Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx

Overview

General Information

Sample URL:https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx
Analysis ID:1603391
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1884,i,2288904301233590474,17443255733087035922,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166HTTP Parser: No favicon
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: whbsales-my.sharepoint.com to https://login.microsoftonline.com:443/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5fid=00000003%2d0000%2d0ff1%2dce00%2d000000000000&response%5fmode=form%5fpost&response%5ftype=code%20id%5ftoken&resource=00000003%2d0000%2d0ff1%2dce00%2d000000000000&scope=openid&nonce=054e8d02484e9caed741b6d25b550badc7c0aca09321024c%2d3c6cb97847ab0d74056f61a006180600f238ada2831e4867c6937bcf7e88c6e8&redirect%5furi=https%3a%2f%2fwhbsales%2dmy%2esharepoint%2ecom%2f%5fforms%2fdefault%2easpx&state=od0w&claims=%7b%22id%5ftoken%22%3a%7b%22xms%5fcc%22%3a%7b%22values%22%3a%5b%22cp1%22%5d%7d%7d%7d&wsucxt=1&cobrandid=11bd8083%2d87e0%2d41b5%2dbb78%2d0bc43c8a8e8a&client%2drequest%2did=53b77ca1%2d1078%2d0000%2d6b9e%2d2c120aeda166
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /personal/bparker_whbsales_com/Documents/Forms/All.aspx HTTP/1.1Host: whbsales-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /personal/bparker_whbsales_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fbparker%5Fwhbsales%5Fcom%2FDocuments%2FForms%2FAll%2Easpx HTTP/1.1Host: whbsales-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2fpersonal%2fbparker_whbsales_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fbparker%255Fwhbsales%255Fcom%252FDocuments%252FForms%252FAll%252Easpx&Source=cookie HTTP/1.1Host: whbsales-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRnBlcnNvbmFsJTJGYnBhcmtlciU1RndoYnNhbGVzJTVGY29tJTJGRG9jdW1lbnRzJTJGRm9ybXMlMkZBbGwlMkVhc3B4
Source: global trafficHTTP traffic detected: GET /10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; fpc=As_Z5QocYB9Lp7PEewFyxtw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJRmwN-5XvG00jdPNJrXHm7Bh10Y5UQJtLUylZlbPcWAA1w23A54fPpVcM2vz5T1ua7_hYcWJAiNzU7InKb7BPmYBOsK0ZCVmOdch_v1ZfS5o17jgvvSCfhvqyK0YvbNyD0u6A6fV7-akEYJVPWfzy-if2GDBykNIHRxJ4gM6tW0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; fpc=As_Z5QocYB9Lp7PEewFyxtw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJRmwN-5XvG00jdPNJrXHm7Bh10Y5UQJtLUylZlbPcWAA1w23A54fPpVcM2vz5T1ua7_hYcWJAiNzU7InKb7BPmYBOsK0ZCVmOdch_v1ZfS5o17jgvvSCfhvqyK0YvbNyD0u6A6fV7-akEYJVPWfzy-if2GDBykNIHRxJ4gM6tW0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global trafficHTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVgAidjHEBLblUKXQ2lFZ8vcuwMAAAAAAPEPzgAAAAAAAABYAABYAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEcyH5sqGH29XxcT4v6iz4UKMgc5dccLWpVZs2PGo410byvv2A37utv_i8EnPSuwNlSRNwasohawt-bb4G-p19EAa0CDOa7fMnAUUBxWXYCP8gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE9lo4iUg5qrjAmfTbKfBO5LEzE3qlQhblXp6-Jci2HjbIXjsSJDEbQX-MaFBrYM4Wdc4GnjpwJA2BGyo8V-8hLSDyiTg-GvNJqcFrSPs2-o5bQMEhjx2kyeW8hLwrKxrBVAq099MjUkjSRXFqsHqfnSAzRqM2SptDdd6tV4M4f2QgAA; esctx-rEnnlaXcSI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEZs_zk48pgxMUFft9Vm0zl3HQ1z8qbmbosVzOuiInyp7N11rV7Y0Gd4zdd46N1a1TwTHSiRyuZThOVJHVGkzqonj_PjmPBhMQUhSQrPv01UF_Yh06e14OL0EWIZn-34i6Qu8BJsFSWOL62VMNj9bUQCAA; fpc=As_Z5QocYB9Lp7PEewFyxtwZi2-iAQAAAPfwLd8OAAAA; MicrosoftApplicationsTelemetryDeviceId=89d54e5f-e075-4764-94f9-9976aecc5c19; brcap=0
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: whbsales-my.sharepoint.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: unknownHTTP traffic detected: POST /api/report?catId=GW+estsfd+ams2 HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 1125Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6a88bbea-9086-4ca8-9864-067696c59400x-ms-ests-server: 2.1.19899.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-F-PnDHizlo68Rq8W0GLxKQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Thu, 30 Jan 2025 22:15:18 GMTConnection: closeContent-Length: 0
Source: chromecache_60.2.drString found in binary or memory: https://login.microsoftonline.com
Source: chromecache_60.2.drString found in binary or memory: https://login.windows-ppe.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: classification engineClassification label: clean1.win@17/43@14/8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1884,i,2288904301233590474,17443255733087035922,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1884,i,2288904301233590474,17443255733087035922,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1603391 URL: https:/whbsales-my.sharepoi... Startdate: 30/01/2025 Architecture: WINDOWS Score: 1 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49564 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 dual-spo-0005.spo-msedge.net 13.107.136.10, 443, 49740, 49741 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->17 19 20.190.160.131, 443, 49786 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->19 21 22 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx0%Avira URL Cloudsafe
https://whbsales-my.sharepoint.com/personal/bparker_whbsales_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fbparker%5Fwhbsales%5Fcom%2FDocuments%2FForms%2FAll%2Easpx0%Avira URL Cloudsafe
https://whbsales-my.sharepoint.com/_forms/default.aspx?ReturnUrl=%2fpersonal%2fbparker_whbsales_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fbparker%255Fwhbsales%255Fcom%252FDocuments%252FForms%252FAll%252Easpx&Source=cookie0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.tm.ak.prd.aadg.trafficmanager.net
20.190.160.3
truefalse
    		high
    dual-spo-0005.spo-msedge.net
    		13.107.136.10
    		truefalse
      		high
      e329293.dscd.akamaiedge.net
      		2.23.209.25
      		truefalse
        		high
        s-part-0017.t-0009.t-msedge.net
        		13.107.246.45
        		truefalse
          		high
          www.google.com
          		216.58.206.68
          		truefalse
            		high
            a1894.dscb.akamai.net
            		2.19.11.102
            		truefalse
              		high
              whbsales-my.sharepoint.com
              		unknown
              		unknownfalse
                		unknown
                identity.nel.measure.office.net
                		unknown
                		unknownfalse
                  		high
                  aadcdn.msftauth.net
                  		unknown
                  		unknownfalse
                    		high
                    login.microsoftonline.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspxfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://login.microsoftonline.com/common/GetCredentialType?mkt=en-USfalse
                        		high
                        https://whbsales-my.sharepoint.com/_forms/default.aspx?ReturnUrl=%2fpersonal%2fbparker_whbsales_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fbparker%255Fwhbsales%255Fcom%252FDocuments%252FForms%252FAll%252Easpx&Source=cookiefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2false
                          		high
                          https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166false
                            		high
                            https://whbsales-my.sharepoint.com/personal/bparker_whbsales_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fbparker%5Fwhbsales%5Fcom%2FDocuments%2FForms%2FAll%2Easpxfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://login.microsoftonline.com/favicon.icofalse
                              		high
                              https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=truefalse
                                		high
                                NameSourceMaliciousAntivirus DetectionReputation
                                https://login.microsoftonline.comchromecache_60.2.drfalse
                                  		high
                                  https://login.windows-ppe.netchromecache_60.2.drfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    20.190.160.3
                                    		www.tm.ak.prd.aadg.trafficmanager.netUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    13.107.136.10
                                    		dual-spo-0005.spo-msedge.netUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    2.19.11.117
                                    		unknownEuropean Union
                                    		719ELISA-ASHelsinkiFinlandEUfalse
                                    216.58.206.68
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    2.19.11.102
                                    		a1894.dscb.akamai.netEuropean Union
                                    		719ELISA-ASHelsinkiFinlandEUfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    20.190.160.131
                                    		unknownUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                    Private

                                    IP
                                    192.168.2.4

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1603391
                                    Start date and time:2025-01-30 23:14:08 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 3m 23s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:browseurl.jbs
                                    Sample URL:https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:8
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:CLEAN
                                    Classification:clean1.win@17/43@14/8
                                    EGA Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 172.217.18.99, 142.250.185.142, 142.250.110.84, 142.250.186.174, 142.250.185.238, 216.58.212.174, 20.190.159.68, 20.190.159.75, 40.126.31.71, 40.126.31.129, 40.126.31.69, 20.190.159.73, 40.126.31.131, 40.126.31.128, 84.201.210.39, 184.30.131.245, 142.250.74.202, 142.250.181.234, 172.217.16.202, 142.250.185.138, 142.250.185.202, 142.250.186.74, 142.250.186.42, 142.250.185.234, 172.217.23.106, 142.250.185.106, 142.250.185.74, 142.250.185.170, 216.58.206.74, 172.217.18.106, 142.250.186.106, 216.58.206.42, 172.217.18.14, 142.250.186.110, 142.250.184.238, 142.250.185.78, 20.42.65.88, 52.182.143.211, 184.28.90.27, 13.107.246.45, 52.149.20.212
                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, update.googleapis.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, onedscolprdeus08.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, onedscolprdcus13.centralus.cloudapp.azure.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • VT rate limit hit for: https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    Chrome Cache Entry: 59

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
                                    Category:downloaded
                                    Size (bytes):61052
                                    Entropy (8bit):7.996159932827634
                                    Encrypted:true
                                    SSDEEP:1536:HQaq1Q7XOos5ZBIp+1Zr52IGmCJijm1qAxTe9wzf:fq1HoUBIpU5TG7JSmwuTe+b
                                    MD5:C1E82BF71ADD622AD0F3BF8572F634FC
                                    SHA1:6CA863D4CAB96669202548D301693B3F5F80B0D5
                                    SHA-256:BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
                                    SHA-512:820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                                    Preview:...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..|.-..x1.F...@...yRlG.O..5.Q.|.gy.c.^....r.EC.....xd.oL..$./..|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1.*.lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.......*..W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.

                                    Chrome Cache Entry: 60

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):3452
                                    Entropy (8bit):5.117912766689607
                                    Encrypted:false
                                    SSDEEP:96:3qO9I9Sz9KHULI5m4UidBGLosqAsosushswsosry:a2IYz95qTdBac
                                    MD5:CB06E9A552B197D5C0EA600B431A3407
                                    SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                                    SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                                    SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                                    Malicious:false
                                    Reputation:low
                                    URL:https://login.live.com/Me.htm?v=3
                                    Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                                    Chrome Cache Entry: 61

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
                                    Category:dropped
                                    Size (bytes):61052
                                    Entropy (8bit):7.996159932827634
                                    Encrypted:true
                                    SSDEEP:1536:HQaq1Q7XOos5ZBIp+1Zr52IGmCJijm1qAxTe9wzf:fq1HoUBIpU5TG7JSmwuTe+b
                                    MD5:C1E82BF71ADD622AD0F3BF8572F634FC
                                    SHA1:6CA863D4CAB96669202548D301693B3F5F80B0D5
                                    SHA-256:BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
                                    SHA-512:820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..|.-..x1.F...@...yRlG.O..5.Q.|.gy.c.^....r.EC.....xd.oL..$./..|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1.*.lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.......*..W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.

