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450788975 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450808048 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.450824022 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450850964 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450871944 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.450879097 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450898886 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450915098 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450923920 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450937986 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.450952053 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450956106 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.450970888 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.450999022 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.451018095 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.451023102 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.451034069 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.451054096 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.451065063 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.451107979 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.451392889 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.451406956 CET	443	49717	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.451419115 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.451451063 CET	49717	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.455816984 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.455826044 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.455888033 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.455893993 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.455904961 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.455944061 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.456089973 CET	49719	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:27.456094027 CET	443	49719	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:27.773936033 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:27.773979902 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:27.774055958 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:27.774233103 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:27.774245024 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:28.017391920 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.017646074 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.017668962 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.017986059 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.018280983 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.018340111 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.018404961 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.063335896 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.148042917 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.148509026 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.148587942 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.148611069 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.148936987 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.148988962 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.149009943 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.149022102 CET	443	49728	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.149053097 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.149257898 CET	49728	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.151993990 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.152048111 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.152122021 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.152367115 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.152380943 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.372256994 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:28.420299053 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:28.420579910 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:28.420605898 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:28.421683073 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:28.421750069 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:28.422667027 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:28.422725916 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:28.466790915 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:28.466799974 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:28.514723063 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:28.687833071 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:28.741436958 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.741681099 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.741693974 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.742058992 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.742347002 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.742408037 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.742458105 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.782741070 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.782747984 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.875197887 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.875216007 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.875286102 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.875293970 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.876044035 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.876101971 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:28.876209021 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.876229048 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.876374006 CET	49731	443	192.168.2.16	13.107.136.10
Dec 31, 2024 19:37:28.876386881 CET	443	49731	13.107.136.10	192.168.2.16
Dec 31, 2024 19:37:29.289772034 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:30.492841959 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:30.926129103 CET	49689	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:32.893774986 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:36.532090902 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:36.835750103 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:37.441864014 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:37.697751045 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:38.319335938 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:38.319396973 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:38.319446087 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:38.641797066 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:39.201232910 CET	49730	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:37:39.201271057 CET	443	49730	142.250.184.228	192.168.2.16
Dec 31, 2024 19:37:41.002898932 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:41.050745964 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:41.306770086 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:41.914854050 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:43.127856016 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:45.540743113 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:45.860991955 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:47.300838947 CET	49673	443	192.168.2.16	204.79.197.203
Dec 31, 2024 19:37:50.354842901 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:37:55.467772007 CET	49678	443	192.168.2.16	20.189.173.10
Dec 31, 2024 19:37:59.956914902 CET	49680	80	192.168.2.16	192.229.211.108
Dec 31, 2024 19:38:09.525995016 CET	49697	80	192.168.2.16	199.232.214.172
Dec 31, 2024 19:38:09.526022911 CET	49698	80	192.168.2.16	199.232.214.172
Dec 31, 2024 19:38:09.531030893 CET	80	49697	199.232.214.172	192.168.2.16
Dec 31, 2024 19:38:09.531100988 CET	49697	80	192.168.2.16	199.232.214.172
