Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://forms.office.com/r/7dC97Hcsn7

Overview

General Information

Sample URL:https://forms.office.com/r/7dC97Hcsn7
Analysis ID:702438
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Deletes files inside the Windows folder

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5384 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 4620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1640,i,291786721536565463,5310082017259864379,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5444 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://forms.office.com/r/7dC97Hcsn7 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /r/7dC97Hcsn7 HTTP/1.1Host: forms.office.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu HTTP/1.1Host: forms.office.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /formapi/api/6723c9c6-f135-475e-aa46-68b338794d05/groups/2cbfc967-d04f-4bfb-ac39-c589004afc61/light/runtimeFormsWithResponses('xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu')?$expand=questions($expand=choices) HTTP/1.1Host: forms.office.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Content-Type: application/jsonX-UserSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cfsec-ch-ua-mobile: ?0__RequestVerificationToken: zgPIDL1goEdUn3UHfJdx_X2WVB4_sGFXKxpCqAuZ3gLMq-sWKCMWus0BZQzBIImv2yrI-VEsGVEW0fPIcP7ZS3Tmtdp797SiAPOpYnzqQlk1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcuAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; usenewauthrollout=True; __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1
Source: global trafficHTTP traffic detected: GET /formapi/api/6723c9c6-f135-475e-aa46-68b338794d05/groups/2cbfc967-d04f-4bfb-ac39-c589004afc61/forms('xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu')/localeResource/'en-gb' HTTP/1.1Host: forms.office.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"odata-version: 4.0x-correlationid: b961d23c-49a0-4669-a54d-b7ccc3c0c8d5x-usersessionid: 68646dc8-e1aa-450a-8f63-d398e4ea23cfx-ms-form-request-ring: businesssec-ch-ua-mobile: ?0authorization: content-type: application/jsonaccept: application/jsonodata-maxverion: 4.0__requestverificationtoken: zgPIDL1goEdUn3UHfJdx_X2WVB4_sGFXKxpCqAuZ3gLMq-sWKCMWus0BZQzBIImv2yrI-VEsGVEW0fPIcP7ZS3Tmtdp797SiAPOpYnzqQlk1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcuAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; usenewauthrollout=True; __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1
Source: global trafficHTTP traffic detected: GET /sw.js?ring=Business HTTP/1.1Host: forms.office.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcuUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; usenewauthrollout=True; __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1
Source: global trafficHTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://forms.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /c.gif?CtsSyncId=E629F409E59A47BCBC6603658253E369&RedC=c.office.com&MXFR=07EC3E99FBBC69660B292C86FFBC6207 HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://forms.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\Fonts\ariblk.ttfJump to behavior
Source: classification engineClassification label: clean0.win@24/0@9/9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1640,i,291786721536565463,5310082017259864379,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://forms.office.com/r/7dC97Hcsn7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1640,i,291786721536565463,5310082017259864379,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://forms.office.com/r/7dC97Hcsn71%VirustotalBrowse
https://forms.office.com/r/7dC97Hcsn70%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
b-0039.b-msedge.net
13.107.6.194
truefalse
    		unknown
    accounts.google.com
    		142.250.184.237
    		truefalse
      		high
      dual-a-0001.a-msedge.net
      		204.79.197.200
      		truefalse
        		unknown
        part-0032.t-0009.t-msedge.net
        		13.107.246.60
        		truefalse
          		unknown
          www.google.com
          		142.250.185.164
          		truefalse
            		high
            clients.l.google.com
            		142.250.186.142
            		truefalse
              		high
              js.monitor.azure.com
              		unknown
              		unknownfalse
                		high
                forms.office.com
                		unknown
                		unknownfalse
                  		high
                  clients2.google.com
                  		unknown
                  		unknownfalse
                    		high
                    c.office.com
                    		unknown
                    		unknownfalse
                      		high
                      cdn.forms.office.net
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                          		high
                          https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.jsfalse
                            		high
                            https://forms.office.com/r/7dC97Hcsn7false
                              		high
                              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                		high
                                https://forms.office.com/sw.js?ring=Businessfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  204.79.197.200
                                  		dual-a-0001.a-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  13.107.6.194
                                  		b-0039.b-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  13.107.246.60
                                  		part-0032.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  142.250.185.164
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.186.142
                                  		clients.l.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.184.237
                                  		accounts.google.comUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.1
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                  Analysis ID:702438
                                  Start date and time:2022-09-14 02:07:41 +02:00
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 4m 10s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:browseurl.jbs
                                  Sample URL:https://forms.office.com/r/7dC97Hcsn7
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:14
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:CLEAN
                                  Classification:clean0.win@24/0@9/9
                                  EGA Information:Failed
                                  HDC Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 0

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.185.163, 34.104.35.123, 173.222.108.160, 173.222.108.211, 20.234.93.27, 142.250.185.202, 20.42.65.88, 52.182.143.208, 142.250.186.131
                                  • Excluded domains from analysis (whitelisted): aijscdn2.afd.azureedge.net, content-autofill.googleapis.com, c-msn-com-nsatc.trafficmanager.net, cdn.forms.office.net.edgesuite.net, onedscolprdeus08.eastus.cloudapp.azure.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, arc.msn.com, firstparty-azurefd-prod.trafficmanager.net, a1894.ms.akamai.net, aijscdn2.azureedge.net, browser.events.data.microsoft.com, edgedl.me.gvt1.com, c.bing.com, update.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, onedscolprdcus04.centralus.cloudapp.azure.com, browser.pipe.aria.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  No created / dropped files found

                                  Static File Info

                                  No static file info

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 14, 2022 02:08:42.661853075 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:42.661906004 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:42.661990881 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:42.662519932 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:42.662549019 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:42.663605928 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:42.663651943 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:42.663755894 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:42.663990021 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:42.664015055 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:42.731653929 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:42.732327938 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:42.732383966 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:42.732436895 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:42.732783079 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:42.732830048 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:42.733318090 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:42.733407974 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:42.734904051 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:42.734914064 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:42.735023022 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:42.735037088 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:43.091295958 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:43.091655016 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:43.091677904 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:43.091718912 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:43.092335939 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:43.092395067 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:43.092412949 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:43.092672110 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:43.133024931 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:43.133172989 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:43.133220911 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:43.133256912 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:43.140419960 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:43.140666962 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:43.140891075 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:43.181399107 CEST49712443192.168.2.4142.250.184.237
                                  Sep 14, 2022 02:08:43.181437016 CEST44349712142.250.184.237192.168.2.4
                                  Sep 14, 2022 02:08:43.182277918 CEST49713443192.168.2.4142.250.186.142
                                  Sep 14, 2022 02:08:43.182307959 CEST44349713142.250.186.142192.168.2.4
                                  Sep 14, 2022 02:08:45.011075020 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.011145115 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.011219025 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.011295080 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.011375904 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.011475086 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.011593103 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.011643887 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.011904001 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.011941910 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.111629009 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.112296104 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.112323046 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.114012957 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.114084005 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.117480993 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.121223927 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.121247053 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.122390985 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.122474909 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.123231888 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.123387098 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.123636961 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.123656034 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.125298023 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.125427008 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.177495003 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.177573919 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.178170919 CEST49717443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.178212881 CEST4434971713.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.181423903 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.181457996 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.239994049 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.240032911 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.240112066 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.240132093 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.240204096 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.240231991 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.240238905 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.240261078 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.240350962 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.240401030 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.244940996 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.244972944 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245040894 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245086908 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.245120049 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.245140076 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245182037 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245249033 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.245271921 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245289087 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.245393038 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245470047 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.245488882 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.245552063 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268359900 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268501043 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268516064 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268578053 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268595934 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268625021 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268637896 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268661976 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268697023 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268769979 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268831015 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268845081 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268887997 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268894911 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268913031 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.268946886 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.268999100 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.269053936 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.269066095 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.269124985 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.273036957 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.273158073 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.273189068 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.273251057 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.273252010 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.273371935 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.275640011 CEST49716443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.275661945 CEST4434971613.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.310746908 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.310805082 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.310925007 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.311184883 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.311216116 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.346642017 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.346673965 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.346754074 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.347130060 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.347147942 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.401833057 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.410135984 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.412717104 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.412750006 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.414015055 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.414037943 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.414258003 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.414356947 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.414479017 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.416893959 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.417103052 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.446427107 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.446661949 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.447622061 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:45.491363049 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:45.641745090 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:45.641777039 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:45.743369102 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:50.449345112 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449382067 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449450970 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.449456930 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449479103 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449522972 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.449549913 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449625015 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449681044 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.449697018 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449731112 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449759007 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.449769020 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.449815989 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.449826956 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.450242043 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:50.450313091 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.454516888 CEST49718443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:50.454546928 CEST4434971813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.098299980 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.098351002 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.098440886 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.098723888 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.098742008 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.165174961 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.165256023 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.165373087 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.165652990 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.165680885 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.192621946 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.192938089 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.192962885 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.193696022 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.198518991 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.198697090 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.199079037 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.199104071 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.208564043 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.208612919 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.208705902 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.208946943 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.208965063 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.252718925 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.253051043 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.253128052 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.253536940 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.253961086 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.254096031 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.254096985 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.286978006 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.287400961 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.287440062 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.287868023 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.287951946 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.287955999 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.287982941 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.287996054 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288069963 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288125038 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288135052 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288167000 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288178921 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288187027 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288216114 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288268089 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288316965 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288325071 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288368940 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288372040 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288388968 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288428068 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288487911 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288539886 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.288547993 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.288590908 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.289153099 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.289249897 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.292061090 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.292176008 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.292505026 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.292534113 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.312798023 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.312823057 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.312907934 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.312938929 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.312954903 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.313014030 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.313319921 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.313397884 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.313416004 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.313472986 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.313498020 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.313555002 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.313635111 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.313694000 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.313704967 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.313735008 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.313781977 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.326505899 CEST49739443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.326529980 CEST4434973913.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.329874992 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.329910040 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.329988003 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.330013037 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.330032110 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.330625057 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.330657959 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.330715895 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.330749035 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.330769062 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.331332922 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.331388950 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.331423998 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.331458092 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.331475019 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.347217083 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.347259045 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.347335100 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.347378969 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.347394943 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.347806931 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.347845078 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.347887039 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.347908974 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.347923994 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.347932100 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.348238945 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.348275900 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.348316908 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.348335028 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.348351955 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.348973989 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.349013090 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.349056959 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.349075079 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.349092007 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.349143028 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.349447966 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.349488020 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.349536896 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.349559069 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.349574089 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.349613905 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.364659071 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.364696980 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.364753008 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.364779949 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.364795923 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.364830971 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.365915060 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.365952015 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.366004944 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366029024 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.366044998 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366054058 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.366108894 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366127968 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.366143942 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366182089 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.366183996 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366234064 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366849899 CEST49740443192.168.2.413.107.246.60
                                  Sep 14, 2022 02:08:51.366875887 CEST4434974013.107.246.60192.168.2.4
                                  Sep 14, 2022 02:08:51.441145897 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.441272020 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.441344976 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.460086107 CEST49738443192.168.2.413.107.6.194
                                  Sep 14, 2022 02:08:51.460117102 CEST4434973813.107.6.194192.168.2.4
                                  Sep 14, 2022 02:08:51.553365946 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.553432941 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:51.553539991 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.553920984 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.553949118 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:51.630467892 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:51.706904888 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.790975094 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.791004896 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:51.791954041 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:51.791981936 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:51.792047024 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.894398928 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:51.894435883 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:52.003771067 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:55.395761967 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:55.395888090 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:08:55.395975113 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:55.902225971 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:55.902410984 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:55.902472019 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:55.943370104 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:55.946721077 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:55.946899891 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:55.948395014 CEST49743443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:08:55.948436975 CEST44349743204.79.197.200192.168.2.4
                                  Sep 14, 2022 02:08:55.956306934 CEST49722443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:08:55.956340075 CEST44349722142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:21.338779926 CEST49688443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:09:21.340099096 CEST49689443192.168.2.4204.79.197.200
                                  Sep 14, 2022 02:09:45.307341099 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:45.307400942 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:45.307528019 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:45.307852030 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:45.307885885 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:45.357072115 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:45.358117104 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:45.358151913 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:45.358633995 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:45.359430075 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:45.359551907 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:45.413484097 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:55.359600067 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:55.359720945 CEST44349808142.250.185.164192.168.2.4
                                  Sep 14, 2022 02:09:55.359827042 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:55.936494112 CEST49808443192.168.2.4142.250.185.164
                                  Sep 14, 2022 02:09:55.936523914 CEST44349808142.250.185.164192.168.2.4