                                    Chrome Cache Entry: 62

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                    Category:downloaded
                                    Size (bytes):1435
                                    Entropy (8bit):7.8613342322590265
                                    Encrypted:false
                                    SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                    MD5:9F368BC4580FED907775F31C6B26D6CF
                                    SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                    SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                    SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                    Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                    Chrome Cache Entry: 63

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                                    Category:downloaded
                                    Size (bytes):116345
                                    Entropy (8bit):7.997378915283506
                                    Encrypted:true
                                    SSDEEP:3072:svJ27JKT4KNXDBEeFUNHE/7SVxX7RLTMMqfC4:L7KPDBEeF2HE+J5AMqfC4
                                    MD5:7570EB58C2BCE45B24EA431EB15D27B5
                                    SHA1:0DE0A6616E6BF7B045CFC456E4E3DF6760617CFA
                                    SHA-256:5AEE6747482DFC52A669CAED6BE1B9319536AC9514C2D7354B879F093ABB212A
                                    SHA-512:696D4C3765DA2936461D15C89A41F98EDED30F202C422143D921D6096D7DD6456479F48B1065398323F7DFE60B5D3452B0C3C67DD01EE041E51CFBCA9125D86D
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_510f960da65b56e0607c.js
                                    Preview:...........k{.H.(.}............'qz<..>.3==..G..(..../m..]kU.T......|x....T.Z...O....T.........e..]../'.o+gp.k.........F....+#..+.{..|X..J.U.`.F.0...W..7.Ie...J2.Y.~.$.L.8....$...P]4..yQ.P99..P?....?........I%....+^0..&p..2..<........Da...J....F.9<.7.*^.+1O*.0J..........h1....[....h..............u".....C%.+..\.>....T`.1....... i......8.TB(.Uh.b.{...@<y..D^.S.....n".<H.L..O..*.t........p6..\[...yCm.J.k.....b..vg....-.j.$........1....p~3.b.....n....[_c..{1WN.l~.=...........?......S.}U..g.......t..../...........|.+...-y.X\...l.....>;."....ye.\.....h..p.f.8...[/..nd.,..O.b>.6-......c7.}.yp.c5.R6p..E...z3.......y7.d.M..K...n.h...OX.&..d.[/...ng.S.Ae..D<.GAe..&.^7......'..b...#..X..q....O.~W.M3.+b..m.>&^t.O..I.LU.;..a....&.k.$...{.{.^.....3OX.Oy8O...f.%..o..]..9....Ln-...'.....A.3y..v=l....G......i..../...--k...p..m..Y........XV...i.......;.o..zyc@..MLoy.b_.,.....5..w=..#.^..M.P.'<_.j...m..|......0...w../...>\...l.>.....h...q>.w...ZM[...

                                    Chrome Cache Entry: 64

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                    Category:dropped
                                    Size (bytes):1435
                                    Entropy (8bit):7.8613342322590265
                                    Encrypted:false
                                    SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                    MD5:9F368BC4580FED907775F31C6B26D6CF
                                    SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                    SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                    SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                    Chrome Cache Entry: 65

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                                    Category:dropped
                                    Size (bytes):116345
                                    Entropy (8bit):7.997378915283506
                                    Encrypted:true
                                    SSDEEP:3072:svJ27JKT4KNXDBEeFUNHE/7SVxX7RLTMMqfC4:L7KPDBEeF2HE+J5AMqfC4
                                    MD5:7570EB58C2BCE45B24EA431EB15D27B5
                                    SHA1:0DE0A6616E6BF7B045CFC456E4E3DF6760617CFA
                                    SHA-256:5AEE6747482DFC52A669CAED6BE1B9319536AC9514C2D7354B879F093ABB212A
                                    SHA-512:696D4C3765DA2936461D15C89A41F98EDED30F202C422143D921D6096D7DD6456479F48B1065398323F7DFE60B5D3452B0C3C67DD01EE041E51CFBCA9125D86D
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........k{.H.(.}............'qz<..>.3==..G..(..../m..]kU.T......|x....T.Z...O....T.........e..]../'.o+gp.k.........F....+#..+.{..|X..J.U.`.F.0...W..7.Ie...J2.Y.~.$.L.8....$...P]4..yQ.P99..P?....?........I%....+^0..&p..2..<........Da...J....F.9<.7.*^.+1O*.0J..........h1....[....h..............u".....C%.+..\.>....T`.1....... i......8.TB(.Uh.b.{...@<y..D^.S.....n".<H.L..O..*.t........p6..\[...yCm.J.k.....b..vg....-.j.$........1....p~3.b.....n....[_c..{1WN.l~.=...........?......S.}U..g.......t..../...........|.+...-y.X\...l.....>;."....ye.\.....h..p.f.8...[/..nd.,..O.b>.6-......c7.}.yp.c5.R6p..E...z3.......y7.d.M..K...n.h...OX.&..d.[/...ng.S.Ae..D<.GAe..&.^7......'..b...#..X..q....O.~W.M3.+b..m.>&^t.O..I.LU.;..a....&.k.$...{.{.^.....3OX.Oy8O...f.%..o..]..9....Ln-...'.....A.3y..v=l....G......i..../...--k...p..m..Y........XV...i.......;.o..zyc@..MLoy.b_.,.....5..w=..#.^..M.P.'<_.j...m..|......0...w../...>\...l.>.....h...q>.w...ZM[...

                                    Chrome Cache Entry: 66

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57678
                                    Category:downloaded
                                    Size (bytes):16378
                                    Entropy (8bit):7.986541062710992
                                    Encrypted:false
                                    SSDEEP:384:hOBEj/gTOkWow647Z1Y8hyJavTiIQslkHC:hOBKJB11Y8heariIQ8ki
                                    MD5:FC8A7FB6FB26ADEB81D76A33DA13B815
                                    SHA1:ADEF9857A4FC698836B613252AE8B1FC0EC199DE
                                    SHA-256:A3D6351A6E93FC23C2A3ABFFCBDC847D42B8781DBFFBCCEEF4FEF72E0D5D4A14
                                    SHA-512:DE70865494E5D2A32353614CC7D8305CAA83E1605F6BF03C58DD6E19D92FDE8B33B3E26ED3A65D739DEA20984130D39B6E43641B04918CC906DEC17E51B0D582
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_v20ia-gahguvu2fgvxamhg2.js
                                    Preview:...........}Ms#.......\.@..'F.........3RH2....~......Q.x7...}..'.}..?e#...QU]....Vo..................?........w!......=.G...P.../......8z....q._5....g..}g..31......l*...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.p>.....7.....4....Z,&c.)n.[.pcQp...4...&...i.............CkL=.....g..m&vG..p... ....:N`y...ea.,....[......^.../D#(y.....l4.n..,.=_.p2P.....A,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.|..........JAs.j......?.)..t.z.-..m.]..3y...3@...'.)...Aa..1.kQ.....l+.....-q..n.p..{^...$..{/...=a..A...4.VH}..SBwju......S..hN.P..-..O,..S7.J,.....p.iLU.6W.....eO.7 ..C...{.E.Z...1...5s.!uY...@^. ,D".N.E......5.NE..\...VQa.A7..X.B..{.q..Ra..S....x(x7.Cp.#.#..:.......D..`,!IGr.. ...z.?.._0O.......;..0.z.h....5.../...q..5.|..B.OY..k...].Sw.>.".@..!.9.V|...=.dv.3!sr.....#...X8s.w.|7..O/....!.."...3.."D..)...[........!^....3(..{...F2'..q.....x........

                                    Chrome Cache Entry: 67

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                    Category:downloaded
                                    Size (bytes):621
                                    Entropy (8bit):7.673946009263606
                                    Encrypted:false
                                    SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                    MD5:4761405717E938D7E7400BB15715DB1E
                                    SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                    SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                    SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                    Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                    Chrome Cache Entry: 68

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):96
                                    Entropy (8bit):5.218997042938778
                                    Encrypted:false
                                    SSDEEP:3:iuh72iczBra82yFsJFouMo+q6mgqWd6Nk:NciczBdTFsJFoM+q62Nk
                                    MD5:9872BE83FA60DA999B65A3BD481731D3
                                    SHA1:B59A8688C6A0D5311C6410A0D91537084E148F2D
                                    SHA-256:5DEE42A8D755847C0813D4E5F033F51197B20DD3C6C2EE4FBE31FD27B2F593D3
                                    SHA-512:53E947C87386ECF19E3B36E3F292A9757911F0F8B02FE36DDFC0DD74A3C784D97B15066AB4895EA694F66792A8C7CF525F59A03868FF5D5F0C3B5203D34C5F7D
                                    Malicious:false
                                    Reputation:low
                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                                    Preview:CkYKDQ3RW1FSGgQIVhgCIAEKNQ1Xevf9GgQISxgCKigIClIkChpAISMuKiQtXyslJj8vPV4pKCw6O348JyJcXRABGP////8P

                                    Chrome Cache Entry: 69

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                    Category:dropped
                                    Size (bytes):621
                                    Entropy (8bit):7.673946009263606
                                    Encrypted:false
                                    SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                    MD5:4761405717E938D7E7400BB15715DB1E
                                    SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                    SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                    SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                    Malicious:false
                                    Reputation:low
                                    Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                    Chrome Cache Entry: 70

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:dropped
                                    Size (bytes):3620
                                    Entropy (8bit):6.867828878374734
                                    Encrypted:false
                                    SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                    MD5:B540A8E518037192E32C4FE58BF2DBAB
                                    SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                    SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                    SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                    Malicious:false
                                    Reputation:low
                                    Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                    Chrome Cache Entry: 71

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                                    Category:dropped
                                    Size (bytes):35170
                                    Entropy (8bit):7.993096534744333
                                    Encrypted:true
                                    SSDEEP:768:K+LvEzA9nny7u0zF35Hm4ngomu6yeLDKDnccqmcmHvVVPCLVf:ny7f5GpuheL4htv3Pkf
                                    MD5:171A4DD9400708B88724B57D62B24A6A
                                    SHA1:9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37
                                    SHA-256:EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
                                    SHA-512:5B13B63912B34E3EEEDD8DA5953B869A83DF82FFD2A8D737AA81DC984F1811800A534F340C48041DA803C25B6B8F5605EA8D003B6A09A1874408F95A710F5126
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:....r..._........,...A........z.....|..t.. [.C.....{...~..c......ua...~.v<.I..P#._{{}._.......Km...eR....u?GY..h..}..gAv...<.l.Z...#.....:P?Q..."..........,.D...I<._.'..-..=..;.>.C_..#.....D[0.Y..*...M.....{.YT,...x..SQ/......N<`...|._.k....0)......+.Z..4...M. ...i...`.ml..-X.E.....d.. .}.e4.{6hz^..}....@....W.1...d8...>.@.....(.'[..`..A..?...yL.|..QTF...-.='S@.Q.sM.`...}.t..$..y^..0J.kC.S...U.