Dec 31, 2024 19:38:09.531368017 CET	80	49698	199.232.214.172	192.168.2.16
Dec 31, 2024 19:38:09.531425953 CET	49698	80	192.168.2.16	199.232.214.172
Dec 31, 2024 19:38:27.820722103 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:27.820764065 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:27.820857048 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:27.821080923 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:27.821094990 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:28.451581001 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:28.451879978 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:28.451900005 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:28.452362061 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:28.452656031 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:28.452761889 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:28.505772114 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:38.370889902 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:38.370963097 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:38:38.371022940 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:39.196152925 CET	49743	443	192.168.2.16	142.250.184.228
Dec 31, 2024 19:38:39.196176052 CET	443	49743	142.250.184.228	192.168.2.16
Dec 31, 2024 19:39:00.382044077 CET	49700	80	192.168.2.16	192.229.221.95
Dec 31, 2024 19:39:00.382050037 CET	49699	443	192.168.2.16	40.126.32.138
Dec 31, 2024 19:39:00.387145042 CET	80	49700	192.229.221.95	192.168.2.16
Dec 31, 2024 19:39:00.387262106 CET	49700	80	192.168.2.16	192.229.221.95
Dec 31, 2024 19:39:00.387319088 CET	443	49699	40.126.32.138	192.168.2.16
Dec 31, 2024 19:39:00.387370110 CET	49699	443	192.168.2.16	40.126.32.138
Dec 31, 2024 19:39:02.571072102 CET	49701	443	192.168.2.16	40.126.32.138
Dec 31, 2024 19:39:02.576183081 CET	443	49701	40.126.32.138	192.168.2.16
Dec 31, 2024 19:39:02.576246977 CET	49701	443	192.168.2.16	40.126.32.138

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 19:37:22.948776960 CET	53	58393	1.1.1.1	192.168.2.16
Dec 31, 2024 19:37:22.957106113 CET	53	52424	1.1.1.1	192.168.2.16
Dec 31, 2024 19:37:23.894474983 CET	64547	53	192.168.2.16	1.1.1.1
Dec 31, 2024 19:37:23.894725084 CET	62472	53	192.168.2.16	1.1.1.1
Dec 31, 2024 19:37:23.956749916 CET	53	56786	1.1.1.1	192.168.2.16
Dec 31, 2024 19:37:26.412055969 CET	64402	53	192.168.2.16	1.1.1.1
Dec 31, 2024 19:37:26.412177086 CET	60826	53	192.168.2.16	1.1.1.1
Dec 31, 2024 19:37:27.766412020 CET	52219	53	192.168.2.16	1.1.1.1
Dec 31, 2024 19:37:27.766560078 CET	51093	53	192.168.2.16	1.1.1.1
Dec 31, 2024 19:37:27.773152113 CET	53	51093	1.1.1.1	192.168.2.16
Dec 31, 2024 19:37:27.773216009 CET	53	52219	1.1.1.1	192.168.2.16
Dec 31, 2024 19:37:40.948682070 CET	53	59681	1.1.1.1	192.168.2.16
Dec 31, 2024 19:37:59.948519945 CET	53	60663	1.1.1.1	192.168.2.16
Dec 31, 2024 19:38:22.545237064 CET	53	63325	1.1.1.1	192.168.2.16
Dec 31, 2024 19:38:22.897943020 CET	53	53432	1.1.1.1	192.168.2.16
Dec 31, 2024 19:38:32.708565950 CET	138	138	192.168.2.16	192.168.2.255
Dec 31, 2024 19:38:53.104221106 CET	53	49933	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 31, 2024 19:37:26.464534044 CET	192.168.2.16	1.1.1.1	c364	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 19:37:23.894474983 CET	192.168.2.16	1.1.1.1	0x5a10	Standard query (0)	ocemt-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:23.894725084 CET	192.168.2.16	1.1.1.1	0xde5a	Standard query (0)	ocemt-my.sharepoint.com	65	IN (0x0001)	false
Dec 31, 2024 19:37:26.412055969 CET	192.168.2.16	1.1.1.1	0x3f7d	Standard query (0)	ocemt-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:26.412177086 CET	192.168.2.16	1.1.1.1	0xd858	Standard query (0)	ocemt-my.sharepoint.com	65	IN (0x0001)	false
Dec 31, 2024 19:37:27.766412020 CET	192.168.2.16	1.1.1.1	0xd0be	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:27.766560078 CET	192.168.2.16	1.1.1.1	0x71db	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 19:37:23.947276115 CET	1.1.1.1	192.168.2.16	0xde5a	No error (0)	ocemt-my.sharepoint.com	ocemt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.947276115 CET	1.1.1.1	192.168.2.16	0xde5a	No error (0)	ocemt.sharepoint.com	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.947276115 CET	1.1.1.1	192.168.2.16	0xde5a	No error (0)	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.947276115 CET	1.1.1.1	192.168.2.16	0xde5a	No error (0)	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	ocemt-my.sharepoint.com	ocemt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	ocemt.sharepoint.com	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	201163-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:23.966907024 CET	1.1.1.1	192.168.2.16	0x5a10	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	ocemt-my.sharepoint.com	ocemt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	ocemt.sharepoint.com	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	201163-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:26.451026917 CET	1.1.1.1	192.168.2.16	0x3f7d	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Dec 31, 2024 19:37:26.464471102 CET	1.1.1.1	192.168.2.16	0xd858	No error (0)	ocemt-my.sharepoint.com	ocemt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.464471102 CET	1.1.1.1	192.168.2.16	0xd858	No error (0)	ocemt.sharepoint.com	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.464471102 CET	1.1.1.1	192.168.2.16	0xd858	No error (0)	283-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:26.464471102 CET	1.1.1.1	192.168.2.16	0xd858	No error (0)	201163-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201163-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 19:37:27.773152113 CET	1.1.1.1	192.168.2.16	0x71db	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 31, 2024 19:37:27.773216009 CET	1.1.1.1	192.168.2.16	0xd0be	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ocemt-my.sharepoint.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49707	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:24 UTC	763	OUT	GET /:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:25 UTC	1513	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 280960 Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,275478,0,437987,6 X-SharePointHealthScore: 2 Referrer-Policy: no-referrer, strict-origin-when-cross-origin SharePointError: 0 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: ef0273a1-f0cf-0000-59c7-f35a4c1312d5 request-id: ef0273a1-f0cf-0000-59c7-f35a4c1312d5 MS-CV: oXMC78/wAABZx/NaTBMS1Q.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f8f79caf-4b09-4d18-8dab-a9e1fa1f03b7&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 SPRequestDuration: 740 SPIisLatency: 7 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 50DA12E8540141F481C995E860CFE0B8 Ref B: EWR311000104029 Ref C: 2024-12-31T18:37:24Z Date: Tue, 31 Dec 2024 18:37:24 GMT Connection: close
2024-12-31 18:37:25 UTC	2692	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 6f 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 6f 66 66 69 63 65 3a 6f 66 66 69 63 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint"
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 22 3a 31 2c 22 46 36 39 42 41 44 39 38 2d 33 34 38 42 2d 34 34 43 41 2d 38 33 37 33 2d 32 30 32 35 46 46 45 33 44 45 45 45 22 3a 31 2c 22 37 37 31 33 44 46 39 35 2d 41 32 46 45 2d 34 38 42 30 2d 38 38 44 41 2d 43 36 33 44 46 46 34 45 35 33 43 36 22 3a 31 2c 22 30 33 35 42 38 42 33 31 2d 46 43 34 30 2d 34 37 39 34 2d 38 36 39 36 2d 44 34 36 35 42 34 30 41 46 41 42 45 22 3a 31 2c 22 34 34 32 39 33 32 33 46 2d 34 34 30 30 2d 34 41 39 38 2d 41 38 33 42 2d 34 45 32 37 46 34 43 34 32 31 30 39 22 3a 31 2c 22 41 41 41 32 39 44 31 33 2d 45 30 46 32 2d 34 34 45 38 2d 42 41 31 34 2d 35 37 30 41 34 34 46 33 45 34 32 34 22 3a 31 2c 22 39 43 43 33 42 32 35 41 2d 38 38 38 34 2d 34 36 44 30 2d 39 31 35 31 2d 36 35 46 41 39 30 33 39 30 31 35 45 22 3a 31 2c 22 38 42 37 36 Data Ascii: ":1,"F69BAD98-348B-44CA-8373-2025FFE3DEEE":1,"7713DF95-A2FE-48B0-88DA-C63DFF4E53C6":1,"035B8B31-FC40-4794-8696-D465B40AFABE":1,"4429323F-4400-4A98-A83B-4E27F4C42109":1,"AAA29D13-E0F2-44E8-BA14-570A44F3E424":1,"9CC3B25A-8884-46D0-9151-65FA9039015E":1,"8B76
