Edit tour

Windows Analysis Report
https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJ

Overview

General Information

Sample URL:	https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=
Analysis ID:	1649073
Infos:

Detection

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Phishing site or detected (based on various text indicators)

Creates files inside the system directory

Deletes files inside the Windows folder

HTML page contains hidden javascript code

Yara signature match

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,8304551701378974237,13015741462274710447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2204 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	evilnumpayload_fmtstr	Detect payload of EvilNum	Sekoia.io	0x1408c61:$fmtstr01: {"v":" 0xa97bb2:$fmtstr02: ,"u":" 0x137de13:$fmtstr02: ,"u":" 0x1c9d6e7:$fmtstr02: ,"u":" 0x1d97aa9:$fmtstr02: ,"u":" 0xa97ca9:$fmtstr03: ,"a":" 0xa97d74:$fmtstr03: ,"a":" 0xa97e84:$fmtstr03: ,"a":" 0xa97ff2:$fmtstr03: ,"a":" 0xa98193:$fmtstr03: ,"a":" 0xa98421:$fmtstr03: ,"a":" 0xa986bd:$fmtstr03: ,"a":" 0xa98747:$fmtstr03: ,"a":" 0xa987f0:$fmtstr03: ,"a":" 0xa97bec:$fmtstr04: ,"w":" 0x137de46:$fmtstr04: ,"w":" 0x1c95318:$fmtstr04: ,"w":" 0x1c9d71a:$fmtstr04: ,"w":" 0x1d97adc:$fmtstr04: ,"w":" 0xa97502:$fmtstr05: ,"d":" 0xa9778c:$fmtstr05: ,"d":"

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://login.microsoftonline-int.com

Avira URL Cloud: Label: phishing

Phishing

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.1	OCR Text: EDP Vertriebs GmbH Q File Home Insert Draw View Help Viewing v Tell me what you want to do abc Styles v EDPVertriebs GmbH EDP Vertriebs GmbH Add section + Add page Wednesday, March 26, 2025 4:36 AM Quick Notes EDP Vertriebs GmbH PDF KLICKEN SIE HIER UM DAS DOKUMENT ANZUSEHEN Loading [NIathJaxYextensiom'MathZoom.jE
Source: Chrome DOM: 1.4	OCR Text: EDP Vertriebs GmbH Q File Home Insert Draw View Help Viewing v Tell me what you want to do abc Styles v EDPVertriebs GmbH EDP Vertriebs GmbH Add section + Add page Wednesday, March 26, 2025 4:36 AM Quick Notes EDP Vertriebs GmbH PDF KLICKEN SIE HIER UM DAS DOKUMENT ANZUSEHEN

Source: https://onedrive.live.com/personal/a19e0d27a159b01d/_layouts/15/Doc.aspx?sourcedoc=%7Be850d13a-ad6f-4f54-8dfe-dfae61d3c47a%7D&action=default&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU&slrid=114b8ea1-0060-c000-6241-c77a4dce2e19&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_cnRpbWU9WmRsRlIyVnMzVWc&CID=2229562f-da64-467c-81ae-ab18381bbb3c&_SRM=0:G:56

HTTP Parser: Base64 decoded: {"siteid":"1b2bdca2-c9d3-4f22-9504-f5db141119ce","aud":"00000003-0000-0ff1-ce00-000000000000/onedrive.live.com@9188040d-6c67-4c5b-b112-36a304b66dad","exp":"1743422040"}

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.111.229.20:443 -> 192.168.2.7:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.36.101:443 -> 192.168.2.7:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.135.4.170:443 -> 192.168.2.7:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.72:443 -> 192.168.2.7:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.111.230.4:443 -> 192.168.2.7:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.182.51:443 -> 192.168.2.7:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.13:443 -> 192.168.2.7:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.35.21:443 -> 192.168.2.7:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.111.229.20:443 -> 192.168.2.7:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.57.90.112:443 -> 192.168.2.7:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.136.154:443 -> 192.168.2.7:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.201.134:443 -> 192.168.2.7:49991 version: TLS 1.2

Source:	Binary string: x=d(96012),z=d(60629),u=d(62280),B=d(73225),F=d(50625),D=d(13059),C=d(65097),I=d(72974),M=d(93168),K=d(48703),R=d(67590),T=d(79587),v=d(50952),N=d(44914);class Q{constructor(){this.MX=!1;this.EJe=this.PDb=0}ev(){return!0}iA(O){this.PDb=O.clientPoint.x;this.EJe=C.App.ha.oa.lg.container.clientWidth;return this.MX=!0}gt(O){this.MX&&C.App.ha.oa.lg.resize(this.EJe+r.a.V2f(O.clientPoint.x-this.PDb));return!0}gq(){this.cNb()}oB(){this.cNb()}cNb(){this.MX=!1;C.App.ha.cfa()}dispose(){}}(0,E.a)(Q,"NavigationPaneResizeAdapter", source: chromecache_197.1.dr
Source:	Binary string: this.vb[t.a.$4a]=B;u.rZb(this);this.ZIb()}MGa(){return r.b(this.Mb.CommandValueId)?this.Mb.MenuItemId:this.Mb.CommandValueId}YL(){return""}get id(){return this._id}get $ea(){return!1}get Hn(){return this.rXc}get A3(){return!!Ua.AFrameworkApplication.fa&&Ua.AFrameworkApplication.fa.Ea.qE}ZIb(){if(!this.behavior){var u=L.a.Pdb;u&&(this.behavior=u.ucf(this))}}get Mb(){return this.$a}get vb(){r.c(this.JTa)&&(this.JTa={});return this.JTa}get nFa(){r.c(this.gOa)&&(this.gOa={});return this.gOa}get iSb(){return m.a.Pf(this.Mb.IsDefinitive)}get Apb(){return m.a.Vy(this.Mb.ShouldSetTitle)}get fPc(){return this.Mb.TemplateAlias}get Iz(){return this.dK? source: chromecache_192.1.dr
Source:	Binary string: null;this.pDb=this.AQa=!1;this.Opd=(x,z)=>{this.Kpa.insert(0,new L(z.commandId,z.controlId,z.time,z.commandSurface,z.inputMethod,z.contentType,z.w9));this.U5a(this.Kpa);this.AQa&&this.Xaa.MOd(z.controlId)&&this.Whd(z)}}init(){this.Xaa=new d;this.Kpa=new Ca.a;this.T$=new Ca.a;this.xBa=new Ca.a;this.jRa=k.AFrameworkApplication.J.tb("MaxCommandClickedEventQueueSize",20);l.a.ojd(this.Opd);r.a.instance.kjd((0,Ja.a)(this,this.T4d,"recordActionEvent"));this.AQa=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.UserMRUActionsCookieEnabled", source: chromecache_192.1.dr
Source:	Binary string: Jc._instance=null;(0,m.a)(Jc,"ControlBehaviorFactory",null,[784]);class Hd{get name(){return"CUI.Behavior"}configure(Sa){z.AFrameworkApplication.J&&z.AFrameworkApplication.J.Z("AccessibleMovingDialogsEnabled")&&Sa.tu($o,[pn.a]);Sa.tu(bu,[Fd.a])}async initializeAsync(){lc.a.Pdb=Jc.instance;const Sa=Qi.a.instance.AKc;for(let jb=0;jb<Sa.length;++jb){const zb=(0,C.a)(373,Sa[jb]);zb&&zb.MO()}Kh.a.get_instance().zr(6)}dispose(){}static main(){u.a.instance.hq(new Hd,5)}}(0,m.a)(Hd,"CuiBehaviorPackage",null, source: chromecache_192.1.dr
Source:	Binary string: this.Xaa.MOd(z.controlId)&&this.Whd(z)}}init(){this.Xaa=new d;this.Kpa=new Ca.a;this.T$=new Ca.a;this.xBa=new Ca.a;this.jRa=k.AFrameworkApplication.J.tb("MaxCommandClickedEventQueueSize",20);l.a.ojd(this.Opd);r.a.instance.kjd((0,Ja.a)(this,this.T4d,"recordActionEvent"));this.AQa=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.UserMRUActionsCookieEnabled",!1);this.pDb=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.ShouldPreferParentControls", source: chromecache_317.1.dr
Source:	Binary string: this.ga.resolve("Box4.Actors.StyleActor").ib()}dispose(){}static main(){u.a.instance.Rd(new QC)}}(0,m.a)(QC,"Box4ActorsPackage",null,[0,1]);class hl{constructor(Sa,jb,zb,Kb,Vb,pc){this.rpe=this.Epa=null;this.ia=Sa;this.UHg=jb;this.l7c=zb;this.Vm=Kb;this.mc=Vb;this.Ci=pc}get recentColors(){return hl.OBb\|\|(hl.OBb=ff.a.instance.va("Box4.UI.RecentColorsSectionHandler"))}get Aae(){this.Epa\|\|(this.Epa=new oF("Shading"),this.iRb(this.Epa));return this.Epa}iRb(Sa){Sa.CEa(2,jj.a.pdb);Sa.CEa(3,jj.a.gga);Sa.CEa(4, source: chromecache_192.1.dr
Source:	Binary string: null,[]);class h{constructor(x,z,u,B){this.CmdId=this.ParentTcid=this.Tcid=null;this.Time=0;this.Tcid=x;this.ParentTcid=z;this.CmdId=u;this.Time=B}}(0,Fa.a)(h,"MRUControl",null,[]);var k=J(51647),l=J(76327),r=J(50478),t=J(62733);class m{constructor(){this.Xaa=null;this.uzb=this.jRa=20;this.ora=this.yz=this.xBa=this.T$=this.Kpa=null;this.pDb=this.AQa=!1;this.Opd=(x,z)=>{this.Kpa.insert(0,new L(z.commandId,z.controlId,z.time,z.commandSurface,z.inputMethod,z.contentType,z.w9));this.U5a(this.Kpa);this.AQa&& source: chromecache_317.1.dr
Source:	Binary string: I.activeSection&&(I=I.activeSection.Yb(M))&&(C=I.label);m.a.xu(K,C)}static z1a(){m.a.eo(F.AppFrame.Yea)}}(0,E.a)(D,"ASectionListView",m.a,[])},56805:function(E,L,d){d.d(L,{a:function(){return M}});E=d(100);var h=d(77072),k=d(57531),l=d(96012),r=d(60629),t=d(73225),m=d(93651),x=d(65097),z=d(305),u=d(71987),B=d(79587),F=d(19655),D=d(50952),C=d(87478);class I{constructor(K){this.MX=!1;this.FJe=this.PDb=0;this.eF=K}ev(){return this.eF.eod()}iA(K){if(!this.ev(K))return this.MX=!1;this.PDb=K.clientPoint.x; source: chromecache_197.1.dr
Source:	Binary string: this.FJe=this.eF.container.clientWidth;return this.MX=!0}gt(K){this.MX&&this.eF.resize(this.FJe+C.a.V2f(K.clientPoint.x-this.PDb));return!0}gq(){this.cNb()}oB(){this.cNb()}cNb(){this.MX=!1;x.App.ha.cfa()}dispose(){}}(0,E.a)(I,"ListViewResizeAdapter",null,[431,44]);class M extends m.a{constructor(K){super(new F.a,m.a.Ywc,x.App.bX);this.Gba=this.aY=this.vaa=this.nU=this.FX=this.OBa=null;this.isa=4294967295;this.cCa=!1;this.JN=!0;this.zz=K}get resizeMinWidth(){return 0}get resizeMaxWidth(){return 350}get Wda(){return this.OBa}get QHa(){return this.vaa}get Sla(){return this.FX}get $Sb(){return!0}get isCollapsed(){return this.cCa}set isCollapsed(K){this.cCa= source: chromecache_197.1.dr
Source:	Binary string: 1028);this.ia.la(jj.a.pdb,Sl.a.view,rA.BNb);this.ia.la(jj.a.pdb,Sl.a.tableCell,(0,ye.a)(this,this.pdb,"clearCellShadingColor"));this.ia.Wb(jj.a.pdb,1028);this.ia.la(jj.a.a3a,Sl.a.view,(0,ye.a)(this,this.VSi,"queryCellShadingColorView"));this.ia.la(jj.a.a3a,Sl.a.tableCell,(0,ye.a)(this,this.a3a,"queryCellShadingColor"));this.ia.Wb(jj.a.a3a,1124);this.ia.la(jj.a.f0b,Sl.a.view,rA.BNb);this.ia.la(jj.a.f0b,Sl.a.tableCell,(0,ye.a)(this,this.S0g,"cellShadingCustomColor"));this.ia.Wb(jj.a.f0b,1028);this.ia.la(jj.a.hSf, source: chromecache_192.1.dr
Source:	Binary string: 4034531111;h.Cta=319972657;h.VVa=1892407702;h.QHb=329522368;h.Hca=3386890908;h.WHb=70356481;h.bIb=1303135280;h.centerJustify=4284004393;h.eFa=3332601592;h.W0g=3523575366;h.fdb=1880533947;h.gdb=768894625;h.Y0g=3230325101;h.dIb=2981608035;h.Olc=3502060538;h.hdb=4291024442;h.Iod=1943062421;h.g1g=3246658478;h.EVe=3281315808;h.DVe=3968581736;h.cC=2858610352;h.pdb=3275596206;h.rdb=562361573;h.U1=3491966299;h.clearFormatting=2319895756;h.gpd=2449130731;h.iWa=1011300372;h.wXe=3589727007;h.uIb=3901727243; source: chromecache_197.1.dr
Source:	Binary string: Ua.AFrameworkApplication.fa.Ea.qE}ZIb(){if(!this.behavior){var u=L.a.Pdb;u&&(this.behavior=u.ucf(this))}}get Mb(){return this.$a}get vb(){r.c(this.JTa)&&(this.JTa={});return this.JTa}get nFa(){r.c(this.gOa)&&(this.gOa={});return this.gOa}get iSb(){return m.a.Pf(this.Mb.IsDefinitive)}get Apb(){return m.a.Vy(this.Mb.ShouldSetTitle)}get fPc(){return this.Mb.TemplateAlias}get Iz(){return this.dK?E.a.bSe:E.a.BH}aYa(u){if(-1===this.daa.indexOf(","+u+","))throw Error.create("The display mode with name: "+ source: chromecache_317.1.dr
Source:	Binary string: !0);this.AQa&&(this.yz=new Ca.a,this.ora="UserRecentActions_"+this.bgb(),this.AQd())}bgb(){switch(k.AFrameworkApplication.fa.Ea.Ng){case 3:return"Word";case 1:return"Excel";case 2:return"PowerPoint";case 5:return"Visio";case 4:return"OneNote";default:return"Unknown"}}AQd(){var x=t.a.get(this.ora);if(!this.Xaa.isNullOrUndefined(x)&&0<x.length){let z=null;try{z=JSON.parse(decodeURIComponent(x))}catch(u){t.a.remove(this.ora);return}x=0;for(const u of z)this.yz.insert(x++,u)}}Whd(x){const z=this.pDb&& source: chromecache_317.1.dr
Source:	Binary string: return}x=0;for(const u of z)this.yz.insert(x++,u)}}Whd(x){const z=this.pDb&&!this.Xaa.isNullOrUndefined(x.w9)&&0<x.w9.length;if(0<this.yz.count){for(var u=0;u<this.yz.count&&3>u;u++){var B=this.yz.K(u);if(z&&B.ParentTcid===x.w9\|\|B.Tcid===x.controlId)return}for(u=3;u<this.yz.count;u++)if(B=this.yz.K(u),z&&B.ParentTcid===x.w9\|\|B.Tcid===x.controlId){this.yz.remove(B);break}}this.yz.insert(0,new h(x.controlId,x.w9,x.commandId,x.time));this.yz.count>this.uzb&&this.yz.removeAt(this.uzb);x=JSON.stringify(this.yz.toArray()); source: chromecache_192.1.dr
Source:	Binary string: !1);this.pDb=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.ShouldPreferParentControls",!0);this.AQa&&(this.yz=new Ca.a,this.ora="UserRecentActions_"+this.bgb(),this.AQd())}bgb(){switch(k.AFrameworkApplication.fa.Ea.Ng){case 3:return"Word";case 1:return"Excel";case 2:return"PowerPoint";case 5:return"Visio";case 4:return"OneNote";default:return"Unknown"}}AQd(){var x=t.a.get(this.ora);if(!this.Xaa.isNullOrUndefined(x)&&0<x.length){let z=null;try{z=JSON.parse(decodeURIComponent(x))}catch(u){t.a.remove(this.ora); source: chromecache_192.1.dr