                                    Chrome Cache Entry: 72

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                    Category:downloaded
                                    Size (bytes):17174
                                    Entropy (8bit):2.9129715116732746
                                    Encrypted:false
                                    SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                    MD5:12E3DAC858061D088023B2BD48E2FA96
                                    SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                    SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                    SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                    Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                    Chrome Cache Entry: 73

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 454821
                                    Category:downloaded
                                    Size (bytes):122725
                                    Entropy (8bit):7.997347629519925
                                    Encrypted:true
                                    SSDEEP:3072:aVYOI2atrRjlmfTIbRTQCjqYgXyIq40z3b335DfGZkbGft:JrFRxZQCqYgXytzIWGft
                                    MD5:9CDA699A84CA8729FAF194B8EFDDF6C0
                                    SHA1:804F83F5225243951178A1F785AF2B897B87ACA5
                                    SHA-256:A7C6A8173409765CFCAA6925CBF2CA7732ECC5B353FC8274746FA4BF4A1CABC4
                                    SHA-512:FA7A94976304C486A8A20C0672C8B4DEE5532099434B475B36C230498DB14DE99596B54AE95A2C9D2601EABCCDCDEE4DF5A1B21231F18E6EAD9AD453120588EB
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_n7VKwtWYm2mBLcIKAZfQlw2.js
                                    Preview:...........}[.8......\&.L.....M..f...@......V....../'d?...$..........mb..V*..J............2..]]W.'...WG.K............`.....~\..SV..#'f^%.*aT..7..a.$,.....w..q..*.....O.&qe......i.\.Bu.W.t..rzY.C..j.'~...p.....J.&..*N.QmS..bVY...*....P9..(..qR....'h$^@z....D....2.....^."..5.fx.1.C.|.*..@._...b....4....k].DZ..7.J.V^..}6.?.T.o......:.p.zn.1.....i%..B.....2..x.Z.DN.(....9..................^aq...l.sK.?.1.K2.T...Q.3.T....5..Y.Y.I2....&~....p.......C..G........?c^....\.F..Q8s.@.u.b.4..K...`_.....q|q.?]..<>l........R...........u_.....#.c..m.}{w....,.$....N....N..p..a..0y........@..1.].......m....v..E.P..h.....8..$@....]UFz.UV.mrgG.O.j.=..+{Zs..?N..jm%.h/W.c/.-.X..h........w..%.(...:.),...J.d/}+....Lk.Z..B..Q..YVO..wX....edi....e.#?.....".U.q-..J....h4..m....i}....[..+.z.E.<mC..]X.N..4.^.....*...,..j..;.).j...N..G....X7k..@L.L...h-.p..%R?.>e.......3.O_.....T$.C..~|)...U..!.k1=...)Y! )..;.Y.#%......{.K..?0.s_oo..%.S.i...kgr..XUC ...M.yJ.......

                                    Chrome Cache Entry: 74

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 454821
                                    Category:dropped
                                    Size (bytes):122725
                                    Entropy (8bit):7.997347629519925
                                    Encrypted:true
                                    SSDEEP:3072:aVYOI2atrRjlmfTIbRTQCjqYgXyIq40z3b335DfGZkbGft:JrFRxZQCqYgXytzIWGft
                                    MD5:9CDA699A84CA8729FAF194B8EFDDF6C0
                                    SHA1:804F83F5225243951178A1F785AF2B897B87ACA5
                                    SHA-256:A7C6A8173409765CFCAA6925CBF2CA7732ECC5B353FC8274746FA4BF4A1CABC4
                                    SHA-512:FA7A94976304C486A8A20C0672C8B4DEE5532099434B475B36C230498DB14DE99596B54AE95A2C9D2601EABCCDCDEE4DF5A1B21231F18E6EAD9AD453120588EB
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........}[.8......\&.L.....M..f...@......V....../'d?...$..........mb..V*..J............2..]]W.'...WG.K............`.....~\..SV..#'f^%.*aT..7..a.$,.....w..q..*.....O.&qe......i.\.Bu.W.t..rzY.C..j.'~...p.....J.&..*N.QmS..bVY...*....P9..(..qR....'h$^@z....D....2.....^."..5.fx.1.C.|.*..@._...b....4....k].DZ..7.J.V^..}6.?.T.o......:.p.zn.1.....i%..B.....2..x.Z.DN.(....9..................^aq...l.sK.?.1.K2.T...Q.3.T....5..Y.Y.I2....&~....p.......C..G........?c^....\.F..Q8s.@.u.b.4..K...`_.....q|q.?]..<>l........R...........u_.....#.c..m.}{w....,.$....N....N..p..a..0y........@..1.].......m....v..E.P..h.....8..$@....]UFz.UV.mrgG.O.j.=..+{Zs..?N..jm%.h/W.c/.-.X..h........w..%.(...:.),...J.d/}+....Lk.Z..B..Q..YVO..wX....edi....e.#?.....".U.q-..J....h4..m....i}....[..+.z.E.<mC..]X.N..4.^.....*...,..j..;.).j...N..G....X7k..@L.L...h-.p..%R?.>e.......3.O_.....T$.C..~|)...U..!.k1=...)Y! )..;.Y.#%......{.K..?0.s_oo..%.S.i...kgr..XUC ...M.yJ.......

                                    Chrome Cache Entry: 75

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                    Category:downloaded
                                    Size (bytes):673
                                    Entropy (8bit):7.6596900876595075
                                    Encrypted:false
                                    SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                                    MD5:0E176276362B94279A4492511BFCBD98
                                    SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                    SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                    SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
                                    Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                    Chrome Cache Entry: 76

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:dropped
                                    Size (bytes):2672
                                    Entropy (8bit):6.640973516071413
                                    Encrypted:false
                                    SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                    MD5:166DE53471265253AB3A456DEFE6DA23
                                    SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                    SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                    SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                    Malicious:false
                                    Reputation:low
                                    Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                    Chrome Cache Entry: 77

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):72
                                    Entropy (8bit):4.241202481433726
                                    Encrypted:false
                                    SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                    MD5:9E576E34B18E986347909C29AE6A82C6
                                    SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                    SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                    SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                    Malicious:false
                                    Reputation:low
                                    Preview:{"Message":"The requested resource does not support http method 'GET'."}

                                    Chrome Cache Entry: 78

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142534
                                    Category:dropped
                                    Size (bytes):49954
                                    Entropy (8bit):7.99493321471063
                                    Encrypted:true
                                    SSDEEP:1536:vr2T/4LxF17O6lJgX3ys65sBcY++i0RumwzV:Cz4LL1imP56m+i+umwzV
                                    MD5:E16AC075AC754DBD1CF969508220E30D
                                    SHA1:69A91FF7A1C044231D6D28B4DD4C6AD3D34F2A50
                                    SHA-256:E8AC3DCEF9E67CC776542A40C71B719D41668DF41D294C1A49A5AD23C5A5B5EC
                                    SHA-512:12C4E6E5BD999E7BF431DCA707DA4BB5193D2795DD139DCAFC38CAFA757A88F75068D3F2821840068247B9F6CFB55178EF223CDB3349444E622EA4A8E69700A6
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........m[.8.0........OL....;w.....a.....\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De.._.8.+S?N..HL..J......%O..S........(=.gO.|.T.0......6.. ..y....x..*..8..p.T"1...|$.Cz..V.D%.Ie.F....^."..5....c...?..T8..._..b.gs.4....S]kDZ..7.J.V..l}..?.....c...g.A...8.......8.VB..*....^..f..O.*... ...`...H.{.$. OP..S..AC.gVE.I8..).-U.....R...A..%.T[...Fc{..49..If...y.'w.Q}..oz..v.....W...pp..%..G.+.r:.A.*.....[.:..s.?U......_............k.y0.U....+I5..0.>.Q%.".w.....O....5w..;.;.>..mr.k53r.......k.0.I.<.D......d&...c..jhE..zx.]....y|W....i...`.. .k.P...@.Uq.\;..1............z|.O..Y5..........XtR,....R...k3..<.*.\.2.>.;T..$...kj.5-.i?/..YH`!jb..Z..=.&.L..F...([..y....K5pzQ.>i.1.......0..P...@...L.".n.x..Cj?..w.:+...n..4..H.. .*....S.....h*....8....v.l.[M.0..q..c;.....0*..*.8.......l.TM..n "..km..S.<.T..].k.+1.....P.V...4-W.C....0-/.S;.w......K.z+...DZ....=q.E.@ .Dv.z...@.d.#tE...

                                    Chrome Cache Entry: 79

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                                    Category:downloaded
                                    Size (bytes):20410
                                    Entropy (8bit):7.980582012022051
                                    Encrypted:false
                                    SSDEEP:384:8RvmaMFysnOXZ2m9zM+udO6GGUpeAU02oDGnN5EsQwWUQGTS8r2k:8pmm7ZFM+ObGGUIjN5PJV3Tp
                                    MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                                    SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                                    SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                                    SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                    Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                                    Chrome Cache Entry: 80

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:downloaded
                                    Size (bytes):2672
                                    Entropy (8bit):6.640973516071413
                                    Encrypted:false
                                    SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                    MD5:166DE53471265253AB3A456DEFE6DA23
                                    SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                    SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                    SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                    Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                    Chrome Cache Entry: 81

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                                    Category:downloaded
                                    Size (bytes):35170
                                    Entropy (8bit):7.993096534744333
                                    Encrypted:true
                                    SSDEEP:768:K+LvEzA9nny7u0zF35Hm4ngomu6yeLDKDnccqmcmHvVVPCLVf:ny7f5GpuheL4htv3Pkf
                                    MD5:171A4DD9400708B88724B57D62B24A6A
                                    SHA1:9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37
                                    SHA-256:EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
                                    SHA-512:5B13B63912B34E3EEEDD8DA5953B869A83DF82FFD2A8D737AA81DC984F1811800A534F340C48041DA803C25B6B8F5605EA8D003B6A09A1874408F95A710F5126
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js
                                    Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:....r..._........,...A........z.....|..t.. [.C.....{...~..c......ua...~.v<.I..P#._{{}._.......Km...eR....u?GY..h..}..gAv...<.l.Z...#.....:P?Q..."..........,.D...I<._.'..-..=..;.>.C_..#.....D[0.Y..*...M.....{.YT,...x..SQ/......N<`...|._.k....0)......+.Z..4...M. ...i...`.ml..-X.E.....d.. .}.e4.{6hz^..}....@....W.1...d8...>.@.....(.'[..`..A..?...yL.|..QTF...-.='S@.Q.sM.`...}.t..$..y^..0J.kC.S...U.

                                    Chrome Cache Entry: 82

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                    Category:dropped
                                    Size (bytes):673
                                    Entropy (8bit):7.6596900876595075
                                    Encrypted:false
                                    SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                                    MD5:0E176276362B94279A4492511BFCBD98
                                    SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                    SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                    SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                    Chrome Cache Entry: 83

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:downloaded
                                    Size (bytes):3620
                                    Entropy (8bit):6.867828878374734
                                    Encrypted:false
                                    SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                    MD5:B540A8E518037192E32C4FE58BF2DBAB
                                    SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                    SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                    SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                    Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                    Chrome Cache Entry: 84

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                    Category:dropped
                                    Size (bytes):17174
                                    Entropy (8bit):2.9129715116732746
                                    Encrypted:false
                                    SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                    MD5:12E3DAC858061D088023B2BD48E2FA96
                                    SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                    SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                    SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                    Malicious:false
                                    Reputation:low
                                    Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                    Chrome Cache Entry: 85

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57678
                                    Category:dropped
                                    Size (bytes):16378
                                    Entropy (8bit):7.986541062710992
                                    Encrypted:false
                                    SSDEEP:384:hOBEj/gTOkWow647Z1Y8hyJavTiIQslkHC:hOBKJB11Y8heariIQ8ki
                                    MD5:FC8A7FB6FB26ADEB81D76A33DA13B815
                                    SHA1:ADEF9857A4FC698836B613252AE8B1FC0EC199DE
                                    SHA-256:A3D6351A6E93FC23C2A3ABFFCBDC847D42B8781DBFFBCCEEF4FEF72E0D5D4A14
                                    SHA-512:DE70865494E5D2A32353614CC7D8305CAA83E1605F6BF03C58DD6E19D92FDE8B33B3E26ED3A65D739DEA20984130D39B6E43641B04918CC906DEC17E51B0D582
                                    Malicious:false
                                    Reputation:low
                                    Preview:...........}Ms#.......\.@..'F.........3RH2....~......Q.x7...}..'.}..?e#...QU]....Vo..................?........w!......=.G...P.../......8z....q._5....g..}g..31......l*...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.p>.....7.....4....Z,&c.)n.[.pcQp...4...&...i.............CkL=.....g..m&vG..p... ....:N`y...ea.,....[......^.../D#(y.....l4.n..,.=_.p2P.....A,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.|..........JAs.j......?.)..t.z.-..m.]..3y...3@...'.)...Aa..1.kQ.....l+.....-q..n.p..{^...$..{/...=a..A...4.VH}..SBwju......S..hN.P..-..O,..S7.J,.....p.iLU.6W.....eO.7 ..C...{.E.Z...1...5s.!uY...@^. ,D".N.E......5.NE..\...VQa.A7..X.B..{.q..Ra..S....x(x7.Cp.#.#..:.......D..`,!IGr.. ...z.?.._0O.......;..0.z.h....5.../...q..5.|..B.OY..k...].Sw.>.".@..!.9.V|...=.dv.3!sr.....#...X8s.w.|7..O/....!.."...3.."D..)...[........!^....3(..{...F2'..q.....x........