2024-12-31 18:37:25 UTC	4109	IN	Data Raw: 38 33 33 36 30 36 41 39 22 3a 31 2c 22 33 42 42 30 45 44 42 32 2d 45 46 41 46 2d 34 42 46 46 2d 38 31 34 41 2d 30 44 34 38 34 46 37 36 30 43 33 44 22 3a 31 2c 22 35 38 45 46 35 30 30 42 2d 32 44 46 32 2d 34 45 34 42 2d 41 32 37 30 2d 46 39 46 39 43 42 46 30 38 41 39 34 22 3a 31 2c 22 38 33 38 33 31 30 44 31 2d 33 46 46 38 2d 34 31 37 34 2d 38 38 36 32 2d 34 38 41 41 33 32 30 33 38 37 35 31 22 3a 31 2c 22 41 41 45 43 36 44 39 46 2d 36 42 36 34 2d 34 44 32 39 2d 38 37 45 34 2d 39 35 35 35 45 33 34 32 30 34 46 32 22 3a 31 2c 22 42 34 34 46 34 38 42 44 2d 34 30 46 46 2d 34 38 32 31 2d 41 35 31 34 2d 33 46 46 35 37 36 31 41 39 41 46 41 22 3a 31 2c 22 43 35 36 36 31 35 46 35 2d 46 31 46 46 2d 34 33 45 33 2d 39 31 34 41 2d 38 39 45 37 30 41 37 46 46 45 42 30 22 Data Ascii: 833606A9":1,"3BB0EDB2-EFAF-4BFF-814A-0D484F760C3D":1,"58EF500B-2DF2-4E4B-A270-F9F9CBF08A94":1,"838310D1-3FF8-4174-8862-48AA32038751":1,"AAEC6D9F-6B64-4D29-87E4-9555E34204F2":1,"B44F48BD-40FF-4821-A514-3FF5761A9AFA":1,"C56615F5-F1FF-43E3-914A-89E70A7FFEB0"
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 3a 31 2c 22 31 30 36 41 41 45 34 46 2d 33 32 35 42 2d 34 45 34 45 2d 41 37 41 45 2d 41 43 46 38 43 41 32 46 39 38 34 36 22 3a 31 2c 22 46 46 41 44 45 33 36 35 2d 35 43 36 45 2d 34 44 30 43 2d 42 45 46 45 2d 33 33 31 31 41 35 36 31 37 39 38 41 22 3a 31 2c 22 38 46 34 41 31 30 39 41 2d 38 37 34 38 2d 34 38 32 42 2d 39 33 31 44 2d 46 45 30 46 45 44 36 38 38 30 33 44 22 3a 31 2c 22 42 31 31 46 41 37 43 36 2d 44 38 34 30 2d 34 43 39 33 2d 41 34 41 46 2d 39 33 43 41 44 30 37 36 46 31 45 38 22 3a 31 2c 22 32 39 46 34 43 33 33 36 2d 41 46 41 37 2d 34 43 33 41 2d 39 42 32 42 2d 32 41 45 33 44 32 43 37 33 33 45 32 22 3a 31 2c 22 46 44 45 31 37 45 45 44 2d 38 43 33 41 2d 34 36 33 36 2d 39 46 35 36 2d 43 30 34 39 30 38 43 45 38 33 34 41 22 3a 31 2c 22 35 34 44 39 36 Data Ascii: :1,"106AAE4F-325B-4E4E-A7AE-ACF8CA2F9846":1,"FFADE365-5C6E-4D0C-BEFE-3311A561798A":1,"8F4A109A-8748-482B-931D-FE0FED68803D":1,"B11FA7C6-D840-4C93-A4AF-93CAD076F1E8":1,"29F4C336-AFA7-4C3A-9B2B-2AE3D2C733E2":1,"FDE17EED-8C3A-4636-9F56-C04908CE834A":1,"54D96
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 42 42 36 43 37 30 37 22 3a 31 2c 22 38 30 45 37 33 30 46 42 2d 43 44 33 33 2d 34 31 34 30 2d 42 43 42 39 2d 45 30 37 34 36 39 36 37 39 41 33 41 22 3a 31 2c 22 39 44 46 45 37 43 35 37 2d 43 44 41 30 2d 34 44 43 35 2d 39 37 45 30 2d 30 33 32 41 33 42 32 38 36 36 31 42 22 3a 31 2c 22 45 42 36 38 32 31 30 41 2d 34 44 30 44 2d 34 32 43 41 2d 41 39 36 33 2d 33 41 45 34 45 33 38 30 39 38 45 46 22 3a 31 2c 22 31 44 41 35 46 44 36 39 2d 46 41 35 44 2d 34 41 34 44 2d 42 46 36 39 2d 32 37 31 46 45 30 34 41 37 33 37 39 22 3a 31 2c 22 45 43 37 42 30 35 43 33 2d 41 34 42 33 2d 34 42 45 46 2d 42 33 46 39 2d 35 42 44 43 44 46 30 46 33 46 36 42 22 3a 31 2c 22 43 43 45 43 38 33 45 43 2d 34 31 34 41 2d 34 43 31 39 2d 42 36 33 42 2d 31 39 37 46 36 42 36 30 39 46 42 31 22 3a Data Ascii: BB6C707":1,"80E730FB-CD33-4140-BCB9-E07469679A3A":1,"9DFE7C57-CDA0-4DC5-97E0-032A3B28661B":1,"EB68210A-4D0D-42CA-A963-3AE4E38098EF":1,"1DA5FD69-FA5D-4A4D-BF69-271FE04A7379":1,"EC7B05C3-A4B3-4BEF-B3F9-5BDCDF0F3F6B":1,"CCEC83EC-414A-4C19-B63B-197F6B609FB1":
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 37 37 2d 38 44 45 34 36 46 30 34 39 43 46 39 22 3a 31 2c 22 38 44 33 46 37 32 42 33 2d 35 41 39 41 2d 34 39 41 34 2d 41 41 44 45 2d 36 34 38 38 38 33 32 34 45 42 33 32 22 3a 31 2c 22 46 30 38 34 37 45 45 34 2d 44 45 37 36 2d 34 36 46 34 2d 41 42 32 30 2d 45 39 39 39 30 37 43 38 36 41 38 32 22 3a 31 2c 22 43 34 35 38 43 46 38 32 2d 44 42 38 45 2d 34 45 42 32 2d 41 44 37 42 2d 36 42 46 30 32 45 31 44 44 43 30 31 22 3a 31 2c 22 36 33 44 43 44 43 35 32 2d 41 37 36 35 2d 34 45 35 38 2d 42 34 43 31 2d 46 31 34 41 44 38 30 36 30 44 38 31 22 3a 31 2c 22 30 30 30 45 44 39 39 42 2d 42 39 31 30 2d 34 45 37 46 2d 39 34 32 36 2d 36 31 41 41 44 35 38 44 37 36 37 30 22 3a 31 2c 22 36 42 36 43 46 32 46 43 2d 34 31 45 45 2d 34 44 42 30 2d 39 45 43 44 2d 34 43 43 34 37 44 Data Ascii: 77-8DE46F049CF9":1,"8D3F72B3-5A9A-49A4-AADE-64888324EB32":1,"F0847EE4-DE76-46F4-AB20-E99907C86A82":1,"C458CF82-DB8E-4EB2-AD7B-6BF02E1DDC01":1,"63DCDC52-A765-4E58-B4C1-F14AD8060D81":1,"000ED99B-B910-4E7F-9426-61AAD58D7670":1,"6B6CF2FC-41EE-4DB0-9ECD-4CC47D
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 2d 34 43 30 35 2d 38 41 35 36 2d 30 32 37 30 45 36 43 37 32 38 34 45 22 3a 31 2c 22 46 36 38 35 38 36 41 46 2d 46 39 46 32 2d 34 32 45 39 2d 41 38 32 42 2d 36 34 35 37 34 32 33 44 30 33 35 46 22 3a 31 2c 22 45 36 33 42 39 43 43 33 2d 43 32 37 31 2d 34 36 45 41 2d 38 37 31 34 2d 38 46 36 42 39 37 36 35 45 38 45 46 22 3a 31 2c 22 34 41 30 36 35 43 42 45 2d 33 37 43 41 2d 34 38 46 36 2d 39 43 31 44 2d 38 35 36 42 37 38 45 34 43 42 43 36 22 3a 31 2c 22 34 39 44 33 44 35 37 41 2d 38 45 35 46 2d 34 43 33 43 2d 38 45 44 34 2d 32 31 30 32 41 36 41 33 46 42 35 39 22 3a 31 2c 22 38 37 45 34 35 41 43 44 2d 34 43 31 42 2d 34 37 39 30 2d 41 33 36 38 2d 37 33 41 30 38 32 46 45 43 31 35 39 22 3a 31 2c 22 33 43 32 32 37 39 31 38 2d 42 37 36 43 2d 34 43 39 36 2d 42 33 36 Data Ascii: -4C05-8A56-0270E6C7284E":1,"F68586AF-F9F2-42E9-A82B-6457423D035F":1,"E63B9CC3-C271-46EA-8714-8F6B9765E8EF":1,"4A065CBE-37CA-48F6-9C1D-856B78E4CBC6":1,"49D3D57A-8E5F-4C3C-8ED4-2102A6A3FB59":1,"87E45ACD-4C1B-4790-A368-73A082FEC159":1,"3C227918-B76C-4C96-B36
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 46 35 34 2d 41 41 46 32 2d 34 33 46 43 2d 41 44 34 44 2d 35 36 38 32 32 38 46 30 44 36 33 43 22 3a 31 2c 22 37 39 37 35 46 44 36 42 2d 41 37 37 34 2d 34 35 32 44 2d 39 43 46 31 2d 46 46 33 34 36 30 33 32 46 46 41 43 22 3a 31 2c 22 41 36 32 46 39 41 31 36 2d 38 33 31 36 2d 34 32 41 31 2d 38 44 35 41 2d 31 38 43 35 46 41 33 30 44 32 33 32 22 3a 31 2c 22 39 36 43 39 46 42 36 36 2d 33 36 41 41 2d 34 45 31 42 2d 42 37 30 44 2d 37 44 34 32 38 35 42 31 31 44 46 34 22 3a 31 2c 22 46 38 33 42 33 35 35 43 2d 45 30 32 31 2d 34 44 33 36 2d 41 42 39 32 2d 42 38 30 31 44 30 33 44 41 32 41 33 22 3a 31 2c 22 41 31 34 33 34 44 32 35 2d 31 34 39 45 2d 34 35 44 33 2d 38 36 36 36 2d 38 34 37 33 33 42 38 32 33 46 30 33 22 3a 31 2c 22 41 38 45 33 37 46 32 42 2d 32 46 33 35 2d Data Ascii: F54-AAF2-43FC-AD4D-568228F0D63C":1,"7975FD6B-A774-452D-9CF1-FF346032FFAC":1,"A62F9A16-8316-42A1-8D5A-18C5FA30D232":1,"96C9FB66-36AA-4E1B-B70D-7D4285B11DF4":1,"F83B355C-E021-4D36-AB92-B801D03DA2A3":1,"A1434D25-149E-45D3-8666-84733B823F03":1,"A8E37F2B-2F35-
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 31 2c 22 30 43 38 33 39 35 42 39 2d 35 43 39 39 2d 34 42 43 39 2d 42 42 42 30 2d 34 36 32 45 41 42 46 32 44 45 44 34 22 3a 31 2c 22 37 35 30 30 44 41 35 30 2d 36 34 41 43 2d 34 35 39 37 2d 42 44 42 30 2d 34 39 41 33 31 42 32 42 44 34 42 42 22 3a 31 2c 22 31 37 30 44 45 34 37 45 2d 43 32 42 41 2d 34 36 43 37 2d 41 39 41 41 2d 33 43 33 44 34 46 39 45 35 31 44 33 22 3a 31 2c 22 32 30 30 36 33 45 36 42 2d 30 37 35 32 2d 34 30 41 38 2d 38 34 35 42 2d 31 39 34 31 43 35 39 39 41 32 30 42 22 3a 31 2c 22 31 33 46 31 45 39 38 32 2d 46 43 33 31 2d 34 43 45 39 2d 39 36 41 35 2d 42 31 46 39 37 44 43 43 46 38 37 30 22 3a 31 2c 22 32 32 36 38 45 31 36 34 2d 31 31 45 31 2d 34 41 34 42 2d 39 41 38 32 2d 46 41 46 38 33 31 36 44 34 44 45 39 22 3a 31 2c 22 34 36 35 30 39 44 Data Ascii: 1,"0C8395B9-5C99-4BC9-BBB0-462EABF2DED4":1,"7500DA50-64AC-4597-BDB0-49A31B2BD4BB":1,"170DE47E-C2BA-46C7-A9AA-3C3D4F9E51D3":1,"20063E6B-0752-40A8-845B-1941C599A20B":1,"13F1E982-FC31-4CE9-96A5-B1F97DCCF870":1,"2268E164-11E1-4A4B-9A82-FAF8316D4DE9":1,"46509D