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 14, 2022 02:08:42.627177000 CEST6100753192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:42.628864050 CEST6068653192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:42.654431105 CEST53606868.8.8.8192.168.2.4
                                  Sep 14, 2022 02:08:42.655294895 CEST53610078.8.8.8192.168.2.4
                                  Sep 14, 2022 02:08:44.576345921 CEST6490653192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:44.593934059 CEST53649068.8.8.8192.168.2.4
                                  Sep 14, 2022 02:08:45.298263073 CEST5086153192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:45.299710989 CEST6108853192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:45.319523096 CEST53610888.8.8.8192.168.2.4
                                  Sep 14, 2022 02:08:45.325241089 CEST5872953192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:45.345537901 CEST53587298.8.8.8192.168.2.4
                                  Sep 14, 2022 02:08:46.815857887 CEST5602253192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:51.143378973 CEST5485153192.168.2.48.8.8.8
                                  Sep 14, 2022 02:08:51.143965960 CEST5452153192.168.2.48.8.8.8

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                  Sep 14, 2022 02:08:42.627177000 CEST192.168.2.48.8.8.80xdda3Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:42.628864050 CEST192.168.2.48.8.8.80x5c0bStandard query (0)accounts.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:44.576345921 CEST192.168.2.48.8.8.80xef19Standard query (0)forms.office.comA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:45.298263073 CEST192.168.2.48.8.8.80x3688Standard query (0)cdn.forms.office.netA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:45.299710989 CEST192.168.2.48.8.8.80x269eStandard query (0)www.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:45.325241089 CEST192.168.2.48.8.8.80x55cbStandard query (0)www.google.comA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:46.815857887 CEST192.168.2.48.8.8.80x6616Standard query (0)cdn.forms.office.netA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:51.143378973 CEST192.168.2.48.8.8.80x40dcStandard query (0)js.monitor.azure.comA (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:51.143965960 CEST192.168.2.48.8.8.80x9df7Standard query (0)c.office.comA (IP address)IN (0x0001)

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                  Sep 14, 2022 02:08:42.654431105 CEST8.8.8.8192.168.2.40x5c0bNo error (0)accounts.google.com142.250.184.237A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:42.655294895 CEST8.8.8.8192.168.2.40xdda3No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:42.655294895 CEST8.8.8.8192.168.2.40xdda3No error (0)clients.l.google.com142.250.186.142A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:44.593934059 CEST8.8.8.8192.168.2.40xef19No error (0)forms.office.comforms.office.com.b-0039.b-msedge.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:44.593934059 CEST8.8.8.8192.168.2.40xef19No error (0)forms.office.com.b-0039.b-msedge.netb-0039.b-msedge.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:44.593934059 CEST8.8.8.8192.168.2.40xef19No error (0)b-0039.b-msedge.net13.107.6.194A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:45.318131924 CEST8.8.8.8192.168.2.40x3688No error (0)cdn.forms.office.netcdn.forms.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:45.319523096 CEST8.8.8.8192.168.2.40x269eNo error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:45.345537901 CEST8.8.8.8192.168.2.40x55cbNo error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:46.837606907 CEST8.8.8.8192.168.2.40x6616No error (0)cdn.forms.office.netcdn.forms.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:51.167650938 CEST8.8.8.8192.168.2.40x9df7No error (0)c.office.comc.msn.comCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:51.167650938 CEST8.8.8.8192.168.2.40x9df7No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:51.172930002 CEST8.8.8.8192.168.2.40x40dcNo error (0)js.monitor.azure.comaijscdn2.azureedge.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:51.172930002 CEST8.8.8.8192.168.2.40x40dcNo error (0)dual.part-0032.t-0009.t-msedge.netpart-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:51.172930002 CEST8.8.8.8192.168.2.40x40dcNo error (0)part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:51.172930002 CEST8.8.8.8192.168.2.40x40dcNo error (0)part-0032.t-0009.t-msedge.net13.107.213.60A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:51.478682995 CEST8.8.8.8192.168.2.40x578dNo error (0)c-bing-com.a-0001.a-msedge.netdual-a-0001.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                  Sep 14, 2022 02:08:51.478682995 CEST8.8.8.8192.168.2.40x578dNo error (0)dual-a-0001.a-msedge.net204.79.197.200A (IP address)IN (0x0001)
                                  Sep 14, 2022 02:08:51.478682995 CEST8.8.8.8192.168.2.40x578dNo error (0)dual-a-0001.a-msedge.net13.107.21.200A (IP address)IN (0x0001)

                                  HTTP Request Dependency Graph

                                  • accounts.google.com
                                  • clients2.google.com
                                  • forms.office.com
                                  • https:
                                    • js.monitor.azure.com
                                    • c.bing.com

                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.449712142.250.184.237443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:43 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                  Host: accounts.google.com
                                  Connection: keep-alive
                                  Content-Length: 1
                                  Origin: https://www.google.com
                                  Content-Type: application/x-www-form-urlencoded
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  2022-09-14 00:08:43 UTC0OUTData Raw: 20
                                  Data Ascii:
                                  2022-09-14 00:08:43 UTC2INHTTP/1.1 200 OK
                                  Content-Type: application/json; charset=utf-8
                                  Access-Control-Allow-Origin: https://www.google.com
                                  Access-Control-Allow-Credentials: true
                                  X-Content-Type-Options: nosniff
                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                  Pragma: no-cache
                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                  Date: Wed, 14 Sep 2022 00:08:43 GMT
                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                  Content-Security-Policy: script-src 'report-sample' 'nonce-GcMvm0nwi2S80fomoj1TyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                  Cross-Origin-Opener-Policy: same-origin
                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  Server: ESF
                                  X-XSS-Protection: 0
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2022-09-14 00:08:43 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                  Data Ascii: 11["gaia.l.a.r",[]]
                                  2022-09-14 00:08:43 UTC4INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  1192.168.2.449713142.250.186.142443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:43 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                  Host: clients2.google.com
                                  Connection: keep-alive
                                  X-Goog-Update-Interactivity: fg
                                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                  X-Goog-Update-Updater: chromecrx-104.0.5112.81
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  2022-09-14 00:08:43 UTC1INHTTP/1.1 200 OK
                                  Content-Security-Policy: script-src 'report-sample' 'nonce-UWiuyYqwU7afT0F--MHLjg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                  Pragma: no-cache
                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                  Date: Wed, 14 Sep 2022 00:08:43 GMT
                                  Content-Type: text/xml; charset=UTF-8
                                  X-Daynum: 5734
                                  X-Daystart: 61723
                                  X-Content-Type-Options: nosniff
                                  X-Frame-Options: SAMEORIGIN
                                  X-XSS-Protection: 1; mode=block
                                  Server: GSE
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2022-09-14 00:08:43 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 37 33 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 31 37 32 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5734" elapsed_seconds="61723"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                  2022-09-14 00:08:43 UTC2INData Raw: 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67
                                  Data Ascii: mhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></g
                                  2022-09-14 00:08:43 UTC2INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  2192.168.2.44971713.107.6.194443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:45 UTC4OUTGET /r/7dC97Hcsn7 HTTP/1.1
                                  Host: forms.office.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  2022-09-14 00:08:45 UTC5INHTTP/1.1 301 Moved Permanently
                                  Cache-Control: no-cache
                                  Pragma: no-cache
                                  Expires: -1
                                  Location: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu
                                  P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
                                  X-CorrelationId: 6122e560-8832-4508-a9c1-81dab540e832
                                  X-UserSessionId: 6122e560-8832-4508-a9c1-81dab540e832
                                  X-OfficeFE: FormIntelligenceService_IN_2
                                  X-OfficeVersion: 16.0.15707.36678
                                  X-OfficeCluster: weu-100.forms.office.com
                                  X-Content-Type-Options: nosniff
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: 8DF36A7335FB43A7BA533F9C6E9A3B8E Ref B: AM3EDGE0520 Ref C: 2022-09-14T00:08:45Z
                                  Date: Wed, 14 Sep 2022 00:08:44 GMT
                                  Connection: close
                                  Content-Length: 0