                                    Chrome Cache Entry: 86

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142534
                                    Category:downloaded
                                    Size (bytes):49954
                                    Entropy (8bit):7.99493321471063
                                    Encrypted:true
                                    SSDEEP:1536:vr2T/4LxF17O6lJgX3ys65sBcY++i0RumwzV:Cz4LL1imP56m+i+umwzV
                                    MD5:E16AC075AC754DBD1CF969508220E30D
                                    SHA1:69A91FF7A1C044231D6D28B4DD4C6AD3D34F2A50
                                    SHA-256:E8AC3DCEF9E67CC776542A40C71B719D41668DF41D294C1A49A5AD23C5A5B5EC
                                    SHA-512:12C4E6E5BD999E7BF431DCA707DA4BB5193D2795DD139DCAFC38CAFA757A88F75068D3F2821840068247B9F6CFB55178EF223CDB3349444E622EA4A8E69700A6
                                    Malicious:false
                                    Reputation:low
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js
                                    Preview:...........m[.8.0........OL....;w.....a.....\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De.._.8.+S?N..HL..J......%O..S........(=.gO.|.T.0......6.. ..y....x..*..8..p.T"1...|$.Cz..V.D%.Ie.F....^."..5....c...?..T8..._..b.gs.4....S]kDZ..7.J.V..l}..?.....c...g.A...8.......8.VB..*....^..f..O.*... ...`...H.{.$. OP..S..AC.gVE.I8..).-U.....R...A..%.T[...Fc{..49..If...y.'w.Q}..oz..v.....W...pp..%..G.+.r:.A.*.....[.:..s.?U......_............k.y0.U....+I5..0.>.Q%.".w.....O....5w..;.;.>..mr.k53r.......k.0.I.<.D......d&...c..jhE..zx.]....y|W....i...`.. .k.P...@.Uq.\;..1............z|.O..Y5..........XtR,....R...k3..<.*.\.2.>.;T..$...kj.5-.i?/..YH`!jb..Z..=.&.L..F...([..y....K5pzQ.>i.1.......0..P...@...L.".n.x..Cj?..w.:+...n..4..H.. .*....S.....h*....8....v.l.[M.0..q..c;.....0*..*.8.......l.TM..n "..km..S.<.T..].k.+1.....P.V...4-W.C....0-/.S;.w......K.z+...DZ....=q.E.@ .Dv.z...@.d.#tE...

                                    Static File Info

                                    No static file info

                                    Network Behavior

                                    Download Network PCAP: filteredfull

                                    Network Port Distribution

                                    • Total Packets: 173
                                    • 443 (HTTPS)
                                    • 80 (HTTP)
                                    • 53 (DNS)
                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 30, 2025 23:15:06.086241007 CET49675443192.168.2.4173.222.162.32
                                    Jan 30, 2025 23:15:12.594999075 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:12.595048904 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:12.595149040 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:12.595343113 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:12.595360041 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:13.241755009 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:13.243449926 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:13.243489981 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:13.244560003 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:13.244648933 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:13.245801926 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:13.245882034 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:13.287853003 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:13.287868977 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:13.334832907 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:14.060468912 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.060554981 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.060626030 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.060795069 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.060889006 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.060960054 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.060961962 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.060996056 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.061233044 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.061268091 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.640801907 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.641087055 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.641124964 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.642766953 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.642831087 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.646753073 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.646856070 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.646991014 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.647012949 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.647408962 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.647630930 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.647670031 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.649121046 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.649188042 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.649969101 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.650073051 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.695496082 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.695513010 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.695538998 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.741723061 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.817718029 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.817807913 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.817850113 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.818001032 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.818059921 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.818233967 CET49740443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.818264008 CET4434974013.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.820341110 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.863339901 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.967293024 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.967423916 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.967725039 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.968286037 CET49741443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.968338966 CET4434974113.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.971596003 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.971647978 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:14.972037077 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.972316980 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:14.972343922 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.530688047 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.530953884 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.530988932 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.532150984 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.532485008 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.532641888 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.532655001 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.532676935 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.572237015 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.710582972 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.710639954 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.710680962 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.710705996 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.710732937 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.710828066 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.710835934 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.710906029 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.711102962 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.712457895 CET49743443192.168.2.413.107.136.10
                                    Jan 30, 2025 23:15:15.712474108 CET4434974313.107.136.10192.168.2.4
                                    Jan 30, 2025 23:15:15.720676899 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:15.720768929 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:15.720990896 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:15.721184969 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:15.721214056 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:16.525291920 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:16.525650024 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:16.525669098 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:16.527089119 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:16.527168989 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:16.528397083 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:16.528465986 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:16.528650045 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:16.528657913 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:16.572921991 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.386671066 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386738062 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386784077 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.386784077 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386812925 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386848927 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.386867046 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386893988 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386938095 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.386951923 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.386976957 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.398303032 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.398396015 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.398411989 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.398746014 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:17.398819923 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.469470024 CET49744443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:17.469504118 CET4434974420.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:18.521006107 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:18.521047115 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:18.521326065 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:18.521786928 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:18.521819115 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:18.521893978 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:18.522588968 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:18.522608995 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:18.526866913 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:18.526884079 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.334230900 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.336210966 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.336271048 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.336796999 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.337255001 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.337341070 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.337714911 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.337754965 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.347944975 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.348229885 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.348283052 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.348658085 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.349093914 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.349169016 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.349261999 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.349294901 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.559667110 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.559901953 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.559988976 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.578373909 CET49750443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.578418970 CET4434975020.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.588129044 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:19.588212967 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:19.588289022 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:19.588957071 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:19.588983059 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:19.803131104 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.803189993 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.803251982 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.803251028 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.803308010 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.803373098 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.803374052 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.803400993 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.887985945 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.888010979 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.888067007 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.888091087 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.888140917 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.888175964 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.889780045 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.889827967 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.889877081 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.889890909 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.889923096 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:19.889934063 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.889959097 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:19.889988899 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:20.098705053 CET49751443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:20.098759890 CET4434975120.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:20.261462927 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.261843920 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.261862993 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.263896942 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.264012098 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.265381098 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.265463114 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.265568018 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.265575886 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.306718111 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.523753881 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.523822069 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.523889065 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.524426937 CET49753443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.524458885 CET443497532.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.525917053 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.525964975 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.526041985 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.526357889 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:20.526376963 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:20.951212883 CET4972380192.168.2.4199.232.210.172
                                    Jan 30, 2025 23:15:20.959172964 CET8049723199.232.210.172192.168.2.4
                                    Jan 30, 2025 23:15:20.959222078 CET4972380192.168.2.4199.232.210.172
                                    Jan 30, 2025 23:15:21.173820972 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.174314976 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:21.174343109 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.174700022 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.175199986 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:21.175268888 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.175343037 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:21.175359964 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:21.175373077 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.387176037 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.387249947 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:21.387427092 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:21.387511969 CET49759443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:15:21.387532949 CET443497592.19.11.102192.168.2.4
                                    Jan 30, 2025 23:15:23.200695992 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:23.200759888 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:23.200807095 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:23.213144064 CET49738443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:15:23.213155031 CET44349738216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:15:37.702234983 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:37.702266932 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:37.702327013 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:37.702754021 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:37.702768087 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:38.491192102 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:38.491450071 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:38.491466045 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:38.492997885 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:38.493479013 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:38.493537903 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:38.493591070 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:38.493664026 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:38.547521114 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:39.200066090 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:39.200123072 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:39.200133085 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:39.201723099 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:39.201773882 CET4434978320.190.160.3192.168.2.4
                                    Jan 30, 2025 23:15:39.201827049 CET49783443192.168.2.420.190.160.3
                                    Jan 30, 2025 23:15:39.216844082 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:39.216869116 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:39.216929913 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:39.217108965 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:39.217119932 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.000988960 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.001308918 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.001331091 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.002798080 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.002866983 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.003861904 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.003940105 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.004086971 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.004092932 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.053693056 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.338253021 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.338498116 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:15:40.338506937 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.338601112 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.339616060 CET49786443192.168.2.420.190.160.131
                                    Jan 30, 2025 23:15:40.339658976 CET4434978620.190.160.131192.168.2.4
                                    Jan 30, 2025 23:16:10.319658995 CET4972480192.168.2.4199.232.210.172
                                    Jan 30, 2025 23:16:10.325084925 CET8049724199.232.210.172192.168.2.4
                                    Jan 30, 2025 23:16:10.325225115 CET4972480192.168.2.4199.232.210.172
                                    Jan 30, 2025 23:16:12.648514986 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:12.648557901 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:12.648632050 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:12.649385929 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:12.649404049 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:13.296789885 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:13.297322035 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:13.297339916 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:13.297658920 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:13.298254967 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:13.298316956 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:13.350589037 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:19.570799112 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:19.570879936 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:19.570956945 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:19.571170092 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:19.571193933 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.225660086 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.226119041 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.226188898 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.226663113 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.231391907 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.231503963 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.231539965 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.272907019 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.272939920 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.491951942 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.492130041 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.492189884 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.492258072 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.492258072 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.492300987 CET443499282.19.11.102192.168.2.4
                                    Jan 30, 2025 23:16:20.492366076 CET49928443192.168.2.42.19.11.102
                                    Jan 30, 2025 23:16:20.500993967 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:20.501045942 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:20.501107931 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:20.501308918 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:20.501337051 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:21.140125990 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:21.140496016 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:21.140563965 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:21.141053915 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:21.141520977 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:21.141611099 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:21.141686916 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:21.141735077 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:21.141748905 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:23.209978104 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:23.210026026 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:23.210067987 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:23.216043949 CET49883443192.168.2.4216.58.206.68
                                    Jan 30, 2025 23:16:23.216061115 CET44349883216.58.206.68192.168.2.4
                                    Jan 30, 2025 23:16:23.998758078 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:23.998928070 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:23.999160051 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:23.999226093 CET443499372.19.11.117192.168.2.4
                                    Jan 30, 2025 23:16:23.999259949 CET49937443192.168.2.42.19.11.117
                                    Jan 30, 2025 23:16:23.999330044 CET49937443192.168.2.42.19.11.117
                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 30, 2025 23:15:08.817560911 CET53583031.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:08.847572088 CET53521591.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:09.986577034 CET53607981.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:12.586211920 CET6536953192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:12.586328030 CET5562053192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:12.593914986 CET53653691.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:12.594157934 CET53556201.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:14.006968021 CET5760253192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:14.007285118 CET5561753192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:14.056996107 CET53556171.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:14.059904099 CET53576021.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:15.713203907 CET6441453192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:15.713325024 CET6166253192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:15.719968081 CET53644141.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:15.720221043 CET53616621.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:19.569492102 CET5983053192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:19.571779966 CET6511753192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:19.578439951 CET53598301.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:19.602643967 CET53651171.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:20.107131958 CET5683553192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:20.108598948 CET6237353192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:20.114586115 CET53568351.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:20.134295940 CET53623731.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:21.919923067 CET138138192.168.2.4192.168.2.255
                                    Jan 30, 2025 23:15:23.284193039 CET53495641.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:27.063085079 CET53647561.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:39.206593990 CET6373853192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:39.206713915 CET6481753192.168.2.41.1.1.1
                                    Jan 30, 2025 23:15:39.213449001 CET53637381.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:39.213885069 CET53648171.1.1.1192.168.2.4
                                    Jan 30, 2025 23:15:45.921204090 CET53497041.1.1.1192.168.2.4
                                    Jan 30, 2025 23:16:08.444188118 CET53506541.1.1.1192.168.2.4
                                    Jan 30, 2025 23:16:08.896732092 CET53594341.1.1.1192.168.2.4
                                    Jan 30, 2025 23:16:20.493088007 CET5806653192.168.2.41.1.1.1
                                    Jan 30, 2025 23:16:20.493304014 CET6524553192.168.2.41.1.1.1
                                    Jan 30, 2025 23:16:20.500150919 CET53580661.1.1.1192.168.2.4
                                    Jan 30, 2025 23:16:20.500492096 CET53652451.1.1.1192.168.2.4
                                    TimestampSource IPDest IPChecksumCodeType
                                    Jan 30, 2025 23:15:19.602740049 CET192.168.2.41.1.1.1c284(Port unreachable)Destination Unreachable