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 34 34 31 33 41 35 22 3a 31 2c 22 46 37 45 30 39 46 32 34 2d 33 34 39 35 2d 34 41 37 38 2d 42 43 43 39 2d 35 46 31 45 34 43 35 46 36 43 42 39 22 3a 31 2c 22 46 36 42 42 46 39 32 37 2d 35 46 38 39 2d 34 46 39 37 2d 42 36 38 31 2d 31 43 35 36 44 39 35 34 31 32 35 43 22 3a 31 2c 22 33 35 31 42 34 33 30 30 2d 34 37 36 36 2d 34 30 38 30 2d 41 32 42 36 2d 37 38 39 39 30 42 31 35 38 41 45 43 22 3a 31 2c 22 37 39 30 34 33 34 37 37 2d 36 31 38 35 2d 34 41 45 32 2d 42 34 35 46 2d 44 30 38 41 41 36 39 33 35 39 42 37 22 3a 31 2c 22 42 31 44 41 46 45 32 36 2d 39 31 43 39 2d 34 46 31 42 2d 41 35 45 30 2d 35 43 37 39 41 39 39 45 39 39 31 39 22 3a 31 2c 22 34 31 43 45 38 33 38 46 2d 44 41 42 35 2d 34 42 46 44 2d 41 35 43 36 2d 37 32 42 31 32 32 37 46 35 42 33 35 22 3a 31 Data Ascii: 4413A5":1,"F7E09F24-3495-4A78-BCC9-5F1E4C5F6CB9":1,"F6BBF927-5F89-4F97-B681-1C56D954125C":1,"351B4300-4766-4080-A2B6-78990B158AEC":1,"79043477-6185-4AE2-B45F-D08AA69359B7":1,"B1DAFE26-91C9-4F1B-A5E0-5C79A99E9919":1,"41CE838F-DAB5-4BFD-A5C6-72B1227F5B35":1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49708	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:25 UTC	718	OUT	GET /_layouts/15/1033/styles/corev15.css?rev=QLDOqSwkd19yHhmt%2FbZqew%3D%3DTAG139 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:25 UTC	731	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 341640 Content-Type: text/css Last-Modified: Thu, 19 Dec 2024 04:25:07 GMT Accept-Ranges: bytes ETag: "40b0eefbcd51db1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,210745,0,186882,6 SPRequestDuration: 11 SPIisLatency: 5 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 76DBDB229CBB4AEE9AE72A064E7A1B75 Ref B: EWR311000104029 Ref C: 2024-12-31T18:37:25Z Date: Tue, 31 Dec 2024 18:37:24 GMT Connection: close
2024-12-31 18:37:25 UTC	1470	IN	Data Raw: 2f 2a 20 5f 6c 63 69 64 3d 22 31 30 33 33 22 0d 0a 5f 4c 6f 63 61 6c 42 69 6e 64 69 6e 67 20 2a 2f 0d 0a 62 6f 64 79 2c 0d 0a 2e 6d 73 2d 63 6f 72 65 2d 64 65 66 61 75 6c 74 46 6f 6e 74 2c 0d 0a 23 70 61 67 65 53 74 61 74 75 73 42 61 72 2c 0d 0a 23 68 79 62 72 69 64 54 6f 6f 6c 74 69 70 53 74 61 74 75 73 42 61 72 2c 0d 0a 2e 6d 73 2d 73 74 61 74 75 73 2d 6d 73 67 2c 0d 0a 2e 6a 73 2d 63 61 6c 6c 6f 75 74 2d 62 6f 64 79 0d 0a 7b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 46 6f 6e 74 28 74 68 65 6d 65 46 6f 6e 74 3a 22 62 6f 64 79 22 29 5d 20 2a 2f 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 22 53 65 67 6f 65 22 2c 54 61 68 6f 6d 61 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 66 6f 6e 74 Data Ascii: /* _lcid="1033"_LocalBinding /body,.ms-core-defaultFont,#pageStatusBar,#hybridTooltipStatusBar,.ms-status-msg,.js-callout-body{/ [ReplaceFont(themeFont:"body")] */ font-family:"Segoe UI","Segoe",Tahoma,Helvetica,Arial,sans-serif;font
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 65 70 6c 61 63 65 46 6f 6e 74 28 74 68 65 6d 65 46 6f 6e 74 3a 22 68 65 61 64 69 6e 67 22 29 5d 20 2a 2f 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 20 53 65 6d 69 6c 69 67 68 74 22 2c 22 53 65 67 6f 65 20 55 49 22 2c 22 53 65 67 6f 65 22 2c 54 61 68 6f 6d 61 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 53 74 72 6f 6e 67 42 6f 64 79 54 65 78 74 22 29 5d 20 2a 2f 20 63 6f 6c 6f 72 3a 23 32 36 32 36 32 36 3b 0d 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 0d 0a 7d 0d 0a 68 32 2c 2e 6d 73 2d 68 32 0d 0a 7b 0d 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 36 65 6d 3b 0d 0a 7d 0d 0a 68 33 2c 2e 6d 73 2d 68 Data Ascii: eplaceFont(themeFont:"heading")] / font-family:"Segoe UI Semilight","Segoe UI","Segoe",Tahoma,Helvetica,Arial,sans-serif;/ [ReplaceColor(themeColor:"StrongBodyText")] */ color:#262626;font-weight:300;}h2,.ms-h2{font-size:1.46em;}h3,.ms-h
2024-12-31 18:37:25 UTC	6113	IN	Data Raw: 2d 73 69 74 65 61 63 74 69 6f 6e 73 2d 68 6f 76 65 72 20 3e 20 2e 6d 73 2d 63 6f 72 65 2d 6d 65 6e 75 2d 62 6f 78 42 69 67 2c 0d 0a 2e 6d 73 2d 77 65 6c 63 6f 6d 65 2d 72 6f 6f 74 20 3e 20 2e 6d 73 2d 63 6f 72 65 2d 6d 65 6e 75 2d 62 6f 78 2c 0d 0a 2e 6d 73 2d 77 65 6c 63 6f 6d 65 2d 72 6f 6f 74 20 3e 20 2e 6d 73 2d 63 6f 72 65 2d 6d 65 6e 75 2d 62 6f 78 42 69 67 0d 0a 7b 0d 0a 70 61 64 64 69 6e 67 2d 74 6f 70 3a 34 70 78 3b 0d 0a 7d 0d 0a 23 6d 73 2d 68 65 6c 70 0d 0a 7b 0d 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 68 65 69 67 68 74 3a 33 30 70 78 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 64 64 2d 62 75 74 74 6f 6e 0d 0a 7b 0d 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 Data Ascii: -siteactions-hover > .ms-core-menu-boxBig,.ms-welcome-root > .ms-core-menu-box,.ms-welcome-root > .ms-core-menu-boxBig{padding-top:4px;}#ms-help{display:inline-block;height:30px;}.ms-dd-button{display:inline-block;margin-left:5
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 63 6f 72 65 2d 68 65 61 64 65 72 20 2e 6d 73 2d 73 72 63 68 2d 73 62 0d 0a 7b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 48 65 61 64 65 72 42 61 63 6b 67 72 6f 75 6e 64 22 2c 6f 70 61 63 69 74 79 3a 22 31 22 29 5d 20 2a 2f 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 48 65 61 64 65 72 42 61 63 6b 67 72 6f 75 6e 64 22 29 5d 20 2a 2f 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 20 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 38 35 20 29 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 73 72 63 68 2d 73 62 2d 62 6f Data Ascii: lay:inline-block;}.ms-core-header .ms-srch-sb{/* [ReplaceColor(themeColor:"HeaderBackground",opacity:"1")] / background-color:#fff;/ [ReplaceColor(themeColor:"HeaderBackground")] */ background-color:rgba( 255,255,255,0.85 );}.ms-srch-sb-bo
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 2d 6e 65 65 64 49 45 46 69 6c 74 65 72 20 2e 6d 73 2d 73 74 6f 72 65 66 72 6f 6e 74 2d 61 70 70 69 63 6f 6e 73 70 61 6e 0d 0a 7b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 45 6d 70 68 61 73 69 73 42 61 63 6b 67 72 6f 75 6e 64 22 29 5d 20 2a 2f 20 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 2c 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 23 66 66 30 30 37 32 63 36 2c 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 23 66 66 30 30 37 32 63 36 29 22 3b 0d 0a 7d 0d 0a 2e 6d Data Ascii: -needIEFilter .ms-storefront-appiconspan{background-color:transparent;/* [ReplaceColor(themeColor:"EmphasisBackground")] */ -ms-filter:"progid:DXImageTransform.Microsoft.gradient(GradientType=0,startColorstr=#ff0072c6,endColorstr=#ff0072c6)";}.m
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 74 79 6c 65 3a 6e 6f 6e 65 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 63 6f 72 65 2d 66 6f 72 6d 2d 65 72 72 6f 72 2c 0d 0a 2e 6d 73 2d 65 72 72 6f 72 2c 0d 0a 2e 6d 73 2d 66 6f 72 6d 76 61 6c 69 64 61 74 69 6f 6e 2c 0d 0a 2e 6d 73 2d 64 69 66 66 64 65 6c 65 74 65 6e 6f 73 74 72 69 6b 65 2c 0d 0a 2e 6d 73 2d 64 69 66 66 64 65 6c 65 74 65 0d 0a 7b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 45 72 72 6f 72 54 65 78 74 22 29 5d 20 2a 2f 20 63 6f 6c 6f 72 3a 23 62 66 30 30 30 30 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 74 6f 6f 6c 74 69 70 0d 0a 7b 0d 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0d 0a 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 64 6f 74 74 65 64 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 65 6d 70 74 Data Ascii: tyle:none;}.ms-core-form-error,.ms-error,.ms-formvalidation,.ms-diffdeletenostrike,.ms-diffdelete{/* [ReplaceColor(themeColor:"ErrorText")] */ color:#bf0000;}.ms-tooltip{text-decoration:none;border-bottom:1px dotted;}.ms-empt
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 0a 7b 0d 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 30 70 78 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 69 6e 64 65 6e 74 0d 0a 7b 0d 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 35 70 78 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 68 69 67 68 43 6f 6e 74 72 61 73 74 42 6f 72 64 65 72 0d 0a 7b 0d 0a 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 63 75 72 73 6f 72 44 65 66 61 75 6c 74 0d 0a 7b 0d 0a 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 63 75 72 73 6f 72 50 6f 69 6e 74 65 72 0d 0a 7b 0d 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 73 68 61 64 6f 77 0d 0a 7b 0d 0a 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 30 70 78 20 37 70 78 20 30 70 78 20 72 67 62 61 28 Data Ascii: {margin-left:20px;}.ms-indent{margin-left:25px;}.ms-highContrastBorder{border:1px solid transparent;}.ms-cursorDefault{cursor:default;}.ms-cursorPointer{cursor:pointer;}.ms-shadow{box-shadow:0px 0px 7px 0px rgba(