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 65MB

Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU HTTP/1.1Host: onedrive.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/a19e0d27a159b01d/_layouts/15/Doc.aspx?sourcedoc=%7Be850d13a-ad6f-4f54-8dfe-dfae61d3c47a%7D&action=default&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU&slrid=114b8ea1-0060-c000-6241-c77a4dce2e19&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_cnRpbWU9WmRsRlIyVnMzVWc&CID=2229562f-da64-467c-81ae-ab18381bbb3c&_SRM=0:G:56 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2QyNzllNWNjYjJmM2Y0OWNmMWQ5ZjEzYzk0ODY1Y2EzYjBkMWY1MDQ5ZWQ0YTYzM2RhMTgzOWFmYmI2YjQ3OGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZDI3OWU1Y2NiMmYzZjQ5Y2YxZDlmMTNjOTQ4NjVjYTNiMGQxZjUwNDllZDRhNjMzZGExODM5YWZiYjZiNDc4YSwxMzM4NzQ2NzUzOTAwMDAwMDAsMCwxMzM4NzU1MzYzOTk0MjI2MjksMC4wLjAuMCwyNTgsOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkLCwsMDYxMjZlNzAtZWQ1ZC00OGVjLTk3NTktMDRmODdjYWVhYWM5LDA2MTI2ZTcwLWVkNWQtNDhlYy05NzU5LTA0Zjg3Y2FlYWFjOSxOMHpuQ3FYY0JVcTdwbHllN0cyUjJ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODg4NjcsTkxITm9QekJlYzNqTGxRc1NZb0w1UTFFZ2ZFLFhDZU50enR1d1dxV0lQdVo0MW90aHhYenpjRzN3UzlUTkdic3BrTklvVXdCQnBZLzErL3lrRWpFcm1lb3pLUjNuVCtNbUJMbXczaklNZDQrcnozcGtFVm0vNCsvWWJoanhmN2p3RjVKRGdvbHVIdlNDY1JIQ28xVHc2QnBVZ3Y2Z1NzeEkzWHV1dFJKd1loL1h1VDdkaG8ycXVMbWRrQWU4cjgrTWt1VXVMTWF5ZVZCMlU4b3dTN08vdjIvQ1lucUE2SmFBRVU4cTFoakdWKzVvMXFkdnhNWThrdGNqT0E1Vm5sVi9xZmhSYURwTi9nMkI1V1lWeGUrRFp1Y3ZZODZZeUcyVmF1S285TWd2TTQrMnlkVFVhREorRm1KUjVBcjY1WWdyZGVqUFgzWW1nS2RkWDVHZUlSVVVsYnBaYkx6VytiNFhvcGdqdTBtNFVxSlFMbncvdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18718.41003&campaignParams=pageWidth%3D1280%26pageHeight%3D897%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DPUS10%26TenantId%3D9188040d-6c67-4c5b-b112-36a304b66dad%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2 HTTP/1.1Host: messaging.engagement.office.comConnection: keep-alivex-clientsessionid: 489263a8-bb67-4f98-39cb-f26ac34c7ce4sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0x-correlationid: 01db9715-1484-4567-ccfe-89744fd5c878Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/fabric/assets/icons/fabricmdl2icons.woff HTTP/1.1Host: spoprod-a.akamaihd.netConnection: keep-aliveOrigin: https://onenote.officeapps.live.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1742993650256 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-aliveOrigin: https://onenote.officeapps.live.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /officeaddins/learningtools/?et= HTTP/1.1Host: www.onenote.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: yzAYbN7tIcSTpj5yT7Pupg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000110.resources.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2409.12011/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000138.resources.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.18015/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000128.resources.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2404.23003/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000096.resources.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2503.17004/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000012.resources.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000111.resources.office.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/jQuery/jquery-3.5.0.min.js HTTP/1.1Host: ajax.aspnetcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=0b8c0379-a401-4592-817b-addd9f08b69e&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=HDVK6zZJo6cY73oZVAXiALeMrfrIVZziBo3Y1XfJPCU&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-781b-7094-9966-016889dc4b4b&state=eyJpZCI6IjAxOTVkMjg0LTc4MWItN2MxNi1iNGYzLWM5N2E0ZDQ2YTFiZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18718.41003&campaignParams=pageWidth%3D1280%26pageHeight%3D897%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DPUS10%26TenantId%3D9188040d-6c67-4c5b-b112-36a304b66dad%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2 HTTP/1.1Host: messaging.engagement.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.18015/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000128.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2503.17004/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000012.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2404.23003/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000096.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2409.12011/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000138.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000110.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000111.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=4e4fd511-ce24-44ac-8e48-28c5f2dc9b90&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=HBqh2uO71gpacuuDSzg7TpXt3GBdzPOikDTDhgUTwqk&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-99b8-7fd9-b8da-d733f54c2a8d&state=eyJpZCI6IjAxOTVkMjg0LTk5YjgtNzEwZC05MGY3LWE3NDU4ZmU3ZjQ1YiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=6e978169-98b0-08db-1683-11f39403677b HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=ff7e1408-d504-4158-8cd8-f4edf2e3f729&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=EfNgJeWUgGyvxl-mDCqJ-yR58ekTsaEADmfZhGAazI4&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-ede7-77fb-b56b-8d76b626de53&state=eyJpZCI6IjAxOTVkMjg0LWVkZTYtNzVhNi05ZjRhLTdlYmFjM2U1ZjY3ZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=66f5292e-92f4-4a6e-a158-3d441f77515a&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=RuEWUuglZ9hU-2PCcEiSXcoZRLiqyXu1H6jw_a_DmPY&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-fa46-79ad-9b7e-1a34db938360&state=eyJpZCI6IjAxOTVkMjg0LWZhNDYtNzhjMC04MTY4LTUwZmIwYzk0YTIzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=748b13bf-01af-4b40-869f-ca76e4538997&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=0rq8G6LyusZy84tamqJKJhXix1wH0byR4VAhvgqeXts&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d285-3599-730b-9ed3-8aca50e73466&state=eyJpZCI6IjAxOTVkMjg1LTM1OTgtN2IxYi04MGYzLWNkYmJiOWFiZWYzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://oauth.officeapps.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: edp-germany.schinndlerr.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /suite/RemoteUls.ashx?usid=6e978169-98b0-08db-1683-11f39403677b&officeserverversion= HTTP/1.1Host: common.online.office.comConnection: keep-aliveContent-Length: 703sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://onedrive.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_207.1.dr, chromecache_330.1.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_303.1.dr	String found in binary or memory: http://hammerjs.github.io/
Source: chromecache_288.1.dr, chromecache_285.1.dr, chromecache_222.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_197.1.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: chromecache_330.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_197.1.dr	String found in binary or memory: https://1drv.ms
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://Office.net
Source: chromecache_234.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.0.min.js
Source: chromecache_317.1.dr	String found in binary or memory: https://aka.ms/MathAssistantSupport?client_id=onenote_wac&platform_id=web&correlation_id=
Source: chromecache_317.1.dr	String found in binary or memory: https://api.addins.omex.office.net/
Source: chromecache_192.1.dr	String found in binary or memory: https://apps.apple.com/in/app/microsoft-onenote/id410395246
Source: chromecache_197.1.dr	String found in binary or memory: https://attributes.engagement.office-int.com
Source: chromecache_197.1.dr	String found in binary or memory: https://attributes.engagement.office.com
Source: chromecache_197.1.dr	String found in binary or memory: https://attributes.engagement.officeppe.com
Source: chromecache_180.1.dr	String found in binary or memory: https://augloop.office.com/v2;394866fc-eedb-4f01-8536-3ff84b16be2a;liveprofilecard.access;https://sh
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://c3web.trafficmanager.net
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/dev
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/stg
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/df
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/gcc
Source: chromecache_197.1.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/prod
Source: chromecache_192.1.dr	String found in binary or memory: https://cdn.hubblecontent.msit.osi.office.net
Source: chromecache_192.1.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/BrowserUls.js
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/CommonDiagnostics.js
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/ExternalResources/js-cookie.js
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/Instrumentation.js
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/LearningTools/LearningTools.js
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/aria-web-telemetry-2.9.0.min.js
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161872540452_Scripts/pickadate.min.js
Source: chromecache_292.1.dr, chromecache_321.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details16x16.png
Source: chromecache_292.1.dr, chromecache_321.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details32x32.png
Source: chromecache_292.1.dr, chromecache_321.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details48x48.png
Source: chromecache_292.1.dr, chromecache_321.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details80x80.png
Source: chromecache_317.1.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: chromecache_197.1.dr	String found in binary or memory: https://content.lifecycle.officeppe.net/
Source: chromecache_197.1.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: chromecache_197.1.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: chromecache_197.1.dr	String found in binary or memory: https://ecs.office.com
Source: chromecache_192.1.dr	String found in binary or memory: https://edog.onenote.com
Source: chromecache_197.1.dr	String found in binary or memory: https://eurppc-word-edit.officeapps.live.com
Source: chromecache_197.1.dr	String found in binary or memory: https://fa000000096.resources.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
Source: chromecache_197.1.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
Source: chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://fa000000128.resources.office.net
Source: chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://fa000000128.resources.office.net:3000/index_onenotejs.html
Source: chromecache_197.1.dr, chromecache_218.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_197.1.dr, chromecache_218.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_197.1.dr	String found in binary or memory: https://ffc-word-edit.officeapps.live.com
Source: chromecache_197.1.dr	String found in binary or memory: https://ffc-word-view.officeapps.live.com
Source: chromecache_197.1.dr	String found in binary or memory: https://fil1-word-edit.officeapps.live.com
Source: chromecache_197.1.dr	String found in binary or memory: https://fin1-word-edit.officeapps.live.com
Source: chromecache_317.1.dr	String found in binary or memory: https://forms.office.com
Source: chromecache_317.1.dr	String found in binary or memory: https://forms.office.com/Pages/OneNoteMathAddinFunctionPage.aspx
Source: chromecache_254.1.dr, chromecache_317.1.dr, chromecache_261.1.dr	String found in binary or memory: https://forms.officeppe.com
Source: chromecache_197.1.dr	String found in binary or memory: https://fus1-word-edit.officeapps.live.com
Source: chromecache_257.1.dr, chromecache_213.1.dr	String found in binary or memory: https://github.com/OfficeDev/office-js/blob/release/LICENSE.md
Source: chromecache_267.1.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_197.1.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_330.1.dr	String found in binary or memory: https://github.com/webpack-contrib/style-loader#insertat)
Source: chromecache_192.1.dr	String found in binary or memory: https://hedwigtestserver.blob.core.windows.net/builds/
Source: chromecache_192.1.dr	String found in binary or memory: https://hubblecontent.azureedge.eaglex.ic.gov
Source: chromecache_192.1.dr	String found in binary or memory: https://hubblecontent.azureedge.microsoft.scloud
Source: chromecache_317.1.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore/flyoutdetails/
Source: chromecache_218.1.dr	String found in binary or memory: https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://login.live-int.com
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://login.live.com
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://login.microsoftonline-int.com
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://login.windows.net
Source: chromecache_197.1.dr, chromecache_219.1.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_317.1.dr	String found in binary or memory: https://office.visualstudio.com/DefaultCollection/OC/_wiki/wikis/OC.wiki/22688/Using-Dictation-on-yo
Source: chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://officeapps.live.com
Source: chromecache_317.1.dr	String found in binary or memory: https://onedrive.live.com
Source: chromecache_180.1.dr	String found in binary or memory: https://onenote.officeapps.live.com
Source: chromecache_192.1.dr	String found in binary or memory: https://osizewuspersimmon001.blob.core.windows.net
Source: chromecache_192.1.dr	String found in binary or memory: https://osiziwuspersimmon002.blob.core.windows.net
Source: chromecache_192.1.dr	String found in binary or memory: https://osizpscuspersimmon000.blob.core.windows.net
Source: chromecache_197.1.dr	String found in binary or memory: https://outlook-1-cdn.azureedge.eaglex.ic.gov
Source: chromecache_197.1.dr	String found in binary or memory: https://outlook-1-cdn.azureedge.microsoft.scloud
Source: chromecache_301.1.dr	String found in binary or memory: https://pf.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_219.1.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_197.1.dr	String found in binary or memory: https://ppc-word-edit.officeapps.live.com
Source: chromecache_197.1.dr	String found in binary or memory: https://ppc-word-view.officeapps.live.com
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://prod.support.office.com
Source: chromecache_257.1.dr, chromecache_206.1.dr, chromecache_213.1.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_207.1.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_197.1.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://res-1.cdn.partner.office365.cn
Source: chromecache_197.1.dr	String found in binary or memory: https://res-2-dev.cdn.officeppe.net
Source: chromecache_197.1.dr	String found in binary or memory: https://res-2-sdf.cdn.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://res-2.cdn.office.net
Source: chromecache_192.1.dr	String found in binary or memory: https://res-dev.cdn.officeppe.net
Source: chromecache_192.1.dr	String found in binary or memory: https://res-dev.cdn.officeppe.net/mirrored/smartlookup/
Source: chromecache_197.1.dr	String found in binary or memory: https://res-dod.cdn.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://res-dod.cdn.office.net/fluid/dod
Source: chromecache_197.1.dr	String found in binary or memory: https://res-gcch.cdn.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://res-gcch.cdn.office.net/fluid/gcch
Source: chromecache_197.1.dr	String found in binary or memory: https://res-h1.cdn.office.net
Source: chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://res-h3.public.cdn.office.net
Source: chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://res-h3.sdf.cdn.office.net
Source: chromecache_197.1.dr, chromecache_192.1.dr	String found in binary or memory: https://res-sdf.cdn.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://res-v-sdf.cdn.office.net
Source: chromecache_197.1.dr, chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://res.cdn.office.net
Source: chromecache_191.1.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2025.3.20.2/
Source: chromecache_191.1.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2025.3.20.2/floodgate.en.bundle.js
Source: chromecache_338.1.dr, chromecache_226.1.dr	String found in binary or memory: https://res.sdf.cdn.office.net
Source: chromecache_197.1.dr	String found in binary or memory: https://roaming.edog.officeapps.live.com/rs/v1/settings
Source: chromecache_197.1.dr	String found in binary or memory: https://roaming.officeapps.live.com/rs/v1/settings
Source: chromecache_197.1.dr	String found in binary or memory: https://roaming.officeapps.partner.office365.cn/rs/v1/settings
Source: chromecache_197.1.dr	String found in binary or memory: https://roaming.osi.apps.mil/rs/v1/settings
Source: chromecache_197.1.dr	String found in binary or memory: https://roaming.osi.office.de/rs/v1/settings
Source: chromecache_197.1.dr	String found in binary or memory: https://roaming.osi.office365.us/rs/v1/settings
Source: chromecache_317.1.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/suggestions
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com
Source: chromecache_197.1.dr	String found in binary or memory: https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
Source: chromecache_192.1.dr	String found in binary or memory: https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/drawing
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/excel
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/onenote
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/outlook
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/powerpoint
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/project
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/SDX/word
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/home/isAgave=true&helpid=126385
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true&helpid=161255
Source: chromecache_315.1.dr	String found in binary or memory: https://support.office.com/icon32.png
Source: chromecache_265.1.dr, chromecache_315.1.dr	String found in binary or memory: https://support.office.com/icon80.png
Source: chromecache_301.1.dr	String found in binary or memory: https://tb.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_192.1.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/
Source: chromecache_192.1.dr	String found in binary or memory: https://uci.edog.cdn.office.net/mirrored/smartlookup/
Source: chromecache_217.1.dr, chromecache_177.1.dr	String found in binary or memory: https://usc-onenote.officeapps.live.com/o/RemoteUls.ashx
Source: chromecache_197.1.dr	String found in binary or memory: https://whiteboard.apps.mil
Source: chromecache_197.1.dr	String found in binary or memory: https://whiteboard.eaglex.ic.gov
Source: chromecache_197.1.dr	String found in binary or memory: https://whiteboard.microsoft.scloud
Source: chromecache_197.1.dr	String found in binary or memory: https://whiteboard.office.com/root/index.fluid.js
Source: chromecache_197.1.dr	String found in binary or memory: https://whiteboard.office365.us
Source: chromecache_180.1.dr	String found in binary or memory: https://wise-m-backup.public.onecdn.static.microsoft/wise/owl/sharedauthclientmsal.6b11c4094d365aa3e
Source: chromecache_180.1.dr	String found in binary or memory: https://wise.public.cdn.office.net/wise/owl/sharedauthclientmsal.6b11c4094d365aa3ee90.js
Source: chromecache_197.1.dr	String found in binary or memory: https://word-edit.officeapps.live.com
Source: chromecache_197.1.dr	String found in binary or memory: https://wordwebclientbuilds.blob.core.windows.net
Source: chromecache_301.1.dr	String found in binary or memory: https://www.office.com/launch
Source: chromecache_192.1.dr	String found in binary or memory: https://www.onenote.com
Source: chromecache_317.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/mathassistant
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bs-Latn-BA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cy-GB&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=es-ES&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=eu-ES&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fa-IR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ga-IE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gd-GB&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gl-ES&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hi-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ig-NG&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kn-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ku-Arab-IQ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lb-LU&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lv-LV&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nb-NO&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nn-NO&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=or-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=quz-PE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sd-Arab-PK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=si-LK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-BA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-RS&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sw-KE&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=te-IN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ti-ET&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tt-RU&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ur-PK&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=wo-SN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=xh-ZA&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-TW&temporaryLocalization=true
Source: chromecache_321.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true

Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.111.229.20:443 -> 192.168.2.7:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.36.101:443 -> 192.168.2.7:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.135.4.170:443 -> 192.168.2.7:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.72:443 -> 192.168.2.7:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.111.230.4:443 -> 192.168.2.7:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.182.51:443 -> 192.168.2.7:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.13:443 -> 192.168.2.7:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.35.21:443 -> 192.168.2.7:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.111.229.20:443 -> 192.168.2.7:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.45.193.219:443 -> 192.168.2.7:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.57.212:443 -> 192.168.2.7:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.57.90.112:443 -> 192.168.2.7:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.136.154:443 -> 192.168.2.7:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.201.134:443 -> 192.168.2.7:49991 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: sslproxydump.pcap, type: PCAP

Matched rule: Detect payload of EvilNum Author: Sekoia.io

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir2892_703703847

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir2892_703703847

Jump to behavior

Source: sslproxydump.pcap, type: PCAP

Matched rule: evilnumpayload_fmtstr author = Sekoia.io, description = Detect payload of EvilNum, creation_date = 2022-07-25, classification = TLP:CLEAR, version = 1.1, id = 980c58e4-e04d-4076-a92e-2c04ced19ece

Source: chromecache_197.1.dr

Binary or memory string: new r.a(t.a.Ad());const C=".3gp .aa .aac .aax .act .aiff .amr .ape .au .awb .dct .dss .dvf .flac .gsm .iklax .ivs .m4a .m4b .m4p .mmf .mp3 .mpc .msv .ogg .oga .mogg .opus .ra .rm .raw .sln .tta .vox .wav .webm .wma .wv".split(" ");for(const I of C)D.pbc.add(I)}return D.pbc}static C9h(C){return D.JRh().contains(C)}static zdi(C){C=x.uCh(C);return""!==document.createElement("audio").canPlayType(C)}}D.pbc=null;(0,E.a)(D,"EmbeddedFileReaderUtils",null,[])},61068:function(E,L,d){d.d(L,{a:function(){return k}});