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Jan 30, 2025 23:15:12.586211920 CET192.168.2.41.1.1.10xd657Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:12.586328030 CET192.168.2.41.1.1.10xb2e2Standard query (0)www.google.com65IN (0x0001)false
                                    Jan 30, 2025 23:15:14.006968021 CET192.168.2.41.1.1.10x74abStandard query (0)whbsales-my.sharepoint.comA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.007285118 CET192.168.2.41.1.1.10x79baStandard query (0)whbsales-my.sharepoint.com65IN (0x0001)false
                                    Jan 30, 2025 23:15:15.713203907 CET192.168.2.41.1.1.10x367eStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.713325024 CET192.168.2.41.1.1.10x4edeStandard query (0)login.microsoftonline.com65IN (0x0001)false
                                    Jan 30, 2025 23:15:19.569492102 CET192.168.2.41.1.1.10x3847Standard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.571779966 CET192.168.2.41.1.1.10x9427Standard query (0)identity.nel.measure.office.net65IN (0x0001)false
                                    Jan 30, 2025 23:15:20.107131958 CET192.168.2.41.1.1.10xe8ebStandard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.108598948 CET192.168.2.41.1.1.10xae2aStandard query (0)aadcdn.msftauth.net65IN (0x0001)false
                                    Jan 30, 2025 23:15:39.206593990 CET192.168.2.41.1.1.10xbeb5Standard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.206713915 CET192.168.2.41.1.1.10x98cfStandard query (0)login.microsoftonline.com65IN (0x0001)false
                                    Jan 30, 2025 23:16:20.493088007 CET192.168.2.41.1.1.10xb9daStandard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.493304014 CET192.168.2.41.1.1.10x7165Standard query (0)identity.nel.measure.office.net65IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Jan 30, 2025 23:15:12.593914986 CET1.1.1.1192.168.2.40xd657No error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:12.594157934 CET1.1.1.1192.168.2.40xb2e2No error (0)www.google.com65IN (0x0001)false
                                    Jan 30, 2025 23:15:14.056996107 CET1.1.1.1192.168.2.40x79baNo error (0)whbsales-my.sharepoint.comwhbsales.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.056996107 CET1.1.1.1192.168.2.40x79baNo error (0)whbsales.sharepoint.com974-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.056996107 CET1.1.1.1192.168.2.40x79baNo error (0)974-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com201367-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.056996107 CET1.1.1.1192.168.2.40x79baNo error (0)201367-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com201367-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.056996107 CET1.1.1.1192.168.2.40x79baNo error (0)201367-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net201367-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)whbsales-my.sharepoint.comwhbsales.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)whbsales.sharepoint.com974-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)974-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com201367-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)201367-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com201367-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)201367-ipv4v6e.farm.dprodmgd108.sharepointonline.com.akadns.net201367-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)201367-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.netdual-spo-0005.spo-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)dual-spo-0005.spo-msedge.net13.107.136.10A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:14.059904099 CET1.1.1.1192.168.2.40x74abNo error (0)dual-spo-0005.spo-msedge.net13.107.138.10A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)ak.privatelink.msidentity.comwww.tm.ak.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.3A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net40.126.32.74A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net40.126.32.138A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.130A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net40.126.32.72A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.65A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.2A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.719968081 CET1.1.1.1192.168.2.40x367eNo error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.131A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.720221043 CET1.1.1.1192.168.2.40x4edeNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.720221043 CET1.1.1.1192.168.2.40x4edeNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:15.720221043 CET1.1.1.1192.168.2.40x4edeNo error (0)ak.privatelink.msidentity.comwww.tm.ak.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:17.492700100 CET1.1.1.1192.168.2.40x52a9No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:17.492700100 CET1.1.1.1192.168.2.40x52a9No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:18.461316109 CET1.1.1.1192.168.2.40x7339No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:18.461316109 CET1.1.1.1192.168.2.40x7339No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.578439951 CET1.1.1.1192.168.2.40x3847No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.578439951 CET1.1.1.1192.168.2.40x3847No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.578439951 CET1.1.1.1192.168.2.40x3847No error (0)a1894.dscb.akamai.net2.19.11.102A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.578439951 CET1.1.1.1192.168.2.40x3847No error (0)a1894.dscb.akamai.net2.19.11.117A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.602643967 CET1.1.1.1192.168.2.40x9427No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:19.602643967 CET1.1.1.1192.168.2.40x9427No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.114586115 CET1.1.1.1192.168.2.40xe8ebNo error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.114586115 CET1.1.1.1192.168.2.40xe8ebNo error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.114586115 CET1.1.1.1192.168.2.40xe8ebNo error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.114586115 CET1.1.1.1192.168.2.40xe8ebNo error (0)e329293.dscd.akamaiedge.net2.23.209.25A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.114586115 CET1.1.1.1192.168.2.40xe8ebNo error (0)e329293.dscd.akamaiedge.net2.23.209.17A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.134295940 CET1.1.1.1192.168.2.40xae2aNo error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.akadns.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.134295940 CET1.1.1.1192.168.2.40xae2aNo error (0)www.tm.aadcdn.msftauth.akadns.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:20.134295940 CET1.1.1.1192.168.2.40xae2aNo error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)ak.privatelink.msidentity.comwww.tm.ak.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.131A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net40.126.32.72A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.20A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net40.126.32.138A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.2A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.22A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net20.190.160.64A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213449001 CET1.1.1.1192.168.2.40xbeb5No error (0)www.tm.ak.prd.aadg.trafficmanager.net40.126.32.68A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213885069 CET1.1.1.1192.168.2.40x98cfNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213885069 CET1.1.1.1192.168.2.40x98cfNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:15:39.213885069 CET1.1.1.1192.168.2.40x98cfNo error (0)ak.privatelink.msidentity.comwww.tm.ak.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.500150919 CET1.1.1.1192.168.2.40xb9daNo error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.500150919 CET1.1.1.1192.168.2.40xb9daNo error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.500150919 CET1.1.1.1192.168.2.40xb9daNo error (0)a1894.dscb.akamai.net2.19.11.117A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.500150919 CET1.1.1.1192.168.2.40xb9daNo error (0)a1894.dscb.akamai.net2.19.11.102A (IP address)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.500492096 CET1.1.1.1192.168.2.40x7165No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 30, 2025 23:16:20.500492096 CET1.1.1.1192.168.2.40x7165No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • whbsales-my.sharepoint.com
                                    • login.microsoftonline.com
                                    • https:
                                    • identity.nel.measure.office.net

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.44974013.107.136.104433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:14 UTC723OUTGET /personal/bparker_whbsales_com/Documents/Forms/All.aspx HTTP/1.1
                                    Host: whbsales-my.sharepoint.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-User: ?1
                                    Sec-Fetch-Dest: document
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:15:14 UTC2192INHTTP/1.1 302 Found
                                    Content-Length: 290
                                    Content-Type: text/html; charset=utf-8
                                    Location: https://whbsales-my.sharepoint.com/personal/bparker_whbsales_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fbparker%5Fwhbsales%5Fcom%2FDocuments%2FForms%2FAll%2Easpx
                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                    X-NetworkStatistics: 0,4204800,14,29,3750197,0,4204800,6
                                    X-SharePointHealthScore: 2
                                    IsOCDI: 0
                                    X-DataBoundary: NONE
                                    X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                    X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                    SPRequestGuid: 53b77ca1-f041-0000-6b9e-27ad0338090e
                                    request-id: 53b77ca1-f041-0000-6b9e-27ad0338090e
                                    MS-CV: oXy3U0HwAABrnietAzgJDg.0
                                    Alt-Svc: h3=":443";ma=86400
                                    Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]}
                                    NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                    Strict-Transport-Security: max-age=31536000
                                    X-FRAME-OPTIONS: SAMEORIGIN
                                    Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com m365.cloud.microsoft *.cloud.microsoft *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;
                                    SPRequestDuration: 45
                                    SPIisLatency: 2
                                    X-Powered-By: ASP.NET
                                    MicrosoftSharePointTeamServices: 16.0.0.25715
                                    X-Content-Type-Options: nosniff
                                    X-MS-InvokeApp: 1; RequireReadOnly
                                    X-Cache: CONFIG_NOCACHE
                                    X-MSEdge-Ref: Ref A: 6E2BA8864C2E4F49A4582C8B8D8C9155 Ref B: EWR311000106027 Ref C: 2025-01-30T22:15:14Z
                                    Date: Thu, 30 Jan 2025 22:15:14 GMT
                                    Connection: close
                                    2025-01-30 22:15:14 UTC290INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 68 62 73 61 6c 65 73 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 62 70 61 72 6b 65 72 5f 77 68 62 73 61 6c 65 73 5f 63 6f 6d 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 41 75 74 68 65 6e 74 69 63 61 74 65 2e 61 73 70 78 3f 53 6f 75 72 63 65 3d 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 62 70 61 72 6b 65 72 25 35 46 77 68 62 73 61 6c 65 73 25 35 46 63 6f 6d 25 32 46 44 6f 63 75 6d 65 6e 74 73 25 32 46 46 6f 72 6d 73 25 32 46 41 6c 6c 25 32 45 61 73 70
                                    Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://whbsales-my.sharepoint.com/personal/bparker_whbsales_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fbparker%5Fwhbsales%5Fcom%2FDocuments%2FForms%2FAll%2Easp