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 43 6f 6c 6f 72 3a 22 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 33 22 2c 6f 70 61 63 69 74 79 3a 22 31 22 29 5d 20 2a 2f 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 38 38 30 35 34 3b 7d 0d 0a 2e 6d 73 2d 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 34 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 7b 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 34 22 2c 6f 70 61 63 69 74 79 3a 22 31 22 29 5d 20 2a 2f 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 36 37 39 35 36 3b 7d 0d 0a 2e 6d 73 2d 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 35 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 7b 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 35 Data Ascii: Color:"ContentAccent3",opacity:"1")] / border-color:#288054;}.ms-ContentAccent4-borderColor{/ [ReplaceColor(themeColor:"ContentAccent4",opacity:"1")] / border-color:#767956;}.ms-ContentAccent5-borderColor{/ [ReplaceColor(themeColor:"ContentAccent5
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 20 31 20 4c 69 67 68 74 65 73 74 22 3b 0d 0a 2f 2a 20 5b 43 6f 6c 6f 72 4e 61 6d 65 5d 20 2a 2f 20 2d 6d 73 2d 63 6f 6c 6f 72 3a 22 4c 69 67 68 74 20 42 6c 75 65 22 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 72 74 65 54 68 65 6d 65 46 6f 72 65 43 6f 6c 6f 72 2d 36 2d 31 0d 0a 7b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 32 2d 4c 69 67 68 74 65 73 74 22 2c 6f 70 61 63 69 74 79 3a 22 31 22 29 5d 20 2a 2f 20 63 6f 6c 6f 72 3a 23 44 35 46 36 46 46 3b 0d 0a 2d 6d 73 2d 6e 61 6d 65 3a 22 41 63 63 65 6e 74 20 32 20 4c 69 67 68 74 65 73 74 22 3b 0d 0a 2f 2a 20 5b 43 6f 6c 6f 72 4e 61 6d 65 5d 20 2a 2f 20 2d 6d 73 2d 63 6f 6c 6f 72 3a 22 50 69 6e 6b 22 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 72 74 Data Ascii: 1 Lightest";/* [ColorName] / -ms-color:"Light Blue";}.ms-rteThemeForeColor-6-1{/ [ReplaceColor(themeColor:"ContentAccent2-Lightest",opacity:"1")] / color:#D5F6FF;-ms-name:"Accent 2 Lightest";/ [ColorName] */ -ms-color:"Pink";}.ms-rt
2024-12-31 18:37:25 UTC	8192	IN	Data Raw: 63 65 6e 74 20 34 20 44 61 72 6b 65 73 74 22 3b 0d 0a 2f 2a 20 5b 43 6f 6c 6f 72 4e 61 6d 65 5d 20 2a 2f 20 2d 6d 73 2d 63 6f 6c 6f 72 3a 22 42 72 6f 77 6e 22 3b 0d 0a 7d 0d 0a 2e 6d 73 2d 72 74 65 54 68 65 6d 65 46 6f 72 65 43 6f 6c 6f 72 2d 39 2d 35 0d 0a 7b 0d 0a 2f 2a 20 5b 52 65 70 6c 61 63 65 43 6f 6c 6f 72 28 74 68 65 6d 65 43 6f 6c 6f 72 3a 22 43 6f 6e 74 65 6e 74 41 63 63 65 6e 74 35 2d 44 61 72 6b 65 73 74 22 2c 6f 70 61 63 69 74 79 3a 22 31 22 29 5d 20 2a 2f 20 63 6f 6c 6f 72 3a 23 37 36 30 30 31 39 3b 0d 0a 2d 6d 73 2d 6e 61 6d 65 3a 22 41 63 63 65 6e 74 20 35 20 44 61 72 6b 65 73 74 22 3b 0d 0a 2f 2a 20 5b 43 6f 6c 6f 72 4e 61 6d 65 5d 20 2a 2f 20 2d 6d 73 2d 63 6f 6c 6f 72 3a 22 44 61 72 6b 20 47 72 65 65 6e 22 3b 0d 0a 7d 0d 0a 2e 6d 73 2d Data Ascii: cent 4 Darkest";/* [ColorName] / -ms-color:"Brown";}.ms-rteThemeForeColor-9-5{/ [ReplaceColor(themeColor:"ContentAccent5-Darkest",opacity:"1")] / color:#760019;-ms-name:"Accent 5 Darkest";/ [ColorName] */ -ms-color:"Dark Green";}.ms-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49709	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:26 UTC	714	OUT	GET /_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG139 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:26 UTC	725	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 622 Content-Type: text/css Last-Modified: Thu, 19 Dec 2024 04:25:07 GMT Accept-Ranges: bytes ETag: "f5d9b7fbcd51db1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,89921,0,73756,7 SPRequestDuration: 8 SPIisLatency: 3 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: B55E35604A554598BB765B339FE87966 Ref B: EWR311000106017 Ref C: 2024-12-31T18:37:26Z Date: Tue, 31 Dec 2024 18:37:25 GMT Connection: close
2024-12-31 18:37:26 UTC	622	IN	Data Raw: 2f 2a 20 5f 6c 63 69 64 3d 22 31 30 33 33 22 0d 0a 5f 4c 6f 63 61 6c 42 69 6e 64 69 6e 67 20 2a 2f 0d 0a 23 6d 73 2d 65 72 72 6f 72 2d 68 65 61 64 65 72 0d 0a 7b 0d 0a 6d 61 72 67 69 6e 3a 31 31 38 70 78 20 30 70 78 20 31 36 70 78 3b 0d 0a 6d 69 6e 2d 68 65 69 67 68 74 3a 35 30 70 78 3b 0d 0a 7d 0d 0a 23 6d 73 2d 65 72 72 6f 72 2d 67 6f 62 61 63 6b 63 6f 6e 74 0d 0a 7b 0d 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 38 70 78 3b 0d 0a 7d 0d 0a 23 6d 73 2d 61 63 63 65 73 73 44 65 6e 69 65 64 2d 72 65 71 44 69 61 6c 6f 67 0d 0a 7b 0d 0a 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 7d 0d 0a 23 6d 73 2d 65 72 72 6f 72 2d 62 6f 64 79 0d 0a 7b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 61 75 74 6f 3b 0d 0a 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 0d Data Ascii: /* _lcid="1033"_LocalBinding */#ms-error-header{margin:118px 0px 16px;min-height:50px;}#ms-error-gobackcont{margin-top:28px;}#ms-accessDenied-reqDialog{max-width:100%;}#ms-error-body{background-size:auto;overflow:auto;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49712	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:26 UTC	861	OUT	GET /ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:26 UTC	778	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 25609 Content-Type: application/x-javascript Content-Encoding: gzip Expires: Wed, 31 Dec 2025 18:37:26 GMT Last-Modified: Tue, 31 Dec 2024 18:37:26 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,37093,0,96270,6 X-AspNet-Version: 4.0.30319 SPRequestDuration: 14 SPIisLatency: 2 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 8059C45527F44737B48136A8AE4F5A1F Ref B: EWR311000103027 Ref C: 2024-12-31T18:37:26Z Date: Tue, 31 Dec 2024 18:37:25 GMT Connection: close
2024-12-31 18:37:26 UTC	280	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd d9 72 1b 49 92 28 fa 3e 66 f3 0f 64 8e 8a 42 36 92 20 29 55 2f 05 28 c5 d1 da a5 1e 6d 47 52 75 77 0d c9 96 e5 06 20 49 10 c9 42 02 92 58 04 be ec 3c dc 4f ba bf 70 7d 89 3d 23 01 50 aa 3e 73 8f 59 97 95 a4 44 2c 1e 11 1e 1e 1e 1e 1e ee 1e ff ef ff fe 7f 0e 0e f6 bf fa bf 7f ff b7 83 83 9d 27 d5 d5 f5 ac 1c 8d e7 3b 9d 27 e1 ce ab 32 9b 55 75 35 9c 43 fa ec aa 9a 25 f3 b2 9a f6 76 1e 4d 26 3b 54 a8 de 99 15 75 31 fb 54 e4 3d ac fd 8d 6d ab d6 1e 9d 27 5f 7a e7 f5 bf ff db f3 c5 34 a3 26 3f 7e 9c 5f 5f 15 af 93 cb 22 0e 64 62 30 30 b2 b3 49 52 d7 f1 7c b6 28 74 6a 36 2b 92 79 f1 24 99 4c d2 24 bb 88 87 22 bd 93 46 49 78 33 2b e6 8b d9 74 47 25 86 37 9f 92 d9 4e 11 27 b3 d1 e2 b2 98 ce eb de a4 98 8e e6 e3 41 39 ec 14 0f Data Ascii: rI(>fdB6 )U/(mGRuw IBX<Op}=#P>sYD,';'2Uu5C%vM&;Tu1T=m'_z4&?~__"db00IR\|(tj6+y$L$"FIx3+tG%7N'A9
2024-12-31 18:37:26 UTC	8192	IN	Data Raw: 4c 57 85 1f 83 fc a4 80 94 81 68 26 ed 25 57 57 93 eb ce 7c 5c d6 51 1e ae 54 72 06 bd e3 d4 24 5c ad dc be 3f 2d 26 c5 08 fe d5 7d 4f a2 d4 d7 77 a7 99 24 52 7d b1 a0 16 97 57 f3 6b f9 2b b6 93 5f 15 f3 71 95 c7 06 50 a3 e2 a7 64 52 e6 d0 91 b7 c9 0c e6 60 5e cc 6a 5d 30 8b 4c 84 ea 39 b1 ea d4 a2 98 01 d3 29 a0 01 8e a2 22 ca 18 e1 49 94 c7 85 9c 89 2c ce 96 4b a4 83 6a 08 c8 8f e3 60 31 cd 8b 61 39 2d f2 60 90 c4 2d 70 b1 b3 4f aa c5 74 2e c0 e2 7c 42 6f 93 de 55 75 f5 7e 0e 74 f1 1c 0b 75 42 39 53 c9 4a ce 6f 1a 1f 46 65 3c 92 ad a7 0f ca 41 0a 53 4d fd 1a c6 c5 c9 ab 64 3e ee 5d 96 48 4f f9 fe 51 78 16 8d e3 61 6f 0a c0 b0 89 61 ef 4a b6 fe 68 36 4b ae c3 71 37 0e 4e 82 6e 27 dd cf bb 47 61 37 38 0b 06 c5 a4 2e 76 a0 ec 6e b6 b7 97 3e 8c f3 30 85 49 Data Ascii: LWh&%WW\|\QTr$\?-&}Ow$R}Wk+_qPdR`^j]0L9)"I,Kj`1a9-`-pOt.\|BoUu~tuB9SJoFe<ASMd>]HOQxaoaJh6Kq7Nn'Ga78.vn>0I