Source: classification engine

Classification label: mal60.phis.win@34/289@70/20

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,8304551701378974237,13015741462274710447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2204 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,8304551701378974237,13015741462274710447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2204 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: x=d(96012),z=d(60629),u=d(62280),B=d(73225),F=d(50625),D=d(13059),C=d(65097),I=d(72974),M=d(93168),K=d(48703),R=d(67590),T=d(79587),v=d(50952),N=d(44914);class Q{constructor(){this.MX=!1;this.EJe=this.PDb=0}ev(){return!0}iA(O){this.PDb=O.clientPoint.x;this.EJe=C.App.ha.oa.lg.container.clientWidth;return this.MX=!0}gt(O){this.MX&&C.App.ha.oa.lg.resize(this.EJe+r.a.V2f(O.clientPoint.x-this.PDb));return!0}gq(){this.cNb()}oB(){this.cNb()}cNb(){this.MX=!1;C.App.ha.cfa()}dispose(){}}(0,E.a)(Q,"NavigationPaneResizeAdapter", source: chromecache_197.1.dr
Source:	Binary string: this.vb[t.a.$4a]=B;u.rZb(this);this.ZIb()}MGa(){return r.b(this.Mb.CommandValueId)?this.Mb.MenuItemId:this.Mb.CommandValueId}YL(){return""}get id(){return this._id}get $ea(){return!1}get Hn(){return this.rXc}get A3(){return!!Ua.AFrameworkApplication.fa&&Ua.AFrameworkApplication.fa.Ea.qE}ZIb(){if(!this.behavior){var u=L.a.Pdb;u&&(this.behavior=u.ucf(this))}}get Mb(){return this.$a}get vb(){r.c(this.JTa)&&(this.JTa={});return this.JTa}get nFa(){r.c(this.gOa)&&(this.gOa={});return this.gOa}get iSb(){return m.a.Pf(this.Mb.IsDefinitive)}get Apb(){return m.a.Vy(this.Mb.ShouldSetTitle)}get fPc(){return this.Mb.TemplateAlias}get Iz(){return this.dK? source: chromecache_192.1.dr
Source:	Binary string: null;this.pDb=this.AQa=!1;this.Opd=(x,z)=>{this.Kpa.insert(0,new L(z.commandId,z.controlId,z.time,z.commandSurface,z.inputMethod,z.contentType,z.w9));this.U5a(this.Kpa);this.AQa&&this.Xaa.MOd(z.controlId)&&this.Whd(z)}}init(){this.Xaa=new d;this.Kpa=new Ca.a;this.T$=new Ca.a;this.xBa=new Ca.a;this.jRa=k.AFrameworkApplication.J.tb("MaxCommandClickedEventQueueSize",20);l.a.ojd(this.Opd);r.a.instance.kjd((0,Ja.a)(this,this.T4d,"recordActionEvent"));this.AQa=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.UserMRUActionsCookieEnabled", source: chromecache_192.1.dr
Source:	Binary string: Jc._instance=null;(0,m.a)(Jc,"ControlBehaviorFactory",null,[784]);class Hd{get name(){return"CUI.Behavior"}configure(Sa){z.AFrameworkApplication.J&&z.AFrameworkApplication.J.Z("AccessibleMovingDialogsEnabled")&&Sa.tu($o,[pn.a]);Sa.tu(bu,[Fd.a])}async initializeAsync(){lc.a.Pdb=Jc.instance;const Sa=Qi.a.instance.AKc;for(let jb=0;jb<Sa.length;++jb){const zb=(0,C.a)(373,Sa[jb]);zb&&zb.MO()}Kh.a.get_instance().zr(6)}dispose(){}static main(){u.a.instance.hq(new Hd,5)}}(0,m.a)(Hd,"CuiBehaviorPackage",null, source: chromecache_192.1.dr
Source:	Binary string: this.Xaa.MOd(z.controlId)&&this.Whd(z)}}init(){this.Xaa=new d;this.Kpa=new Ca.a;this.T$=new Ca.a;this.xBa=new Ca.a;this.jRa=k.AFrameworkApplication.J.tb("MaxCommandClickedEventQueueSize",20);l.a.ojd(this.Opd);r.a.instance.kjd((0,Ja.a)(this,this.T4d,"recordActionEvent"));this.AQa=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.UserMRUActionsCookieEnabled",!1);this.pDb=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.ShouldPreferParentControls", source: chromecache_317.1.dr
Source:	Binary string: this.ga.resolve("Box4.Actors.StyleActor").ib()}dispose(){}static main(){u.a.instance.Rd(new QC)}}(0,m.a)(QC,"Box4ActorsPackage",null,[0,1]);class hl{constructor(Sa,jb,zb,Kb,Vb,pc){this.rpe=this.Epa=null;this.ia=Sa;this.UHg=jb;this.l7c=zb;this.Vm=Kb;this.mc=Vb;this.Ci=pc}get recentColors(){return hl.OBb\|\|(hl.OBb=ff.a.instance.va("Box4.UI.RecentColorsSectionHandler"))}get Aae(){this.Epa\|\|(this.Epa=new oF("Shading"),this.iRb(this.Epa));return this.Epa}iRb(Sa){Sa.CEa(2,jj.a.pdb);Sa.CEa(3,jj.a.gga);Sa.CEa(4, source: chromecache_192.1.dr
Source:	Binary string: null,[]);class h{constructor(x,z,u,B){this.CmdId=this.ParentTcid=this.Tcid=null;this.Time=0;this.Tcid=x;this.ParentTcid=z;this.CmdId=u;this.Time=B}}(0,Fa.a)(h,"MRUControl",null,[]);var k=J(51647),l=J(76327),r=J(50478),t=J(62733);class m{constructor(){this.Xaa=null;this.uzb=this.jRa=20;this.ora=this.yz=this.xBa=this.T$=this.Kpa=null;this.pDb=this.AQa=!1;this.Opd=(x,z)=>{this.Kpa.insert(0,new L(z.commandId,z.controlId,z.time,z.commandSurface,z.inputMethod,z.contentType,z.w9));this.U5a(this.Kpa);this.AQa&& source: chromecache_317.1.dr
Source:	Binary string: I.activeSection&&(I=I.activeSection.Yb(M))&&(C=I.label);m.a.xu(K,C)}static z1a(){m.a.eo(F.AppFrame.Yea)}}(0,E.a)(D,"ASectionListView",m.a,[])},56805:function(E,L,d){d.d(L,{a:function(){return M}});E=d(100);var h=d(77072),k=d(57531),l=d(96012),r=d(60629),t=d(73225),m=d(93651),x=d(65097),z=d(305),u=d(71987),B=d(79587),F=d(19655),D=d(50952),C=d(87478);class I{constructor(K){this.MX=!1;this.FJe=this.PDb=0;this.eF=K}ev(){return this.eF.eod()}iA(K){if(!this.ev(K))return this.MX=!1;this.PDb=K.clientPoint.x; source: chromecache_197.1.dr
Source:	Binary string: this.FJe=this.eF.container.clientWidth;return this.MX=!0}gt(K){this.MX&&this.eF.resize(this.FJe+C.a.V2f(K.clientPoint.x-this.PDb));return!0}gq(){this.cNb()}oB(){this.cNb()}cNb(){this.MX=!1;x.App.ha.cfa()}dispose(){}}(0,E.a)(I,"ListViewResizeAdapter",null,[431,44]);class M extends m.a{constructor(K){super(new F.a,m.a.Ywc,x.App.bX);this.Gba=this.aY=this.vaa=this.nU=this.FX=this.OBa=null;this.isa=4294967295;this.cCa=!1;this.JN=!0;this.zz=K}get resizeMinWidth(){return 0}get resizeMaxWidth(){return 350}get Wda(){return this.OBa}get QHa(){return this.vaa}get Sla(){return this.FX}get $Sb(){return!0}get isCollapsed(){return this.cCa}set isCollapsed(K){this.cCa= source: chromecache_197.1.dr
Source:	Binary string: 1028);this.ia.la(jj.a.pdb,Sl.a.view,rA.BNb);this.ia.la(jj.a.pdb,Sl.a.tableCell,(0,ye.a)(this,this.pdb,"clearCellShadingColor"));this.ia.Wb(jj.a.pdb,1028);this.ia.la(jj.a.a3a,Sl.a.view,(0,ye.a)(this,this.VSi,"queryCellShadingColorView"));this.ia.la(jj.a.a3a,Sl.a.tableCell,(0,ye.a)(this,this.a3a,"queryCellShadingColor"));this.ia.Wb(jj.a.a3a,1124);this.ia.la(jj.a.f0b,Sl.a.view,rA.BNb);this.ia.la(jj.a.f0b,Sl.a.tableCell,(0,ye.a)(this,this.S0g,"cellShadingCustomColor"));this.ia.Wb(jj.a.f0b,1028);this.ia.la(jj.a.hSf, source: chromecache_192.1.dr
Source:	Binary string: 4034531111;h.Cta=319972657;h.VVa=1892407702;h.QHb=329522368;h.Hca=3386890908;h.WHb=70356481;h.bIb=1303135280;h.centerJustify=4284004393;h.eFa=3332601592;h.W0g=3523575366;h.fdb=1880533947;h.gdb=768894625;h.Y0g=3230325101;h.dIb=2981608035;h.Olc=3502060538;h.hdb=4291024442;h.Iod=1943062421;h.g1g=3246658478;h.EVe=3281315808;h.DVe=3968581736;h.cC=2858610352;h.pdb=3275596206;h.rdb=562361573;h.U1=3491966299;h.clearFormatting=2319895756;h.gpd=2449130731;h.iWa=1011300372;h.wXe=3589727007;h.uIb=3901727243; source: chromecache_197.1.dr
Source:	Binary string: Ua.AFrameworkApplication.fa.Ea.qE}ZIb(){if(!this.behavior){var u=L.a.Pdb;u&&(this.behavior=u.ucf(this))}}get Mb(){return this.$a}get vb(){r.c(this.JTa)&&(this.JTa={});return this.JTa}get nFa(){r.c(this.gOa)&&(this.gOa={});return this.gOa}get iSb(){return m.a.Pf(this.Mb.IsDefinitive)}get Apb(){return m.a.Vy(this.Mb.ShouldSetTitle)}get fPc(){return this.Mb.TemplateAlias}get Iz(){return this.dK?E.a.bSe:E.a.BH}aYa(u){if(-1===this.daa.indexOf(","+u+","))throw Error.create("The display mode with name: "+ source: chromecache_317.1.dr
Source:	Binary string: !0);this.AQa&&(this.yz=new Ca.a,this.ora="UserRecentActions_"+this.bgb(),this.AQd())}bgb(){switch(k.AFrameworkApplication.fa.Ea.Ng){case 3:return"Word";case 1:return"Excel";case 2:return"PowerPoint";case 5:return"Visio";case 4:return"OneNote";default:return"Unknown"}}AQd(){var x=t.a.get(this.ora);if(!this.Xaa.isNullOrUndefined(x)&&0<x.length){let z=null;try{z=JSON.parse(decodeURIComponent(x))}catch(u){t.a.remove(this.ora);return}x=0;for(const u of z)this.yz.insert(x++,u)}}Whd(x){const z=this.pDb&& source: chromecache_317.1.dr
Source:	Binary string: return}x=0;for(const u of z)this.yz.insert(x++,u)}}Whd(x){const z=this.pDb&&!this.Xaa.isNullOrUndefined(x.w9)&&0<x.w9.length;if(0<this.yz.count){for(var u=0;u<this.yz.count&&3>u;u++){var B=this.yz.K(u);if(z&&B.ParentTcid===x.w9\|\|B.Tcid===x.controlId)return}for(u=3;u<this.yz.count;u++)if(B=this.yz.K(u),z&&B.ParentTcid===x.w9\|\|B.Tcid===x.controlId){this.yz.remove(B);break}}this.yz.insert(0,new h(x.controlId,x.w9,x.commandId,x.time));this.yz.count>this.uzb&&this.yz.removeAt(this.uzb);x=JSON.stringify(this.yz.toArray()); source: chromecache_192.1.dr
Source:	Binary string: !1);this.pDb=k.AFrameworkApplication.J.getBooleanFeatureGate("Microsoft.Office.SharedOnline.ShouldPreferParentControls",!0);this.AQa&&(this.yz=new Ca.a,this.ora="UserRecentActions_"+this.bgb(),this.AQd())}bgb(){switch(k.AFrameworkApplication.fa.Ea.Ng){case 3:return"Word";case 1:return"Excel";case 2:return"PowerPoint";case 5:return"Visio";case 4:return"OneNote";default:return"Unknown"}}AQd(){var x=t.a.get(this.ora);if(!this.Xaa.isNullOrUndefined(x)&&0<x.length){let z=null;try{z=JSON.parse(decodeURIComponent(x))}catch(u){t.a.remove(this.ora); source: chromecache_192.1.dr

Source: chromecache_187.1.dr, chromecache_218.1.dr, chromecache_219.1.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_187.1.dr, chromecache_218.1.dr, chromecache_219.1.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://login.microsoftonline-int.com	100%	Avira URL Cloud	phishing
https://edog.onenote.com	0%	Avira URL Cloud	safe
https://forms.officeppe.com	0%	Avira URL Cloud	safe
https://whiteboard.microsoft.scloud	0%	Avira URL Cloud	safe
https://roaming.osi.office.de/rs/v1/settings	0%	Avira URL Cloud	safe
https://whiteboard.eaglex.ic.gov	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
b-0004.b-dc-msedge.net	13.107.9.156	true	false	high
s-part-0044.t-0009.t-msedge.net	13.107.246.72	true	false	high
i-blz04p-cor006.api.p001.1drv.com	20.135.4.170	true	false	high
wac-0003.wac-dc-msedge.net	52.108.10.12	true	false	high
augloop-prod-pa01.eastus2.cloudapp.azure.com	52.111.230.4	true	false	high
a1894.dscb.akamai.net	23.44.201.134	true	false	high
www.tm.a.prd.aadg.trafficmanager.net	40.126.35.21	true	false	high
a46.dscr.akamai.net	104.117.182.51	true	false	high
edp-germany.schinndlerr.com	185.225.69.75	true	false	unknown
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
dual-spov-0006.spov-msedge.net	13.107.137.11	true	false	high
wac-0003.wac-msedge.net	52.108.8.12	true	false	high
prod-campaignaggregator.omexexternallfb.office.net.akadns.net	52.111.229.20	true	false	high
a726.dscd.akamai.net	23.44.136.179	true	false	high
www.google.com	142.251.40.228	true	false	high
a1531.g2.akamai.net	23.219.36.101	true	false	high
s-0005.dual-s-msedge.net	52.123.129.14	true	false	high
e11271.dscg.akamaiedge.net	23.51.57.212	true	false	high
fa000000012.resources.office.net	unknown	unknown	false	high
js.monitor.azure.com	unknown	unknown	false	high
fa000000111.resources.office.net	unknown	unknown	false	high
fa000000128.resources.office.net	unknown	unknown	false	high
augloop.office.com	unknown	unknown	false	high
storage.live.com	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
m365cdn.nel.measure.office.net	unknown	unknown	false	high
fa000000110.resources.office.net	unknown	unknown	false	high
onenoteonline.nel.measure.office.net	unknown	unknown	false	high
common.online.office.com	unknown	unknown	false	high
fa000000138.resources.office.net	unknown	unknown	false	high
onedrive.live.com	unknown	unknown	false	high
amcdn.msftauth.net	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high
spoprod-a.akamaihd.net	unknown	unknown	false	high
www.onenote.com	unknown	unknown	false	high
messaging.engagement.office.com	unknown	unknown	false	high
fa000000096.resources.office.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://fa000000128.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.18015/en-us_web/manifest_web.xml	false	high
http://c.pki.goog/r/gsr1.crl	false	high
https://fa000000110.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml	false	high
https://spoprod-a.akamaihd.net/files/fabric/assets/icons/fabricmdl2icons.woff	false	high
https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU	false	high
https://common.online.office.com/suite/RemoteTelemetry.ashx?usid=6e978169-98b0-08db-1683-11f39403677b	false	high
https://common.online.office.com/suite/RemoteUls.ashx?usid=6e978169-98b0-08db-1683-11f39403677b&officeserverversion=	false	high
https://www.onenote.com/officeaddins/learningtools/?et=	false	high
https://augloop.office.com/	false	high
https://fa000000111.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://roaming.officeapps.partner.office365.cn/rs/v1/settings	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://support.office.com/f1/home?isAgave=true&helpid=161255	chromecache_265.1.dr, chromecache_315.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://login.microsoftonline-int.com	chromecache_265.1.dr, chromecache_315.1.dr	false	Avira URL Cloud: phishing	unknown
https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true	chromecache_321.1.dr	false		high
http://www.opensource.org/licenses/mit-license.php	chromecache_330.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://content.lifecycle.officeppe.net/	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://augloop.office.com/v2;394866fc-eedb-4f01-8536-3ff84b16be2a;liveprofilecard.access;https://sh	chromecache_180.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://cdn.fluidpreview.office.net/fluid/prod	chromecache_197.1.dr	false		high
https://my.microsoftpersonalcontent.com	chromecache_197.1.dr, chromecache_219.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://forms.office.com	chromecache_317.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://whiteboard.microsoft.scloud	chromecache_197.1.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://github.com/webpack-contrib/style-loader#insertat)	chromecache_330.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://consent.config.office.com/consentcheckin/v1.0/consents	chromecache_317.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://fa000000096.resources.office.net	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://whiteboard.office.com/root/index.fluid.js	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_267.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576	chromecache_197.1.dr	false		high
https://res-dev.cdn.officeppe.net/mirrored/smartlookup/	chromecache_192.1.dr	false		high
https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2	chromecache_192.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://prod.support.office.com	chromecache_265.1.dr, chromecache_315.1.dr	false		high
https://roaming.osi.office.de/rs/v1/settings	chromecache_197.1.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://login.windows-ppe.net	chromecache_265.1.dr, chromecache_315.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://reactjs.org/link/react-polyfills	chromecache_207.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://login.microsoftonline.com	chromecache_265.1.dr, chromecache_315.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://cdn.fluidpreview.office.net/fluid/gcc	chromecache_197.1.dr	false		high
https://support.office.com/f1/SDX/word	chromecache_265.1.dr, chromecache_315.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=nb-NO&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=zh-TW&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=wo-SN&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=kn-IN&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/mathassistant	chromecache_317.1.dr	false		high
https://portal.office.com/	chromecache_219.1.dr	false		high
https://forms.officeppe.com	chromecache_254.1.dr, chromecache_317.1.dr, chromecache_261.1.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map	chromecache_218.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=te-IN&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true	chromecache_321.1.dr	false		high
http://hammerjs.github.io/	chromecache_303.1.dr	false		high
https://whiteboard.office365.us	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://res-2-dev.cdn.officeppe.net	chromecache_197.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=ca-ES&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://edog.onenote.com	chromecache_192.1.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/f1/home?isAgave=true	chromecache_265.1.dr, chromecache_315.1.dr	false		high
https://whiteboard.eaglex.ic.gov	chromecache_197.1.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/meetings?ui=tt-RU&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://www.onenote.com/officeaddins/meetings?ui=es-ES&temporaryLocalization=true	chromecache_321.1.dr	false		high
https://roaming.osi.apps.mil/rs/v1/settings	chromecache_197.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.51.57.212	e11271.dscg.akamaiedge.net	United States	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
23.45.193.219	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.246.38	s-part-0010.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.225.69.75	edp-germany.schinndlerr.com	Hungary	30836	NET23-ASHU	false
52.111.230.4	augloop-prod-pa01.eastus2.cloudapp.azure.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.72	s-part-0044.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.117.182.51	a46.dscr.akamai.net	United States	20940	AKAMAI-ASN1EU	false
23.57.90.112	unknown	United States	35994	AKAMAI-ASUS	false
142.251.40.228	www.google.com	United States	15169	GOOGLEUS	false
20.135.4.170	i-blz04p-cor006.api.p001.1drv.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.219.36.101	a1531.g2.akamai.net	United States	20940	AKAMAI-ASN1EU	false
40.126.35.21	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.44.136.154	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.137.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.44.201.134	a1894.dscb.akamai.net	United States	20940	AKAMAI-ASN1EU	false
40.126.28.13	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.111.229.20	prod-campaignaggregator.omexexternallfb.office.net.akadns.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.7
192.168.2.5
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1649073
Start date and time:	2025-03-26 13:53:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@34/289@70/20
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.206, 142.251.163.84, 142.250.80.35, 142.250.72.110, 142.251.35.174, 142.251.40.142, 142.250.80.78, 104.208.16.89, 142.250.64.106, 142.250.64.74, 142.251.40.234, 142.250.80.74, 142.250.80.42, 142.250.65.234, 142.251.40.170, 142.251.35.170, 142.251.40.106, 142.251.32.106, 142.251.40.202, 142.250.176.202, 142.250.72.106, 142.250.80.106, 142.250.81.234, 142.251.40.138, 52.182.143.214, 208.89.73.29, 52.109.6.4, 20.190.152.20, 40.126.24.146, 20.190.152.19, 40.126.24.83, 40.126.24.81, 40.126.24.147, 40.126.24.84, 20.190.152.21, 142.251.32.110, 23.51.56.248, 142.250.81.238, 142.250.64.110, 142.251.35.163, 142.250.80.46, 142.250.81.227, 34.104.35.123, 142.251.40.195, 51.11.192.49, 20.42.65.90, 142.250.176.206, 142.251.40.110, 23.44.136.179, 52.108.10.12, 52.108.9.12, 23.44.136.155, 23.44.136.159, 52.123.129.14, 13.107.9.156, 20.109.210.53, 23.44.136.161, 13.107.246.40, 52.123.128.14, 184.31.69.3, 23.44.136.153, 23.57.90.70, 52.108.8.12
Excluded domains from analysis (whitelisted): usc-onenote.officeapps.live.com, slscr.update.microsoft.com, mrodevicemgr.officeapps.live.com, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, res-1.cdn.office.net, browser.events.data.trafficmanager.net, onedscolprdeus14.eastus.cloudapp.azure.com, cdn.onenote.net.edgekey.net, clients2.google.com, dual-s-0005-office.config.skype.com, login.live.com, onedscolprdfrc07.francecentral.cloudapp.azure.com, update.googleapis.com, csp.microsoft.com, mrodevicemgr-prod-defaultgeo.trafficmanager.net, www.gstatic.com, ecs.office.com, fs.microsoft.com, content-autofill.googleapis.com, wise.public.cdn.office.net, res-stls-prod.edgesuite.net, res-prod.trafficmanager.net, edgedl.me.gvt1.com, euc-onenote-geo.wac.trafficmanager.net, e1553.dspg.akamaiedge.net, clients.l.google.com, ecs.office.trafficmanager.net, euc-onenote.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net, appsforoffice.microsoft.com, redirector.gvt1.com, onedscolprdcus11.centralus.cloud
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3997
Entropy (8bit):	4.374123181769314
Encrypted:	false
SSDEEP:	96:3/VXGWSAWPHMScQhlsg7uECJYU1GTmhI4U3odG393oP:3/oWrwHSQhtw6TTj73I
MD5:	4DE28836DE634CEC640C1D510205CC49
SHA1:	987DDC6F0C4AD7FA8120DCE95F9AF40E893DDED8
SHA-256:	860B212DF09B02CEEF520D1416F37147B8F7A0ACBD53AFA340741CEE0EF74368
SHA-512:	9B6A1B57968E552C8406A30215D6463F694E7BE478BEE29CA8FB9A0B2EAB6B0472DB4281A9520B0EE3F2D5EFF315CB3225682EE21E1F952704B27E46975117F9
Malicious:	false
Reputation:	low
Preview:	{"timestamp":1742993673185,"BootstrapperUlsHeartBeatIsEnabled":false,"EnableCommonHostDiagnosticsParams":true,"ShouldLogJsApiKpisForWord":true,"EnableFramePageErrorReportingForWord":false,"EnableWordSessionRefreshTelemetry":false,"EnableWordSessionRefreshLoggingCleanup":false,"BootstrapperSettingsFetchPeriod":60000,"BootstrapperUlsHeartbeatIntervalMs":5000,"BootstrapperMaxUlsHeartbeatTime":600000,"BootstrapperNoCompleteWarning1Time":30000,"BootstrapperNoCompleteWarning2Time":120000,"BootstrapperNoCompleteWarning3Time":180000,"BootstrapperUlsUploadCadenceMs":60000,"WordRefreshTelemetryExpirationInDays":7,"RequestedCallThrottlingDefaultToViewMinimumValue":"Major","RemoteUlsETag":"3446F01DD18F16CB80609621A6A1DCA89020D1DE","RemoteUlsSuppressions":"378069,1671813,2208151,2209344,3249545,3290144,4273285,4285850,4298965,4298968,4298969,4751696,5018275,5306497,5904476,6375195,6572226,6948167,7463498,8194017,8458642,16799123,17044289,17085210,17085216,17162522,17358857,17387682,19214611,1924347