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.44974113.107.136.104433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:14 UTC807OUTGET /personal/bparker_whbsales_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fbparker%5Fwhbsales%5Fcom%2FDocuments%2FForms%2FAll%2Easpx HTTP/1.1
                                    Host: whbsales-my.sharepoint.com
                                    Connection: keep-alive
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-User: ?1
                                    Sec-Fetch-Dest: document
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:15:14 UTC1881INHTTP/1.1 302 Found
                                    Cache-Control: private
                                    Content-Length: 335
                                    Content-Type: text/html; charset=utf-8
                                    Location: /_forms/default.aspx?ReturnUrl=%2fpersonal%2fbparker_whbsales_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fbparker%255Fwhbsales%255Fcom%252FDocuments%252FForms%252FAll%252Easpx&Source=cookie
                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                    Set-Cookie: RpsContextCookie=U291cmNlPSUyRnBlcnNvbmFsJTJGYnBhcmtlciU1RndoYnNhbGVzJTVGY29tJTJGRG9jdW1lbnRzJTJGRm9ybXMlMkZBbGwlMkVhc3B4; expires=Thu, 30-Jan-2025 22:25:14 GMT; path=/; SameSite=None; secure; HttpOnly
                                    X-NetworkStatistics: 0,525568,0,0,675386,0,181399,6
                                    X-SharePointHealthScore: 0
                                    X-AspNet-Version: 4.0.30319
                                    IsOCDI: 0
                                    X-DataBoundary: NONE
                                    X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                    X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                    SPRequestGuid: 53b77ca1-f04b-0000-67dd-03f765e2911e
                                    request-id: 53b77ca1-f04b-0000-67dd-03f765e2911e
                                    MS-CV: oXy3U0vwAABn3QP3ZeKRHg.0
                                    Alt-Svc: h3=":443";ma=86400
                                    Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]}
                                    NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                    Strict-Transport-Security: max-age=31536000
                                    SPRequestDuration: 20
                                    SPIisLatency: 2
                                    X-Powered-By: ASP.NET
                                    MicrosoftSharePointTeamServices: 16.0.0.25715
                                    X-Content-Type-Options: nosniff
                                    X-MS-InvokeApp: 1; RequireReadOnly
                                    X-Cache: CONFIG_NOCACHE
                                    X-MSEdge-Ref: Ref A: 08112F1AEBBC4D168371B91719AD3839 Ref B: EWR311000106011 Ref C: 2025-01-30T22:15:14Z
                                    Date: Thu, 30 Jan 2025 22:15:13 GMT
                                    Connection: close
                                    2025-01-30 22:15:14 UTC335INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 5f 66 6f 72 6d 73 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 52 65 74 75 72 6e 55 72 6c 3d 25 32 66 70 65 72 73 6f 6e 61 6c 25 32 66 62 70 61 72 6b 65 72 5f 77 68 62 73 61 6c 65 73 5f 63 6f 6d 25 32 66 5f 6c 61 79 6f 75 74 73 25 32 66 31 35 25 32 66 41 75 74 68 65 6e 74 69 63 61 74 65 2e 61 73 70 78 25 33 66 53 6f 75 72 63 65 25 33 64 25 32 35 32 46 70 65 72 73 6f 6e 61 6c 25 32 35 32 46 62 70 61 72 6b 65 72 25 32 35 35 46 77 68 62 73 61 6c 65 73 25 32 35 35 46 63 6f 6d 25 32 35 32 46 44 6f 63 75 6d 65 6e 74
                                    Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/_forms/default.aspx?ReturnUrl=%2fpersonal%2fbparker_whbsales_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fbparker%255Fwhbsales%255Fcom%252FDocument


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.44974313.107.136.104433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:15 UTC1013OUTGET /_forms/default.aspx?ReturnUrl=%2fpersonal%2fbparker_whbsales_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fbparker%255Fwhbsales%255Fcom%252FDocuments%252FForms%252FAll%252Easpx&Source=cookie HTTP/1.1
                                    Host: whbsales-my.sharepoint.com
                                    Connection: keep-alive
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-User: ?1
                                    Sec-Fetch-Dest: document
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    Cookie: RpsContextCookie=U291cmNlPSUyRnBlcnNvbmFsJTJGYnBhcmtlciU1RndoYnNhbGVzJTVGY29tJTJGRG9jdW1lbnRzJTJGRm9ybXMlMkZBbGwlMkVhc3B4
                                    2025-01-30 22:15:15 UTC3802INHTTP/1.1 302 Found
                                    Cache-Control: no-cache, no-store
                                    Pragma: no-cache
                                    Content-Length: 884
                                    Content-Type: text/html; charset=utf-8
                                    Expires: -1
                                    Location: https://login.microsoftonline.com:443/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166
                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                    Set-Cookie: nSGt-054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C=gYEwOTVERDE4MjNFNUMzQjdBNDhBOUNEOEFDMzdDQTY2QUFCNUY2MUQ4NTk0MERFRDJDMDA1NEU4RDAyNDg0RTlDQUVENzQxQjZEMjVCNTUwQkFEQzdDMEFDQTA5MzIxMDI0QxIxMzM4Mjc0OTE1NTYxNzExNzkad2hic2FsZXMtbXkuc2hhcmVwb2ludC5jb20hamyFrRI8/p+oOK1b3PVpPuwQ/1SITx+syTzFCveEgT2BPajVTKtEDvuvX9y5n+FPOI7DjbrkzDIKcxlsvzY3NtN2rdmXv4ls0OuHRu5wfWC9s39DHAlB8/U5XoXFU075pyHwh3/t442OEeZsmTEBpmxI4mc88NKCY8LestdCa8+oKGEttDA53jiqzNQqmySbDfU4VF2WzwMuzYpg3OXRHsFSU1bCVT4foA9PiURp+H6OYEv0tb6XIIotARt6AzUX+iNN3RXCIcuBLm287KmkqrLX3VIGHyaRI66sacF0AWn+I9IogUUu5DAhN6kft3w2NuPPqijcifC3sQlz/9OEkgAAAA==; expires=Thu, 30-Jan-2025 22:19:15 GMT; path=/; SameSite=None; secure; HttpOnly
                                    Set-Cookie: nSGt-054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly
                                    Set-Cookie: RpsContextCookie=U291cmNlPSUyRnBlcnNvbmFsJTJGYnBhcmtlciU1RndoYnNhbGVzJTVGY29tJTJGRG9jdW1lbnRzJTJGRm9ybXMlMkZBbGwlMkVhc3B4JlByZXZpb3VzUmVxdWVzdENvcnJlbGF0aW9uSWQ9NTNiNzdjYTElMkQxMDc4JTJEMDAwMCUyRDZiOWUlMkQyYzEyMGFlZGExNjYmUmV0dXJuVXJsPSUyRnBlcnNvbmFsJTJGYnBhcmtlciU1RndoYnNhbGVzJTVGY29tJTJGJTVGbGF5b3V0cyUyRjE1JTJGQXV0aGVudGljYXRlJTJFYXNweCUzRlNvdXJjZSUzRCUyNTJGcGVyc29uYWwlMjUyRmJwYXJrZXIlMjU1RndoYnNhbGVzJTI1NUZjb20lMjUyRkRvY3VtZW50cyUyNTJGRm9ybXMlMjUyRkFsbCUyNTJFYXNweA==; expires=Thu, 30-Jan-2025 22:25:15 GMT; path=/; SameSite=None; secure; HttpOnly
                                    Set-Cookie: RpsContextCookie=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly
                                    X-NetworkStatistics: 0,525568,0,7,634956,0,322256,7
                                    X-SharePointHealthScore: 1
                                    X-AspNet-Version: 4.0.30319
                                    IsOCDI: 0
                                    X-DataBoundary: NONE
                                    X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                    X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                    SPRequestGuid: 53b77ca1-1078-0000-6b9e-2c120aeda166
                                    request-id: 53b77ca1-1078-0000-6b9e-2c120aeda166
                                    MS-CV: oXy3U3gQAABrniwSCu2hZg.0
                                    Alt-Svc: h3=":443";ma=86400
                                    Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=63157652-aff6-4731-ba94-49d7e5ebc2f9&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]}
                                    NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                    Strict-Transport-Security: max-age=31536000
                                    SPRequestDuration: 63
                                    SPIisLatency: 0
                                    Include-Referred-Token-Binding-ID: true
                                    X-Powered-By: ASP.NET
                                    MicrosoftSharePointTeamServices: 16.0.0.25715
                                    X-Content-Type-Options: nosniff
                                    X-MS-InvokeApp: 1; RequireReadOnly
                                    X-Cache: CONFIG_NOCACHE
                                    X-MSEdge-Ref: Ref A: D7E4BB4B075945D78E8972948E401F6B Ref B: EWR311000104027 Ref C: 2025-01-30T22:15:15Z
                                    Date: Thu, 30 Jan 2025 22:15:15 GMT
                                    Connection: close
                                    2025-01-30 22:15:15 UTC884INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 3a 34 34 33 2f 31 30 63 37 64 38 38 39 2d 64 62 31 32 2d 34 32 39 35 2d 39 37 34 33 2d 36 39 34 35 36 37 63 62 64 63 62 62 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 25 35 46 69 64 3d 30 30 30 30 30 30 30 33 25 32 44 30 30 30 30 25 32 44 30 66 66 31 25 32 44 63 65 30 30 25 32 44 30 30 30 30 30 30 30 30 30 30 30 30 26 61 6d 70 3b 72 65 73 70 6f 6e 73 65 25 35 46 6d 6f 64 65 3d 66 6f 72
                                    Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.microsoftonline.com:443/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&amp;response%5Fmode=for


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.44974420.190.160.34433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:16 UTC1353OUTGET /10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166 HTTP/1.1
                                    Host: login.microsoftonline.com
                                    Connection: keep-alive
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-User: ?1
                                    Sec-Fetch-Dest: document
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:15:17 UTC2210INHTTP/1.1 200 OK
                                    Cache-Control: no-store, no-cache
                                    Pragma: no-cache
                                    Content-Type: text/html; charset=utf-8
                                    Expires: -1
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                    X-Content-Type-Options: nosniff
                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                    x-ms-request-id: 1401479f-ee40-4b7a-9e33-b393afbb3300
                                    x-ms-ests-server: 2.1.19962.6 - WUS3 ProdSlices
                                    report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
                                    nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                    x-ms-srs: 1.P
                                    Referrer-Policy: strict-origin-when-cross-origin
                                    Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-KmEhYUvgauAdwjYHYNbaMw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                    X-XSS-Protection: 0
                                    Set-Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: fpc=As_Z5QocYB9Lp7PEewFyxtw; expires=Sat, 01-Mar-2025 22:15:17 GMT; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJRmwN-5XvG00jdPNJrXHm7Bh10Y5UQJtLUylZlbPcWAA1w23A54fPpVcM2vz5T1ua7_hYcWJAiNzU7InKb7BPmYBOsK0ZCVmOdch_v1ZfS5o17jgvvSCfhvqyK0YvbNyD0u6A6fV7-akEYJVPWfzy-if2GDBykNIHRxJ4gM6tW0gAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                    Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
                                    Date: Thu, 30 Jan 2025 22:15:16 GMT
                                    Connection: close
                                    Content-Length: 21209
                                    2025-01-30 22:15:17 UTC14174INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e
                                    Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
                                    2025-01-30 22:15:17 UTC7035INData Raw: 63 74 65 64 20 73 74 61 74 65 2e 20 52 65 73 6f 75 72 63 65 4c 6f 61 64 65 72 2e 4c 6f 61 64 28 29 20 66 61 69 6c 65 64 20 64 65 73 70 69 74 65 20 69 6e 69 74 69 61 6c 20 6c 6f 61 64 20 73 75 63 63 65 73 73 2e 20 5b 27 22 2b 6e 2b 22 27 5d 22 7d 73 26 26 28 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 65 72 72 6f 72 2e 61 73 70 78 3f 65 72 72 3d 35 30 34 22 29 7d 29 7d 2c 63 2e 4f 6e 45 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 65 2e 73 72 63 7c 7c 65 2e 68 72 65 66 7c 7c 22 22 2c 6f 3d 69 28 29 2c 73 3d 61 28 29 3b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20
                                    Data Ascii: cted state. ResourceLoader.Load() failed despite initial load success. ['"+n+"']"}s&&(document.location.href="/error.aspx?err=504")})},c.OnError=function(e,t){var n=e.src||e.href||"",o=i(),s=a();if(!e){throw"The target element must be provided and cannot