2024-12-31 18:37:26 UTC	7256	IN	Data Raw: 46 8d 9e 10 6a 3a 78 68 3c 77 a3 32 96 2a 3e 8a 28 78 4d e5 4a ab 01 28 f7 09 23 fd 23 ef ee 02 07 1f 50 63 3f 56 8b 19 fa bb 5d 45 bf 60 a8 7e 28 34 b1 8e a5 d7 8c b0 57 70 72 9c 17 20 48 ed 77 26 dd 54 ea 27 7e ad a6 c5 9b e1 10 c0 90 73 9d 86 47 25 f8 33 ec 2a 5a bd 3e f8 c3 21 92 6b 74 fd dd 1f 0e f5 0b c6 52 54 55 9e 07 9e 87 8f 2c ab de 66 70 fd cd 82 6b d8 68 c5 0c b7 ff 6d 6d d9 42 78 b3 a5 75 6f 3a 14 f2 4d 87 34 3e 77 65 43 0c 81 e2 a3 f1 5d 7c 2c 55 8a b1 b0 a1 a3 92 ac a4 17 42 cf f7 f6 ce 29 4c 80 bc f6 25 52 dc 30 a0 d4 a7 4c 44 c2 53 8e 36 33 b5 f2 38 86 8b 52 4f 85 20 5b 5a 3a 35 be c5 e2 a5 33 98 59 d4 dc d0 ad 89 1b af 2f fa be 7b 46 9c 01 a7 45 9e fa 56 66 58 33 d7 b7 83 d5 26 dc 5a 74 11 b3 9b 64 30 28 5a 95 40 6b 94 39 51 a6 7d ec 72 Data Ascii: Fj:xh<w2>(xMJ(##Pc?V]E`~(4Wpr Hw&T'~sG%3Z>!ktRTU,fpkhmmBxuo:M4>weC]\|,UB)L%R0LDS638RO [Z:53Y/{FEVfX3&Ztd0(Z@k9Q}r
2024-12-31 18:37:26 UTC	8192	IN	Data Raw: 83 5c cb df 30 bf 7a c1 ba c4 49 f6 4b da 6e 7c 03 09 bc 4f 86 c9 ac dc 76 f9 0a e3 ee 1e 9f 2d f7 f6 e4 17 00 cd 96 cb cc 5a ce 9b 57 4f 4e 56 58 c0 f9 e5 23 e8 23 fe 27 15 af c4 67 83 64 70 1e 27 51 67 14 c3 9e a6 b4 26 6f 89 12 c3 b0 f5 6c 25 e2 c1 bc 9f 5f 4f c8 14 4c 2e f6 79 32 c2 9d ef 58 7d d9 61 0c fb 92 8e 3b b2 25 5e 85 f2 17 ae aa bd 3d 3a 0f 05 8f df 3c fd 19 68 9a e4 e1 51 ef 8a a2 85 b0 0e 30 49 eb 6a b2 98 17 68 be 78 93 77 63 13 d6 a0 d0 bf 71 0e f9 21 02 0f 9d 3f 8c ef 53 65 fd ec 0d 50 33 ae 1b 84 42 b4 19 22 ac 46 36 00 e5 dc d5 6a 2b e4 64 8c 9c 71 9c 1e a7 6a 14 0a 0f bb b0 2f 8f ed 31 89 89 31 38 31 cc 11 4e 8d 4e 80 63 d7 2d 70 ad b1 c9 26 ee c1 8f 1f 5e bd 84 ef 4e 62 71 c2 c4 e0 6c 80 99 fd d8 ce 3e 1c 14 3a 89 58 e1 e1 76 08 10 Data Ascii: \0zIKn\|Ov-ZWONVX##'gdp'Qg&ol%_OL.y2X}a;%^=:<hQ0Ijhxwcq!?SeP3B"F6j+dqj/1181NNc-p&^Nbql>:Xv
2024-12-31 18:37:26 UTC	1689	IN	Data Raw: 04 89 6a df ac dc 63 ef 6c 23 8c fb d7 23 1b eb 1a 8d e6 3b 0d 04 06 61 98 89 d6 d8 91 51 3c e7 b7 d3 a8 a9 3d bb 54 0d f8 25 8b cb 24 db 2b 51 d8 03 c1 84 10 11 5c f8 fb 8c fd 10 16 a4 d1 38 be c0 19 40 f6 41 93 39 e6 77 21 a1 c9 cd eb 2d 93 eb 0d be f4 fa 81 1f d6 ca 89 b2 70 e5 1f a1 17 37 bb 99 92 1c b2 5e ee 88 d5 59 1f d2 b0 9b c3 07 c0 1b 96 cb e1 c3 f8 3e fe 3b 96 6c 82 ec f0 61 bf 19 6f 35 80 db 71 09 7a ce d0 58 fa 43 58 fa 99 67 e9 8b 34 75 49 55 0e 14 05 4a c3 5a 20 bc 32 be 05 b7 16 24 b2 b1 8a dd 61 c9 c8 d7 21 c2 ed 57 54 46 41 00 ff 87 62 60 f2 7a a5 5d 28 fa 38 42 25 09 46 8e 80 59 cb 61 3d d4 40 4c 99 e5 61 a8 5f 39 74 5c f3 d3 d0 79 58 10 c5 33 7a 06 0d 37 09 96 6b 3f ce d9 48 4f 9c b8 59 7c 3f 6c ef 8e 90 8a e2 83 7f 9c d6 bf eb 9c 24 Data Ascii: jcl##;aQ<=T%$+Q\8@A9w!-p7^Y>;lao5qzXCXg4uIUJZ 2$a!WTFAb`z](8B%FYa=@La_9t\yX3z7k?HOY\|?l$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49711	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:26 UTC	861	OUT	GET /ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:26 UTC	785	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 9984 Content-Type: application/x-javascript Content-Encoding: gzip Expires: Wed, 31 Dec 2025 18:37:26 GMT Last-Modified: Tue, 31 Dec 2024 18:37:26 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,4204800,723,103,176457,0,4204800,7 X-AspNet-Version: 4.0.30319 SPRequestDuration: 14 SPIisLatency: 3 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 2645DDBC97BC467FA44826817817EF39 Ref B: EWR311000105017 Ref C: 2024-12-31T18:37:26Z Date: Tue, 31 Dec 2024 18:37:25 GMT Connection: close
2024-12-31 18:37:26 UTC	1599	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 7d 6b 73 db 48 92 e0 f7 89 98 ff 40 61 7b 65 62 55 86 e4 de bd b8 08 d2 68 85 5e 9e d6 9e 5f 61 cb d3 33 21 6b 15 05 a0 48 42 02 01 1a 00 6d ab 25 fe b2 fb b0 3f 69 ff c2 65 d6 0b 55 40 81 a4 e4 9e bd 8b b8 89 1e 99 a8 77 65 66 65 66 65 66 55 fd d7 ff fe cf fd fd e7 4f fe df 9f ff b4 bf 3f 38 29 16 77 65 3a 9d d5 83 e1 89 3f 78 93 c6 65 51 15 93 1a d2 cb 45 51 d2 3a 2d f2 60 70 94 65 03 5e a8 1a 94 ac 62 e5 57 96 04 58 fb 07 fb d6 bd 1d dd d0 ef bf b1 e8 55 51 ce ab e0 a6 fa f3 9f 2e ee 16 2c b8 2e d9 34 ad 6a 56 7e 8c cb 74 51 0f bd be f2 1e b9 b4 f3 60 f0 8c a7 db c9 1f 59 99 d2 2c fd 5d cc aa 9b ff 96 d5 df 8a f2 d6 91 73 52 cc 17 45 ce f2 fa 4d 91 b0 0c 0b 5c f9 63 3e 48 35 c6 b7 74 ce aa 05 8d d9 d0 fb 78 57 05 6a 74 Data Ascii: }ksH@a{ebUh^_a3!kHBm%?ieU@wefefefUO?8)we:?xeQEQ:-`pe^bWXUQ.,.4jV~tQ`Y,]sREM\c>H5txWjt
2024-12-31 18:37:26 UTC	8192	IN	Data Raw: ca 54 15 ae 71 02 ec 37 97 74 8b 94 46 49 71 0c 2d ad 8c cf c4 90 ed 8f 50 9a 50 d4 45 aa 17 69 29 2a f2 9a a6 79 f5 a8 95 e3 46 02 4d ac d2 a1 4d 59 3b 8e 0e 4a a5 88 aa 3a 4a fb da a6 2c a8 a0 24 09 37 c8 56 3d 79 ad 18 86 4a 45 7b fe 62 1c fd 12 1e 8c a3 e7 cf d5 c6 27 01 4d 11 d8 24 c3 49 0a 21 21 8a fa 38 fe 16 bc 70 bf e4 37 8c 07 3f dd d4 e9 e6 72 5d 04 8e 05 dd 7c 60 55 87 85 4b b5 8e 53 76 bb a1 b3 ef 31 5b 60 43 a3 81 b7 f7 91 2b 31 01 4c 76 4e 6b ce 21 49 1c 72 3e 24 a9 02 b6 7a f7 39 40 66 b4 be 2d 8f 48 c8 7d 2a 33 0f 55 f7 71 1c 2c 80 67 d4 c0 74 5e 95 08 59 5f 91 51 ec 9c 73 9b 74 9e 46 0c 5b 92 c1 36 d4 08 7c 4f 0e 78 9b 46 1d 16 0f 69 87 7c 43 73 f8 70 18 27 10 e6 a6 8c 10 0b fe 94 4d e8 32 ab 8f 97 75 6d 6f d1 1d d9 27 59 1a df b6 bc 23 Data Ascii: Tq7tFIq-PPEi)yFMMY;J:J,$7V=yJE{b'M$I!!8p7?r]\|`UKSv1[`C+1LvNk!Ir>$z9@f-H}3Uq,gt^Y_QstF[6\|OxFi\|Csp'M2umo'Y#
2024-12-31 18:37:26 UTC	193	IN	Data Raw: 0c e5 58 8c 70 32 18 0b b6 02 98 a9 80 68 a0 85 98 a5 5f 1d 2d c4 1a 8e 30 5b 1e 21 96 04 83 93 62 3e 87 21 c5 74 59 b1 6a 00 5b 69 ae b5 cb 19 81 62 03 93 61 b9 9c 80 88 c4 47 a8 ce 8b 24 9d a4 d0 47 74 37 40 68 56 80 d1 c1 07 59 20 f8 ad 4c 51 71 23 4d 95 49 9a 01 f5 54 64 f0 6b 5d 2f de 14 c9 32 63 f0 01 3d c8 a1 e1 8d f4 bc 61 96 f3 8b 6e 02 74 2a c8 e0 6b 73 d6 e6 f9 46 39 6d d9 82 02 2f 3f 3d 39 80 32 41 17 50 b2 41 a8 c8 3f 39 0c 10 3d 39 88 90 3e 5a 74 5c 13 27 3b ee b2 11 00 45 2e c1 db 88 83 04 80 55 a2 4d 8a e6 80 fb 98 05 de 6a fc 7f 00 32 91 1d 1f 89 9d 00 00 Data Ascii: Xp2h_-0[!b>!tYj[ibaG$Gt7@hVY LQq#MITdk]/2c=ant*ksF9m/?=92APA?9=9>Zt\';E.UMj2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49710	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:26 UTC	775	OUT	GET /WebResource.axd?d=htsGRXHb0aH4KsVP0DRpyGXPjV9R2bs7vicPp4bSVQ59Ictux-7gUy7F1mmlD_xPX5XTow2RvXzpOCPd_HF4bv29mc8DT2UAgthqE5nRRTM1&t=638661570537377670 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:26 UTC	758	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 23063 Content-Type: application/x-javascript Expires: Wed, 31 Dec 2025 18:37:26 GMT Last-Modified: Sat, 02 Nov 2024 22:10:53 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,1051136,0,38,45899,0,792489,6 X-AspNet-Version: 4.0.30319 SPRequestDuration: 85 SPIisLatency: 10 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: DEDF13A2D8DB411DABE3D39AEF11CA33 Ref B: EWR311000106051 Ref C: 2024-12-31T18:37:26Z Date: Tue, 31 Dec 2024 18:37:26 GMT Connection: close
2024-12-31 18:37:26 UTC	1723	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c Data Ascii: function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.val
2024-12-31 18:37:26 UTC	8192	IN	Data Raw: 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 69 66 20 28 6f 70 74 69 6f 6e 73 2e 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 5f 5f 64 6f 50 6f 73 74 42 61 63 6b 28 6f 70 74 69 6f 6e 73 2e 65 76 65 6e 74 54 61 72 67 65 74 2c 20 6f 70 74 69 6f 6e 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 29 3b 0d 0a 20 20 20 20 7d 0d 0a 7d 0d 0a 76 61 72 20 5f 5f 70 65 6e 64 69 6e 67 43 61 6c 6c 62 61 63 6b 73 20 3d 20 6e 65 77 20 41 72 72 61 79 28 29 3b 0d 0a 76 61 72 20 5f 5f 73 79 6e 63 68 72 6f 6e 6f 75 73 43 61 6c 6c 42 61 63 6b 49 6e Data Ascii: } } } } } } if (options.clientSubmit) { __doPostBack(options.eventTarget, options.eventArgument); }}var __pendingCallbacks = new Array();var __synchronousCallBackIn