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  3192.168.2.44971613.107.6.194443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:45 UTC5OUTGET /pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu HTTP/1.1
                                  Host: forms.office.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  2022-09-14 00:08:45 UTC6INHTTP/1.1 200 OK
                                  Cache-Control: no-cache, no-store, must-revalidate
                                  Pragma: no-cache
                                  Content-Length: 52844
                                  Content-Type: text/html; charset=utf-8
                                  Expires: 0
                                  P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
                                  Set-Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; domain=forms.office.com; expires=Fri, 14-Oct-2022 00:08:45 GMT; path=/; samesite=none; secure; HttpOnly
                                  Set-Cookie: usenewauthrollout=True; domain=forms.office.com; expires=Fri, 14-Oct-2022 00:08:45 GMT; path=/; samesite=none; secure; HttpOnly
                                  Set-Cookie: __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1; path=/; samesite=none; secure; HttpOnly
                                  Strict-Transport-Security: max-age=2592000; includeSubDomains
                                  X-RoutingOfficeCluster: frc-101.forms.office.com
                                  X-RoutingOfficeFE: FormsSingleBox_IN_11
                                  X-RoutingOfficeVersion: 16.0.15705.36676
                                  X-RoutingSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  X-RoutingCorrelationId: 003d1c26-31fd-41be-a966-713d29c56999
                                  X-CorrelationId: 003d1c26-31fd-41be-a966-713d29c56999
                                  X-UserSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  X-OfficeFE: FormsSingleBox_IN_11
                                  X-OfficeVersion: 16.0.15705.36676
                                  X-OfficeCluster: frc-101.forms.office.com
                                  X-FailureReason: Unknown
                                  X-Robots-Tag: noindex, nofollow
                                  Link: <https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
                                  X-Content-Type-Options: nosniff
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: 11104B7ADAEB40FAB4761C00C80B8A00 Ref B: AMS04EDGE3613 Ref C: 2022-09-14T00:08:45Z
                                  Date: Wed, 14 Sep 2022 00:08:44 GMT
                                  Connection: close
                                  2022-09-14 00:08:45 UTC8INData Raw: 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 67 62 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0d 0a 20
                                  Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" lang="en-gb"><head> <meta charset="utf-8" /> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1" />
                                  2022-09-14 00:08:45 UTC10INData Raw: 4d 22 2c 22 44 61 79 4e 61 6d 65 73 22 3a 5b 22 53 75 6e 64 61 79 22 2c 22 4d 6f 6e 64 61 79 22 2c 22 54 75 65 73 64 61 79 22 2c 22 57 65 64 6e
                                  Data Ascii: M","DayNames":["Sunday","Monday","Tuesday","Wedn
                                  2022-09-14 00:08:45 UTC10INData Raw: 65 73 64 61 79 22 2c 22 54 68 75 72 73 64 61 79 22 2c 22 46 72 69 64 61 79 22 2c 22 53 61 74 75 72 64 61 79 22 5d 2c 22 46 69 72 73 74 44 61 79 4f 66 57 65 65 6b 22 3a 31 2c 22 4d 6f 6e 74 68 4e 61 6d 65 73 22 3a 5b 22 4a 61 6e 75 61 72 79 22 2c 22 46 65 62 72 75 61 72 79 22 2c 22 4d 61 72 63 68 22 2c 22 41 70 72 69 6c 22 2c 22 4d 61 79 22 2c 22 4a 75 6e 65 22 2c 22 4a 75 6c 79 22 2c 22 41 75 67 75 73 74 22 2c 22 53 65 70 74 65 6d 62 65 72 22 2c 22 4f 63 74 6f 62 65 72 22 2c 22 4e 6f 76 65 6d 62 65 72 22 2c 22 44 65 63 65 6d 62 65 72 22 2c 22 22 5d 2c 22 50 4d 44 65 73 69 67 6e 61 74 6f 72 22 3a 22 50 4d 22 2c 22 53 68 6f 72 74 44 61 74 65 50 61 74 74 65 72 6e 22 3a 22 64 64 2f 4d 4d 2f 79 79 79 79 22 2c 22 53 68 6f 72 74 54 69 6d 65 50 61 74 74 65 72 6e
                                  Data Ascii: esday","Thursday","Friday","Saturday"],"FirstDayOfWeek":1,"MonthNames":["January","February","March","April","May","June","July","August","September","October","November","December",""],"PMDesignator":"PM","ShortDatePattern":"dd/MM/yyyy","ShortTimePattern
                                  2022-09-14 00:08:45 UTC11INData Raw: 61 6d 65 22 3a 22 65 6e 2d 47 42 22 2c 22 4c 43 49 44 22 3a 32 30 35 37 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 73 65 44 65 62 75 67 56 65 72 73 69 6f 6e 53 63 72 69 70 74 3a 20 66 61 6c 73 65 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 70 6c 6f 79 6d 65 6e 74 3a 20 22 50 72 6f 64 75 63 74 69 6f 6e 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 54 79 70 65 3a 20 22 57 57 50 72 6f 64 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 69 67 68 74 73 3a 20 22 21 52 65 73 70 6f 6e 73 65 49 6e 41 70 70 3b 21 50 61 72 74 69 61 6c 50 75 74 3b 50 50 54 43 6f 6e 74 65 6e 74 41 64 64 69 6e 53 53 4f 43 6f 6d 70 75 74 65 72 3b 50 50 54 43 6f 6e 74 65 6e 74 41 64 64 69 6e 57 65 6c 63 6f 6d 65 50 61 67 65 3b 21 44
                                  Data Ascii: ame":"en-GB","LCID":2057}, useDebugVersionScript: false, deployment: "Production", environmentType: "WWProd", flights: "!ResponseInApp;!PartialPut;PPTContentAddinSSOComputer;PPTContentAddinWelcomePage;!D
                                  2022-09-14 00:08:45 UTC15INData Raw: 43 6f 6e 66 69 67 27 25 32 30 6f 66 25 32 30 75 6e 64 65 66 69 6e 65 64 25 35 43 25 32 32 2c 25 35 43 25 32 32 7a 61 6c 6f 4a 53 56 32 25 32 30 69 73 25 32 30 6e 6f 74 25 32 30 64 65 66 69 6e 65 64 25 35 43 25 32 32 2c 25 35 43 25 32 32 43 61 6e 27 74 25 32 30 66 69 6e 64 25 32 30 76 61 72 69 61 62 6c 65 3a 25 32 30 7a 61 6c 6f 4a 53 56 32 25 35 43 25 32 32 2c 25 35 43 25 32 32 43 61 6e 27 74 25 32 30 66 69 6e 64 25 32 30 76 61 72 69 61 62 6c 65 3a 25 32 30 69 6e 73 74 61 6e 74 53 65 61 72 63 68 53 44 4b 4a 53 42 72 69 64 67 65 43 6c 65 61 72 48 69 67 68 6c 69 67 68 74 25 35 43 25 32 32 2c 25 35 43 25 32 32 46 61 69 6c 65 64 25 32 30 74 6f 25 32 30 66 65 74 63 68 25 35 43 25 32 32 2c 25 35 43 25 32 32 66 65 74 63 68 40 5b 6e 61 74 69 76 65 25 32 30 63 6f
                                  Data Ascii: Config'%20of%20undefined%5C%22,%5C%22zaloJSV2%20is%20not%20defined%5C%22,%5C%22Can't%20find%20variable:%20zaloJSV2%5C%22,%5C%22Can't%20find%20variable:%20instantSearchSDKJSBridgeClearHighlight%5C%22,%5C%22Failed%20to%20fetch%5C%22,%5C%22fetch@[native%20co
                                  2022-09-14 00:08:45 UTC19INData Raw: 22 61 37 39 61 39 63 62 22 2c 22 76 65 6e 64 6f 72 73 2f 63 6f 6d 62 69 6e 65 64 6d 69 6e 2f 62 61 73 69 63 73 5f 76 35 5f 6a 33 2e 6d 69 6e 2e 6a 73 22 3a 22 31 38 33 32 63 65 37 22 2c 22 76 65 6e 64 6f 72 73 2f 63 6f 6d 62 69 6e 65 64 6d 69 6e 2f 64 65 73 69 67 6e 5f 76 33 2e 6d 69 6e 2e 6a 73 22 3a 22 61 61 62 61 61 61 32 22 2c 22 76 65 6e 64 6f 72 73 2f 63 6f 6d 62 69 6e 65 64 6d 69 6e 2f 72 65 73 70 6f 6e 73 65 5f 76 32 2e 6d 69 6e 2e 6a 73 22 3a 22 35 32 33 34 61 31 39 22 2c 22 76 65 6e 64 6f 72 73 2f 64 33 2f 64 33 2e 6d 69 6e 2e 6a 73 22 3a 22 39 31 36 36 33 64 61 22 2c 22 76 65 6e 64 6f 72 73 2f 64 61 74 61 74 61 62 6c 65 73 2e 6d 69 6e 2e 6a 73 22 3a 22 39 31 37 63 66 37 64 22 2c 22 76 65 6e 64 6f 72 73 2f 69 6d 6d 65 72 73 69 76 65 72 65 61 64
                                  Data Ascii: "a79a9cb","vendors/combinedmin/basics_v5_j3.min.js":"1832ce7","vendors/combinedmin/design_v3.min.js":"aabaaa2","vendors/combinedmin/response_v2.min.js":"5234a19","vendors/d3/d3.min.js":"91663da","vendors/datatables.min.js":"917cf7d","vendors/immersiveread
                                  2022-09-14 00:08:45 UTC23INData Raw: 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 61 63 68 65 67 72 6f 75 70 2d 6e 65 72 76 65 2e 6d 69 6e 2e 6a 73 22 3a 22 30 31 32 61 62 66 32 22 2c 22 61 73 73 69 67 6e 6d 65 6e 74 73 2d 72 65 73 70 6f 6e 73 65 2d 70 61 67 65 2e 6d 69 6e 2e 6a 73 22 3a 22 63 37 66 62 32 31 32 22 2c 22 61 73 73 69 67 6e 6d 65 6e 74 73 2d 72 65 73 70 6f 6e 73 65 2d 70 61 67 65 2e 63 61 63 68 65 67 72 6f 75 70 2d 6e 65 72 76 65 2e 6d 69 6e 2e 6a 73 22 3a 22 30 31 32 61 62 66 32 22 2c 22 64 65 66 61 75 6c 74 2d 70 61 67 65 2e 6d 69 6e 2e 6a 73 22 3a 22 61 39 33 63 66 39 37 22 2c 22 64 65 6c 65 67 61 74 65 2d 70 61 67 65 2e 6d 69 6e 2e 6a 73 22 3a 22 33 38 35 61 66 62 34 22 2c 22 64 65 6c 65 67 61 74 65 2d 70 61 67 65 2e 63 61 63 68 65 67 72 6f 75 70 2d 6e 65 72 76 65 2e 6d 69 6e 2e
                                  Data Ascii: design-page.cachegroup-nerve.min.js":"012abf2","assignments-response-page.min.js":"c7fb212","assignments-response-page.cachegroup-nerve.min.js":"012abf2","default-page.min.js":"a93cf97","delegate-page.min.js":"385afb4","delegate-page.cachegroup-nerve.min.