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 26, 2025 13:53:53.658719063 CET	53	53408	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:53.676681042 CET	53	56684	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:54.472615004 CET	53	63133	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:54.557291985 CET	53	60598	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:57.814060926 CET	63257	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:53:57.814136028 CET	59715	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:53:57.911358118 CET	53	59715	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:57.912503958 CET	53	63257	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:59.121397972 CET	61159	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:53:59.122277021 CET	49867	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:53:59.218624115 CET	53	61159	1.1.1.1	192.168.2.7
Mar 26, 2025 13:53:59.221142054 CET	53	49867	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:01.510518074 CET	56117	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:01.510689020 CET	58603	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:01.607918978 CET	53	58603	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:01.607939959 CET	53	56117	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:07.628412008 CET	53	54595	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:09.604577065 CET	51138	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:09.604754925 CET	57001	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:09.701884985 CET	53	51138	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:09.703098059 CET	53	57001	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:10.334976912 CET	65027	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:10.335134029 CET	59950	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:10.435564041 CET	53	59950	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:10.435900927 CET	53	65027	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:10.861116886 CET	56595	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:10.861510992 CET	55143	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:10.957823038 CET	53	56595	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:10.960746050 CET	53	55143	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.386751890 CET	61861	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:11.387161016 CET	56608	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:11.414753914 CET	65087	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:11.415035963 CET	64567	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:11.489137888 CET	53	56608	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.498195887 CET	53	61861	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.512778044 CET	53	65087	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.513556004 CET	53	64567	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.564390898 CET	59354	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:11.564390898 CET	52445	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:11.663454056 CET	53	59354	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.665546894 CET	53	52445	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:11.669038057 CET	53	58406	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.177386999 CET	64701	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.177676916 CET	51616	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.178375959 CET	64212	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.178652048 CET	54852	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.179100990 CET	63084	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.179805040 CET	50533	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.179805040 CET	54846	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.179805040 CET	54023	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.180294037 CET	49453	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.180636883 CET	51181	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.181548119 CET	55898	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.181792974 CET	53213	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.190742016 CET	65224	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.190742970 CET	59859	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.274926901 CET	53	64701	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.276132107 CET	53	63084	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.276295900 CET	53	50533	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.276385069 CET	53	54846	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.276891947 CET	53	51616	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.276897907 CET	53	54023	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.277937889 CET	53	54852	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.277951956 CET	53	51181	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.278572083 CET	53	49453	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.279113054 CET	53	55898	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.279340982 CET	53	53213	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.280697107 CET	53	64212	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.287823915 CET	53	65224	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.287839890 CET	53	59859	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.303122044 CET	58963	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.303423882 CET	51755	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.332463026 CET	53108	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.332463980 CET	60118	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.399981976 CET	53	58963	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.402671099 CET	53352	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.402920961 CET	61877	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:12.428899050 CET	53	53108	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.430433989 CET	53	60118	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.441926003 CET	53	51755	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.500571012 CET	53	53352	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:12.500878096 CET	53	61877	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:13.343871117 CET	51839	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.343992949 CET	56642	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.440758944 CET	53	56642	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:13.440905094 CET	53	51839	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:13.983079910 CET	56081	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.983292103 CET	49535	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.988795996 CET	52443	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.989248037 CET	52995	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.990724087 CET	65012	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.990984917 CET	60169	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.992290020 CET	53982	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.992585897 CET	51065	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.993309021 CET	59116	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.993529081 CET	58212	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.994014978 CET	50270	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:13.994445086 CET	54285	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:14.080960035 CET	53	49535	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.083623886 CET	53	56081	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.088284016 CET	53	52443	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.088298082 CET	53	52995	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.089468956 CET	53	65012	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.089557886 CET	53	60169	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.091000080 CET	53	53982	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.091309071 CET	53	58212	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.091320992 CET	53	51065	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.092540026 CET	53	50270	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.093767881 CET	53	59116	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:14.093780041 CET	53	54285	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:15.546838999 CET	59551	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:15.546953917 CET	52475	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:15.646020889 CET	53	59551	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:15.665266991 CET	53	52475	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:17.120809078 CET	59039	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:17.120966911 CET	59914	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:17.303915024 CET	53	59039	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:17.311767101 CET	53	59914	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:30.589193106 CET	53	63565	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:32.870539904 CET	57382	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:32.870706081 CET	61784	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:54:32.968158007 CET	53	61784	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:32.968882084 CET	53	57382	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:47.087447882 CET	53	51738	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:51.095110893 CET	53	62031	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:53.187535048 CET	53	64437	1.1.1.1	192.168.2.7
Mar 26, 2025 13:54:56.173916101 CET	53	54794	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:01.553183079 CET	49953	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:01.553523064 CET	57298	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:01.554958105 CET	54074	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:01.555248976 CET	55656	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:01.555744886 CET	59106	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:01.556097984 CET	51541	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:01.650681973 CET	53	57298	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:01.651546001 CET	53	49953	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:01.651812077 CET	53	54074	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:01.652477980 CET	53	59106	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:01.652988911 CET	53	55656	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:01.653928041 CET	53	51541	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:03.386040926 CET	54597	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:03.386094093 CET	57041	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:03.483195066 CET	53	54597	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:03.484703064 CET	53	57041	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:15.394691944 CET	54808	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:15.394859076 CET	59724	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:15.493031979 CET	53	54808	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:15.494326115 CET	53	59724	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:15.977808952 CET	62256	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:15.977962017 CET	65161	53	192.168.2.7	1.1.1.1
Mar 26, 2025 13:55:16.102346897 CET	53	65161	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:16.118654013 CET	53	62256	1.1.1.1	192.168.2.7
Mar 26, 2025 13:55:19.964430094 CET	53	55284	1.1.1.1	192.168.2.7

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 26, 2025 13:53:54.472707033 CET	192.168.2.7	1.1.1.1	c225	(Port unreachable)	Destination Unreachable
Mar 26, 2025 13:54:01.674416065 CET	192.168.2.7	1.1.1.1	c2b9	(Port unreachable)	Destination Unreachable
Mar 26, 2025 13:54:12.441998005 CET	192.168.2.7	1.1.1.1	c29e	(Port unreachable)	Destination Unreachable
Mar 26, 2025 13:54:40.012556076 CET	192.168.2.7	1.1.1.1	c2f3	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Mar 26, 2025 13:54:10.578897953 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 13:54:10.669320107 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 12:13:27 GMT Expires: Wed, 26 Mar 2025 13:03:27 GMT Age: 2443 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 26, 2025 13:54:10.706228018 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 13:54:10.796258926 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 12:13:30 GMT Expires: Wed, 26 Mar 2025 13:03:30 GMT Age: 2440 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:53:59 UTC	976	OUT	GET /:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU HTTP/1.1 Host: onedrive.live.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:00 UTC	4151	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 657 Content-Type: text/html; charset=utf-8 Location: https://onedrive.live.com/personal/a19e0d27a159b01d/_layouts/15/Doc.aspx?sourcedoc=%7Be850d13a-ad6f-4f54-8dfe-dfae61d3c47a%7D&action=default&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU&slrid=114b8ea1-0060-c000-6241-c77a4dce2e19&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_cnRpbWU9WmRsRlIyVnMzVWc&CID=2229562f-da64-467c-81ae-ab18381bbb3c&_SRM=0:G:56 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2QyNzllNWNjYjJmM2Y0OWNmMWQ5ZjEzYzk0ODY1Y2EzYjBkMWY1MDQ5ZWQ0YTYzM2RhMTgzOWFmYmI2YjQ3OGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZDI3OWU1Y2NiMmYzZjQ5Y2YxZDlmMTNjOTQ4NjVjYTNiMGQxZjUwNDllZDRhNjMzZGExODM5YWZiYjZiNDc4YSwxMzM4NzQ2NzUzOTAwMDAwMDAsMCwxMzM4NzU1MzYzOTk0MjI2MjksMC4wLjAuMCwyNTgsOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkLCwsMDYxMjZlNzAtZWQ1ZC00OGVjLTk3NTktMDRmODdjYWVhYWM5LDA2MTI2ZTcwLWVkNWQtNDhlYy05NzU5LTA0Zjg3Y2FlYWFjOSxOMHpuQ3FYY0JVcTdwbHllN0cyUjJ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODg4NjcsTkxITm9QekJlYzNqTGxRc1NZb0w1UTFFZ2ZFLFhDZU50enR1d1dxV0lQdVo0MW90aHhYenpjRzN3UzlUTkdic3BrTklvVXdCQnBZLzErL3lrRWpFcm1lb3pLUjNuVCtNbUJMbXczaklNZDQrcnozcGtFVm0vNCsvWWJoanhmN2p3RjVKRGdvbHVIdlNDY1JIQ28xVHc2QnBVZ3Y2Z1NzeEkzWHV1dFJKd1loL1h1VDdkaG8ycXVMbWRrQWU4cjgrTWt1VXVMTWF5ZVZCMlU4b3dTN08vdjIvQ1lucUE2SmFBRVU4cTFoakdWKzVvMXFkdnhNWThrdGNqT0E1Vm5sVi9xZmhSYURwTi9nMkI1V1lW [TRUNCATED] IsOCDI: 0 X-NetworkStatistics: 0,0,0,0,0,0,0,0 X-SharePointHealthScore: 2 X-MS-SPO-CookieValidator: XCeNtztuwWqWIPuZ41othxXzzcG3wS9TNGbspkNIoUwBBpY/1+/ykEjErmeozKR3nT+MmBLmw3jIMd4+rz3pkEVm/4+/Ybhjxf7jwF5JDgoluHvSCcRHCo1Tw6BpUgv6gSsxI3XuutRJwYh/XuT7dho2quLmdkAe8r8+MkuUuLMayeVB2U8owS7O/v2/CYnqA6JaAEU8q1hjGV+5o1qdvxMY8ktcjOA5VnlV/qfhRaDpN/g2B5WYVxe+DZucvY86YyG2VauKo9MgvM4+2ydTUaDJ+FmJR5Ar65YgrdejPX3YmgKddX5GeIRUUlbpZbLzW+b4Xopgju0m4UqJQLnw/w== X-AspNet-Version: 4.0.30319 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 124b8ea1-c010-c000-6241-c97d11c76d35 request-id: 124b8ea1-c010-c000-6241-c97d11c76d35 MS-CV: oY5LEhDAAMBiQcl9EcdtNQ.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=9188040d-6c67-4c5b-b112-36a304b66dad&destinationEndpoint=Edge-Prod-BL2r8d&frontEnd=AFD&RemoteIP=161.77.13.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com .powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com m365.cloud.microsoft .cloud.microsoft .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 289 SPIisLatency: 3 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25912 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: A720B4A2DF1B44EF9AA17FB268DD7520 Ref B: BL2AA2030105003 Ref C: 2025-03-26T12:53:59Z Date: Wed, 26 Mar 2025 12:53:59 GMT Connection: close
2025-03-26 12:54:00 UTC	19	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e Data Ascii: <html><head><title>
2025-03-26 12:54:00 UTC	638	IN	Data Raw: 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 6e 65 64 72 69 76 65 2e 6c 69 76 65 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 61 31 39 65 30 64 32 37 61 31 35 39 62 30 31 64 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 44 6f 63 2e 61 73 70 78 3f 73 6f 75 72 63 65 64 6f 63 3d 25 37 42 65 38 35 30 64 31 33 61 2d 61 64 36 66 2d 34 66 35 34 2d 38 64 66 65 2d 64 66 61 65 36 31 64 33 63 34 37 61 25 37 44 26 61 6d 70 3b 61 63 74 69 6f 6e 3d 64 65 66 61 75 6c 74 26 61 6d 70 3b 72 65 64 65 65 6d 3d 61 48 52 30 63 48 4d 36 4c 79 38 78 5a 48 4a 32 4c 6d 31 7a 4c 32 38 76 59 79 39 68 4d 54 6c 6c 4d 47 51 Data Ascii: Object moved</title></head><body><h2>Object moved to <a href="https://onedrive.live.com/personal/a19e0d27a159b01d/_layouts/15/Doc.aspx?sourcedoc=%7Be850d13a-ad6f-4f54-8dfe-dfae61d3c47a%7D&action=default&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQ

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:00 UTC	2319	OUT	GET /personal/a19e0d27a159b01d/_layouts/15/Doc.aspx?sourcedoc=%7Be850d13a-ad6f-4f54-8dfe-dfae61d3c47a%7D&action=default&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU&slrid=114b8ea1-0060-c000-6241-c77a4dce2e19&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_cnRpbWU9WmRsRlIyVnMzVWc&CID=2229562f-da64-467c-81ae-ab18381bbb3c&_SRM=0:G:56 HTTP/1.1 Host: onedrive.live.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2QyNzllNWNjYjJmM2Y0OWNmMWQ5ZjEzYzk0ODY1Y2EzYjBkMWY1MDQ5ZWQ0YTYzM2RhMTgzOWFmYmI2YjQ3OGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZDI3OWU1Y2NiMmYzZjQ5Y2YxZDlmMTNjOTQ4NjVjYTNiMGQxZjUwNDllZDRhNjMzZGExODM5YWZiYjZiNDc4YSwxMzM4NzQ2NzUzOTAwMDAwMDAsMCwxMzM4NzU1MzYzOTk0MjI2MjksMC4wLjAuMCwyNTgsOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkLCwsMDYxMjZlNzAtZWQ1ZC00OGVjLTk3NTktMDRmODdjYWVhYWM5LDA2MTI2ZTcwLWVkNWQtNDhlYy05NzU5LTA0Zjg3Y2FlYWFjOSxOMHpuQ3FYY0JVcTdwbHllN0cyUjJ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODg4NjcsTkxITm9QekJlYzNqTGxRc1NZb0w1UTFFZ2ZFLFhDZU50enR1d1dxV0lQdVo0MW90aHhYenpjRzN3UzlUTkdic3BrTklvVXdCQnBZLzErL3lrRWpFcm1lb3pLUjNuVCtNbUJMbXczaklNZDQrcnozcGtFVm0vNCsvWWJoanhmN2p3RjVKRGdvbHVIdlNDY1JIQ28xVHc2QnBVZ3Y2Z1NzeEkzWHV1dFJKd1loL1h1VDdkaG8ycXVMbWRrQWU4cjgrTWt1VXVMTWF5ZVZCMlU4b3dTN08vdjIvQ1lucUE2SmFBRVU4cTFoakdWKzVvMXFkdnhNWThrdGNqT0E1Vm5sVi9xZmhSYURwTi9nMkI1V1lWeGUr [TRUNCATED]
2025-03-26 12:54:00 UTC	3391	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Expires: -1 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2QyNzllNWNjYjJmM2Y0OWNmMWQ5ZjEzYzk0ODY1Y2EzYjBkMWY1MDQ5ZWQ0YTYzM2RhMTgzOWFmYmI2YjQ3OGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZDI3OWU1Y2NiMmYzZjQ5Y2YxZDlmMTNjOTQ4NjVjYTNiMGQxZjUwNDllZDRhNjMzZGExODM5YWZiYjZiNDc4YSwxMzM4NzQ2NzUzOTAwMDAwMDAsMCwxMzM4NzU1MzYzOTk0MjI2MjksMC4wLjAuMCwyNTgsOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkLCwsMDYxMjZlNzAtZWQ1ZC00OGVjLTk3NTktMDRmODdjYWVhYWM5LDA2MTI2ZTcwLWVkNWQtNDhlYy05NzU5LTA0Zjg3Y2FlYWFjOSxOMHpuQ3FYY0JVcTdwbHllN0cyUjJ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODg4NjcsTkxITm9QekJlYzNqTGxRc1NZb0w1UTFFZ2ZFLFhDZU50enR1d1dxV0lQdVo0MW90aHhYenpjRzN3UzlUTkdic3BrTklvVXdCQnBZLzErL3lrRWpFcm1lb3pLUjNuVCtNbUJMbXczaklNZDQrcnozcGtFVm0vNCsvWWJoanhmN2p3RjVKRGdvbHVIdlNDY1JIQ28xVHc2QnBVZ3Y2Z1NzeEkzWHV1dFJKd1loL1h1VDdkaG8ycXVMbWRrQWU4cjgrTWt1VXVMTWF5ZVZCMlU4b3dTN08vdjIvQ1lucUE2SmFBRVU4cTFoakdWKzVvMXFkdnhNWThrdGNqT0E1Vm5sVi9xZmhSYURwTi9nMkI1V1lW [TRUNCATED] IsOCDI: 0 X-NetworkStatistics: 0,4194720,0,0,448755,173643,173643,65320 X-SharePointHealthScore: 1 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Server-Timing: LT; desc=0, RS; desc=G, RD; dur=56 X-AspNet-Version: 4.0.30319 X-DataBoundary: EU X-1DSCollectorUrl: https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://eu-mobile.events.data.microsoft.com/Collector/3.0 SPRequestGuid: 124b8ea1-9035-c000-1629-e149a6e3a2bc request-id: 124b8ea1-9035-c000-1629-e149a6e3a2bc MS-CV: oY5LEjWQAMAWKeFJpuOivA.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=9188040d-6c67-4c5b-b112-36a304b66dad&destinationEndpoint=Edge-Prod-BL2r5f&frontEnd=AFD&RemoteIP=161.77.13.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com .powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com m365.cloud.microsoft .cloud.microsoft .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25912 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 3E3E0C188CF84589A9E5BA4D042B3FE4 Ref B: BL2EDGE2608 Ref C: 2025-03-26T12:54:00Z Date: Wed, 26 Mar 2025 12:54:00 GMT Connection: close
2025-03-26 12:54:00 UTC	2992	IN	Data Raw: 62 61 39 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 09 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 0d 0a 09 09 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0d 0a 09 09 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f Data Ascii: ba9<!DOCTYPE html><html lang="en-us" dir="ltr"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><metaname="viewport"content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 2c 22 44 6f 77 6e 6c 6f 61 64 43 6f 64 65 22 3a 6e 75 6c 6c 2c 22 46 69 6c 65 49 6d 6d 75 74 61 62 6c 65 52 65 61 73 6f 6e 22 3a 30 2c 22 46 6f 6e 74 4c 69 62 55 72 6c 22 3a 6e 75 6c 6c 2c 22 42 75 6e 64 6c 65 4d 61 6a 6f 72 56 65 72 73 69 6f 6e 22 3a 31 2c 22 42 75 6e 64 6c 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6f 6e 65 64 72 69 76 65 2e 6c 69 76 65 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 61 31 39 65 30 64 32 37 61 31 35 39 62 30 31 64 2f 5f 61 70 69 2f 76 32 2e 31 2f 64 72 69 76 65 73 2f 62 21 6f 74 77 72 47 39 50 4a 49 6b 2d 56 42 50 58 62 46 42 45 5a 7a 6a 6b 4f 61 65 44 48 48 53 68 49 69 34 49 59 52 4f 51 59 6e 34 5a 5f 31 37 33 69 75 4d 58 63 53 4b 5a 73 35 69 63 48 6a 45 64 55 2f 73 74 72 65 61 6d 73 2f 63 6f 6e 74 65 6e Data Ascii: 2000,"DownloadCode":null,"FileImmutableReason":0,"FontLibUrl":null,"BundleMajorVersion":1,"BundleUrl":"https://onedrive.live.com/personal/a19e0d27a159b01d/_api/v2.1/drives/b!otwrG9PJIk-VBPXbFBEZzjkOaeDHHShIi4IYROQYn4Z_173iuMXcSKZs5icHjEdU/streams/conten
2025-03-26 12:54:00 UTC	1934	IN	Data Raw: 37 38 37 0d 0a 41 32 41 38 2d 34 34 36 39 2d 39 42 32 34 2d 39 43 35 39 34 46 42 32 35 32 42 44 22 3a 31 2c 22 31 30 45 38 32 34 38 35 2d 45 30 35 32 2d 34 43 38 46 2d 39 35 32 39 2d 45 30 30 31 33 33 35 37 34 31 38 43 22 3a 31 2c 22 39 32 32 45 33 46 46 34 2d 30 41 39 35 2d 34 39 34 44 2d 38 30 36 35 2d 36 42 30 35 44 42 30 34 31 39 39 30 22 3a 31 2c 22 44 34 38 39 41 34 30 39 2d 46 43 44 45 2d 34 30 34 36 2d 41 39 44 38 2d 45 32 41 37 31 32 35 30 30 33 31 32 22 3a 31 2c 22 35 46 36 30 37 41 38 44 2d 36 34 32 39 2d 34 39 36 32 2d 42 31 32 30 2d 31 45 42 31 33 35 34 45 45 36 45 41 22 3a 31 2c 22 42 35 42 42 33 34 36 32 2d 33 35 33 35 2d 34 44 32 34 2d 42 31 41 32 2d 39 37 32 35 46 41 43 44 34 32 46 31 22 3a 31 2c 22 35 34 46 32 31 36 38 42 2d 46 37 34 41 Data Ascii: 787A2A8-4469-9B24-9C594FB252BD":1,"10E82485-E052-4C8F-9529-E0013357418C":1,"922E3FF4-0A95-494D-8065-6B05DB041990":1,"D489A409-FCDE-4046-A9D8-E2A712500312":1,"5F607A8D-6429-4962-B120-1EB1354EE6EA":1,"B5BB3462-3535-4D24-B1A2-9725FACD42F1":1,"54F2168B-F74A
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 46 32 44 30 2d 34 46 44 46 2d 39 45 46 45 2d 44 46 34 36 36 36 32 31 44 38 45 36 22 3a 31 2c 22 41 35 33 46 32 44 36 36 2d 46 33 44 39 2d 34 36 35 32 2d 38 36 46 45 2d 36 31 42 46 32 36 39 35 35 46 46 31 22 3a 31 2c 22 36 32 31 39 37 46 39 45 2d 35 32 35 34 2d 34 34 43 43 2d 38 44 31 37 2d 45 37 36 37 31 45 43 39 36 33 36 34 22 3a 31 2c 22 31 46 32 35 32 32 35 31 2d 46 35 34 36 2d 35 38 32 30 2d 41 43 33 36 2d 45 39 37 46 41 30 38 44 42 37 37 34 22 3a 31 2c 22 37 31 46 43 43 36 36 39 2d 30 42 30 30 2d 34 44 43 36 2d 41 34 37 44 2d 43 38 46 37 32 30 46 44 41 32 31 37 22 3a 31 2c 22 32 42 37 42 31 35 34 42 2d 32 42 33 39 2d 34 46 39 33 2d 38 43 38 30 2d 38 36 31 32 30 37 31 41 46 38 35 35 22 3a 31 2c 22 33 36 37 45 35 43 35 39 2d 35 38 34 Data Ascii: 2000F2D0-4FDF-9EFE-DF466621D8E6":1,"A53F2D66-F3D9-4652-86FE-61BF26955FF1":1,"62197F9E-5254-44CC-8D17-E7671EC96364":1,"1F252251-F546-5820-AC36-E97FA08DB774":1,"71FCC669-0B00-4DC6-A47D-C8F720FDA217":1,"2B7B154B-2B39-4F93-8C80-8612071AF855":1,"367E5C59-584
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 32 33 30 30 38 45 2d 31 44 37 42 2d 34 31 39 33 2d 38 46 43 43 2d 45 42 32 35 46 31 45 35 44 43 34 34 22 3a 31 2c 22 38 41 33 36 46 35 41 43 2d 44 39 45 43 2d 34 30 32 30 2d 38 34 44 42 2d 43 36 32 37 33 41 41 45 45 32 37 32 22 3a 31 2c 22 41 45 30 37 44 39 46 33 2d 31 46 31 39 2d 34 41 43 41 2d 38 41 38 32 2d 43 39 42 38 43 44 41 45 45 45 38 37 22 3a 31 2c 22 32 44 46 37 46 41 38 35 2d 34 32 42 42 2d 34 34 33 36 2d 41 46 34 41 2d 38 45 30 37 30 32 33 36 43 35 39 34 22 3a 31 2c 22 36 34 41 37 35 31 30 33 2d 37 42 30 30 2d 34 35 35 44 2d 39 43 30 34 2d 38 30 31 44 45 42 39 39 35 44 44 41 22 3a 31 2c 22 30 35 32 37 39 39 39 46 2d 33 39 41 41 2d 34 44 45 43 2d 39 46 31 33 2d 44 41 45 45 37 45 43 38 43 45 46 32 22 3a 31 2c 22 36 41 39 32 Data Ascii: 2000423008E-1D7B-4193-8FCC-EB25F1E5DC44":1,"8A36F5AC-D9EC-4020-84DB-C6273AAEE272":1,"AE07D9F3-1F19-4ACA-8A82-C9B8CDAEEE87":1,"2DF7FA85-42BB-4436-AF4A-8E070236C594":1,"64A75103-7B00-455D-9C04-801DEB995DDA":1,"0527999F-39AA-4DEC-9F13-DAEE7EC8CEF2":1,"6A92
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 38 32 22 3a 31 2c 22 30 36 38 33 39 31 35 38 2d 44 45 45 34 2d 34 45 36 31 2d 38 38 43 41 2d 39 43 34 45 38 35 31 42 36 33 37 33 22 3a 31 2c 22 36 37 45 32 30 45 46 44 2d 31 34 30 46 2d 34 34 43 35 2d 39 38 46 42 2d 44 39 37 43 41 39 44 39 30 39 44 32 22 3a 31 2c 22 46 46 46 34 30 32 37 46 2d 46 46 39 43 2d 34 44 37 33 2d 42 45 34 36 2d 35 32 45 34 36 42 46 37 38 31 42 41 22 3a 31 2c 22 35 36 45 45 33 35 30 37 2d 45 44 35 32 2d 34 46 30 38 2d 41 44 43 35 2d 38 30 34 46 41 45 35 35 31 39 38 46 22 3a 31 2c 22 35 37 44 33 36 42 38 38 2d 31 37 33 33 2d 34 43 39 38 2d 38 32 43 35 2d 34 42 45 33 44 35 31 35 33 42 44 35 22 3a 31 2c 22 43 43 45 41 35 35 36 31 2d 35 36 42 33 2d 34 46 32 36 2d 39 32 38 33 2d 43 34 37 36 33 43 35 32 31 34 39 35 22 Data Ascii: 200082":1,"06839158-DEE4-4E61-88CA-9C4E851B6373":1,"67E20EFD-140F-44C5-98FB-D97CA9D909D2":1,"FFF4027F-FF9C-4D73-BE46-52E46BF781BA":1,"56EE3507-ED52-4F08-ADC5-804FAE55198F":1,"57D36B88-1733-4C98-82C5-4BE3D5153BD5":1,"CCEA5561-56B3-4F26-9283-C4763C521495"
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 34 33 41 45 36 44 37 44 35 22 3a 31 2c 22 30 37 43 45 36 31 43 34 2d 34 46 32 38 2d 34 41 36 35 2d 39 44 44 30 2d 43 45 38 46 39 46 30 38 33 46 41 35 22 3a 31 2c 22 34 46 46 41 30 44 30 30 2d 45 45 32 41 2d 34 43 31 44 2d 42 38 44 31 2d 34 38 44 39 31 37 43 32 37 45 38 30 22 3a 31 2c 22 43 31 42 35 37 41 41 32 2d 41 42 44 44 2d 34 45 34 45 2d 38 44 38 31 2d 41 34 35 31 44 44 35 42 31 43 42 37 22 3a 31 2c 22 41 45 43 37 43 46 35 32 2d 30 42 34 31 2d 34 39 45 36 2d 42 35 44 38 2d 34 36 37 42 44 32 36 44 32 32 31 31 22 3a 31 2c 22 35 36 32 35 35 31 42 38 2d 32 33 37 46 2d 34 36 41 30 2d 39 46 38 41 2d 42 38 41 45 41 42 43 41 39 41 45 31 22 3a 31 2c 22 37 34 32 38 45 33 43 41 2d 42 33 36 43 2d 34 31 32 38 2d 38 35 42 38 2d 42 41 36 32 33 Data Ascii: 2000443AE6D7D5":1,"07CE61C4-4F28-4A65-9DD0-CE8F9F083FA5":1,"4FFA0D00-EE2A-4C1D-B8D1-48D917C27E80":1,"C1B57AA2-ABDD-4E4E-8D81-A451DD5B1CB7":1,"AEC7CF52-0B41-49E6-B5D8-467BD26D2211":1,"562551B8-237F-46A0-9F8A-B8AEABCA9AE1":1,"7428E3CA-B36C-4128-85B8-BA623
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 2d 39 39 30 36 2d 38 39 42 31 38 35 36 32 32 31 34 30 22 3a 31 2c 22 31 37 31 33 45 36 42 46 2d 36 33 37 32 2d 34 39 37 32 2d 39 43 36 31 2d 34 44 45 42 42 38 39 36 30 46 31 39 22 3a 31 2c 22 42 42 39 43 41 38 41 41 2d 39 39 34 38 2d 34 33 30 46 2d 39 30 36 39 2d 35 34 34 36 43 30 34 34 36 43 33 36 22 3a 31 2c 22 44 39 39 41 39 39 34 41 2d 35 33 35 30 2d 34 44 36 42 2d 39 39 35 43 2d 36 42 35 32 46 31 43 38 45 34 35 35 22 3a 31 2c 22 42 45 42 44 31 38 37 39 2d 38 31 31 37 2d 34 45 38 45 2d 39 37 46 33 2d 44 34 37 32 42 36 43 32 39 45 44 30 22 3a 31 2c 22 45 35 32 43 30 31 32 30 2d 36 30 32 44 2d 34 36 37 46 2d 38 39 33 34 2d 35 37 45 34 41 38 30 46 30 33 39 46 22 3a 31 2c 22 33 43 32 41 42 30 33 34 2d 34 44 42 44 2d 34 39 31 34 2d 42 32 Data Ascii: 2000-9906-89B185622140":1,"1713E6BF-6372-4972-9C61-4DEBB8960F19":1,"BB9CA8AA-9948-430F-9069-5446C0446C36":1,"D99A994A-5350-4D6B-995C-6B52F1C8E455":1,"BEBD1879-8117-4E8E-97F3-D472B6C29ED0":1,"E52C0120-602D-467F-8934-57E4A80F039F":1,"3C2AB034-4DBD-4914-B2
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 41 35 2d 34 37 39 46 2d 39 34 34 31 2d 34 43 42 41 36 37 37 32 36 30 37 37 22 3a 31 2c 22 39 42 34 34 45 30 44 42 2d 30 30 36 34 2d 34 37 36 31 2d 39 44 35 33 2d 44 30 43 35 32 33 43 30 45 41 31 32 22 3a 31 2c 22 46 30 38 34 37 45 45 34 2d 44 45 37 36 2d 34 36 46 34 2d 41 42 32 30 2d 45 39 39 39 30 37 43 38 36 41 38 32 22 3a 31 2c 22 30 35 42 37 35 32 41 36 2d 30 34 44 39 2d 34 45 44 36 2d 42 45 31 36 2d 43 34 38 44 35 34 36 38 43 30 34 31 22 3a 31 2c 22 46 46 31 41 35 32 30 42 2d 45 35 37 37 2d 34 32 32 35 2d 42 39 38 30 2d 33 32 36 44 34 38 32 41 45 43 35 36 22 3a 31 2c 22 41 41 45 43 42 32 43 39 2d 39 43 42 30 2d 34 41 38 39 2d 42 30 30 36 2d 37 41 39 36 42 38 43 32 34 46 36 33 22 3a 31 2c 22 32 44 42 33 35 31 36 44 2d 36 46 44 36 Data Ascii: 20004A5-479F-9441-4CBA67726077":1,"9B44E0DB-0064-4761-9D53-D0C523C0EA12":1,"F0847EE4-DE76-46F4-AB20-E99907C86A82":1,"05B752A6-04D9-4ED6-BE16-C48D5468C041":1,"FF1A520B-E577-4225-B980-326D482AEC56":1,"AAECB2C9-9CB0-4A89-B006-7A96B8C24F63":1,"2DB3516D-6FD6
2025-03-26 12:54:00 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 34 35 31 43 30 30 2d 42 31 46 30 2d 34 31 46 34 2d 38 42 36 43 2d 41 42 36 35 43 44 38 45 43 36 33 39 22 3a 31 2c 22 33 41 39 38 37 30 37 46 2d 35 39 42 43 2d 34 42 38 41 2d 41 38 38 35 2d 43 37 33 36 46 31 34 31 31 30 35 33 22 3a 31 2c 22 41 37 30 36 46 41 36 32 2d 43 45 31 38 2d 34 44 35 42 2d 38 42 43 36 2d 32 38 45 36 30 33 44 41 39 37 39 32 22 3a 31 2c 22 39 45 44 45 32 35 34 39 2d 41 44 41 42 2d 34 39 36 42 2d 39 46 38 46 2d 46 38 43 38 34 46 38 41 38 44 36 41 22 3a 31 2c 22 31 44 41 35 46 44 36 39 2d 46 41 35 44 2d 34 41 34 44 2d 42 46 36 39 2d 32 37 31 46 45 30 34 41 37 33 37 39 22 3a 31 2c 22 34 42 37 44 44 42 42 36 2d 44 35 46 44 2d 34 39 33 44 2d 39 43 44 31 2d 41 32 32 39 42 34 43 36 44 41 45 37 22 3a 31 2c 22 44 31 38 46 37 Data Ascii: 2000451C00-B1F0-41F4-8B6C-AB65CD8EC639":1,"3A98707F-59BC-4B8A-A885-C736F1411053":1,"A706FA62-CE18-4D5B-8BC6-28E603DA9792":1,"9EDE2549-ADAB-496B-9F8F-F8C84F8A8D6A":1,"1DA5FD69-FA5D-4A4D-BF69-271FE04A7379":1,"4B7DDBB6-D5FD-493D-9CD1-A229B4C6DAE7":1,"D18F7