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    4192.168.2.44975120.190.160.34433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:19 UTC2636OUTGET /10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=true HTTP/1.1
                                    Host: login.microsoftonline.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: same-origin
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-Dest: document
                                    Referer: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; fpc=As_Z5QocYB9Lp7PEewFyxtw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJRmwN-5XvG00jdPNJrXHm7Bh10Y5UQJtLUylZlbPcWAA1w23A54fPpVcM2vz5T1ua7_hYcWJAiNzU7InKb7BPmYBOsK0ZCVmOdch_v1ZfS5o17jgvvSCfhvqyK0YvbNyD0u6A6fV7-akEYJVPWfzy-if2GDBykNIHRxJ4gM6tW0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                                    2025-01-30 22:15:19 UTC2658INHTTP/1.1 200 OK
                                    Cache-Control: no-store, no-cache
                                    Pragma: no-cache
                                    Content-Type: text/html; charset=utf-8
                                    Expires: -1
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                    X-Content-Type-Options: nosniff
                                    X-Frame-Options: DENY
                                    Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                    X-DNS-Prefetch-Control: on
                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                    x-ms-request-id: 3aa2529e-8fb0-4b6d-9259-108bd2720d00
                                    x-ms-ests-server: 2.1.19962.6 - EUS ProdSlices
                                    report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
                                    nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                    x-ms-srs: 1.P
                                    Referrer-Policy: strict-origin-when-cross-origin
                                    Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-z48QsQXEwUkZujMXEbidpw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                    X-XSS-Protection: 0
                                    Set-Cookie: buid=1.AVgAidjHEBLblUKXQ2lFZ8vcuwMAAAAAAPEPzgAAAAAAAABYAABYAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEcyH5sqGH29XxcT4v6iz4UKMgc5dccLWpVZs2PGo410byvv2A37utv_i8EnPSuwNlSRNwasohawt-bb4G-p19EAa0CDOa7fMnAUUBxWXYCP8gAA; expires=Sat, 01-Mar-2025 22:15:19 GMT; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE9lo4iUg5qrjAmfTbKfBO5LEzE3qlQhblXp6-Jci2HjbIXjsSJDEbQX-MaFBrYM4Wdc4GnjpwJA2BGyo8V-8hLSDyiTg-GvNJqcFrSPs2-o5bQMEhjx2kyeW8hLwrKxrBVAq099MjUkjSRXFqsHqfnSAzRqM2SptDdd6tV4M4f2QgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: esctx-rEnnlaXcSI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEZs_zk48pgxMUFft9Vm0zl3HQ1z8qbmbosVzOuiInyp7N11rV7Y0Gd4zdd46N1a1TwTHSiRyuZThOVJHVGkzqonj_PjmPBhMQUhSQrPv01UF_Yh06e14OL0EWIZn-34i6Qu8BJsFSWOL62VMNj9bUQCAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: fpc=As_Z5QocYB9Lp7PEewFyxtwZi2-iAQAAAPfwLd8OAAAA; expires=Sat, 01-Mar-2025 22:15:19 GMT; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                    Date: Thu, 30 Jan 2025 22:15:19 GMT
                                    Connection: close
                                    Content-Length: 43802
                                    2025-01-30 22:15:19 UTC13726INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                    Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                    2025-01-30 22:15:19 UTC16384INData Raw: 22 75 72 6c 44 65 76 69 63 65 46 69 6e 67 65 72 70 72 69 6e 74 69 6e 67 22 3a 22 22 2c 22 75 72 6c 50 49 41 45 6e 64 41 75 74 68 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 50 49 41 2f 45 6e 64 41 75 74 68 22 2c 22 66 4b 4d 53 49 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 69 4c 6f 67 69 6e 4d 6f 64 65 22 3a 31 2c 22 66 41 6c 6c 6f 77 50 68 6f 6e 65 53 69 67 6e 49 6e 22 3a 74 72 75 65 2c 22 66 41 6c 6c 6f 77 50 68 6f 6e 65 49 6e 70 75 74 22 3a 74 72 75 65 2c 22 66 41 6c 6c 6f 77 53 6b 79 70 65 4e 61 6d 65 4c 6f 67 69 6e 22 3a 74 72 75 65 2c 22 69 4d 61 78 50 6f 6c 6c 45 72 72 6f 72 73 22 3a 35 2c 22 69 50 6f 6c 6c 69 6e 67 54 69 6d 65 6f 75 74 22 3a 36 30 2c 22 73
                                    Data Ascii: "urlDeviceFingerprinting":"","urlPIAEndAuth":"https://login.microsoftonline.com/common/PIA/EndAuth","fKMSIEnabled":false,"iLoginMode":1,"fAllowPhoneSignIn":true,"fAllowPhoneInput":true,"fAllowSkypeNameLogin":true,"iMaxPollErrors":5,"iPollingTimeout":60,"s
                                    2025-01-30 22:15:19 UTC13692INData Raw: 3d 33 3b 61 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 7b 69 2e 65 78 74 72 61 41 72 67 73 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 5b 61 5d 29 7d 7d 6f 2e 72 5b 65 5d 3d 69 2c 6f 2e 6c 6f 63 6b 2b 2b 3b 74 72 79 7b 66 6f 72 28 76 61 72 20 73 3d 30 3b 73 3c 6f 2e 71 2e 6c 65 6e 67 74 68 3b 73 2b 2b 29 7b 76 61 72 20 75 3d 6f 2e 71 5b 73 5d 3b 75 2e 69 64 3d 3d 65 26 26 72 28 65 2c 75 2e 63 2c 75 2e 61 29 26 26 6f 2e 72 65 6d 6f 76 65 49 74 65 6d 73 2e 70 75 73 68 28 75 29 7d 7d 63 61 74 63 68 28 65 29 7b 74 68 72 6f 77 20 65 7d 66 69 6e 61 6c 6c 79 7b 69 66 28 30 3d 3d 3d 2d 2d 6f 2e 6c 6f 63 6b 29 7b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 6f 2e 72 65 6d 6f 76 65 49 74 65 6d 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 0a 66 6f
                                    Data Ascii: =3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){fo


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    5192.168.2.44975020.190.160.34433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:19 UTC1841OUTGET /favicon.ico HTTP/1.1
                                    Host: login.microsoftonline.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    sec-ch-ua-platform: "Windows"
                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                    Sec-Fetch-Site: same-origin
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: image
                                    Referer: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; fpc=As_Z5QocYB9Lp7PEewFyxtw; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJRmwN-5XvG00jdPNJrXHm7Bh10Y5UQJtLUylZlbPcWAA1w23A54fPpVcM2vz5T1ua7_hYcWJAiNzU7InKb7BPmYBOsK0ZCVmOdch_v1ZfS5o17jgvvSCfhvqyK0YvbNyD0u6A6fV7-akEYJVPWfzy-if2GDBykNIHRxJ4gM6tW0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                                    2025-01-30 22:15:19 UTC1336INHTTP/1.1 404 Not Found
                                    Cache-Control: private
                                    Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                    X-Content-Type-Options: nosniff
                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                    x-ms-request-id: 6a88bbea-9086-4ca8-9864-067696c59400
                                    x-ms-ests-server: 2.1.19899.3 - SEC ProdSlices
                                    report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
                                    nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                    x-ms-srs: 1.P
                                    Referrer-Policy: strict-origin-when-cross-origin
                                    Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-F-PnDHizlo68Rq8W0GLxKQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                    X-XSS-Protection: 0
                                    Date: Thu, 30 Jan 2025 22:15:18 GMT
                                    Connection: close
                                    Content-Length: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    6192.168.2.4497532.19.11.1024433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:20 UTC436OUTOPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1
                                    Host: identity.nel.measure.office.net
                                    Connection: keep-alive
                                    Origin: https://login.microsoftonline.com
                                    Access-Control-Request-Method: POST
                                    Access-Control-Request-Headers: content-type
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:15:20 UTC319INHTTP/1.1 200 OK
                                    Content-Type: text/html
                                    Content-Length: 7
                                    Date: Thu, 30 Jan 2025 22:15:20 GMT
                                    Connection: close
                                    Access-Control-Allow-Headers: content-type
                                    Access-Control-Allow-Credentials: false
                                    Access-Control-Allow-Methods: *
                                    Access-Control-Allow-Methods: GET, OPTIONS, POST
                                    Access-Control-Allow-Origin: *
                                    2025-01-30 22:15:20 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                                    Data Ascii: OPTIONS


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    7192.168.2.4497592.19.11.1024433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:21 UTC369OUTPOST /api/report?catId=GW+estsfd+ams2 HTTP/1.1
                                    Host: identity.nel.measure.office.net
                                    Connection: keep-alive
                                    Content-Length: 1125
                                    Content-Type: application/reports+json
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:15:21 UTC1125OUTData Raw: 5b 7b 22 61 67 65 22 3a 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 33 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 31 30 63 37 64 38 38 39 2d 64 62 31 32 2d 34 32 39 35 2d 39 37 34 33 2d 36 39 34 35 36 37 63 62 64 63 62 62 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 25 35 46 69 64 3d 30 30 30 30 30 30 30 33 25 32 44 30 30 30 30 25 32 44 30 66 66 31 25 32 44 63 65 30 30 25 32 44 30 30 30 30 30 30 30 30 30 30 30 30 26 72
                                    Data Ascii: [{"age":2,"body":{"elapsed_time":1036,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&r
                                    2025-01-30 22:15:21 UTC333INHTTP/1.1 429 Too Many Requests
                                    Content-Length: 0
                                    Request-Context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765
                                    Date: Thu, 30 Jan 2025 22:15:21 GMT
                                    Connection: close
                                    Access-Control-Allow-Credentials: false
                                    Access-Control-Allow-Methods: *
                                    Access-Control-Allow-Methods: GET, OPTIONS, POST
                                    Access-Control-Allow-Origin: *