                                  2022-09-14 00:08:45 UTC27INData Raw: 69 62 75 74 69 6f 6e 5f 70 6f 72 74 61 6c 2e 6a 73 22 3a 22 38 37 61 66 62 30 64 22 2c 22 6e 65 6f 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 68 75 6e 6b 2e 70 65 6f 70 6c 65 70 69 63 6b 65 72 2e 6a 73 22 3a 22 33 36 64 33 31 38 32 22 2c 22 6e 65 6f 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 68 75 6e 6b 2e 68 65 61 64 65 72 2e 6a 73 22 3a 22 35 35 63 39 31 36 30 22 2c 22 6e 65 6f 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 68 75 6e 6b 2e 64 65 73 69 67 6e 5f 6f 70 74 69 6f 6e 2e 6a 73 22 3a 22 34 34 34 66 64 30 30 22 2c 22 6e 65 6f 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 68 75 6e 6b 2e 64 65 73 69 67 6e 65 72 2e 6a 73 22 3a 22 61 31 35 66 32 61 33 22 2c 22 6e 65 6f 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 68 75 6e 6b 2e 72 65 73 70 6f 6e 73 65 73 2e 6a 73
                                  Data Ascii: ibution_portal.js":"87afb0d","neo-design-page.chunk.peoplepicker.js":"36d3182","neo-design-page.chunk.header.js":"55c9160","neo-design-page.chunk.design_option.js":"444fd00","neo-design-page.chunk.designer.js":"a15f2a3","neo-design-page.chunk.responses.js
                                  2022-09-14 00:08:45 UTC31INData Raw: 73 61 67 65 2d 65 78 74 65 6e 73 69 6f 6e 2d 63 6f 6e 66 69 67 2d 70 61 67 65 2e 63 61 63 68 65 67 72 6f 75 70 2d 6e 65 72 76 65 2e 6d 69 6e 2e 6a 73 22 3a 22 30 31 32 61 62 66 32 22 2c 22 74 65 61 6d 73 2d 62 75 62 62 6c 65 2d 70 72 65 66 65 74 63 68 65 72 2e 6d 69 6e 2e 6a 73 22 3a 22 61 38 65 33 35 61 38 22 2c 22 74 65 61 6d 73 2d 63 6f 6e 66 69 67 2d 70 61 67 65 2e 6d 69 6e 2e 6a 73 22 3a 22 37 61 39 64 30 33 64 22 2c 22 74 65 61 6d 73 2d 63 6f 6e 66 69 67 2d 70 61 67 65 2e 63 61 63 68 65 67 72 6f 75 70 2d 6e 65 72 76 65 2e 6d 69 6e 2e 6a 73 22 3a 22 30 31 32 61 62 66 32 22 2c 22 74 65 61 6d 73 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 6d 69 6e 2e 6a 73 22 3a 22 38 66 30 61 36 33 65 22 2c 22 74 65 61 6d 73 2d 64 65 73 69 67 6e 2d 70 61 67 65 2e 63 61 63
                                  Data Ascii: sage-extension-config-page.cachegroup-nerve.min.js":"012abf2","teams-bubble-prefetcher.min.js":"a8e35a8","teams-config-page.min.js":"7a9d03d","teams-config-page.cachegroup-nerve.min.js":"012abf2","teams-design-page.min.js":"8f0a63e","teams-design-page.cac
                                  2022-09-14 00:08:45 UTC35INData Raw: 20 20 5c 22 49 6e 74 65 6c 6c 69 67 65 6e 63 65 50 6f 6c 6c 43 6f 6e 74 65 6e 74 45 78 70 5c 22 3a 20 5c 22 54 72 65 61 74 6d 65 6e 74 5c 22 2c 5c 72 5c 6e 20 20 5c 22 49 6e 74 65 6c 6c 69 67 65 6e 63 65 41 6e 61 6c 79 7a 65 41 50 49 45 78 70 5c 22 3a 20 5c 22 54 72 65 61 74 6d 65 6e 74 5c 22 2c 5c 72 5c 6e 20 20 5c 22 46 6c 75 65 6e 74 44 61 74 65 50 69 63 6b 65 72 5c 22 3a 20 31 2c 5c 72 5c 6e 20 20 5c 22 53 65 6e 64 46 65 61 74 75 72 65 41 41 5c 22 3a 20 32 2c 5c 72 5c 6e 20 20 5c 22 54 72 79 55 73 65 72 46 61 63 65 70 69 6c 65 5c 22 3a 20 74 72 75 65 5c 72 5c 6e 7d 22 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 65 63 73 57 65 62 53 65 74 74 69 6e 67 73 3a 20 7b 0d 0a 20 20 22 54 65 6d 70 6c 61 74 65 53 63 65 6e 61 72 69 6f 73 42 69 7a 22 3a 20 5b
                                  Data Ascii: \"IntelligencePollContentExp\": \"Treatment\",\r\n \"IntelligenceAnalyzeAPIExp\": \"Treatment\",\r\n \"FluentDatePicker\": 1,\r\n \"SendFeatureAA\": 2,\r\n \"TryUserFacepile\": true\r\n}"}, ecsWebSettings: { "TemplateScenariosBiz": [
                                  2022-09-14 00:08:45 UTC39INData Raw: 2c 76 6f 69 64 20 30 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 52 28 6e 2c 74 29 7d 29 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 42 28 6e 2c 74 29 7d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 6e 2c 72 2c 65 29 7b 72 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 6e 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 65 3d 3d 3d 6a 26 26 72 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 72 65 73 6f 6c 76 65 3d 3d 3d 5f 3f 49 28 6e 2c 72 29 3a 76 6f 69 64 20 30 3d 3d 3d 65 3f 57 28 6e 2c 72 29 3a 74 28 65 29 3f 4d 28 6e 2c 72 2c 65 29 3a 57 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 52 28 74 2c 72 29 7b 69 66 28 74 3d 3d 3d 72 29 42 28 74 2c 45 28 29 29 3b 65 6c 73 65 20 69 66 28 6e 28 72 29 29 7b 76 61 72 20 65 3d 76 6f 69 64 20 30
                                  Data Ascii: ,void 0,(function(t){return R(n,t)}),(function(t){return B(n,t)}))}function S(n,r,e){r.constructor===n.constructor&&e===j&&r.constructor.resolve===_?I(n,r):void 0===e?W(n,r):t(e)?M(n,r,e):W(n,r)}function R(t,r){if(t===r)B(t,E());else if(n(r)){var e=void 0
                                  2022-09-14 00:08:45 UTC43INData Raw: 66 28 76 6f 69 64 20 30 21 3d 3d 6f 29 72 65 74 75 72 6e 20 6f 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 74 5b 65 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 6e 5b 65 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 72 29 2c 69 2e 65 78 70 6f 72 74 73 7d 72 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 6e 26 26 6e 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 2e 64 65 66 61 75 6c 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 3b 72 65 74 75 72 6e 20 72 2e 64 28 74 2c 7b 61 3a 74 7d 29 2c 74 7d 2c 72 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 66 6f 72 28 76 61 72 20 65 20 69 6e 20 74 29 72 2e 6f 28 74
                                  Data Ascii: f(void 0!==o)return o.exports;var i=t[e]={exports:{}};return n[e].call(i.exports,i,i.exports,r),i.exports}r.n=function(n){var t=n&&n.__esModule?function(){return n.default}:function(){return n};return r.d(t,{a:t}),t},r.d=function(n,t){for(var e in t)r.o(t
                                  2022-09-14 00:08:45 UTC47INData Raw: 72 20 76 3d 70 28 29 2e 6f 73 74 72 65 70 6f 72 74 74 69 6d 65 3b 76 26 26 73 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 78 2d 6d 73 2d 66 6f 72 6d 2d 6f 73 74 72 65 70 6f 72 74 74 69 6d 65 22 2c 76 29 3b 76 61 72 20 6c 3d 70 28 29 2e 6f 73 74 73 69 67 6e 61 74 75 72 65 3b 6c 26 26 73 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 78 2d 6d 73 2d 66 6f 72 6d 2d 6f 73 74 73 69 67 6e 61 74 75 72 65 22 2c 6c 29 7d 69 66 28 68 28 29 2e 70 72 6f 45 6e 61 62 6c 65 64 29 7b 22 55 53 47 6f 76 47 63 63 50 72 6f 64 22 3d 3d 3d 68 28 29 2e 65 6e 76 69 72 6f 6e 6d 65 6e 74 54 79 70 65 3f 73 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 78 2d 6d 73 2d 66 6f 72 6d 2d 72 65 71 75 65 73 74 2d 72 69 6e 67 22 2c 22 66 6f 72 6d 73 70 72 6f
                                  Data Ascii: r v=p().ostreporttime;v&&s.setRequestHeader("x-ms-form-ostreporttime",v);var l=p().ostsignature;l&&s.setRequestHeader("x-ms-form-ostsignature",l)}if(h().proEnabled){"USGovGccProd"===h().environmentType?s.setRequestHeader("x-ms-form-request-ring","formspro
                                  2022-09-14 00:08:45 UTC51INData Raw: 31 2e 38 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 7d 33 37 2e 35 25 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 2d 32 2e 36 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 31 2e 38 65 6d 20 2d 31 2e 38 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 35 29 2c 32 2e 35 65 6d 20 30 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 37 29 2c 31 2e 37 35 65 6d 20 31 2e 37 35 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 30 20 32 2e 35 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 2d 31 2e 38 65 6d 20 31 2e 38 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 2d 32 2e 36 65 6d
                                  Data Ascii: 1.8em 0 0 rgba(3,120,124,.2)}37.5%{box-shadow:0 -2.6em 0 0 rgba(3,120,124,.2),1.8em -1.8em 0 0 rgba(3,120,124,.5),2.5em 0 0 0 rgba(3,120,124,.7),1.75em 1.75em 0 0 rgba(3,120,124,.2),0 2.5em 0 0 rgba(3,120,124,.2),-1.8em 1.8em 0 0 rgba(3,120,124,.2),-2.6em
                                  2022-09-14 00:08:45 UTC55INData Raw: 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 30 20 32 2e 35 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 2d 31 2e 38 65 6d 20 31 2e 38 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 2d 32 2e 36 65 6d 20 30 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 32 29 2c 2d 31 2e 38 65 6d 20 2d 31 2e 38 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 35 29 7d 32 35 25 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 2d 32 2e 36 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 35 29 2c 31 2e 38 65 6d 20 2d 31 2e 38 65 6d 20 30 20 30 20 72 67 62 61 28 33 2c 31 32 30 2c 31 32 34 2c 2e 37 29 2c 32 2e 35 65 6d 20 30 20 30 20 30
                                  Data Ascii: m 0 0 rgba(3,120,124,.2),0 2.5em 0 0 rgba(3,120,124,.2),-1.8em 1.8em 0 0 rgba(3,120,124,.2),-2.6em 0 0 0 rgba(3,120,124,.2),-1.8em -1.8em 0 0 rgba(3,120,124,.5)}25%{box-shadow:0 -2.6em 0 0 rgba(3,120,124,.5),1.8em -1.8em 0 0 rgba(3,120,124,.7),2.5em 0 0 0
                                  2022-09-14 00:08:45 UTC59INData Raw: 74 79 6c 65 3e 0d 0a 20 20 20 20 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 2d 72 6f 6f 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6c 6f 61 64 69 6e 67 2d 62 61 63 6b 67 72 6f 75 6e 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6c 6f 61 64 69 6e 67 2d 6d 65 73 73 61 67 65 62 6f 78 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6c 6f 61 64 69 6e 67 2d 61 6e 69 6d 61 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20
                                  Data Ascii: tyle> </head><body dir="ltr"> <div id="content-root"> <div class="page-loading-background"> <div class="page-loading-messagebox" role="main"> <div class="page-loading-animation">