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:01 UTC	745	OUT	POST /suite/RemoteUls.ashx?usid=6e978169-98b0-08db-1683-11f39403677b&officeserverversion= HTTP/1.1 Host: common.online.office.com Connection: keep-alive Content-Length: 703 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 Accept: / Origin: https://onedrive.live.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://onedrive.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:01 UTC	703	OUT	Data Raw: 7b 22 54 22 3a 31 37 34 32 39 39 33 36 34 30 38 32 31 2c 22 4c 22 3a 5b 7b 22 47 22 3a 35 32 31 31 36 34 32 33 38 2c 22 54 22 3a 37 2c 22 4d 22 3a 22 4f 6e 65 4e 6f 74 65 4a 73 41 70 69 56 32 47 61 74 65 3a 20 44 69 73 61 62 6c 65 64 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 37 36 35 37 38 35 38 34 2c 22 54 22 3a 37 2c 22 4d 22 3a 22 4c 65 61 6e 20 55 69 20 48 6f 73 74 3a 20 62 6f 6f 74 41 70 70 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 34 36 31 38 32 30 34 38 2c 22 54 22 3a 38 2c 22 4d 22 3a 22 42 6f 6f 74 41 70 70 3a 20 4c 6f 61 64 20 64 6f 63 75 6d 65 6e 74 20 72 65 74 75 72 6e 65 64 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 35 33 37 32 36 32 38 35 2c 22 Data Ascii: {"T":1742993640821,"L":[{"G":521164238,"T":7,"M":"OneNoteJsApiV2Gate: Disabled","C":3027,"D":50},{"G":576578584,"T":7,"M":"Lean Ui Host: bootApp","C":3027,"D":50},{"G":546182048,"T":8,"M":"BootApp: Load document returned","C":3027,"D":50},{"G":553726285,"
2025-03-26 12:54:02 UTC	4630	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/plain P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR" Set-Cookie: Set-Cookie: PUS13-ARRAffinity=e3973c517cd78e8e542b264086f3b2c4b5a7ab94cef1d9a8c532c9ece01a0e1f;Path=/;Domain=common.online.office.com; samesite=none; secure; partitioned; httponly X-CorrelationId: 20627e7d-21c1-440e-b06e-d382f6b0539a X-UserSessionId: 6e978169-98b0-08db-1683-11f39403677b Strict-Transport-Security: max-age=31536000 X-OfficeFE: BL6PEPF0001FC15 X-OfficeVersion: 16.0.18710.41009 X-OfficeCluster: PUS13 X-Partitioning-Enabled: true Access-Control-Allow-Origin: https://onedrive.live.com Access-Control-Expose-Headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey, X-bULS-SuppressionETag, X-bULS-SuppressedTags Cross-Origin-Resource-Policy: cross-origin X-bULS-SuppressionETag: 3446F01DD18F16CB80609621A6A1DCA89020D1DE X-bULS-SuppressedTags: 378069,1671813,2208151,2209344,3249545,3290144,4273285,4285850,4298965,4298968,4298969,4751696,5018275,5306497,5904476,6375195,6572226,6948167,7463498,8194017,8458642,16799123,17044289,17085210,17085216,17162522,17358857,17387682,19214611,19243470,19707039,19743902,19939648,20486158,21627712,21631370,22401293,22410500,22558617,22558879,22598977,22680210,22680213,22680214,22836558,22922182,22946650,23385666,23881934,23909858,24133723,24401375,24462656,24515087,25514973,25531993,33592839,34388130,35682372,36472266,36546380,36546381,36546382,36569418,36708451,36773964,36791688,36811158,36811159,36963655,37259477,37288035,37307491,37754499,37856259,37876293,37876294,37889309,38293640,38535900,38543496,38580697,38637954,38922202,39076766,39076767,39105358,39408129,39613840,39966341,40437001,40777251,40935455,40957978,40957979,41003225,41207258,41473876,41502555,41711299,41952657,41964821,41964885,42272991,42496725,42513088,42815875,42857251,50406866,50431969,50622685,51451613,51504083,516670 [TRUNCATED] X-Content-Type-Options: nosniff X-Download-Options: noopen Content-Disposition: attachment X-OFFICEFD: BL6PEPF0001A161 X-Cache: CONFIG_NOCACHE X-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest X-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest X-MSEdge-Ref: Ref A: 31FBFEA9A9014239A465778492A2596E Ref B: EWR311000106047 Ref C: 2025-03-26T12:54:01Z Date: Wed, 26 Mar 2025 12:54:01 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:10 UTC	1010	OUT	OPTIONS /campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18718.41003&campaignParams=pageWidth%3D1280%26pageHeight%3D897%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DPUS10%26TenantId%3D9188040d-6c67-4c5b-b112-36a304b66dad%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2 HTTP/1.1 Host: messaging.engagement.office.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-clientsessionid,x-correlationid Origin: https://onenote.officeapps.live.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:10 UTC	563	IN	HTTP/1.1 204 No Content Date: Wed, 26 Mar 2025 12:54:10 GMT Connection: close Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Headers: x-clientsessionid,x-correlationid Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * X-ActivityTraceId: 801a0719ca2ebebcdae7003820441782 X-ServiceCorrelationId: 801a0719-ca2e-bebc-dae7-003820441782 X-Machine: OMEXNODE2000007__omexexternal-prod-eus-2-000_7 X-BuildVersion: 25.4.10221.11438 X-ServiceFabricRequestId: cdb4fd3d-02ce-48a5-8a9e-1ea82f5ee673 Strict-Transport-Security: max-age=31536000

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:10 UTC	1146	OUT	GET /campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18718.41003&campaignParams=pageWidth%3D1280%26pageHeight%3D897%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DPUS10%26TenantId%3D9188040d-6c67-4c5b-b112-36a304b66dad%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2 HTTP/1.1 Host: messaging.engagement.office.com Connection: keep-alive x-clientsessionid: 489263a8-bb67-4f98-39cb-f26ac34c7ce4 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 x-correlationid: 01db9715-1484-4567-ccfe-89744fd5c878 Accept: / Origin: https://onenote.officeapps.live.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:10 UTC	524	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 12:54:10 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * X-ActivityTraceId: 6184f107b8344c2deecaeb962b97b6d3 X-ServiceCorrelationId: 6184f107-b834-4c2d-eeca-eb962b97b6d3 X-Machine: OMEXNODE2000001__omexexternal-prod-eus-2-000_1 X-BuildVersion: 25.4.10221.11438 X-ServiceFabricRequestId: 1f295245-f6f5-4444-b4b2-84f95e896e77 Strict-Transport-Security: max-age=31536000
2025-03-26 12:54:10 UTC	120	IN	Data Raw: 36 64 0d 0a 7b 22 43 61 6d 70 61 69 67 6e 43 6f 6e 74 65 6e 74 22 3a 7b 22 63 61 6d 70 61 69 67 6e 73 22 3a 5b 5d 7d 2c 22 44 79 6e 61 6d 69 63 53 65 74 74 69 6e 67 73 22 3a 7b 22 54 6d 73 4c 6f 61 64 54 69 6d 65 6f 75 74 22 3a 33 30 30 30 2c 22 54 65 61 63 68 69 6e 67 4d 65 73 73 61 67 65 43 6f 6f 6c 64 6f 77 6e 22 3a 33 36 30 30 7d 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d{"CampaignContent":{"campaigns":[]},"DynamicSettings":{"TmsLoadTimeout":3000,"TeachingMessageCooldown":3600}}0

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:10 UTC	626	OUT	GET /files/fabric/assets/icons/fabricmdl2icons.woff HTTP/1.1 Host: spoprod-a.akamaihd.net Connection: keep-alive Origin: https://onenote.officeapps.live.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:10 UTC	313	IN	HTTP/1.1 302 Moved Temporarily Server: AkamaiGHost Content-Length: 0 Location: https://res-1.cdn.office.net/files/fabric/assets/icons/fabricmdl2icons.woff Date: Wed, 26 Mar 2025 12:54:10 GMT Connection: close Alt-Svc: quic=":443"; ma=93600; v="43" Access-Control-Allow-Origin: * Timing-Allow-Origin: *

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:11 UTC	730	OUT	GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1742993650256 HTTP/1.1 Host: storage.live.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:11 UTC	867	IN	HTTP/1.1 302 Found Content-Length: 0 Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=174&ct=1742993651&rver=7.5.2146.0&wp=MBI_SSL&wreply=https:%2F%2Fstorage.live.com%2Fstorageservice%2Fpassport%2Fauth.aspx%3Fsru%3Dhttps:%252f%252fstorage.live.com%252fmydata%252fmyprofile%252fexpressionprofile%252fprofilephoto:UserTileStatic%252cUserTileSmall%252fMeControlMediumUserTile&lc=1033&id=63539 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: BL4PPF33E04E84D Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: ggAiahX31UelwZGMFbq0BA.0 X-QosStats: {"ApiId":0,"ResultType":2,"SourcePropertyId":0,"TargetPropertyId":42} X-ThrowSite: 4212.9205 X-ClientErrorCode: PassportAuthFail X-ErrorCodeChain: Unauthenticated X-AsmVersion: UNKNOWN; 19.1628.228.2009 Date: Wed, 26 Mar 2025 12:54:10 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:11 UTC	651	OUT	GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1 Host: amcdn.msftauth.net Connection: keep-alive Origin: https://onenote.officeapps.live.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:12 UTC	576	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 12:54:12 GMT Content-Type: application/javascript Content-Length: 30715 Connection: close Vary: Accept-Encoding Cache-Control: public, no-transform, max-age=7200 Expires: Wed, 26 Mar 2025 14:54:12 GMT X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS X-UA-Compatible: IE=edge Strict-Transport-Security: max-age=31536000; includeSubDomains x-azure-ref: 20250326T125411Z-17cccd5449b4wvd9hC1EWRkczn0000000gr000000000c30a X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2025-03-26 12:54:12 UTC	15808	IN	Data Raw: 77 69 6e 64 6f 77 2e 4d 53 41 3d 77 69 6e 64 6f 77 2e 4d 53 41 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 3d 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 2e 43 6f 6e 66 69 67 3d 7b 22 76 65 72 22 3a 22 31 30 2e 32 34 32 32 38 2e 34 22 2c 22 6d 6b 74 22 3a 22 65 6e 2d 55 53 22 2c 22 70 74 6e 22 3a 22 6f 6e 65 6e 6f 74 65 6f 6e 6c 69 6e 65 22 2c 22 67 66 78 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 22 2c 22 64 62 67 22 3a 66 61 6c 73 65 2c 22 61 61 64 22 3a 74 72 75 65 2c 22 69 6e 74 22 3a 66 61 6c 73 65 2c 22 70 78 79 22 3a 74 72 75 65 2c 22 6d 73 54 78 74 22 3a 66 61 6c 73 65 2c 22 72 77 64 Data Ascii: window.MSA=window.MSA\|\|{};window.MSA.MeControl=window.MSA.MeControl\|\|{};window.MSA.MeControl.Config={"ver":"10.24228.4","mkt":"en-US","ptn":"onenoteonline","gfx":"https://amcdn.msftauth.net","dbg":false,"aad":true,"int":false,"pxy":true,"msTxt":false,"rwd
2025-03-26 12:54:12 UTC	14907	IN	Data Raw: 65 28 29 2e 74 68 65 6e 28 65 29 7d 29 2c 54 65 2e 5f 75 6e 68 61 6e 64 6c 65 64 52 65 6a 65 63 74 69 6f 6e 46 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 56 65 28 7b 65 76 65 6e 74 54 79 70 65 3a 22 43 6c 69 65 6e 74 45 72 72 6f 72 22 2c 69 73 43 72 69 74 69 63 61 6c 3a 21 30 2c 6e 61 6d 65 3a 65 2e 6d 65 73 73 61 67 65 7c 7c 22 28 66 61 6c 73 65 79 20 6d 65 73 73 61 67 65 20 70 72 6f 70 65 72 74 79 20 6f 6e 20 65 72 72 6f 72 29 22 2c 74 79 70 65 3a 22 55 6e 68 61 6e 64 6c 65 64 50 72 6f 6d 69 73 65 52 65 6a 65 63 74 69 6f 6e 22 2c 64 65 74 61 69 6c 73 3a 65 2e 73 74 61 63 6b 7c 7c 22 22 2c 64 69 73 70 6c 61 79 65 64 3a 21 31 2c 73 65 76 65 72 69 74 79 3a 65 2e 6d 63 49 73 54 69 6d 65 6f 75 74 3f 33 3a 32 7d 29 7d 3b 76 61 72 20 47 65 3d 5b 5d 3b 76 61 72 Data Ascii: e().then(e)}),Te._unhandledRejectionFn=function(e){Ve({eventType:"ClientError",isCritical:!0,name:e.message\|\|"(falsey message property on error)",type:"UnhandledPromiseRejection",details:e.stack\|\|"",displayed:!1,severity:e.mcIsTimeout?3:2})};var Ge=[];var

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:12 UTC	761	OUT	GET /officeaddins/learningtools/?et= HTTP/1.1 Host: www.onenote.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:12 UTC	1442	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 12:54:12 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2801 Connection: close Cache-Control: private X-RoutingOfficeCluster: eus-azsc-001.reverseproxy.onenote.com X-RoutingOfficeFE: ReverseProxyFrontEnd_IN_11 X-RoutingOfficeVersion: 16.0.18723.40453 X-RoutingSessionId: f88f008e-ebc3-47ec-bdda-be891a8bee7f X-RoutingCorrelationId: 0a1b8c9f-3b12-437e-99c2-83373260f748 P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR" P3P: CP="P3P is not supported anymore; see: https://msdn.microsoft.com/en-us/library/mt146424%28v=vs.85%29.aspx" x-correlationid: 0a1b8c9f-3b12-437e-99c2-83373260f748 x-usersessionid: f88f008e-ebc3-47ec-bdda-be891a8bee7f x-officefe: AgavesFrontEnd_IN_4 x-officeversion: 16.0.18725.40452 x-officecluster: eus-000.appsforoffice.onenote.com x-partitioning-enabled: true strict-transport-security: max-age=31536000; includeSubDomains; preload content-security-policy-report-only: script-src 'nonce-gcvgc7ZEYKHjFyrXQeAte5aRtx9tbgAA' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self' ; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OneService-Agaves-prod x-content-type-options: nosniff x-azure-ref: 20250326T125412Z-17cccd5449bkk7bshC1EWR4rww0000000gpg00000000h3a6 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2025-03-26 12:54:12 UTC	2801	IN	Data Raw: 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 09 0d 0a 09 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 67 63 76 67 63 37 5a 45 59 4b 48 6a 46 79 72 58 51 65 41 74 65 35 61 52 74 78 39 74 62 67 41 41 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6f 6e 65 6e 6f 74 65 2e 6e 65 74 2f 6f 66 66 69 63 65 61 64 64 69 6e 73 2f 31 36 31 38 37 32 35 34 30 34 35 32 5f 53 63 72 69 70 74 73 2f 43 6f 6d 6d 6f 6e 44 69 61 67 6e 6f 73 74 69 63 73 2e 6a 73 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="utf-8"><title></title><script nonce="gcvgc7ZEYKHjFyrXQeAte5aRtx9tbgAA" type="text/javascript" src="https://cdn.onenote.net/officeaddins/161872540452_Scripts/CommonDiagnostics.js"

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:12 UTC	515	OUT	GET / HTTP/1.1 Host: augloop.office.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://onenote.officeapps.live.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: yzAYbN7tIcSTpj5yT7Pupg== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2025-03-26 12:54:12 UTC	453	IN	HTTP/1.1 200 OK Content-Length: 2 Connection: close Content-Type: text/plain; charset=utf-8 Date: Wed, 26 Mar 2025 12:54:12 GMT Server: Kestrel Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains; preload X-RP-Instance: _D2Worker_332 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-RP-RouteId: GatewayFallback X-RP-ClusterId: BackendGatewayAperture
2025-03-26 12:54:12 UTC	2	IN	Data Raw: 4f 4b Data Ascii: OK

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:12 UTC	662	OUT	GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1 Host: fa000000110.resources.office.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://onenote.officeapps.live.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:12 UTC	462	IN	HTTP/1.1 200 OK Last-Modified: Mon, 04 Mar 2024 06:27:54 GMT ETag: "0x4B895E43C1663E489850FC20D3E97389C5A0EEE9DBD7D5214B29C0484C6D0125" Server: ECAcc (chd/0721) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Content-Type: text/xml Cache-Control: public, max-age=82086 Date: Wed, 26 Mar 2025 12:54:12 GMT Content-Length: 969 Connection: close X-CID: 2 Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Origin: *
2025-03-26 12:54:12 UTC	969	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 4f 66 66 69 63 65 41 70 70 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6f 66 66 69 63 65 2f 61 70 70 66 6f 72 6f 66 66 69 63 65 2f 31 2e 31 22 0d 0a 20 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 0d 0a 20 20 78 6d 6c 6e 73 3a 62 74 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6f 66 66 69 63 65 2f 6f 66 66 69 63 65 61 70 70 62 61 73 69 63 74 79 70 65 73 2f 31 2e 30 22 0d 0a 20 20 78 6d 6c 6e 73 3a 63 6f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><OfficeApp xmlns="http://schemas.microsoft.com/office/appforoffice/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bt="http://schemas.microsoft.com/office/officeappbasictypes/1.0" xmlns:con