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    8192.168.2.44978320.190.160.34433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:38 UTC2853OUTPOST /common/GetCredentialType?mkt=en-US HTTP/1.1
                                    Host: login.microsoftonline.com
                                    Connection: keep-alive
                                    Content-Length: 1734
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    hpgrequestid: 3aa2529e-8fb0-4b6d-9259-108bd2720d00
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    client-request-id: 53b77ca1-1078-0000-6b9e-2c120aeda166
                                    canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEMXVCdTX2CDboxqP_ujATBJplFgRog2eS2wXI54N92FoIVROib58N2JUEoup16LMnp8_I0jT0isPZ_lX8ThDc9gBo6jD0RI1WX-Qq0pUgfE2Ko3CnayEM059qIl9HUhK8Ql9hbAIKLuLg2TRBj-iRL_QB7MJ5ZOoQY1GkLMw00JAL20VMov2cyZP88aTP-zLLt9o0l2P3QDTlcYeDlLm4ciAA
                                    Content-type: application/json; charset=UTF-8
                                    hpgid: 1104
                                    Accept: application/json
                                    hpgact: 1800
                                    sec-ch-ua-platform: "Windows"
                                    Origin: https://login.microsoftonline.com
                                    Sec-Fetch-Site: same-origin
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Referer: https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=054E8D02484E9CAED741B6D25B550BADC7C0ACA09321024C%2D3C6CB97847AB0D74056F61A006180600F238ADA2831E4867C6937BCF7E88C6E8&redirect%5Furi=https%3A%2F%2Fwhbsales%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=53b77ca1%2D1078%2D0000%2D6b9e%2D2c120aeda166&sso_reload=true
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVgAidjHEBLblUKXQ2lFZ8vcuwMAAAAAAPEPzgAAAAAAAABYAABYAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEcyH5sqGH29XxcT4v6iz4UKMgc5dccLWpVZs2PGo410byvv2A37utv_i8EnPSuwNlSRNwasohawt-bb4G-p19EAa0CDOa7fMnAUUBxWXYCP8gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE9lo4iUg5qrjAmfTbKfBO5LEzE3qlQhblXp6-Jci2HjbIXjsSJDEbQX-MaFBrYM4Wdc4GnjpwJA2BGyo8V-8hLSDyiTg-GvNJqcFrSPs2-o5bQMEhjx2kyeW8hLwrKxrBVAq099MjUkjSRXFqsHqfnSAzRqM2SptDdd6tV4M4f2QgAA; esctx-rEnnlaXcSI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEZs_zk48pgxMUFft9Vm0zl3HQ1z8qbmbosVzOuiInyp7N11rV7Y0Gd4zdd46N1a1TwTHSiRyuZThOVJHVGkzqonj_PjmPBhMQUhSQrPv01UF_Yh06e14OL0EWIZn-34i6Qu8BJsFSWOL62VMNj9bUQCAA; fpc=As_Z5QocYB9Lp7PEewFyxtwZi2-iAQAAAPfwLd8OAAAA; MicrosoftApplicationsTelemetryDeviceId=89d54 [TRUNCATED]
                                    2025-01-30 22:15:38 UTC1734OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 31 69 6b 35 73 40 6e 65 76 62 6d 2e 63 6f 22 2c 22 69 73 4f 74 68 65 72 49 64 70 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 68 65 63 6b 50 68 6f 6e 65 73 22 3a 66 61 6c 73 65 2c 22 69 73 52 65 6d 6f 74 65 4e 47 43 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 69 73 43 6f 6f 6b 69 65 42 61 6e 6e 65 72 53 68 6f 77 6e 22 3a 66 61 6c 73 65 2c 22 69 73 46 69 64 6f 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 6f 72 69 67 69 6e 61 6c 52 65 71 75 65 73 74 22 3a 22 72 51 51 49 41 52 41 41 6e 56 46 4e 54 4e 4e 67 41 47 33 70 71 47 79 43 4e 44 74 35 4e 41 30 6e 51 72 66 76 36 2d 5f 58 4a 68 7a 61 72 6b 53 48 4f 4e 68 51 67 73 51 73 37 64 64 75 4b 31 76 58 30 58 59 77 52 43 36 65 54 41 77 52 50 58 6f 67
                                    Data Ascii: {"username":"o1ik5s@nevbm.co","isOtherIdpSupported":true,"checkPhones":false,"isRemoteNGCSupported":true,"isCookieBannerShown":false,"isFidoSupported":true,"originalRequest":"rQQIARAAnVFNTNNgAG3pqGyCNDt5NA0nQrfv6-_XJhzarkSHONhQgsQs7dduK1vX0XYwRC6eTAwRPXog
                                    2025-01-30 22:15:39 UTC1621INHTTP/1.1 200 OK
                                    Cache-Control: no-store, no-cache
                                    Pragma: no-cache
                                    Content-Type: application/json; charset=utf-8
                                    Expires: -1
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                    X-Content-Type-Options: nosniff
                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                    client-request-id: 53b77ca1-1078-0000-6b9e-2c120aeda166
                                    x-ms-request-id: af40ce86-8586-43b0-b600-3b3ec03d8200
                                    x-ms-ests-server: 2.1.19962.6 - SCUS ProdSlices
                                    report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
                                    nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                    x-ms-srs: 1.P
                                    Referrer-Policy: strict-origin-when-cross-origin
                                    Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Kzk1V9WdNUXD8TjiMWfDvw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                    X-XSS-Protection: 0
                                    Set-Cookie: fpc=As_Z5QocYB9Lp7PEewFyxtwZi2-iAQAAAPfwLd8OAAAA; expires=Sat, 01-Mar-2025 22:15:39 GMT; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                    Date: Thu, 30 Jan 2025 22:15:38 GMT
                                    Connection: close
                                    Content-Length: 1244
                                    2025-01-30 22:15:39 UTC1244INData Raw: 7b 22 55 73 65 72 6e 61 6d 65 22 3a 22 6f 31 69 6b 35 73 40 6e 65 76 62 6d 2e 63 6f 22 2c 22 44 69 73 70 6c 61 79 22 3a 22 6f 31 69 6b 35 73 40 6e 65 76 62 6d 2e 63 6f 22 2c 22 49 66 45 78 69 73 74 73 52 65 73 75 6c 74 22 3a 31 2c 22 49 73 55 6e 6d 61 6e 61 67 65 64 22 3a 66 61 6c 73 65 2c 22 54 68 72 6f 74 74 6c 65 53 74 61 74 75 73 22 3a 31 2c 22 43 72 65 64 65 6e 74 69 61 6c 73 22 3a 7b 22 50 72 65 66 43 72 65 64 65 6e 74 69 61 6c 22 3a 31 2c 22 48 61 73 50 61 73 73 77 6f 72 64 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 65 4e 67 63 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 46 69 64 6f 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 51 72 43 6f 64 65 50 69 6e 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 53 61 73 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 43 65 72 74
                                    Data Ascii: {"Username":"o1ik5s@nevbm.co","Display":"o1ik5s@nevbm.co","IfExistsResult":1,"IsUnmanaged":false,"ThrottleStatus":1,"Credentials":{"PrefCredential":1,"HasPassword":true,"RemoteNgcParams":null,"FidoParams":null,"QrCodePinParams":null,"SasParams":null,"Cert


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    9192.168.2.44978620.190.160.1314433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:15:40 UTC1449OUTGET /common/GetCredentialType?mkt=en-US HTTP/1.1
                                    Host: login.microsoftonline.com
                                    Connection: keep-alive
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: */*
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    Cookie: esctx-kMfgudcGuGQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzBCyTGPLL39shisL5CMb3MLu989vACQX0WsJUmhRdlXvIUVwi0NB1nlbqZE6z4RKsDtG5ueOBpdaZf-njZvaJgty2TqxonLfdoWgEXx5gAZNcKVwq6qj1vgWzaTjsZCzEjxCIqgU-fqnsO85cr54xyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AVgAidjHEBLblUKXQ2lFZ8vcuwMAAAAAAPEPzgAAAAAAAABYAABYAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEcyH5sqGH29XxcT4v6iz4UKMgc5dccLWpVZs2PGo410byvv2A37utv_i8EnPSuwNlSRNwasohawt-bb4G-p19EAa0CDOa7fMnAUUBxWXYCP8gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE9lo4iUg5qrjAmfTbKfBO5LEzE3qlQhblXp6-Jci2HjbIXjsSJDEbQX-MaFBrYM4Wdc4GnjpwJA2BGyo8V-8hLSDyiTg-GvNJqcFrSPs2-o5bQMEhjx2kyeW8hLwrKxrBVAq099MjUkjSRXFqsHqfnSAzRqM2SptDdd6tV4M4f2QgAA; esctx-rEnnlaXcSI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEZs_zk48pgxMUFft9Vm0zl3HQ1z8qbmbosVzOuiInyp7N11rV7Y0Gd4zdd46N1a1TwTHSiRyuZThOVJHVGkzqonj_PjmPBhMQUhSQrPv01UF_Yh06e14OL0EWIZn-34i6Qu8BJsFSWOL62VMNj9bUQCAA; fpc=As_Z5QocYB9Lp7PEewFyxtwZi2-iAQAAAPfwLd8OAAAA; MicrosoftApplicationsTelemetryDeviceId=89d54 [TRUNCATED]
                                    2025-01-30 22:15:40 UTC1563INHTTP/1.1 200 OK
                                    Cache-Control: no-store, no-cache
                                    Pragma: no-cache
                                    Content-Type: application/json; charset=utf-8
                                    Expires: -1
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                    X-Content-Type-Options: nosniff
                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                    x-ms-request-id: 9a326a08-d91f-4d9b-a8a0-e9214c408700
                                    x-ms-ests-server: 2.1.19962.6 - NCUS ProdSlices
                                    report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
                                    nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                    x-ms-srs: 1.P
                                    Referrer-Policy: strict-origin-when-cross-origin
                                    Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-yk5fe4zo6r_StydLnIrmgg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                    X-XSS-Protection: 0
                                    Set-Cookie: fpc=As_Z5QocYB9Lp7PEewFyxtwZi2-iAQAAAPfwLd8OAAAA; expires=Sat, 01-Mar-2025 22:15:40 GMT; path=/; secure; HttpOnly; SameSite=None
                                    Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                    Date: Thu, 30 Jan 2025 22:15:39 GMT
                                    Connection: close
                                    Content-Length: 164
                                    2025-01-30 22:15:40 UTC164INData Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 36 31 30 30 2c 22 73 74 73 45 72 72 6f 72 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 2c 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 36 34 65 66 63 32 36 37 2d 65 64 61 36 2d 34 35 62 65 2d 39 30 34 32 2d 65 64 34 63 31 35 37 36 36 35 64 34 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 35 2d 30 31 2d 33 30 20 32 32 3a 31 35 3a 34 30 5a 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 7d 7d
                                    Data Ascii: {"error":{"code":6100,"stsError":"AADSTS900561","correlationId":"64efc267-eda6-45be-9042-ed4c157665d4","timestamp":"2025-01-30 22:15:40Z","message":"AADSTS900561"}}


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    10192.168.2.4499282.19.11.1024433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:16:20 UTC436OUTOPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1
                                    Host: identity.nel.measure.office.net
                                    Connection: keep-alive
                                    Origin: https://login.microsoftonline.com
                                    Access-Control-Request-Method: POST
                                    Access-Control-Request-Headers: content-type
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:16:20 UTC319INHTTP/1.1 200 OK
                                    Content-Type: text/html
                                    Content-Length: 7
                                    Date: Thu, 30 Jan 2025 22:16:20 GMT
                                    Connection: close
                                    Access-Control-Allow-Headers: content-type
                                    Access-Control-Allow-Credentials: false
                                    Access-Control-Allow-Methods: *
                                    Access-Control-Allow-Methods: GET, OPTIONS, POST
                                    Access-Control-Allow-Origin: *
                                    2025-01-30 22:16:20 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                                    Data Ascii: OPTIONS


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    11192.168.2.4499372.19.11.1174433864C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-30 22:16:21 UTC369OUTPOST /api/report?catId=GW+estsfd+ams2 HTTP/1.1
                                    Host: identity.nel.measure.office.net
                                    Connection: keep-alive
                                    Content-Length: 1129
                                    Content-Type: application/reports+json
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-30 22:16:21 UTC1129OUTData Raw: 5b 7b 22 61 67 65 22 3a 36 30 30 30 35 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 33 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 31 30 63 37 64 38 38 39 2d 64 62 31 32 2d 34 32 39 35 2d 39 37 34 33 2d 36 39 34 35 36 37 63 62 64 63 62 62 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 25 35 46 69 64 3d 30 30 30 30 30 30 30 33 25 32 44 30 30 30 30 25 32 44 30 66 66 31 25 32 44 63 65 30 30 25 32 44 30 30 30 30 30 30 30 30 30 30
                                    Data Ascii: [{"age":60005,"body":{"elapsed_time":1036,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/10c7d889-db12-4295-9743-694567cbdcbb/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D0000000000
                                    2025-01-30 22:16:23 UTC360INHTTP/1.1 200 OK
                                    Content-Type: text/plain; charset=utf-8
                                    Request-Context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765
                                    Date: Thu, 30 Jan 2025 22:16:23 GMT
                                    Content-Length: 53
                                    Connection: close
                                    Access-Control-Allow-Credentials: false
                                    Access-Control-Allow-Methods: *
                                    Access-Control-Allow-Methods: GET, OPTIONS, POST
                                    Access-Control-Allow-Origin: *
                                    2025-01-30 22:16:23 UTC53INData Raw: 4e 45 4c 20 41 67 67 72 65 67 61 74 6f 72 20 68 61 73 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 70 72 6f 63 65 73 73 65 64 20 74 68 65 20 72 65 71 75 65 73 74
                                    Data Ascii: NEL Aggregator has successfully processed the request


                                    Statistics

                                    CPU Usage

                                    020406080s020406080100

                                    Click to jump to process

                                    Memory Usage

                                    020406080s0.0050100MB

                                    Click to jump to process

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:17:15:00
                                    Start date:30/01/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                    Imagebase:0x7ff76e190000
                                    File size:3'242'272 bytes
                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false
                                    Show Windows behavior

                                    File Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Memory Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Token Activities


                                    General

                                    Target ID:2
                                    Start time:17:15:06
                                    Start date:30/01/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1884,i,2288904301233590474,17443255733087035922,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                    Imagebase:0x7ff76e190000
                                    File size:3'242'272 bytes
                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false
                                    Show Windows behavior

                                    File Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Memory Activities


                                    General

                                    Target ID:3
                                    Start time:17:15:13
                                    Start date:30/01/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https:/whbsales-my.sharepoint.com/personal/bparker_whbsales_com/Documents/Forms/All.aspx"
                                    Imagebase:0x7ff76e190000
                                    File size:3'242'272 bytes
                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                    Disassembly

                                    No disassembly