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  4192.168.2.44971813.107.6.194443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:45 UTC59OUTGET /formapi/api/6723c9c6-f135-475e-aa46-68b338794d05/groups/2cbfc967-d04f-4bfb-ac39-c589004afc61/light/runtimeFormsWithResponses('xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu')?$expand=questions($expand=choices) HTTP/1.1
                                  Host: forms.office.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                  Content-Type: application/json
                                  X-UserSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  sec-ch-ua-mobile: ?0
                                  __RequestVerificationToken: zgPIDL1goEdUn3UHfJdx_X2WVB4_sGFXKxpCqAuZ3gLMq-sWKCMWus0BZQzBIImv2yrI-VEsGVEW0fPIcP7ZS3Tmtdp797SiAPOpYnzqQlk1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Referer: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; usenewauthrollout=True; __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1
                                  2022-09-14 00:08:50 UTC61INHTTP/1.1 200 OK
                                  Transfer-Encoding: chunked
                                  Content-Type: application/json; charset=utf-8
                                  Strict-Transport-Security: max-age=2592000; includeSubDomains
                                  X-RoutingOfficeCluster: weu-101.forms.office.com
                                  X-RoutingOfficeFE: FormsSingleBox_IN_10
                                  X-RoutingOfficeVersion: 16.0.15705.36676
                                  X-RoutingSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  X-RoutingCorrelationId: 778d519e-c029-4815-bc2f-b2c00eb7a436
                                  X-CorrelationId: 778d519e-c029-4815-bc2f-b2c00eb7a436
                                  X-OfficeCluster: weu-101.forms.office.com
                                  X-OfficeFE: FormsSingleBox_IN_3
                                  X-OfficeVersion: 16.0.15705.36676
                                  X-UserSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  X-Robots-Tag: noindex, nofollow
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: B7DB1B02801B4E6AA50E499496A4BB0E Ref B: AM3EDGE0614 Ref C: 2022-09-14T00:08:45Z
                                  Date: Wed, 14 Sep 2022 00:08:50 GMT
                                  Connection: close
                                  2022-09-14 00:08:50 UTC62INData Raw: 36 36 32 0d 0a 7b 22 72 65 73 70 6f 6e 73 65 73 22 3a 6e 75 6c 6c 2c 22 66 6f 72 6d 22 3a 7b 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 49 6e 20 53 65 70 74 65 6d 62 65 72 20 32 30 32 32 2c 20 43 68 72 6f 6d 65 20 72 65 6c 65 61 73 65 64 20 61 20 73 65 63 75 72 69 74 79 20 61 64 76 69 73 6f 72 79 c2 a0 28 43 56 45 2d 32 30 32 32 2d 33 30 37 35 29 20 72 65 6c 61 74 69 6e 67 20 74 6f 20 41 20 76 75 6c 6e 65 72 61 62 69 6c 69 74 79 20 69 6e 20 74 68 65 69 72 20 70 72 6f 64 75 63 74 73 2e 20 54 68 69 73 20 69 73 73 75 65 20 63 6f 6e 63 65 72 6e 73 20 61 20 63 61 73 65 20 6f 66 20 69 6e 73 75 66 66 69 63 69 65 6e 74 20 64 61 74 61 20 76 61 6c 69 64 61 74 69 6f 6e 20 69 6e 20 4d 6f 6a 6f 20 2d 20 61 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 72 75 6e 74 69
                                  Data Ascii: 662{"responses":null,"form":{"description":"In September 2022, Chrome released a security advisory(CVE-2022-3075) relating to A vulnerability in their products. This issue concerns a case of insufficient data validation in Mojo - a collection of runti
                                  2022-09-14 00:08:50 UTC63INData Raw: 36 64 63 0d 0a 75 72 63 65 49 64 22 3a 6e 75 6c 6c 2c 22 72 65 73 6f 75 72 63 65 55 72 6c 22 3a 6e 75 6c 6c 2c 22 68 65 69 67 68 74 22 3a 6e 75 6c 6c 2c 22 77 69 64 74 68 22 3a 6e 75 6c 6c 2c 22 73 69 7a 65 22 3a 6e 75 6c 6c 7d 2c 22 6d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 32 35 54 30 31 3a 30 37 3a 34 37 2e 30 31 37 38 30 30 38 5a 22 2c 22 73 74 61 74 75 73 22 3a 22 41 64 64 65 64 22 2c 22 73 75 62 74 69 74 6c 65 22 3a 6e 75 6c 6c 2c 22 61 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 56 61 6c 75 65 73 22 3a 6e 75 6c 6c 2c 22 63 68 6f 69 63 65 73 22 3a 5b 5d 2c 22 74 69 74 6c 65 48 61 73 50 68 69 73 68 69 6e 67 4b 65 79 77 6f 72 64 73 22 3a 66 61 6c 73 65 2c 22 73 75 62 74 69 74 6c 65 48 61 73 50 68 69 73 68 69 6e 67 4b 65 79 77 6f 72
                                  Data Ascii: 6dcurceId":null,"resourceUrl":null,"height":null,"width":null,"size":null},"modifiedDate":"2022-05-25T01:07:47.0178008Z","status":"Added","subtitle":null,"allowMultipleValues":null,"choices":[],"titleHasPhishingKeywords":false,"subtitleHasPhishingKeywor
                                  2022-09-14 00:08:50 UTC65INData Raw: 31 32 37 0d 0a 73 20 79 6f 75 72 20 63 6f 6d 70 61 6e 79 20 61 66 66 65 63 74 65 64 20 62 79 20 74 68 65 20 76 75 6c 6e 65 72 61 62 69 6c 69 74 79 20 41 64 76 69 73 6f 72 79 3f 22 2c 22 74 79 70 65 22 3a 22 51 75 65 73 74 69 6f 6e 2e 43 68 6f 69 63 65 22 2c 22 6a 75 73 74 69 66 69 63 61 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 61 6c 6c 6f 77 43 75 73 74 6f 6d 43 68 6f 69 63 65 22 3a 6e 75 6c 6c 2c 22 74 72 61 63 6b 69 6e 67 49 64 22 3a 22 66 39 64 32 39 39 66 64 36 61 31 39 34 66 66 35 38 30 36 36 63 34 32 61 39 34 62 65 62 61 61 33 22 7d 2c 7b 22 67 72 6f 75 70 49 64 22 3a 6e 75 6c 6c 2c 22 64 65 66 61 75 6c 74 56 61 6c 75 65 22 3a 6e 75 6c 6c 2c 22 69 6d 61 67 65 22 3a 7b 22 61 6c 74 54 65 78 74 22 3a 6e 75 6c 6c 2c 22 63 6f 6e 74 65 6e 74 54 79 70 65 22 3a
                                  Data Ascii: 127s your company affected by the vulnerability Advisory?","type":"Question.Choice","justification":null,"allowCustomChoice":null,"trackingId":"f9d299fd6a194ff58066c42a94bebaa3"},{"groupId":null,"defaultValue":null,"image":{"altText":null,"contentType":
                                  2022-09-14 00:08:50 UTC65INData Raw: 66 63 39 0d 0a 3a 6e 75 6c 6c 2c 22 72 65 73 6f 75 72 63 65 49 64 22 3a 6e 75 6c 6c 2c 22 72 65 73 6f 75 72 63 65 55 72 6c 22 3a 6e 75 6c 6c 2c 22 68 65 69 67 68 74 22 3a 6e 75 6c 6c 2c 22 77 69 64 74 68 22 3a 6e 75 6c 6c 2c 22 73 69 7a 65 22 3a 6e 75 6c 6c 7d 2c 22 6d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 32 35 54 30 33 3a 30 38 3a 35 37 2e 38 30 36 33 31 30 39 5a 22 2c 22 73 74 61 74 75 73 22 3a 22 41 64 64 65 64 22 2c 22 73 75 62 74 69 74 6c 65 22 3a 6e 75 6c 6c 2c 22 61 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 56 61 6c 75 65 73 22 3a 6e 75 6c 6c 2c 22 63 68 6f 69 63 65 73 22 3a 5b 5d 2c 22 74 69 74 6c 65 48 61 73 50 68 69 73 68 69 6e 67 4b 65 79 77 6f 72 64 73 22 3a 66 61 6c 73 65 2c 22 73 75 62 74 69 74 6c 65 48 61 73 50 68 69
                                  Data Ascii: fc9:null,"resourceId":null,"resourceUrl":null,"height":null,"width":null,"size":null},"modifiedDate":"2022-05-25T03:08:57.8063109Z","status":"Added","subtitle":null,"allowMultipleValues":null,"choices":[],"titleHasPhishingKeywords":false,"subtitleHasPhi
                                  2022-09-14 00:08:50 UTC69INData Raw: 31 62 0d 0a 22 6a 75 73 74 69 66 69 63 61 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 61 6c 6c 6f 77 0d 0a
                                  Data Ascii: 1b"justification":null,"allow
                                  2022-09-14 00:08:50 UTC69INData Raw: 38 32 37 0d 0a 43 75 73 74 6f 6d 43 68 6f 69 63 65 22 3a 6e 75 6c 6c 2c 22 74 72 61 63 6b 69 6e 67 49 64 22 3a 22 38 62 63 37 33 61 65 64 36 32 62 66 34 65 36 38 39 62 66 65 61 34 37 39 30 66 66 36 37 35 38 61 22 7d 5d 2c 22 70 72 65 64 65 66 69 6e 65 64 52 65 73 70 6f 6e 73 65 73 22 3a 6e 75 6c 6c 2c 22 66 69 6c 6c 4f 75 74 52 65 6d 61 69 6e 69 6e 67 54 69 6d 65 22 3a 30 2c 22 69 64 22 3a 22 78 73 6b 6a 5a 7a 58 78 58 6b 65 71 52 6d 69 7a 4f 48 6c 4e 42 57 66 4a 76 79 78 50 30 50 74 4c 72 44 6e 46 69 51 42 4b 5f 47 46 55 4f 44 63 79 57 54 6c 5a 4f 46 64 51 4d 55 74 43 55 7a 4a 57 4e 7a 4e 61 54 31 52 50 56 31 59 7a 4e 69 51 6c 51 43 4e 30 50 57 63 75 22 2c 22 74 69 74 6c 65 22 3a 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 20 5a 65 72 6f 20 44 61 79 20 50
                                  Data Ascii: 827CustomChoice":null,"trackingId":"8bc73aed62bf4e689bfea4790ff6758a"}],"predefinedResponses":null,"fillOutRemainingTime":0,"id":"xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu","title":"Google Chrome Zero Day P
                                  2022-09-14 00:08:50 UTC71INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  5192.168.2.44973813.107.6.194443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:51 UTC71OUTGET /formapi/api/6723c9c6-f135-475e-aa46-68b338794d05/groups/2cbfc967-d04f-4bfb-ac39-c589004afc61/forms('xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu')/localeResource/'en-gb' HTTP/1.1
                                  Host: forms.office.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                  odata-version: 4.0
                                  x-correlationid: b961d23c-49a0-4669-a54d-b7ccc3c0c8d5
                                  x-usersessionid: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  x-ms-form-request-ring: business
                                  sec-ch-ua-mobile: ?0
                                  authorization:
                                  content-type: application/json
                                  accept: application/json
                                  odata-maxverion: 4.0
                                  __requestverificationtoken: zgPIDL1goEdUn3UHfJdx_X2WVB4_sGFXKxpCqAuZ3gLMq-sWKCMWus0BZQzBIImv2yrI-VEsGVEW0fPIcP7ZS3Tmtdp797SiAPOpYnzqQlk1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  x-ms-form-request-source: ms-formweb
                                  sec-ch-ua-platform: "Windows"
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Referer: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; usenewauthrollout=True; __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1
                                  2022-09-14 00:08:51 UTC293INHTTP/1.1 200 OK
                                  Content-Length: 2
                                  Content-Type: application/json; charset=utf-8
                                  Strict-Transport-Security: max-age=2592000; includeSubDomains
                                  X-RoutingOfficeCluster: weu-101.forms.office.com
                                  X-RoutingOfficeFE: FormsSingleBox_IN_4
                                  X-RoutingOfficeVersion: 16.0.15705.36676
                                  X-RoutingSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  X-RoutingCorrelationId: b961d23c-49a0-4669-a54d-b7ccc3c0c8d5
                                  X-CorrelationId: b961d23c-49a0-4669-a54d-b7ccc3c0c8d5
                                  X-OfficeCluster: weu-101.forms.office.com
                                  X-OfficeFE: FormsSingleBox_IN_3
                                  X-OfficeVersion: 16.0.15705.36676
                                  X-UserSessionId: 68646dc8-e1aa-450a-8f63-d398e4ea23cf
                                  X-Robots-Tag: noindex, nofollow
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: D5735D0A4B444D6081A24AE374ABAE3F Ref B: AMS04EDGE1609 Ref C: 2022-09-14T00:08:51Z
                                  Date: Wed, 14 Sep 2022 00:08:50 GMT
                                  Connection: close
                                  2022-09-14 00:08:51 UTC294INData Raw: 5b 5d
                                  Data Ascii: []