2024-12-31 18:37:26 UTC	5833	IN	Data Raw: 3d 20 22 65 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 65 72 72 6f 72 43 61 6c 6c 62 61 63 6b 29 20 21 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 26 26 20 28 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 65 72 72 6f 72 43 61 6c 6c 62 61 63 6b 20 21 3d 20 6e 75 6c 6c 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 65 72 72 6f 72 43 61 6c 6c 62 61 63 6b 28 72 65 73 70 6f 6e 73 65 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2c 20 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 63 6f 6e 74 65 78 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 73 Data Ascii: = "e") { if ((typeof(callbackObject.errorCallback) != "undefined") && (callbackObject.errorCallback != null)) { callbackObject.errorCallback(response.substring(1), callbackObject.context); } } else { var s
2024-12-31 18:37:26 UTC	7315	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 Data Ascii: defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__nonMSDOMBrowse

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49718	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:27 UTC	580	OUT	GET /ScriptResource.axd?d=lDStHhVdlr45IihRNquumlS6XbgQve73rNo8cprM1QIC7u3o1bPwHIaGzi4PyKNBjA3pSRbq7wKFMAQyJiomiFDZicPQ4JWTZXOMr_N0sBzvb6mhKp9iatJWJCQxvWLiOkp8_OOK-M4rQot8Jp9T787kGsylvp_jOlVvlFM56UFxTMkmsRHOmrorI9zBpzn10&t=ffffffffb201fd3f HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:27 UTC	778	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 9984 Content-Type: application/x-javascript Content-Encoding: gzip Expires: Wed, 31 Dec 2025 18:37:27 GMT Last-Modified: Tue, 31 Dec 2024 18:37:27 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,47672,0,163252,6 X-AspNet-Version: 4.0.30319 SPRequestDuration: 13 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E893B917D4EB4803A836064EBB131C0D Ref B: EWR311000103029 Ref C: 2024-12-31T18:37:27Z Date: Tue, 31 Dec 2024 18:37:26 GMT Connection: close
2024-12-31 18:37:27 UTC	752	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 7d 6b 73 db 48 92 e0 f7 89 98 ff 40 61 7b 65 62 55 86 e4 de bd b8 08 d2 68 85 5e 9e d6 9e 5f 61 cb d3 33 21 6b 15 05 a0 48 42 02 01 1a 00 6d ab 25 fe b2 fb b0 3f 69 ff c2 65 d6 0b 55 40 81 a4 e4 9e bd 8b b8 89 1e 99 a8 77 65 66 65 66 65 66 55 fd d7 ff fe cf fd fd e7 4f fe df 9f ff b4 bf 3f 38 29 16 77 65 3a 9d d5 83 e1 89 3f 78 93 c6 65 51 15 93 1a d2 cb 45 51 d2 3a 2d f2 60 70 94 65 03 5e a8 1a 94 ac 62 e5 57 96 04 58 fb 07 fb d6 bd 1d dd d0 ef bf b1 e8 55 51 ce ab e0 a6 fa f3 9f 2e ee 16 2c b8 2e d9 34 ad 6a 56 7e 8c cb 74 51 0f bd be f2 1e b9 b4 f3 60 f0 8c a7 db c9 1f 59 99 d2 2c fd 5d cc aa 9b ff 96 d5 df 8a f2 d6 91 73 52 cc 17 45 ce f2 fa 4d 91 b0 0c 0b 5c f9 63 3e 48 35 c6 b7 74 ce aa 05 8d d9 d0 fb 78 57 05 6a 74 Data Ascii: }ksH@a{ebUh^_a3!kHBm%?ieU@wefefefUO?8)we:?xeQEQ:-`pe^bWXUQ.,.4jV~tQ`Y,]sREM\c>H5txWjt
2024-12-31 18:37:27 UTC	8192	IN	Data Raw: 74 8e 7d d2 ad 27 84 70 e9 af ba 63 33 71 98 a4 20 7b 6d d9 2c db aa 8b c5 47 31 b2 a1 22 ae 4c 80 41 6a 40 e9 44 f2 68 86 70 a8 fc 04 91 c5 06 66 5a 7b 86 c6 ac e3 65 59 42 11 d9 85 05 0f d7 ec 31 7f 45 70 00 62 26 06 bd 25 20 a1 63 94 d1 5f 69 39 80 29 d1 2c 93 65 44 1b 27 90 10 81 60 1b 45 a4 69 fa 15 4d 33 23 2b 36 b2 2e d2 39 2b 96 b5 ce a3 c4 42 dd c8 81 4e 59 42 d6 1c 25 ab f1 96 38 bf b4 3f 83 8c e5 d3 7a 76 15 72 e8 ee 58 50 f7 c5 57 ce be d7 1a 2f 2b 02 e2 65 c9 4e 96 80 ad b9 98 f4 05 9d 5a 12 b0 69 c7 1a 8c ef 1a 20 10 a0 90 c0 34 49 86 ae 69 52 d5 a3 e8 eb 38 2b 00 3e ff b0 de ee 6b 98 eb 88 ae ec 4e 3f b0 09 03 ca 89 4d 41 8f fa fd 1f db 75 55 c6 80 f8 89 26 1d 1c c4 b5 58 79 62 18 1d 75 2a 16 04 48 c3 a4 88 97 98 25 17 aa 2c 38 f4 44 0f b0 Data Ascii: t}'pc3q {m,G1"LAj@DhpfZ{eYB1Epb&% c_i9),eD'`EiM3#+6.9+BNYB%8?zvrXPW/+eNZi 4IiR8+>kN?MAuU&Xybu*H%,8D
2024-12-31 18:37:27 UTC	1040	IN	Data Raw: ad 0b 60 c7 d1 cb 98 87 f8 18 de 4d 55 9b 34 57 c3 46 57 fe 16 23 6c 02 9b 1f 0f 68 3b 4e 86 06 8e 63 ef 78 22 20 bb c3 73 79 6a 5c 5b 0c ca f1 8a ea 9a e2 9e 3e 5a 79 2d d9 4f 59 4c 4b 60 46 16 b4 dd 45 82 66 c4 c7 78 08 86 6b 6d 7c 6f 27 56 9c f4 85 1d 4d 60 34 e1 ff 38 38 50 c9 77 39 9d a7 f1 6b 7a 87 57 20 1b a7 e9 61 bc 45 9c 62 10 b5 69 5b 4f cc 23 ed 66 ec b1 8c 6a 51 4a a3 75 99 32 aa e1 ae 8c e6 ea b8 35 b5 17 dd 67 22 8d 5c 8c c7 2d cd 47 71 7b 00 68 be eb 86 86 1a 13 1a bd af ac 99 85 56 a4 ea ad a6 8f f6 59 30 a6 e2 51 37 0b c0 fd 5d 99 a5 64 5f ee 8a 4d 67 16 e6 64 6f 3d 58 eb ed b7 a7 bc 18 c1 c6 c6 9a 33 8d 3d c4 22 47 05 d2 95 39 86 e0 89 e8 60 fe 96 81 f1 0c 72 ef eb c9 e5 76 6f 27 97 dd 97 93 2d 12 11 d7 95 a8 3b 22 1c ca 8a eb d6 9b 2e Data Ascii: `MU4WFW#lh;Ncx" syj\[>Zy-OYLK`FEfxkm\|o'VM`488Pw9kzW aEbi[O#fjQJu25g"\-Gq{hVY0Q7]d_Mgdo=X3="G9`rvo'-;".

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49717	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:27 UTC	580	OUT	GET /ScriptResource.axd?d=Y9FdO6NQI5rug15aEhTdOJxODHkj1DYdaIanVjETrWAYJVDaxz4cRrV-ekskIJakW68Jlf_ZimxjVw2-L5dVKlZyu1gTnHv9PLrNsOTDVMB5pRkU4TZXCbzqaMf6m7SOZHd0UvAkrXeHuIlQmv2FggpO_l_Sd47e_VyguaXhhFDCEKnZxoQ5Bbs8brPXGjbX0&t=ffffffffb201fd3f HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:27 UTC	778	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 25609 Content-Type: application/x-javascript Content-Encoding: gzip Expires: Wed, 31 Dec 2025 18:37:27 GMT Last-Modified: Tue, 31 Dec 2024 18:37:27 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,34032,0,68057,6 X-AspNet-Version: 4.0.30319 SPRequestDuration: 16 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: DEFDBE6CA3494EA6852083CF625B04AD Ref B: EWR311000103023 Ref C: 2024-12-31T18:37:27Z Date: Tue, 31 Dec 2024 18:37:26 GMT Connection: close
2024-12-31 18:37:27 UTC	3385	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd d9 72 1b 49 92 28 fa 3e 66 f3 0f 64 8e 8a 42 36 92 20 29 55 2f 05 28 c5 d1 da a5 1e 6d 47 52 75 77 0d c9 96 e5 06 20 49 10 c9 42 02 92 58 04 be ec 3c dc 4f ba bf 70 7d 89 3d 23 01 50 aa 3e 73 8f 59 97 95 a4 44 2c 1e 11 1e 1e 1e 1e 1e ee 1e ff ef ff fe 7f 0e 0e f6 bf fa bf 7f ff b7 83 83 9d 27 d5 d5 f5 ac 1c 8d e7 3b 9d 27 e1 ce ab 32 9b 55 75 35 9c 43 fa ec aa 9a 25 f3 b2 9a f6 76 1e 4d 26 3b 54 a8 de 99 15 75 31 fb 54 e4 3d ac fd 8d 6d ab d6 1e 9d 27 5f 7a e7 f5 bf ff db f3 c5 34 a3 26 3f 7e 9c 5f 5f 15 af 93 cb 22 0e 64 62 30 30 b2 b3 49 52 d7 f1 7c b6 28 74 6a 36 2b 92 79 f1 24 99 4c d2 24 bb 88 87 22 bd 93 46 49 78 33 2b e6 8b d9 74 47 25 86 37 9f 92 d9 4e 11 27 b3 d1 e2 b2 98 ce eb de a4 98 8e e6 e3 41 39 ec 14 0f Data Ascii: rI(>fdB6 )U/(mGRuw IBX<Op}=#P>sYD,';'2Uu5C%vM&;Tu1T=m'_z4&?~__"db00IR\|(tj6+y$L$"FIx3+tG%7N'A9
2024-12-31 18:37:27 UTC	8192	IN	Data Raw: e3 a4 4f bc de b2 64 69 58 08 79 ae 99 1a 4b 5c d9 0f 59 26 5e dc d9 a4 57 7d 9e 16 b3 a7 55 46 e2 22 e2 25 d7 df d4 f7 dd 58 b1 99 b4 07 33 98 2c 26 f3 bf 96 c5 67 b4 4c 82 1d 11 4a fe 8d 58 f8 00 4e b0 50 96 8f 9b 59 2c 67 be 97 56 f9 b5 3d fd 72 4c bb d9 6a c0 52 8a a9 04 a2 94 40 65 18 12 38 27 25 79 ce 56 8b bd 62 fa cb a2 58 b8 67 32 53 3d 90 ae 74 25 c7 00 83 cb 92 24 6c e9 6c a4 d8 54 24 33 0b b9 12 68 7c a8 cb 80 68 e5 8a 1b aa 58 1c ab 03 f1 09 5e fe 9c 59 7a 22 d1 2b 6a 17 a7 96 8e 34 b6 b2 63 8d 82 48 1e bd 31 e3 a1 ee 50 5e b8 f8 50 d5 d4 45 8e 2c 0b 0c e4 59 92 19 37 04 69 84 a6 05 37 86 b2 3a 42 05 80 ef 78 01 22 ae 10 6c fd d7 62 21 6b db c8 fe 82 90 2a 1b 15 fd b6 d8 7c fb d8 32 63 3e 00 1f c5 cc da 1f 52 5c 71 09 c9 0c 19 5e f1 1f 46 99 Data Ascii: OdiXyK\Y&^W}UF"%X3,&gLJXNPY,gV=rLjR@e8'%yVbXg2S=t%$llT$3h\|hX^Yz"+j4cH1P^PE,Y7i7:Bx"lb!k*\|2c>R\q^F
2024-12-31 18:37:27 UTC	4151	IN	Data Raw: 7c d8 89 47 57 33 fa 46 10 7f a1 d1 fe 65 31 c1 f4 c5 08 81 16 57 f0 f7 9b 6c 8e 9c a5 fa 04 7f 03 03 83 bf b1 91 06 e4 45 32 bb 66 e8 33 f1 09 4d 64 63 6e a4 9c 98 cd 14 dc ce 35 37 b4 a8 e7 dc d6 bc a0 30 d3 d4 62 c5 5f d0 aa 4c 84 a6 e5 27 b6 df dc 54 99 f7 c9 a5 fa 9a f7 71 65 f0 b8 a3 98 54 13 41 96 68 fd 4f 41 94 af 85 ff a3 08 03 5e 57 08 06 09 30 7a 4f 61 db 21 1f b4 c3 b3 55 68 44 75 fc f8 31 33 b4 12 71 1c 54 f4 5c 49 20 1e 0c 6b bd d0 69 93 a7 2c 78 e1 20 2f 26 c5 bc b0 5b 61 5d f5 d7 81 57 e2 5a 31 dd ff e9 fd 3f 4b 66 23 cd fa ff 94 d0 76 e7 5f f2 da bf e4 b5 7f c9 6b 1c c8 e6 9f 27 b0 09 11 2a 62 81 68 cc c2 d6 ce 7c be 46 66 b3 aa 78 85 36 0b cc ff a0 d8 76 b0 4e 68 c3 4e 72 0f ff af 10 db 10 69 0a e5 ff 92 db fe af 96 db c4 c6 fa 2f c1 ed Data Ascii: \|GW3Fe1WlE2f3Mdcn570b_L'TqeTAhOA^W0zOa!UhDu13qT\I ki,x /&[a]WZ1?Kf#v_k'*bh\|Ffx6vNhNri/