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:12 UTC	589	OUT	GET /ajax/jQuery/jquery-3.5.0.min.js HTTP/1.1 Host: ajax.aspnetcdn.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://www.onenote.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:12 UTC	450	IN	HTTP/1.1 200 OK Content-Type: application/javascript Access-Control-Allow-Origin: * ETag: "06faa87112d61:0" Last-Modified: Tue, 14 Apr 2020 15:26:14 GMT Timing-Allow-Origin: * X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31043604 Date: Wed, 26 Mar 2025 12:54:12 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Akamai-GRN: 0.1eb67568.1742993652.e73d421
2025-03-26 12:54:12 UTC	15934	IN	Data Raw: 30 30 30 30 42 35 39 36 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f Data Ascii: 0000B596/! jQuery v3.5.0 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Erro
2025-03-26 12:54:12 UTC	15904	IN	Data Raw: 6f 64 65 2c 66 3d 78 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 70 3d 21 6e 26 26 21 78 2c 64 3d 21 31 3b 69 66 28 63 29 7b 69 66 28 79 29 7b 77 68 69 6c 65 28 6c 29 7b 61 3d 65 3b 77 68 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 Data Ascii: ode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]\|\|(a[S
2025-03-26 12:54:12 UTC	14660	IN	Data Raw: 6e 74 4c 6f 61 64 65 64 22 2c 42 29 2c 43 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 42 29 2c 53 2e 72 65 61 64 79 28 29 7d 53 2e 66 6e 2e 72 65 61 64 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 46 2e 74 68 65 6e 28 65 29 5b 22 63 61 74 63 68 22 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 53 2e 72 65 61 64 79 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 29 2c 74 68 69 73 7d 2c 53 2e 65 78 74 65 6e 64 28 7b 69 73 52 65 61 64 79 3a 21 31 2c 72 65 61 64 79 57 61 69 74 3a 31 2c 72 65 61 64 79 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 28 21 30 3d 3d 3d 65 3f 2d 2d 53 2e 72 65 61 64 79 57 61 69 74 3a 53 2e 69 73 52 65 61 64 79 29 7c 7c 28 53 2e 69 73 52 65 61 64 79 3d 21 30 29 21 3d 3d 65 26 26 30 3c 2d 2d 53 2e Data Ascii: ntLoaded",B),C.removeEventListener("load",B),S.ready()}S.fn.ready=function(e){return F.then(e)["catch"](function(e){S.readyException(e)}),this},S.extend({isReady:!1,readyWait:1,ready:function(e){(!0===e?--S.readyWait:S.isReady)\|\|(S.isReady=!0)!==e&&0<--S.
2025-03-26 12:54:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 6d 6f 75 73 65 6f 76 65 72 22 2c 6d 6f 75 73 65 6c 65 61 76 65 3a 22 6d 6f 75 73 65 6f 75 74 22 2c 70 6f 69 6e 74 65 72 65 6e 74 65 72 3a 22 70 6f 69 6e 74 65 72 6f 76 65 72 22 2c 70 6f 69 6e 74 65 72 6c 65 61 76 65 3a 22 70 6f 69 6e 74 65 72 6f 75 74 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 5b 65 5d 3d 7b 64 65 6c 65 67 61 74 65 54 79 70 65 3a 69 2c 62 69 6e 64 54 79 70 65 3a 69 2c 68 61 6e 64 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3d 65 2e 72 65 6c 61 74 65 64 54 61 72 67 65 74 2c 72 3d 65 2e 68 61 6e 64 6c 65 4f 62 6a 3b 72 65 74 75 72 6e 20 6e 26 26 28 6e 3d 3d 3d 74 68 69 73 7c 7c 53 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2c 6e 29 29 7c Data Ascii: 00004000mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(e,i){S.event.special[e]={delegateType:i,bindType:i,handle:function(e){var t,n=e.relatedTarget,r=e.handleObj;return n&&(n===this\|\|S.contains(this,n))\|
2025-03-26 12:54:12 UTC	12	IN	Data Raw: 65 65 64 73 5b 72 2e 64 75 72 0d 0a Data Ascii: eeds[r.dur
2025-03-26 12:54:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 61 74 69 6f 6e 5d 3a 72 2e 64 75 72 61 74 69 6f 6e 3d 53 2e 66 78 2e 73 70 65 65 64 73 2e 5f 64 65 66 61 75 6c 74 29 2c 6e 75 6c 6c 21 3d 72 2e 71 75 65 75 65 26 26 21 30 21 3d 3d 72 2e 71 75 65 75 65 7c 7c 28 72 2e 71 75 65 75 65 3d 22 66 78 22 29 2c 72 2e 6f 6c 64 3d 72 2e 63 6f 6d 70 6c 65 74 65 2c 72 2e 63 6f 6d 70 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 28 72 2e 6f 6c 64 29 26 26 72 2e 6f 6c 64 2e 63 61 6c 6c 28 74 68 69 73 29 2c 72 2e 71 75 65 75 65 26 26 53 2e 64 65 71 75 65 75 65 28 74 68 69 73 2c 72 2e 71 75 65 75 65 29 7d 2c 72 7d 2c 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 66 61 64 65 54 6f 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 66 69 6c 74 65 72 28 61 Data Ascii: 00004000ation]:r.duration=S.fx.speeds._default),null!=r.queue&&!0!==r.queue\|\|(r.queue="fx"),r.old=r.complete,r.complete=function(){m(r.old)&&r.old.call(this),r.queue&&S.dequeue(this,r.queue)},r},S.fn.extend({fadeTo:function(e,t,n,r){return this.filter(a
2025-03-26 12:54:12 UTC	12	IN	Data Raw: 73 65 20 69 66 28 22 2a 22 21 0d 0a Data Ascii: se if("*"!
2025-03-26 12:54:12 UTC	10251	IN	Data Raw: 30 30 30 30 32 37 46 46 0d 0a 3d 3d 75 26 26 75 21 3d 3d 6f 29 7b 69 66 28 21 28 61 3d 6c 5b 75 2b 22 20 22 2b 6f 5d 7c 7c 6c 5b 22 2a 20 22 2b 6f 5d 29 29 66 6f 72 28 69 20 69 6e 20 6c 29 69 66 28 28 73 3d 69 2e 73 70 6c 69 74 28 22 20 22 29 29 5b 31 5d 3d 3d 3d 6f 26 26 28 61 3d 6c 5b 75 2b 22 20 22 2b 73 5b 30 5d 5d 7c 7c 6c 5b 22 2a 20 22 2b 73 5b 30 5d 5d 29 29 7b 21 30 3d 3d 3d 61 3f 61 3d 6c 5b 69 5d 3a 21 30 21 3d 3d 6c 5b 69 5d 26 26 28 6f 3d 73 5b 30 5d 2c 63 2e 75 6e 73 68 69 66 74 28 73 5b 31 5d 29 29 3b 62 72 65 61 6b 7d 69 66 28 21 30 21 3d 3d 61 29 69 66 28 61 26 26 65 5b 22 74 68 72 6f 77 73 22 5d 29 74 3d 61 28 74 29 3b 65 6c 73 65 20 74 72 79 7b 74 3d 61 28 74 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 7b 73 74 61 74 65 3a 22 70 Data Ascii: 000027FF==u&&u!==o){if(!(a=l[u+" "+o]\|\|l["* "+o]))for(i in l)if((s=i.split(" "))[1]===o&&(a=l[u+" "+s[0]]\|\|l["* "+s[0]])){!0===a?a=l[i]:!0!==l[i]&&(o=s[0],c.unshift(s[1]));break}if(!0!==a)if(a&&e["throws"])t=a(t);else try{t=a(t)}catch(e){return{state:"p
2025-03-26 12:54:12 UTC	12	IN	Data Raw: 30 30 30 30 30 30 30 30 0d 0a 0d 0a Data Ascii: 00000000

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:12 UTC	1802	OUT	GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=0b8c0379-a401-4592-817b-addd9f08b69e&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=HDVK6zZJo6cY73oZVAXiALeMrfrIVZziBo3Y1XfJPCU&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-781b-7094-9966-016889dc4b4b&state=eyJpZCI6IjAxOTVkMjg0LTc4MWItN2MxNi1iNGYzLWM5N2E0ZDQ2YTFiZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22 [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://oauth.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:13 UTC	2801	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline_access&redirect_uri=https%3a%2f%2foauth.officeapps.live.com%2foa%2fOAuth.html&response_type=code&state=eyJpZCI6IjAxOTVkMjg0LTc4MWItN2MxNi1iNGYzLWM5N2E0ZDQ2YTFiZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0195d284-781b-7094-9966-016889dc4b4b&prompt=none&login_hint=urn%3aspo%3aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&code_challenge=7afNE74uXPCzqyPomAHDy3HZTv-Gf8pxmZgsDGhxRfc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=4.7.0&uaid=0b8c0379a4014592817baddd9f08b69e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-US&client_info=1&epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQEZUD4qxabwiY9sk9F1WVcSi6UhKuKuGKWiAoj5r4gHiIhmJwLo7C5WkN_udQR0SminvExfJfraDrnCdxXBZQOFLibLrtcP0-HqpRifg_XT1BD-IxiwVjA2c7lo0n74uvrbQrvouScp5ysHZ5sh5mWbICiS6FiU2Sw4I0uwyAl8DUZ6BehUXbQ0 [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: cc1bb047-c7b7-4e0d-8745-f437efe21902 x-ms-ests-server: 2.1.20329.5 - WUS3 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-i1lmS19UMyHGgyKc49bswA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; expires=Fri, 25-Apr-2025 12:54:12 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 26 Mar 2025 12:54:12 GMT Connection: close Content-Length: 1350
2025-03-26 12:54:13 UTC	1350	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 34 33 63 36 33 61 33 2d 32 34 37 64 2d 34 31 63 35 2d 39 64 38 33 2d 37 37 38 38 63 34 33 66 31 63 34 33 26 61 6d 70 3b 73 63 6f 70 65 3d 65 30 33 61 31 33 65 65 2d 39 37 33 30 2d 34 63 61 65 2d 38 35 32 35 2d 34 37 35 35 39 63 38 63 66 31 38 61 25 32 66 2e 64 65 66 61 75 6c 74 2b 6f 70 65 6e 69 64 2b 70 72 6f 66 69 6c 65 2b 6f 66 66 6c 69 6e 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:14 UTC	474	OUT	GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.18015/en-us_web/manifest_web.xml HTTP/1.1 Host: fa000000128.resources.office.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:14 UTC	444	IN	HTTP/1.1 200 OK Server: Kestrel ETag: "0xD1E635C88418964F5B5343990A0B3E12C00F83346DF1CC540CC7B149B382FD98" Last-Modified: Thu, 27 Feb 2025 21:13:01 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Type: text/xml Cache-Control: public, max-age=109994 Date: Wed, 26 Mar 2025 12:54:14 GMT Content-Length: 2773 Connection: close X-CID: 2 Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Origin: *
2025-03-26 12:54:14 UTC	2773	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 79 65 73 22 3f 3e 0a 3c 4f 66 66 69 63 65 41 70 70 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6f 66 66 69 63 65 2f 61 70 70 66 6f 72 6f 66 66 69 63 65 2f 31 2e 31 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 62 74 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6f 66 66 69 63 65 2f 6f 66 66 69 63 65 61 70 70 62 61 73 69 63 74 79 70 65 73 2f 31 2e 30 22 20 78 6d Data Ascii: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><OfficeApp xmlns="http://schemas.microsoft.com/office/appforoffice/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bt="http://schemas.microsoft.com/office/officeappbasictypes/1.0" xm

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:15 UTC	752	OUT	POST /officeaddins/RemoteUls.ashx HTTP/1.1 Host: www.onenote.com Connection: keep-alive Content-Length: 552 X-UserSessionId: f88f008e-ebc3-47ec-bdda-be891a8bee7f sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/json sec-ch-ua-mobile: ?0 Accept: / Origin: https://www.onenote.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://www.onenote.com/officeaddins/learningtools/?et= Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:15 UTC	552	OUT	Data Raw: 7b 22 54 22 3a 31 37 34 32 39 39 33 36 35 34 33 38 37 2c 22 4c 22 3a 5b 7b 22 47 22 3a 36 31 36 30 38 35 36 2c 22 54 22 3a 30 2c 22 4d 22 3a 22 4f 6e 4c 6f 61 64 22 2c 22 43 22 3a 32 30 30 33 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 36 31 36 30 38 35 37 2c 22 54 22 3a 34 2c 22 4d 22 3a 22 55 73 65 72 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 33 34 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 22 2c 22 43 22 3a 32 30 30 33 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 36 34 33 36 36 32 38 2c 22 54 22 3a Data Ascii: {"T":1742993654387,"L":[{"G":6160856,"T":0,"M":"OnLoad","C":2003,"D":50},{"G":6160857,"T":4,"M":"UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36","C":2003,"D":50},{"G":6436628,"T":
2025-03-26 12:54:15 UTC	1172	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 12:54:15 GMT Content-Type: text/plain Content-Length: 0 Connection: close Cache-Control: private X-RoutingOfficeCluster: eus-azsc-000.reverseproxy.onenote.com X-RoutingOfficeFE: ReverseProxyFrontEnd_IN_8 X-RoutingOfficeVersion: 16.0.18723.40453 X-RoutingSessionId: f88f008e-ebc3-47ec-bdda-be891a8bee7f X-RoutingCorrelationId: 81452a5b-9145-480b-9152-feecec25208e P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR" x-correlationid: 81452a5b-9145-480b-9152-feecec25208e x-usersessionid: f88f008e-ebc3-47ec-bdda-be891a8bee7f x-officefe: AgavesFrontEnd_IN_6 x-officeversion: 16.0.18725.40452 x-officecluster: eus-000.appsforoffice.onenote.com x-partitioning-enabled: true strict-transport-security: max-age=31536000; includeSubDomains; preload x-buls-suppressionetag: N/A x-buls-suppressedtags: x-content-type-options: nosniff x-download-options: noopen content-disposition: attachment x-content-type-options: nosniff x-azure-ref: 20250326T125415Z-17cccd5449b4tm5chC1EWRr5980000000gpg00000000fyes X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:21 UTC	1891	OUT	GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=4e4fd511-ce24-44ac-8e48-28c5f2dc9b90&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=HBqh2uO71gpacuuDSzg7TpXt3GBdzPOikDTDhgUTwqk&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-99b8-7fd9-b8da-d733f54c2a8d&state=eyJpZCI6IjAxOTVkMjg0LTk5YjgtNzEwZC05MGY3LWE3NDU4ZmU3ZjQ1YiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22 [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://oauth.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-03-26 12:54:21 UTC	2723	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline_access&redirect_uri=https%3a%2f%2foauth.officeapps.live.com%2foa%2fOAuth.html&response_type=code&state=eyJpZCI6IjAxOTVkMjg0LTk5YjgtNzEwZC05MGY3LWE3NDU4ZmU3ZjQ1YiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0195d284-99b8-7fd9-b8da-d733f54c2a8d&prompt=none&login_hint=urn%3aspo%3aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&code_challenge=YOH5XAApzCFpcjfvqjMY7g1rpb71wuYOsbB1qvbLPSk&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=4.7.0&uaid=4e4fd511ce2444ac8e4828c5f2dc9b90&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-US&client_info=1&epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQEsuQKbQYdPyc2qtkbWVDfljDDxbI57NFjXVwSgyIzpF5taouupOk1vGb5ouIyalUcQxAx1AGmdSOYFNHQTRnZ877YsOF7M73Hjlj4zfUPHnP7Ct-EO0XKGOKigMSZA-4nSB2gQO3EZPErPQef1-Gis48DCRhTZypL2b7MEyBsql-eGHdimFmgz [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: bdee23bf-01c7-41bd-9fee-f5bea072b301 x-ms-ests-server: 2.1.20329.5 - SCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-54if_2AcuyH9Cl-QryfyTQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; expires=Fri, 25-Apr-2025 12:54:21 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 26 Mar 2025 12:54:21 GMT Connection: close Content-Length: 1350
2025-03-26 12:54:21 UTC	1350	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 34 33 63 36 33 61 33 2d 32 34 37 64 2d 34 31 63 35 2d 39 64 38 33 2d 37 37 38 38 63 34 33 66 31 63 34 33 26 61 6d 70 3b 73 63 6f 70 65 3d 65 30 33 61 31 33 65 65 2d 39 37 33 30 2d 34 63 61 65 2d 38 35 32 35 2d 34 37 35 35 39 63 38 63 66 31 38 61 25 32 66 2e 64 65 66 61 75 6c 74 2b 6f 70 65 6e 69 64 2b 70 72 6f 66 69 6c 65 2b 6f 66 66 6c 69 6e 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:33 UTC	456	OUT	GET /suite/RemoteTelemetry.ashx?usid=6e978169-98b0-08db-1683-11f39403677b HTTP/1.1 Host: common.online.office.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:54:33 UTC	1241	IN	HTTP/1.1 400 Bad Request Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR" Set-Cookie: Set-Cookie: PUS4-ARRAffinity=b145aafa45ce702eae4a52d8161384b5e81d113f011df316ab42e0dee0fb49dd;Path=/;Domain=common.online.office.com; samesite=none; secure; partitioned; httponly X-CorrelationId: 320e04ae-e916-427a-876a-973e1eb91563 X-UserSessionId: 6e978169-98b0-08db-1683-11f39403677b Strict-Transport-Security: max-age=31536000 X-OfficeFE: BL6PEPF000222F2 X-OfficeVersion: 16.0.18710.41009 X-OfficeCluster: PUS4 X-Partitioning-Enabled: true X-Content-Type-Options: nosniff X-Download-Options: noopen Content-Disposition: attachment X-OFFICEFD: BL6PEPF00021CA9 X-Cache: CONFIG_NOCACHE X-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,2oge=afd_wordcapacity_3,5e4w=afd_excelslicetest_control X-MSEdge-Features: afd_waccluster,afd_excelslice_control,afd_wacinfra4,afd_wacinfra5,afd_wordcapacity_3,afd_excelslicetest_control X-MSEdge-Ref: Ref A: 8370555684A5444199F7931FACA0AC0D Ref B: EWR311000108025 Ref C: 2025-03-26T12:54:33Z Date: Wed, 26 Mar 2025 12:54:32 GMT Connection: close
2025-03-26 12:54:33 UTC	14	IN	Data Raw: 39 0d 0a 42 61 64 20 52 65 71 75 65 0d 0a Data Ascii: 9Bad Reque
2025-03-26 12:54:33 UTC	7	IN	Data Raw: 32 0d 0a 73 74 0d 0a Data Ascii: 2st
2025-03-26 12:54:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 194