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  6192.168.2.44973913.107.6.194443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:51 UTC73OUTGET /sw.js?ring=Business HTTP/1.1
                                  Host: forms.office.com
                                  Connection: keep-alive
                                  Cache-Control: max-age=0
                                  Accept: */*
                                  Service-Worker: script
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: same-origin
                                  Sec-Fetch-Dest: serviceworker
                                  Referer: https://forms.office.com/pages/responsepage.aspx?id=xskjZzXxXkeqRmizOHlNBWfJvyxP0PtLrDnFiQBK_GFUODcyWTlZOFdQMUtCUzJWNzNaT1RPV1YzNiQlQCN0PWcu
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  Cookie: FormsWebSessionId=f168e850-8be1-432c-b5d5-f81798c7f174; usenewauthrollout=True; __RequestVerificationToken=d4Qx_uNWfFprbZ5pQlWNywf8MtkkvzbmArSE4yQ3KXvST2IIdXF3lcdK-KK3BjNxUeOEHJbZ4bPwPedq_Ng4hrMYRP52wMTYKvVpi7b-JTE1
                                  2022-09-14 00:08:51 UTC73INHTTP/1.1 200 OK
                                  Cache-Control: public,max-age=1500
                                  Content-Length: 39580
                                  Content-Type: application/javascript
                                  Last-Modified: Mon, 05 Sep 2022 03:58:50 GMT
                                  Accept-Ranges: bytes
                                  ETag: "0f95ccedbc0d81:0"
                                  Strict-Transport-Security: max-age=2592000; includeSubDomains
                                  X-RoutingOfficeCluster: weu-101.forms.office.com
                                  X-RoutingOfficeFE: FormsSingleBox_IN_7
                                  X-RoutingOfficeVersion: 16.0.15705.36676
                                  X-RoutingSessionId: c1e216ae-d44a-400e-910f-e59352cd89e7
                                  X-RoutingCorrelationId: be36491d-2ad5-4819-b694-3ee2d128fa1b
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: 1621FF38C3CA4379AE218C65C02E23F2 Ref B: AM3EDGE0717 Ref C: 2022-09-14T00:08:51Z
                                  Date: Wed, 14 Sep 2022 00:08:51 GMT
                                  Connection: close
                                  2022-09-14 00:08:51 UTC74INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 34 38 37 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 73 65 6c 66 5b 22 77 6f 72 6b 62 6f 78 3a 63 6f 72 65 3a 36 2e 31 2e 30 22 5d 26 26 5f 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 34 30 33 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 73 65 6c 66 5b 22 77 6f 72 6b 62 6f 78 3a 65 78 70 69 72 61 74 69 6f 6e 3a 36 2e 34 2e 30 22 5d 26 26 5f 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 32 39 35 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 73 65 6c 66 5b 22 77 6f 72 6b 62 6f 78 3a 63 6f 72 65 3a 36 2e 34 2e 30 22 5d 26 26 5f 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 33 37 32 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 73 65 6c 66 5b 22 77 6f 72
                                  Data Ascii: !function(){"use strict";var e={487:function(){try{self["workbox:core:6.1.0"]&&_()}catch(e){}},403:function(){try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},295:function(){try{self["workbox:core:6.4.0"]&&_()}catch(e){}},372:function(){try{self["wor
                                  2022-09-14 00:08:51 UTC78INData Raw: 6d 20 65 78 74 65 6e 64 73 20 70 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 2c 74 2c 6e 29 7b 73 75 70 65 72 28 28 28 7b 75 72 6c 3a 74 7d 29 3d 3e 7b 63 6f 6e 73 74 20 6e 3d 65 2e 65 78 65 63 28 74 2e 68 72 65 66 29 3b 69 66 28 6e 26 26 28 74 2e 6f 72 69 67 69 6e 3d 3d 3d 6c 6f 63 61 74 69 6f 6e 2e 6f 72 69 67 69 6e 7c 7c 30 3d 3d 3d 6e 2e 69 6e 64 65 78 29 29 72 65 74 75 72 6e 20 6e 2e 73 6c 69 63 65 28 31 29 7d 29 2c 74 2c 6e 29 7d 7d 63 6c 61 73 73 20 79 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 5f 72 6f 75 74 65 73 3d 6e 65 77 20 4d 61 70 2c 74 68 69 73 2e 5f 64 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 4d 61 70 3d 6e 65 77 20 4d 61 70 7d 67 65 74 20 72 6f 75 74 65 73 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 72 6f 75 74 65 73 7d
                                  Data Ascii: m extends p{constructor(e,t,n){super((({url:t})=>{const n=e.exec(t.href);if(n&&(t.origin===location.origin||0===n.index))return n.slice(1)}),t,n)}}class y{constructor(){this._routes=new Map,this._defaultHandlerMap=new Map}get routes(){return this._routes}
                                  2022-09-14 00:08:51 UTC78INData Raw: 69 73 74 65 6e 65 72 28 29 7b 73 65 6c 66 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 66 65 74 63 68 22 2c 28 65 3d 3e 7b 63 6f 6e 73 74 7b 72 65 71 75 65 73 74 3a 74 7d 3d 65 2c 6e 3d 74 68 69 73 2e 68 61 6e 64 6c 65 52 65 71 75 65 73 74 28 7b 72 65 71 75 65 73 74 3a 74 2c 65 76 65 6e 74 3a 65 7d 29 3b 6e 26 26 65 2e 72 65 73 70 6f 6e 64 57 69 74 68 28 6e 29 7d 29 29 7d 61 64 64 43 61 63 68 65 4c 69 73 74 65 6e 65 72 28 29 7b 73 65 6c 66 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 28 65 3d 3e 7b 69 66 28 65 2e 64 61 74 61 26 26 22 43 41 43 48 45 5f 55 52 4c 53 22 3d 3d 3d 65 2e 64 61 74 61 2e 74 79 70 65 29 7b 63 6f 6e 73 74 7b 70 61 79 6c 6f 61 64 3a 74 7d 3d 65 2e 64 61 74 61 3b 30 3b 63 6f 6e 73 74
                                  Data Ascii: istener(){self.addEventListener("fetch",(e=>{const{request:t}=e,n=this.handleRequest({request:t,event:e});n&&e.respondWith(n)}))}addCacheListener(){self.addEventListener("message",(e=>{if(e.data&&"CACHE_URLS"===e.data.type){const{payload:t}=e.data;0;const
                                  2022-09-14 00:08:51 UTC82INData Raw: 5b 65 2e 45 78 70 65 63 74 61 74 69 6f 6e 46 61 69 6c 65 64 3d 34 31 37 5d 3d 22 45 78 70 65 63 74 61 74 69 6f 6e 46 61 69 6c 65 64 22 2c 65 5b 65 2e 55 70 67 72 61 64 65 52 65 71 75 69 72 65 64 3d 34 32 36 5d 3d 22 55 70 67 72 61 64 65 52 65 71 75 69 72 65 64 22 2c 65 5b 65 2e 54 6f 6f 4d 61 6e 79 52 65 71 75 65 73 74 73 3d 34 32 39 5d 3d 22 54 6f 6f 4d 61 6e 79 52 65 71 75 65 73 74 73 22 2c 65 5b 65 2e 49 6e 74 65 72 6e 61 6c 53 65 72 76 65 72 45 72 72 6f 72 3d 35 30 30 5d 3d 22 49 6e 74 65 72 6e 61 6c 53 65 72 76 65 72 45 72 72 6f 72 22 2c 65 5b 65 2e 4e 6f 74 49 6d 70 6c 65 6d 65 6e 74 65 64 3d 35 30 31 5d 3d 22 4e 6f 74 49 6d 70 6c 65 6d 65 6e 74 65 64 22 2c 65 5b 65 2e 42 61 64 47 61 74 65 77 61 79 3d 35 30 32 5d 3d 22 42 61 64 47 61 74 65 77 61 79
                                  Data Ascii: [e.ExpectationFailed=417]="ExpectationFailed",e[e.UpgradeRequired=426]="UpgradeRequired",e[e.TooManyRequests=429]="TooManyRequests",e[e.InternalServerError=500]="InternalServerError",e[e.NotImplemented=501]="NotImplemented",e[e.BadGateway=502]="BadGateway
                                  2022-09-14 00:08:51 UTC86INData Raw: 79 70 65 43 6f 6e 76 65 72 74 46 61 69 6c 65 64 22 2c 65 5b 65 2e 49 6d 61 67 65 50 72 6f 76 69 64 65 72 47 65 74 43 44 42 54 6f 6b 65 6e 46 61 69 6c 65 64 3d 35 32 30 32 5d 3d 22 49 6d 61 67 65 50 72 6f 76 69 64 65 72 47 65 74 43 44 42 54 6f 6b 65 6e 46 61 69 6c 65 64 22 2c 65 5b 65 2e 55 6e 41 75 74 68 6f 72 69 7a 65 64 41 63 74 69 6f 6e 46 6f 72 46 6f 72 6d 54 79 70 65 3d 35 39 30 31 5d 3d 22 55 6e 41 75 74 68 6f 72 69 7a 65 64 41 63 74 69 6f 6e 46 6f 72 46 6f 72 6d 54 79 70 65 22 2c 65 5b 65 2e 41 62 75 73 65 64 46 6f 72 6d 3d 36 31 30 30 5d 3d 22 41 62 75 73 65 64 46 6f 72 6d 22 2c 65 5b 65 2e 50 68 69 73 68 69 6e 67 46 72 6f 6d 43 75 73 74 6f 6d 65 72 52 65 70 6f 72 74 3d 36 31 30 31 5d 3d 22 50 68 69 73 68 69 6e 67 46 72 6f 6d 43 75 73 74 6f 6d 65
                                  Data Ascii: ypeConvertFailed",e[e.ImageProviderGetCDBTokenFailed=5202]="ImageProviderGetCDBTokenFailed",e[e.UnAuthorizedActionForFormType=5901]="UnAuthorizedActionForFormType",e[e.AbusedForm=6100]="AbusedForm",e[e.PhishingFromCustomerReport=6101]="PhishingFromCustome
                                  2022-09-14 00:08:51 UTC90INData Raw: 76 69 63 65 57 6f 72 6b 65 72 43 61 63 68 65 4e 6f 74 46 6f 75 6e 64 3d 32 30 30 30 37 5d 3d 22 53 65 72 76 69 63 65 57 6f 72 6b 65 72 43 61 63 68 65 4e 6f 74 46 6f 75 6e 64 22 2c 65 5b 65 2e 49 6e 76 61 6c 69 64 4c 69 6e 6b 45 72 72 6f 72 3d 32 31 65 33 5d 3d 22 49 6e 76 61 6c 69 64 4c 69 6e 6b 45 72 72 6f 72 22 2c 65 5b 65 2e 49 6e 76 61 6c 69 64 54 65 6d 70 6c 61 74 65 45 72 72 6f 72 3d 32 31 30 30 31 5d 3d 22 49 6e 76 61 6c 69 64 54 65 6d 70 6c 61 74 65 45 72 72 6f 72 22 7d 28 46 7c 7c 28 46 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 46 6c 69 67 68 74 3d 22 66 73 77 22 2c 65 2e 52 65 6c 6f 61 64 3d 22 66 73 77 52 65 6c 6f 61 64 22 2c 65 2e 4e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3d 22 66 73 77 4e 61 76 53 74 61 72 74 22 2c 65 2e
                                  Data Ascii: viceWorkerCacheNotFound=20007]="ServiceWorkerCacheNotFound",e[e.InvalidLinkError=21e3]="InvalidLinkError",e[e.InvalidTemplateError=21001]="InvalidTemplateError"}(F||(F={})),function(e){e.Flight="fsw",e.Reload="fswReload",e.NavigationStart="fswNavStart",e.
                                  2022-09-14 00:08:51 UTC94INData Raw: 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 74 79 70 65 3b 69 66 28 21 72 7c 7c 21 65 2e 70 6f 72 74 73 7c 7c 21 65 2e 70 6f 72 74 73 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 3b 63 6f 6e 73 74 20 73 3d 7a 2e 67 65 74 28 72 29 3b 73 26 26 73 28 6e 75 6c 6c 3d 3d 3d 28 6e 3d 65 2e 64 61 74 61 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 70 61 79 6c 6f 61 64 29 2e 74 68 65 6e 28 28 74 3d 3e 7b 65 2e 70 6f 72 74 73 5b 30 5d 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 7b 70 61 79 6c 6f 61 64 3a 74 2c 74 79 70 65 3a 72 7d 29 7d 29 29 2e 63 61 74 63 68 28 28 28 29 3d 3e 7b 7d 29 29 7d 28 65 29 7d 29 29 7d 63 6f 6e 73 74 20 65 65 3d 22 31 2e 30 2e 35 22 2c 74 65 3d 61 73 79 6e 63 28 29 3d 3e 65 65 3b 6e 28 32 39 35 29 3b 63 6f 6e 73 74 20 6e 65
                                  Data Ascii: ===t?void 0:t.type;if(!r||!e.ports||!e.ports.length)return;const s=z.get(r);s&&s(null===(n=e.data)||void 0===n?void 0:n.payload).then((t=>{e.ports[0].postMessage({payload:t,type:r})})).catch((()=>{}))}(e)}))}const ee="1.0.5",te=async()=>ee;n(295);const ne
                                  2022-09-14 00:08:51 UTC114INData Raw: 7c 74 26 26 6f 3e 3d 74 3f 73 2e 70 75 73 68 28 72 2e 76 61 6c 75 65 29 3a 6f 2b 2b 29 2c 72 3d 61 77 61 69 74 20 72 2e 63 6f 6e 74 69 6e 75 65 28 29 7d 63 6f 6e 73 74 20 69 3d 5b 5d 3b 66 6f 72 28 63 6f 6e 73 74 20 65 20 6f 66 20 73 29 61 77 61 69 74 20 6e 2e 64 65 6c 65 74 65 28 52 65 2c 65 2e 69 64 29 2c 69 2e 70 75 73 68 28 65 2e 75 72 6c 29 3b 72 65 74 75 72 6e 20 69 7d 5f 67 65 74 49 64 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 63 61 63 68 65 4e 61 6d 65 2b 22 7c 22 2b 46 65 28 65 29 7d 61 73 79 6e 63 20 67 65 74 44 62 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 64 62 7c 7c 28 74 68 69 73 2e 5f 64 62 3d 61 77 61 69 74 20 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 7b 62 6c 6f 63 6b 65 64 3a 6e 2c 75 70 67 72 61 64 65 3a 72 2c 62 6c 6f 63 6b
                                  Data Ascii: |t&&o>=t?s.push(r.value):o++),r=await r.continue()}const i=[];for(const e of s)await n.delete(Re,e.id),i.push(e.url);return i}_getId(e){return this._cacheName+"|"+Fe(e)}async getDb(){return this._db||(this._db=await function(e,t,{blocked:n,upgrade:r,block
                                  2022-09-14 00:08:51 UTC118INData Raw: 65 20 6f 66 20 74 68 69 73 2e 5f 70 6c 75 67 69 6e 73 29 74 68 69 73 2e 5f 70 6c 75 67 69 6e 53 74 61 74 65 4d 61 70 2e 73 65 74 28 65 2c 7b 7d 29 3b 74 68 69 73 2e 65 76 65 6e 74 2e 77 61 69 74 55 6e 74 69 6c 28 74 68 69 73 2e 5f 68 61 6e 64 6c 65 72 44 65 66 65 72 72 65 64 2e 70 72 6f 6d 69 73 65 29 7d 66 65 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 61 69 74 55 6e 74 69 6c 28 28 61 73 79 6e 63 28 29 3d 3e 7b 63 6f 6e 73 74 7b 65 76 65 6e 74 3a 74 7d 3d 74 68 69 73 3b 6c 65 74 20 6e 3d 49 65 28 65 29 3b 69 66 28 22 6e 61 76 69 67 61 74 65 22 3d 3d 3d 6e 2e 6d 6f 64 65 26 26 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 65 74 63 68 45 76 65 6e 74 26 26 74 2e 70 72 65 6c 6f 61 64 52 65 73 70 6f 6e 73 65 29 7b 63 6f 6e 73 74 20 65 3d 61 77 61
                                  Data Ascii: e of this._plugins)this._pluginStateMap.set(e,{});this.event.waitUntil(this._handlerDeferred.promise)}fetch(e){return this.waitUntil((async()=>{const{event:t}=this;let n=Ie(e);if("navigate"===n.mode&&t instanceof FetchEvent&&t.preloadResponse){const e=awa
                                  2022-09-14 00:08:51 UTC122INData Raw: 3b 74 72 79 7b 73 3d 61 77 61 69 74 20 65 7d 63 61 74 63 68 28 6f 29 7b 7d 74 72 79 7b 61 77 61 69 74 20 74 2e 72 75 6e 43 61 6c 6c 62 61 63 6b 73 28 22 68 61 6e 64 6c 65 72 44 69 64 52 65 73 70 6f 6e 64 22 2c 7b 65 76 65 6e 74 3a 72 2c 72 65 71 75 65 73 74 3a 6e 2c 72 65 73 70 6f 6e 73 65 3a 73 7d 29 2c 61 77 61 69 74 20 74 2e 64 6f 6e 65 57 61 69 74 69 6e 67 28 29 7d 63 61 74 63 68 28 65 29 7b 6f 3d 65 7d 69 66 28 61 77 61 69 74 20 74 2e 72 75 6e 43 61 6c 6c 62 61 63 6b 73 28 22 68 61 6e 64 6c 65 72 44 69 64 43 6f 6d 70 6c 65 74 65 22 2c 7b 65 76 65 6e 74 3a 72 2c 72 65 71 75 65 73 74 3a 6e 2c 72 65 73 70 6f 6e 73 65 3a 73 2c 65 72 72 6f 72 3a 6f 7d 29 2c 74 2e 64 65 73 74 72 6f 79 28 29 2c 6f 29 74 68 72 6f 77 20 6f 7d 7d 63 6c 61 73 73 20 4f 65 20 65
                                  Data Ascii: ;try{s=await e}catch(o){}try{await t.runCallbacks("handlerDidRespond",{event:r,request:n,response:s}),await t.doneWaiting()}catch(e){o=e}if(await t.runCallbacks("handlerDidComplete",{event:r,request:n,response:s,error:o}),t.destroy(),o)throw o}}class Oe e
                                  2022-09-14 00:08:51 UTC126INData Raw: 6f 72 73 2f 22 2c 51 65 3d 5b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 22 74 65 78 74 2f 63 73 73 22 5d 3b 66 75 6e 63 74 69 6f 6e 20 58 65 28 7b 72 65 71 75 65 73 74 3a 65 2c 75 72 6c 3a 74 2c 73 61 6d 65 4f 72 69 67 69 6e 3a 6e 7d 29 7b 72 65 74 75 72 6e 28 22 73 74 79 6c 65 22 3d 3d 3d 65 2e 64 65 73 74 69 6e 61 74 69 6f 6e 7c 7c 22 73 63 72 69 70 74 22 3d 3d 3d 65 2e 64 65 73 74 69 6e 61 74 69 6f 6e 29 26 26 28 6e 3f 74 2e 70 61 74 68 6e 61 6d 65 2e 73 74 61 72 74 73 57 69 74 68 28 22 2f 63 64 6e 2f 22 29 26 26 2d 31 3d 3d 3d 74 2e 70 61 74 68 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 7a 65 29 3a 42 2e 69 6e 64 65 78 4f 66 28 74 2e 68 6f 73 74 29 3e 2d 31 26 26 2d 31 3d 3d 3d 74 2e 70 61 74 68 6e 61 6d 65 2e 69 6e 64 65
                                  Data Ascii: ors/",Qe=["application/javascript","text/css"];function Xe({request:e,url:t,sameOrigin:n}){return("style"===e.destination||"script"===e.destination)&&(n?t.pathname.startsWith("/cdn/")&&-1===t.pathname.indexOf(ze):B.indexOf(t.host)>-1&&-1===t.pathname.inde