2024-12-31 18:37:27 UTC	8192	IN	Data Raw: 83 5c cb df 30 bf 7a c1 ba c4 49 f6 4b da 6e 7c 03 09 bc 4f 86 c9 ac dc 76 f9 0a e3 ee 1e 9f 2d f7 f6 e4 17 00 cd 96 cb cc 5a ce 9b 57 4f 4e 56 58 c0 f9 e5 23 e8 23 fe 27 15 af c4 67 83 64 70 1e 27 51 67 14 c3 9e a6 b4 26 6f 89 12 c3 b0 f5 6c 25 e2 c1 bc 9f 5f 4f c8 14 4c 2e f6 79 32 c2 9d ef 58 7d d9 61 0c fb 92 8e 3b b2 25 5e 85 f2 17 ae aa bd 3d 3a 0f 05 8f df 3c fd 19 68 9a e4 e1 51 ef 8a a2 85 b0 0e 30 49 eb 6a b2 98 17 68 be 78 93 77 63 13 d6 a0 d0 bf 71 0e f9 21 02 0f 9d 3f 8c ef 53 65 fd ec 0d 50 33 ae 1b 84 42 b4 19 22 ac 46 36 00 e5 dc d5 6a 2b e4 64 8c 9c 71 9c 1e a7 6a 14 0a 0f bb b0 2f 8f ed 31 89 89 31 38 31 cc 11 4e 8d 4e 80 63 d7 2d 70 ad b1 c9 26 ee c1 8f 1f 5e bd 84 ef 4e 62 71 c2 c4 e0 6c 80 99 fd d8 ce 3e 1c 14 3a 89 58 e1 e1 76 08 10 Data Ascii: \0zIKn\|Ov-ZWONVX##'gdp'Qg&ol%_OL.y2X}a;%^=:<hQ0Ijhxwcq!?SeP3B"F6j+dqj/1181NNc-p&^Nbql>:Xv
2024-12-31 18:37:27 UTC	1689	IN	Data Raw: 04 89 6a df ac dc 63 ef 6c 23 8c fb d7 23 1b eb 1a 8d e6 3b 0d 04 06 61 98 89 d6 d8 91 51 3c e7 b7 d3 a8 a9 3d bb 54 0d f8 25 8b cb 24 db 2b 51 d8 03 c1 84 10 11 5c f8 fb 8c fd 10 16 a4 d1 38 be c0 19 40 f6 41 93 39 e6 77 21 a1 c9 cd eb 2d 93 eb 0d be f4 fa 81 1f d6 ca 89 b2 70 e5 1f a1 17 37 bb 99 92 1c b2 5e ee 88 d5 59 1f d2 b0 9b c3 07 c0 1b 96 cb e1 c3 f8 3e fe 3b 96 6c 82 ec f0 61 bf 19 6f 35 80 db 71 09 7a ce d0 58 fa 43 58 fa 99 67 e9 8b 34 75 49 55 0e 14 05 4a c3 5a 20 bc 32 be 05 b7 16 24 b2 b1 8a dd 61 c9 c8 d7 21 c2 ed 57 54 46 41 00 ff 87 62 60 f2 7a a5 5d 28 fa 38 42 25 09 46 8e 80 59 cb 61 3d d4 40 4c 99 e5 61 a8 5f 39 74 5c f3 d3 d0 79 58 10 c5 33 7a 06 0d 37 09 96 6b 3f ce d9 48 4f 9c b8 59 7c 3f 6c ef 8e 90 8a e2 83 7f 9c d6 bf eb 9c 24 Data Ascii: jcl##;aQ<=T%$+Q\8@A9w!-p7^Y>;lao5qzXCXg4uIUJZ 2$a!WTFAb`z](8B%FYa=@La_9t\yX3z7k?HOY\|?l$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49719	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:27 UTC	494	OUT	GET /WebResource.axd?d=htsGRXHb0aH4KsVP0DRpyGXPjV9R2bs7vicPp4bSVQ59Ictux-7gUy7F1mmlD_xPX5XTow2RvXzpOCPd_HF4bv29mc8DT2UAgthqE5nRRTM1&t=638661570537377670 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:27 UTC	757	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 23063 Content-Type: application/x-javascript Expires: Wed, 31 Dec 2025 17:09:34 GMT Last-Modified: Sat, 02 Nov 2024 22:10:53 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,82,439105,0,243366,27 X-AspNet-Version: 4.0.30319 SPRequestDuration: 7 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 6C4727BB454F4E938102CA7AE472C677 Ref B: EWR311000103021 Ref C: 2024-12-31T18:37:27Z Date: Tue, 31 Dec 2024 18:37:26 GMT Connection: close
2024-12-31 18:37:27 UTC	1345	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c Data Ascii: function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.val
2024-12-31 18:37:27 UTC	8192	IN	Data Raw: 20 28 61 63 74 69 76 65 20 21 3d 20 6e 75 6c 6c 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 61 63 74 69 76 65 2e 69 64 29 20 21 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 26 26 20 28 61 63 74 69 76 65 2e 69 64 20 21 3d 20 6e 75 6c 6c 29 20 26 26 20 28 61 63 74 69 76 65 2e 69 64 2e 6c 65 6e 67 74 68 20 3e 20 30 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 61 73 74 46 6f 63 75 73 2e 76 61 6c 75 65 20 3d 20 61 63 74 69 76 65 2e 69 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 6c 73 65 20 69 66 20 Data Ascii: (active != null)) { if ((typeof(active.id) != "undefined") && (active.id != null) && (active.id.length > 0)) { lastFocus.value = active.id; } else if
2024-12-31 18:37:27 UTC	6212	IN	Data Raw: 61 6c 6c 62 61 63 6b 28 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 72 65 73 70 6f 6e 73 65 20 3d 20 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 78 6d 6c 52 65 71 75 65 73 74 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 3b 0d 0a 20 20 20 20 69 66 20 28 72 65 73 70 6f 6e 73 65 2e 63 68 61 72 41 74 28 30 29 20 3d 3d 20 22 73 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 65 76 65 6e 74 43 61 6c 6c 62 61 63 6b 29 20 21 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 26 26 20 28 63 61 6c 6c 62 61 63 6b 4f 62 6a 65 63 74 2e 65 76 65 6e 74 43 61 6c 6c 62 61 63 6b 20 21 3d 20 6e 75 6c 6c 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 Data Ascii: allback(callbackObject) { var response = callbackObject.xmlRequest.responseText; if (response.charAt(0) == "s") { if ((typeof(callbackObject.eventCallback) != "undefined") && (callbackObject.eventCallback != null)) { callba
2024-12-31 18:37:27 UTC	7314	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 72 Data Ascii: defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__nonMSDOMBrowser

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49728	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:28 UTC	725	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:28 UTC	732	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Thu, 19 Dec 2024 04:25:08 GMT Accept-Ranges: bytes ETag: "c38b4efccd51db1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,27,24277,0,496310,7 SPRequestDuration: 9 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 968AD74605F94565A30A06DD00074F63 Ref B: EWR311000104047 Ref C: 2024-12-31T18:37:28Z Date: Tue, 31 Dec 2024 18:37:27 GMT Connection: close
2024-12-31 18:37:28 UTC	531	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-12-31 18:37:28 UTC	7355	IN	Data Raw: c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ef d0 c6 37 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 60 d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a6 9e 2c 80 a6 9e 2c ff a6 9e 2c ff a6 9e 2c ff Data Ascii: 77777777777`7777777777777`,,,,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49731	13.107.136.10	443	7052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 18:37:28 UTC	384	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: ocemt-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 18:37:28 UTC	731	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Thu, 19 Dec 2024 04:25:08 GMT Accept-Ranges: bytes ETag: "c38b4efccd51db1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,32609,0,91368,6 SPRequestDuration: 11 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25520 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 5099336986974F09A79743DD627EA987 Ref B: EWR311000108049 Ref C: 2024-12-31T18:37:28Z Date: Tue, 31 Dec 2024 18:37:28 GMT Connection: close
2024-12-31 18:37:28 UTC	1454	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-12-31 18:37:28 UTC	6432	IN	Data Raw: d0 c6 37 ff b0 a8 23 ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a 60 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff da d8 b0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff d2 d1 a1 ff 8f 8b 13 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 78 72 1f ff bb b2 31 ff d0 c6 37 ff d0 c6 37 ff b3 ab 25 ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a af 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff ff ff ff ff f8 f7 ef ff e1 e0 c0 ff e1 e0 c0 ff ff ff ff ff ff ff ff ff d2 d1 a1 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 78 72 1f ff bb b2 31 ff c1 b9 2e ff aa a3 1f Data Ascii: 7#`xr177%xr1.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6308, Parent PID: 5732

General

Target ID:	0
Start time:	13:37:21
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7052, Parent PID: 6308

General

Target ID:	1
Start time:	13:37:21
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,18307352361888370640,11174853973299101979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6592, Parent PID: 5732

General

Target ID:	2
Start time:	13:37:22
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Windows Analysis Report
https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9