Chrome Cache Entry: 195

Chrome Cache Entry: 196

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Chrome Cache Entry: 202

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:42 UTC	1891	OUT	GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=ff7e1408-d504-4158-8cd8-f4edf2e3f729&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=EfNgJeWUgGyvxl-mDCqJ-yR58ekTsaEADmfZhGAazI4&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-ede7-77fb-b56b-8d76b626de53&state=eyJpZCI6IjAxOTVkMjg0LWVkZTYtNzVhNi05ZjRhLTdlYmFjM2U1ZjY3ZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22 [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://oauth.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-03-26 12:54:43 UTC	2723	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline_access&redirect_uri=https%3a%2f%2foauth.officeapps.live.com%2foa%2fOAuth.html&response_type=code&state=eyJpZCI6IjAxOTVkMjg0LWVkZTYtNzVhNi05ZjRhLTdlYmFjM2U1ZjY3ZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0195d284-ede7-77fb-b56b-8d76b626de53&prompt=none&login_hint=urn%3aspo%3aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&code_challenge=kTpjug5HpyDUv4nYaDtMJ4RqCB8f1PlyGKsEFGb-DCI&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=4.7.0&uaid=ff7e1408d50441588cd8f4edf2e3f729&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-US&client_info=1&epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQE-sqy-hjhJY235fCF2XLM0X53cei5qjek8iS3FII3cfAKG_Yw7f4v3GMpHFxcaDr58PCMva5WXV32KAgLeBJdSynuoGARkRNza5rQlPgC6iW-lpqb_Q8H03JTLvEqUGU2doAgJnoTKWemqAG7UyK8XGH0rprjabaPKQxlv-fpxxrtdWJME0MBH [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 018897d6-6ac9-4997-adb8-aedc98317f01 x-ms-ests-server: 2.1.20329.5 - SCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-7D9CqvajiJTTrKGOjvFVvg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; expires=Fri, 25-Apr-2025 12:54:43 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 26 Mar 2025 12:54:42 GMT Connection: close Content-Length: 1350
2025-03-26 12:54:43 UTC	1350	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 34 33 63 36 33 61 33 2d 32 34 37 64 2d 34 31 63 35 2d 39 64 38 33 2d 37 37 38 38 63 34 33 66 31 63 34 33 26 61 6d 70 3b 73 63 6f 70 65 3d 65 30 33 61 31 33 65 65 2d 39 37 33 30 2d 34 63 61 65 2d 38 35 32 35 2d 34 37 35 35 39 63 38 63 66 31 38 61 25 32 66 2e 64 65 66 61 75 6c 74 2b 6f 70 65 6e 69 64 2b 70 72 6f 66 69 6c 65 2b 6f 66 66 6c 69 6e 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:54:46 UTC	1891	OUT	GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=66f5292e-92f4-4a6e-a158-3d441f77515a&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=RuEWUuglZ9hU-2PCcEiSXcoZRLiqyXu1H6jw_a_DmPY&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d284-fa46-79ad-9b7e-1a34db938360&state=eyJpZCI6IjAxOTVkMjg0LWZhNDYtNzhjMC04MTY4LTUwZmIwYzk0YTIzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22 [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://oauth.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-03-26 12:54:46 UTC	2723	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline_access&redirect_uri=https%3a%2f%2foauth.officeapps.live.com%2foa%2fOAuth.html&response_type=code&state=eyJpZCI6IjAxOTVkMjg0LWZhNDYtNzhjMC04MTY4LTUwZmIwYzk0YTIzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0195d284-fa46-79ad-9b7e-1a34db938360&prompt=none&login_hint=urn%3aspo%3aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&code_challenge=6BCv51mjZr9wIGsFCuSCNZJ89BdlBI4XN5wZgIReCh0&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=4.7.0&uaid=66f5292e92f44a6ea1583d441f77515a&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-US&client_info=1&epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQESx9V3zgAT6PT109jRsE_KWDHEFp0N9IlWpM1ZhFZ9POhx-0R1_OYP59TWlh_Mx_gpqG1ky_t3zGxzRcaqZ6fh3RA8-58JRgBbUcoOw3bju_bptPetzj3z_TEfR-nMGgR97UIMLbbNfNlScKIRAm-IDZ8eeSvoRFglD1-dgnoPV5S50DnfCeuo [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 5ace20b1-e99d-4ac2-8e93-3d51f4550102 x-ms-ests-server: 2.1.20329.5 - NCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-3wjR76DfIL1FyMXUyZ-8zQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; expires=Fri, 25-Apr-2025 12:54:46 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 26 Mar 2025 12:54:46 GMT Connection: close Content-Length: 1350
2025-03-26 12:54:46 UTC	1350	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 34 33 63 36 33 61 33 2d 32 34 37 64 2d 34 31 63 35 2d 39 64 38 33 2d 37 37 38 38 63 34 33 66 31 63 34 33 26 61 6d 70 3b 73 63 6f 70 65 3d 65 30 33 61 31 33 65 65 2d 39 37 33 30 2d 34 63 61 65 2d 38 35 32 35 2d 34 37 35 35 39 63 38 63 66 31 38 61 25 32 66 2e 64 65 66 61 75 6c 74 2b 6f 70 65 6e 69 64 2b 70 72 6f 66 69 6c 65 2b 6f 66 66 6c 69 6e 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:01 UTC	1891	OUT	GET /consumers/oauth2/v2.0/authorize?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2F.default%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Foauth.officeapps.live.com%2Foa%2FOAuth.html&client-request-id=748b13bf-01af-4b40-869f-ca76e4538997&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.7.0&x-app-name=OfficeOnline&x-app-ver=PRODUCTION.100:%2020250320.5%20V3&client_info=1&code_challenge=0rq8G6LyusZy84tamqJKJhXix1wH0byR4VAhvgqeXts&code_challenge_method=S256&prompt=none&domain_hint=9188040d-6c67-4c5b-b112-36a304b66dad&login_hint=urn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&X-AnchorMailbox=UPN%3Aurn%3Aspo%3Aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&nonce=0195d285-3599-730b-9ed3-8aca50e73466&state=eyJpZCI6IjAxOTVkMjg1LTM1OTgtN2IxYi04MGYzLWNkYmJiOWFiZWYzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&claims=%7B%22access_token%22%3A%7B%22xms_cc%22 [TRUNCATED] Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://oauth.officeapps.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-03-26 12:55:01 UTC	2723	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline_access&redirect_uri=https%3a%2f%2foauth.officeapps.live.com%2foa%2fOAuth.html&response_type=code&state=eyJpZCI6IjAxOTVkMjg1LTM1OTgtN2IxYi04MGYzLWNkYmJiOWFiZWYzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0195d285-3599-730b-9ed3-8aca50e73466&prompt=none&login_hint=urn%3aspo%3aanon%23d279e5ccb2f3f49cf1d9f13c94865ca3b0d1f5049ed4a633da1839afbb6b478a&code_challenge=IQkj4M5X-zzZSIbRUEQNJC0JLiQCo3NjtVnq_5zMO2c&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=4.7.0&uaid=748b13bf01af4b40869fca76e4538997&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-US&client_info=1&epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQENZf2lq0AfXXxDIwkG5baecnKMJ6tL0czMUYDSNs5GyY2ayELIHHeRBpNA-hb-aSlFU3nbL4NEZdhGG5HsTa1dgGjFFE1UzgfAD4xkXh7vUKtPecwfocqSpfXGsCe6hlfHJshN7hPFDo7B8wnLy14WOvpChbNXBLok71eG2nUiaFQ5UnXo-CSd [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 6bdf1a25-451f-40c8-a19e-de901c9a9402 x-ms-ests-server: 2.1.20329.5 - NCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-N6ye59KA-U1CNHWBuFcElA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=Al1JH8b0X3tIkUFtD4xQW3c; expires=Fri, 25-Apr-2025 12:55:01 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 26 Mar 2025 12:55:00 GMT Connection: close Content-Length: 1350
2025-03-26 12:55:01 UTC	1350	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 34 33 63 36 33 61 33 2d 32 34 37 64 2d 34 31 63 35 2d 39 64 38 33 2d 37 37 38 38 63 34 33 66 31 63 34 33 26 61 6d 70 3b 73 63 6f 70 65 3d 65 30 33 61 31 33 65 65 2d 39 37 33 30 2d 34 63 61 65 2d 38 35 32 35 2d 34 37 35 35 39 63 38 63 66 31 38 61 25 32 66 2e 64 65 66 61 75 6c 74 2b 6f 70 65 6e 69 64 2b 70 72 6f 66 69 6c 65 2b 6f 66 66 6c 69 6e 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=243c63a3-247d-41c5-9d83-7788c43f1c43&scope=e03a13ee-9730-4cae-8525-47559c8cf18a%2f.default+openid+profile+offline

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:01 UTC	494	OUT	OPTIONS /api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-BL2r8b&DC=&FileSource= HTTP/1.1 Host: onenoteonline.nel.measure.office.net Connection: keep-alive Origin: https://onenote.officeapps.live.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:55:02 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Wed, 26 Mar 2025 12:55:01 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-03-26 12:55:02 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:01 UTC	606	OUT	OPTIONS /api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=PISCATAWAY&ASN=20940&Country=US&Region=NJ&RequestIdentifier=0.90872c17.1742993656.6021300&TotalRTCDNTime=89&CompressionType=gzip&FileSize=5978 HTTP/1.1 Host: m365cdn.nel.measure.office.net Connection: keep-alive Origin: https://res-1.cdn.office.net Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:55:02 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Wed, 26 Mar 2025 12:55:01 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-03-26 12:55:02 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:02 UTC	582	OUT	POST /api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=PISCATAWAY&ASN=20940&Country=US&Region=NJ&RequestIdentifier=0.90872c17.1742993656.6021300&TotalRTCDNTime=89&CompressionType=gzip&FileSize=5978 HTTP/1.1 Host: m365cdn.nel.measure.office.net Connection: keep-alive Content-Length: 1487 Content-Type: application/reports+json Origin: https://res-1.cdn.office.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:55:02 UTC	1487	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 31 35 30 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 33 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6f 6e 65 6e 6f 74 65 2e 6f 66 66 69 63 65 61 70 70 73 2e 6c 69 76 65 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 32 33 2e 34 34 2e 31 33 36 2e 31 37 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 6f 6b 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 Data Ascii: [{"age":51509,"body":{"elapsed_time":435,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://onenote.officeapps.live.com/","sampling_fraction":0.01,"server_ip":"23.44.136.179","status_code":200,"type":"ok"},"type":"network-error
2025-03-26 12:55:02 UTC	399	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Request-Context: appId=cid-v1:27277200-e19a-465d-951d-bb90a149c996 Date: Wed, 26 Mar 2025 12:55:02 GMT Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:02 UTC	481	OUT	POST /api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-EWR31r5d&DC=PUS10&FileSource= HTTP/1.1 Host: onenoteonline.nel.measure.office.net Connection: keep-alive Content-Length: 3002 Content-Type: application/reports+json Origin: https://usc-onenote.officeapps.live.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:55:02 UTC	3002	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 37 30 33 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 35 32 2e 31 30 38 2e 39 2e 31 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 75 73 63 2d 6f 6e 65 6e 6f 74 65 2e 6f 66 Data Ascii: [{"age":57039,"body":{"elapsed_time":138,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"52.108.9.12","status_code":500,"type":"http.error"},"type":"network-error","url":"https://usc-onenote.of
2025-03-26 12:55:02 UTC	399	IN	HTTP/1.1 429 Too Many Requests Content-Length: 0 x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Request-Context: appId=cid-v1:41ca65cb-08a6-4a29-94ab-18b081ee8b8b Date: Wed, 26 Mar 2025 12:55:02 GMT Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:03 UTC	920	OUT	POST /suite/RemoteUls.ashx?usid=6e978169-98b0-08db-1683-11f39403677b&officeserverversion= HTTP/1.1 Host: common.online.office.com Connection: keep-alive Content-Length: 704 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 Accept: / Origin: https://onedrive.live.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://onedrive.live.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PUS13-ARRAffinity=e3973c517cd78e8e542b264086f3b2c4b5a7ab94cef1d9a8c532c9ece01a0e1f; PUS8-ARRAffinity=1746292d8d8c76796a3568d9374b489eff5aa0bc7fbdc8d5bac6eef49b899742
2025-03-26 12:55:03 UTC	704	OUT	Data Raw: 7b 22 54 22 3a 31 37 34 32 39 39 33 36 37 31 38 32 30 2c 22 4c 22 3a 5b 7b 22 47 22 3a 35 30 37 33 32 36 38 36 31 2c 22 54 22 3a 37 34 38 37 2c 22 4d 22 3a 22 46 65 74 63 68 69 6e 67 20 6d 61 6e 69 66 65 73 74 20 66 72 6f 6d 20 43 44 4e 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6c 20 66 6f 72 20 4f 6e 65 4e 6f 74 65 20 69 6e 20 4d 53 49 54 20 77 69 74 68 20 65 78 70 6f 73 75 72 65 20 31 30 20 77 69 74 68 20 72 65 6d 61 69 6e 69 6e 67 20 72 65 74 72 79 20 63 6f 75 6e 74 20 31 2e 22 2c 22 43 22 3a 33 30 32 37 2c 22 44 22 3a 35 30 7d 2c 7b 22 47 22 3a 35 30 37 33 32 36 38 36 30 2c 22 54 22 3a 37 34 38 38 2c 22 4d 22 3a 22 50 61 72 73 69 6e 67 20 6d 61 6e 69 66 65 73 74 20 66 72 6f 6d 20 43 44 4e 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6c 20 66 6f 72 20 4f Data Ascii: {"T":1742993671820,"L":[{"G":507326861,"T":7487,"M":"Fetching manifest from CDN was successful for OneNote in MSIT with exposure 10 with remaining retry count 1.","C":3027,"D":50},{"G":507326860,"T":7488,"M":"Parsing manifest from CDN was successful for O
2025-03-26 12:55:03 UTC	4644	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/plain P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR" Set-Cookie: Set-Cookie: PUS4-ARRAffinity=77fbfb420bc79df9aba6515ec56552af2299ef4bd3df60576391e6f50e3fb5d4;Path=/;Domain=common.online.office.com; samesite=none; secure; partitioned; httponly X-CorrelationId: dda9492c-8c85-4ed3-ae61-8a937861196a X-UserSessionId: 6e978169-98b0-08db-1683-11f39403677b Strict-Transport-Security: max-age=31536000 X-OfficeFE: BL6PEPF000222C0 X-OfficeVersion: 16.0.18710.41009 X-OfficeCluster: PUS4 X-Partitioning-Enabled: true Access-Control-Allow-Origin: https://onedrive.live.com Access-Control-Expose-Headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey, X-bULS-SuppressionETag, X-bULS-SuppressedTags Cross-Origin-Resource-Policy: cross-origin X-bULS-SuppressionETag: 3446F01DD18F16CB80609621A6A1DCA89020D1DE X-bULS-SuppressedTags: 378069,1671813,2208151,2209344,3249545,3290144,4273285,4285850,4298965,4298968,4298969,4751696,5018275,5306497,5904476,6375195,6572226,6948167,7463498,8194017,8458642,16799123,17044289,17085210,17085216,17162522,17358857,17387682,19214611,19243470,19707039,19743902,19939648,20486158,21627712,21631370,22401293,22410500,22558617,22558879,22598977,22680210,22680213,22680214,22836558,22922182,22946650,23385666,23881934,23909858,24133723,24401375,24462656,24515087,25514973,25531993,33592839,34388130,35682372,36472266,36546380,36546381,36546382,36569418,36708451,36773964,36791688,36811158,36811159,36963655,37259477,37288035,37307491,37754499,37856259,37876293,37876294,37889309,38293640,38535900,38543496,38580697,38637954,38922202,39076766,39076767,39105358,39408129,39613840,39966341,40437001,40777251,40935455,40957978,40957979,41003225,41207258,41473876,41502555,41711299,41952657,41964821,41964885,42272991,42496725,42513088,42815875,42857251,50406866,50431969,50622685,51451613,51504083,516670 [TRUNCATED] X-Content-Type-Options: nosniff X-Download-Options: noopen Content-Disposition: attachment X-OFFICEFD: BL6PEPF00021C9F X-Cache: CONFIG_NOCACHE X-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_control X-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_control X-MSEdge-Ref: Ref A: CD7223EBD92F45529AD8D4D242F79C6D Ref B: EWR311000106039 Ref C: 2025-03-26T12:55:03Z Date: Wed, 26 Mar 2025 12:55:03 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-26 12:55:16 UTC	406	OUT	GET /officeaddins/RemoteUls.ashx HTTP/1.1 Host: www.onenote.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 12:55:16 UTC	1172	IN	HTTP/1.1 500 Date: Wed, 26 Mar 2025 12:55:16 GMT Content-Type: text/html Content-Length: 1208 Connection: close Cache-Control: private X-RoutingOfficeCluster: eus-azsc-001.reverseproxy.onenote.com X-RoutingOfficeFE: ReverseProxyFrontEnd_IN_11 X-RoutingOfficeVersion: 16.0.18723.40453 X-RoutingSessionId: 10332ad6-f876-4f03-b7fd-efe4e24bd0ae X-RoutingCorrelationId: d54d3267-031f-4e4e-a310-68e44658f046 P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR" x-correlationid: d54d3267-031f-4e4e-a310-68e44658f046 x-usersessionid: 10332ad6-f876-4f03-b7fd-efe4e24bd0ae x-officefe: AgavesFrontEnd_IN_4 x-officeversion: 16.0.18725.40452 x-officecluster: eus-000.appsforoffice.onenote.com x-partitioning-enabled: true strict-transport-security: max-age=31536000; includeSubDomains; preload x-buls-suppressionetag: N/A x-buls-suppressedtags: x-invalidulsjson: x-content-type-options: nosniff x-download-options: noopen content-disposition: attachment x-content-type-options: nosniff x-azure-ref: 20250326T125516Z-17cccd5449bvj9xqhC1EWRh59s0000000grg00000000azpw X-Cache: CONFIG_NOCACHE
2025-03-26 12:55:16 UTC	1208	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 35 30 30 20 2d 20 49 6e 74 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>500 - Int

Target ID:	0
Start time:	08:53:51
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false