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  7192.168.2.44974013.107.246.60443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:51 UTC98OUTGET /scripts/c/ms.jsll-3.min.js HTTP/1.1
                                  Host: js.monitor.azure.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://forms.office.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  2022-09-14 00:08:51 UTC98INHTTP/1.1 200 OK
                                  Cache-Control: public, max-age=1800, immutable, no-transform
                                  Content-Length: 182890
                                  Content-Type: text/javascript; charset=utf-8
                                  Content-MD5: 7cu3ev19VA1NTXfpBIiLPA==
                                  Last-Modified: Wed, 31 Aug 2022 16:53:36 GMT
                                  ETag: 0x8DA8B7159250BCA
                                  X-Cache: TCP_HIT
                                  x-ms-request-id: 4b13c5a2-601e-007c-16cc-c7c68a000000
                                  x-ms-version: 2009-09-19
                                  x-ms-meta-jssdkver: 3.2.6
                                  x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.6.min.js
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  X-Azure-Ref-OriginShield: 0mBghYwAAAADIw1if0gNpQqwGREgSiCCwRlJBMjMxMDUwNDE4MDE3AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
                                  X-Azure-Ref: 0kxshYwAAAADZWn1OKP7+RZMddBfAwp2xRlJBMzFFREdFMDkxNwBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
                                  Date: Wed, 14 Sep 2022 00:08:50 GMT
                                  Connection: close
                                  2022-09-14 00:08:51 UTC99INData Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 33 2e 32 2e 36 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 66 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 64 3d 22 6f 62 6a 65 63 74 22 2c 6c 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 71 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 67 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 76 3d 4f 62 6a 65 63 74 2c 79 3d 76 5b 71 5d
                                  Data Ascii: /*! * 1DS JSLL SKU, 3.2.6 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */var e=this,t=function(l){"use strict";var f="function",d="object",le="undefined",q="prototype",g="hasOwnProperty",v=Object,y=v[q]
                                  2022-09-14 00:08:51 UTC129INData Raw: 6e 22 2c 65 2e 63 6f 6f 6b 69 65 44 6f 6d 61 69 6e 2c 4f 74 2c 58 29 2c 24 74 28 6e 2c 22 70 61 74 68 22 2c 65 2e 63 6f 6f 6b 69 65 50 61 74 68 7c 7c 22 2f 22 2c 6e 75 6c 6c 2c 58 29 2c 58 28 6e 5b 6e 69 5d 29 26 26 28 74 3d 76 6f 69 64 20 30 2c 47 28 65 5b 72 69 5d 29 7c 7c 28 74 3d 21 65 5b 72 69 5d 29 2c 47 28 65 5b 69 69 5d 29 7c 7c 28 74 3d 21 65 5b 69 69 5d 29 2c 6e 5b 6e 69 5d 3d 74 29 3b 76 61 72 20 74 2c 6e 2c 75 3d 6e 2c 6c 3d 75 2e 70 61 74 68 7c 7c 22 2f 22 2c 66 3d 75 2e 64 6f 6d 61 69 6e 2c 72 3d 21 31 21 3d 3d 75 5b 6e 69 5d 2c 64 3d 28 28 65 3d 7b 69 73 45 6e 61 62 6c 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 72 26 26 68 69 28 69 29 2c 74 3d 66 69 5b 61 69 5d 3b 72 65 74 75 72 6e 20 65 26 26 74 26 26 64 21 3d 3d 74 3f 64
                                  Data Ascii: n",e.cookieDomain,Ot,X),$t(n,"path",e.cookiePath||"/",null,X),X(n[ni])&&(t=void 0,G(e[ri])||(t=!e[ri]),G(e[ii])||(t=!e[ii]),n[ni]=t);var t,n,u=n,l=u.path||"/",f=u.domain,r=!1!==u[ni],d=((e={isEnabled:function(){var e=r&&hi(i),t=fi[ai];return e&&t&&d!==t?d
                                  2022-09-14 00:08:51 UTC145INData Raw: 2c 68 2e 70 6f 6c 6c 49 6e 74 65 72 6e 61 6c 4c 6f 67 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 44 3d 65 7c 7c 6e 75 6c 6c 3b 65 3d 65 6e 28 79 2e 64 69 61 67 6e 6f 73 74 69 63 4c 6f 67 49 6e 74 65 72 76 61 6c 29 3b 72 65 74 75 72 6e 20 65 26 26 30 3c 65 7c 7c 28 65 3d 31 65 34 29 2c 4f 26 26 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 4f 29 2c 4f 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 28 29 7d 2c 65 29 7d 2c 68 5b 54 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 4f 26 26 28 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 4f 29 2c 4f 3d 30 2c 72 28 29 29 7d 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4e 7d 2c 65 3d 5b 22 61 64 64 54 65 6c 65 6d 65 74 72 79 49 6e 69 74 69 61 6c 69 7a 65 72 22 5d 2c 28 74 3d 68 29
                                  Data Ascii: ,h.pollInternalLogs=function(e){D=e||null;e=en(y.diagnosticLogInterval);return e&&0<e||(e=1e4),O&&clearInterval(O),O=setInterval(function(){r()},e)},h[Te]=function(){O&&(clearInterval(O),O=0,r())},n=function(){return N},e=["addTelemetryInitializer"],(t=h)
                                  2022-09-14 00:08:51 UTC161INData Raw: 28 72 29 7b 7d 72 65 74 75 72 6e 22 22 2b 28 65 7c 7c 22 22 29 7d 4a 73 2e 43 72 65 61 74 65 41 75 74 6f 45 78 63 65 70 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 61 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 47 73 28 69 7c 7c 61 7c 7c 65 29 2c 75 3d 7b 7d 3b 72 65 74 75 72 6e 20 75 5b 46 6f 5d 3d 7a 73 28 65 2c 63 29 2c 75 2e 75 72 6c 3d 74 2c 75 2e 6c 69 6e 65 4e 75 6d 62 65 72 3d 6e 2c 75 2e 63 6f 6c 75 6d 6e 4e 75 6d 62 65 72 3d 72 2c 75 2e 65 72 72 6f 72 3d 58 73 28 69 7c 7c 61 7c 7c 65 29 2c 75 2e 65 76 74 3d 58 73 28 61 7c 7c 65 29 2c 75 5b 42 6f 5d 3d 63 2c 75 2e 73 74 61 63 6b 44 65 74 61 69 6c 73 3d 57 73 28 6f 7c 7c 69 7c 7c 61 29 2c 75 2e 65 72 72 6f 72 53 72 63 3d 73 2c 75 7d 2c 4a 73 2e 43 72 65 61 74 65 46 72 6f 6d 49
                                  Data Ascii: (r){}return""+(e||"")}Js.CreateAutoException=function(e,t,n,r,i,a,o,s){var c=Gs(i||a||e),u={};return u[Fo]=zs(e,c),u.url=t,u.lineNumber=n,u.columnNumber=r,u.error=Xs(i||a||e),u.evt=Xs(a||e),u[Bo]=c,u.stackDetails=Ws(o||i||a),u.errorSrc=s,u},Js.CreateFromI
                                  2022-09-14 00:08:51 UTC177INData Raw: 3d 28 61 3d 63 72 28 29 29 26 26 61 5b 7a 63 5d 7c 7c 22 22 29 2c 41 2e 73 74 6f 70 28 65 2c 74 2c 6e 2c 72 29 2c 78 2e 63 6f 6e 66 69 67 5b 78 63 5d 26 26 50 5b 48 63 5d 28 65 2c 74 29 7d 63 61 74 63 68 28 6f 29 7b 64 28 31 2c 33 32 2c 22 73 74 6f 70 54 72 61 63 6b 50 61 67 65 20 66 61 69 6c 65 64 2c 20 70 61 67 65 20 76 69 65 77 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 6d 28 6f 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 24 28 6f 29 7d 29 7d 7d 2c 78 5b 6a 63 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 65 5b 4b 63 5d 7c 7c 65 5b 57 63 5d 7c 7c 45 72 72 6f 72 28 5f 6f 29 2c 72 3d 54 63 28 6e 65 77 20 51 73 28 78 5b 4c 63 5d 28 29 2c 72 2c 65 2e 70 72 6f 70 65 72 74 69 65 73 7c 7c 74 2c 65 2e 6d
                                  Data Ascii: =(a=cr())&&a[zc]||""),A.stop(e,t,n,r),x.config[xc]&&P[Hc](e,t)}catch(o){d(1,32,"stopTrackPage failed, page view will not be collected: "+m(o),{exception:$(o)})}},x[jc]=function(e,t,n){var r=e[Kc]||e[Wc]||Error(_o),r=Tc(new Qs(x[Lc](),r,e.properties||t,e.m
                                  2022-09-14 00:08:51 UTC193INData Raw: 69 62 75 74 65 73 5b 72 5d 2e 6e 61 6d 65 29 26 26 21 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 6d 73 2e 22 29 26 26 28 6e 5b 74 5d 3d 65 2e 61 74 74 72 69 62 75 74 65 73 5b 72 5d 2e 76 61 6c 75 65 29 3b 65 3d 65 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 7c 7c 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7d 72 65 74 75 72 6e 20 6e 7d 2c 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 67 65 74 54 69 6d 65 54 6f 43 6c 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 75 72 28 29 3b 69 66 28 65 26 26 65 2e 74 69 6d 69 6e 67 29 7b 65 3d 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3b 69 66 28 65 26 26 30 21 3d 3d 65 29 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2d 65
                                  Data Ascii: ibutes[r].name)&&!t.toLowerCase().indexOf("ms.")&&(n[t]=e.attributes[r].value);e=e.parentElement||e.parentNode}return n},ol.prototype._getTimeToClick=function(){var e=ur();if(e&&e.timing){e=e.timing.navigationStart;if(e&&0!==e)return(new Date).getTime()-e
                                  2022-09-14 00:08:51 UTC209INData Raw: 65 61 72 64 6f 77 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 5f 26 26 5f 2e 74 65 61 72 64 6f 77 6e 28 65 2c 74 29 2c 64 2e 5f 64 6f 54 65 61 72 64 6f 77 6e 28 65 2c 74 29 2c 6e 28 29 7d 7d 29 2c 53 7d 66 75 6e 63 74 69 6f 6e 20 4e 6c 28 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 65 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 7d 63 61 74 63 68 28 74 29 7b 7d 72 65 74 75 72 6e 22 22 7d 41 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 6b 65 52 65 71 75 65 73 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 69 2c 61 2c 6f 2c 73 3d 74 68 69 73 3b 68 72 28 29 3f 28 28 61 3d 6e 65 77 20 58 44 6f 6d 61 69 6e 52 65 71 75 65 73 74 29 2e 6f 70 65 6e 28 6e 2c 65 29 2c 61 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 28 32 30 30 2c 4e
                                  Data Ascii: eardown=function(e,t){_&&_.teardown(e,t),d._doTeardown(e,t),n()}}),S}function Nl(e){try{return e.responseText}catch(t){}return""}Al.prototype.makeRequest=function(e,t,n,r){var i,a,o,s=this;hr()?((a=new XDomainRequest).open(n,e),a.onload=function(){r(200,N
                                  2022-09-14 00:08:51 UTC225INData Raw: 72 73 29 2c 66 65 74 63 68 28 72 2c 6e 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 7b 7d 2c 74 3d 22 22 2c 72 3d 65 2e 68 65 61 64 65 72 73 3b 72 26 26 72 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 5b 74 5d 3d 65 7d 29 2c 65 2e 62 6f 64 79 26 26 65 2e 74 65 78 74 28 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 3d 65 7d 29 2c 6f 7c 7c 28 6f 3d 21 30 2c 6d 28 69 2c 65 2e 73 74 61 74 75 73 2c 6e 2c 74 29 2c 66 28 74 29 29 7d 29 5b 22 63 61 74 63 68 22 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 7c 7c 28 6f 3d 21 30 2c 6d 28 69 2c 30 2c 7b 7d 29 29 7d 29 2c 61 26 26 21 6f 26 26 28 6f 3d 21 30 2c 6d 28 69 2c 32 30 30 2c 7b 7d 29 29 2c 21 6f 26 26 30 3c 65 2e 74 69 6d 65 6f 75 74 26 26
                                  Data Ascii: rs),fetch(r,n).then(function(e){var n={},t="",r=e.headers;r&&r.forEach(function(e,t){n[t]=e}),e.body&&e.text().then(function(e){t=e}),o||(o=!0,m(i,e.status,n,t),f(t))})["catch"](function(e){o||(o=!0,m(i,0,{}))}),a&&!o&&(o=!0,m(i,200,{})),!o&&0<e.timeout&&
                                  2022-09-14 00:08:51 UTC241INData Raw: 74 69 6f 6e 28 29 7b 57 26 26 28 57 3d 30 2c 63 28 29 2c 6f 28 29 29 7d 2c 6e 65 28 6c 2c 22 5f 73 65 74 54 69 6d 65 6f 75 74 4f 76 65 72 72 69 64 65 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4f 2e 73 65 74 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4f 3d 71 66 28 65 2c 4f 2e 63 6c 65 61 72 29 7d 29 2c 6e 65 28 6c 2c 22 5f 63 6c 65 61 72 54 69 6d 65 6f 75 74 4f 76 65 72 72 69 64 65 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4f 2e 63 6c 65 61 72 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4f 3d 71 66 28 4f 2e 73 65 74 2c 65 29 7d 29 7d 29 2c 65 7d 74 28 47 66 2c 42 66 3d 68 74 29 2c 47 66 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 58 66 2c 51 66 3d 47 66 2c 79 63 3d 22 6e 61 6d 65 22 2c 4a 66 3d 63 6e 28 7b 55 73 65 72 45
                                  Data Ascii: tion(){W&&(W=0,c(),o())},ne(l,"_setTimeoutOverride",function(){return O.set},function(e){O=qf(e,O.clear)}),ne(l,"_clearTimeoutOverride",function(){return O.clear},function(e){O=qf(O.set,e)})}),e}t(Gf,Bf=ht),Gf.__ieDyn=1;var Xf,Qf=Gf,yc="name",Jf=cn({UserE
                                  2022-09-14 00:08:51 UTC257INData Raw: 3d 22 67 65 74 54 72 61 63 65 49 64 22 2c 6a 70 3d 22 67 65 74 54 72 61 63 65 46 6c 61 67 73 22 2c 4b 70 3d 22 6d 65 74 68 6f 64 22 2c 57 70 3d 22 65 72 72 6f 72 53 74 61 74 75 73 54 65 78 74 22 2c 47 70 3d 22 73 74 61 74 65 43 68 61 6e 67 65 41 74 74 61 63 68 65 64 22 2c 58 70 3d 22 72 65 73 70 6f 6e 73 65 54 65 78 74 22 2c 51 70 3d 22 72 65 73 70 6f 6e 73 65 46 69 6e 69 73 68 65 64 54 69 6d 65 22 2c 4a 70 3d 22 43 72 65 61 74 65 54 72 61 63 6b 49 74 65 6d 22 2c 59 70 3d 22 72 65 73 70 6f 6e 73 65 22 2c 24 70 3d 22 67 65 74 41 6c 6c 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 73 22 2c 5a 70 3d 22 67 65 74 50 61 72 74 41 50 72 6f 70 73 22 2c 65 67 3d 22 67 65 74 43 6f 72 72 65 6c 61 74 69 6f 6e 43 6f 6e 74 65 78 74 22 2c 74 67 3d 22 70 65 72 66 4d 61 72 6b
                                  Data Ascii: ="getTraceId",jp="getTraceFlags",Kp="method",Wp="errorStatusText",Gp="stateChangeAttached",Xp="responseText",Qp="responseFinishedTime",Jp="CreateTrackItem",Yp="response",$p="getAllResponseHeaders",Zp="getPartAProps",eg="getCorrelationContext",tg="perfMark
                                  2022-09-14 00:08:51 UTC273INData Raw: 64 65 72 73 3d 6e 65 77 20 48 65 61 64 65 72 73 28 65 2e 68 65 61 64 65 72 73 7c 7c 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 71 75 65 73 74 26 26 74 2e 68 65 61 64 65 72 73 7c 7c 7b 7d 29 29 2c 65 2e 68 65 61 64 65 72 73 2e 61 70 70 65 6e 64 28 22 4d 53 2d 43 56 22 2c 72 29 29 3a 65 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 4d 53 2d 43 56 22 2c 72 29 29 2c 65 7d 2c 75 2e 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 61 2c 6f 2c 73 3d 65 2e 65 78 74 65 6e 73 69 6f 6e 43 6f 6e 66 69 67 3d 65 2e 65 78 74 65 6e 73 69 6f 6e 43 6f 6e 66 69 67 7c 7c 5b 5d 2c 63 3d 28 73 5b 75 2e 69 64 65 6e 74 69 66 69 65 72 5d 3d 73 5b 75 2e 69 64 65 6e 74 69 66 69 65 72 5d 7c 7c 7b 7d 2c 70 3d 75 2e
                                  Data Ascii: ders=new Headers(e.headers||t instanceof Request&&t.headers||{})),e.headers.append("MS-CV",r)):e.setRequestHeader("MS-CV",r)),e},u.initialize=function(e,t,n){var r,i,a,o,s=e.extensionConfig=e.extensionConfig||[],c=(s[u.identifier]=s[u.identifier]||{},p=u.
                                  2022-09-14 00:08:51 UTC289INData Raw: 52 65 71 75 65 73 74 48 65 61 64 65 72 22 29 2c 21 30 7d 2c 6f 68 2e 70 72 6f 74 6f 74 79 70 65 2e 64 6f 4e 6f 74 43 68 61 6e 67 65 53 75 70 70 6f 72 74 43 6f 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 28 22 64 6f 4e 6f 74 43 68 61 6e 67 65 53 75 70 70 6f 72 74 43 6f 72 73 22 29 2c 21 30 7d 2c 6f 68 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 54 61 72 67 65 74 55 72 69 4f 76 65 72 72 69 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 28 22 73 65 74 54 61 72 67 65 74 55 72 69 4f 76 65 72 72 69 64 65 22 29 7d 3b 76 61 72 20 61 68 3d 6f 68 3b 66 75 6e 63 74 69 6f 6e 20 6f 68 28 29 7b 7d 63 68 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 63 6f 72 64 54 69 6d 65 53 70 61 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6f 28
                                  Data Ascii: RequestHeader"),!0},oh.prototype.doNotChangeSupportCors=function(){return o("doNotChangeSupportCors"),!0},oh.prototype.setTargetUriOverride=function(e){o("setTargetUriOverride")};var ah=oh;function oh(){}ch.prototype.recordTimeSpan=function(e,t){return o(


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  8192.168.2.449743204.79.197.200443C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampkBytes transferredDirectionData
                                  2022-09-14 00:08:55 UTC294OUTGET /c.gif?CtsSyncId=E629F409E59A47BCBC6603658253E369&RedC=c.office.com&MXFR=07EC3E99FBBC69660B292C86FFBC6207 HTTP/1.1
                                  Host: c.bing.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://forms.office.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                  2022-09-14 00:08:55 UTC294INHTTP/1.1 302 Redirect
                                  Cache-Control: private, no-cache, proxy-revalidate, no-store
                                  Pragma: no-cache
                                  Location: https://c.office.com/c.gif?CtsSyncId=E629F409E59A47BCBC6603658253E369&MUID=07EC3E99FBBC69660B292C86FFBC6207
                                  P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                  Set-Cookie: MUID=07EC3E99FBBC69660B292C86FFBC6207; domain=.bing.com; expires=Mon, 09-Oct-2023 00:08:55 GMT; path=/; SameSite=None; Secure; Priority=High;
                                  Set-Cookie: SRM_B=07EC3E99FBBC69660B292C86FFBC6207; domain=c.bing.com; expires=Mon, 09-Oct-2023 00:08:55 GMT; path=/; SameSite=None; Secure;
                                  X-Powered-By: ASP.NET
                                  X-Cache: CONFIG_NOCACHE
                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  X-MSEdge-Ref: Ref A: 19DE17175789435BB03918FC23D36FB8 Ref B: FRA31EDGE0810 Ref C: 2022-09-14T00:08:55Z
                                  Date: Wed, 14 Sep 2022 00:08:55 GMT
                                  Connection: close
                                  Content-Length: 0


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:02:08:37
                                  Start date:14/09/2022
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints --start-maximized "about:blank
                                  Imagebase:0x7ff683680000
                                  File size:2851656 bytes
                                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  General

                                  Target ID:1
                                  Start time:02:08:39
                                  Start date:14/09/2022
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1640,i,291786721536565463,5310082017259864379,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                  Imagebase:0x7ff683680000
                                  File size:2851656 bytes
                                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  General

                                  Target ID:2
                                  Start time:02:08:40
                                  Start date:14/09/2022
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://forms.office.com/r/7dC97Hcsn7
                                  Imagebase:0x7ff683680000
                                  File size:2851656 bytes
                                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Disassembly

                                  No disassembly