Edit tour

Windows Analysis Report
https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg

Overview

General Information

Sample URL:	https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg
Analysis ID:	1464638
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

HTTP GET or POST without a user agent

Submit button contains javascript call

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1680,i,7610463420695366055,7376856383366979022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_51	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_51, type: DROPPED

Source: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg

HTTP Parser: Number of links: 0

Source: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg

HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg

HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg

HTTP Parser: No <meta name="author".. found

Source: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49763 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=n1XvOt_rEdjTpVoBxKKZZ4Z_0JswuigM5GkRS3HzRUfJorMUXSpqKNhJBGTWgLZ3GjPkONRk6-PpHYKtac_YLrAIhutOy5x7dbKVujcVnO81&t=638533172441064469 HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXygAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=GgWJx4W4lMI5EXR00JJ5kkqnXTV54JRXPw13ydwDn47hKD5aSHMa_gWdopWBc9-FvZEWF-DKKWo7zsXN7dl5xlCgIbeupxjhWEBNL6PUjN0_WuQhS7AHUiAlDeYoVI2XBdgbEaB_J5Br5wjl41QZkpP-DVAYi0OgeBbcMZLm_BM1&t=ffffffffa8ad04d3 HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXygAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=FqJX8RbykGoP5HtvCL_K_k8W23t34rZuHzHaG9-X30qJSTF9FRjPT255nRLEZlCkI7Tho4QtvvlXlH-BepCmTSP9brO63RDzvQe9HZtACRtigIOhqbrNcdLGaYzs5LnYyiPgmQajB0hKVKuyw7UEberh5SXJ8z9WKE4LTc-XhwhsUCWjlI4W4yL00am1DpsD0&t=74258c30 HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXygAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=6CVFfrA0n2PJi2tvKe7apJ7_1XcBTf-UZq-voRBLN6hd6xziDcTls0rKD-f30Ox5NXEzfPyAKpJD11wAzqlLBQ0HM-Soy6yLK9SCaco61JXaboYhnCUvaYI9pgMEc2blfc93egR8djptRULYh6sRxax1neyaevaIAOBBXEeeyIulweQD5OST_Qi0TJhwB8zL0&t=74258c30 HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXygAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXygAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXygAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: cbre-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KXOxlw+LTnk1CSZ&MD=LduomynC HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KXOxlw+LTnk1CSZ&MD=LduomynC HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: cbre-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: chromecache_54.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_51.2.dr	String found in binary or memory: https://cbre-my.sharepoint.com/personal/ryan_tornatore_cbre_com/_layouts/15/images/folder.png
Source: chromecache_62.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_51.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_51.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25012.12008/require.js
Source: chromecache_51.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/
Source: chromecache_51.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-06-14.009/
Source: chromecache_51.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49763 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/24@10/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1680,i,7610463420695366055,7376856383366979022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1680,i,7610463420695366055,7376856383366979022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://ipinfo.io/	0%	URL Reputation	safe
https://reactjs.org/docs/error-decoder.html?invariant=	0%	URL Reputation	safe
https://cbre-my.sharepoint.com/WebResource.axd?d=n1XvOt_rEdjTpVoBxKKZZ4Z_0JswuigM5GkRS3HzRUfJorMUXSpqKNhJBGTWgLZ3GjPkONRk6-PpHYKtac_YLrAIhutOy5x7dbKVujcVnO81&t=638533172441064469	0%	Avira URL Cloud	safe
https://cbre-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	0%	Avira URL Cloud	safe
http://github.com/jrburke/requirejs	0%	Avira URL Cloud	safe
https://cbre-my.sharepoint.com/personal/ryan_tornatore_cbre_com/_layouts/15/images/folder.png	0%	Avira URL Cloud	safe
https://cbre-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	0%	Avira URL Cloud	safe
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	0%	Avira URL Cloud	safe
https://cbre-my.sharepoint.com/ScriptResource.axd?d=6CVFfrA0n2PJi2tvKe7apJ7_1XcBTf-UZq-voRBLN6hd6xziDcTls0rKD-f30Ox5NXEzfPyAKpJD11wAzqlLBQ0HM-Soy6yLK9SCaco61JXaboYhnCUvaYI9pgMEc2blfc93egR8djptRULYh6sRxax1neyaevaIAOBBXEeeyIulweQD5OST_Qi0TJhwB8zL0&t=74258c30	0%	Avira URL Cloud	safe
http://github.com/jrburke/requirejs	0%	Virustotal		Browse
https://cbre-my.sharepoint.com/ScriptResource.axd?d=FqJX8RbykGoP5HtvCL_K_k8W23t34rZuHzHaG9-X30qJSTF9FRjPT255nRLEZlCkI7Tho4QtvvlXlH-BepCmTSP9brO63RDzvQe9HZtACRtigIOhqbrNcdLGaYzs5LnYyiPgmQajB0hKVKuyw7UEberh5SXJ8z9WKE4LTc-XhwhsUCWjlI4W4yL00am1DpsD0&t=74258c30	0%	Avira URL Cloud	safe
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	0%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false		unknown
www.google.com	172.217.16.132	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
cbre-my.sharepoint.com	unknown	unknown	false		unknown
m365cdn.nel.measure.office.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg	false		unknown
https://cbre-my.sharepoint.com/WebResource.axd?d=n1XvOt_rEdjTpVoBxKKZZ4Z_0JswuigM5GkRS3HzRUfJorMUXSpqKNhJBGTWgLZ3GjPkONRk6-PpHYKtac_YLrAIhutOy5x7dbKVujcVnO81&t=638533172441064469	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
https://cbre-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	false	Avira URL Cloud: safe	unknown
https://cbre-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	Avira URL Cloud: safe	unknown
https://cbre-my.sharepoint.com/ScriptResource.axd?d=6CVFfrA0n2PJi2tvKe7apJ7_1XcBTf-UZq-voRBLN6hd6xziDcTls0rKD-f30Ox5NXEzfPyAKpJD11wAzqlLBQ0HM-Soy6yLK9SCaco61JXaboYhnCUvaYI9pgMEc2blfc93egR8djptRULYh6sRxax1neyaevaIAOBBXEeeyIulweQD5OST_Qi0TJhwB8zL0&t=74258c30	false	Avira URL Cloud: safe	unknown
https://cbre-my.sharepoint.com/ScriptResource.axd?d=FqJX8RbykGoP5HtvCL_K_k8W23t34rZuHzHaG9-X30qJSTF9FRjPT255nRLEZlCkI7Tho4QtvvlXlH-BepCmTSP9brO63RDzvQe9HZtACRtigIOhqbrNcdLGaYzs5LnYyiPgmQajB0hKVKuyw7UEberh5SXJ8z9WKE4LTc-XhwhsUCWjlI4W4yL00am1DpsD0&t=74258c30	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/jrburke/requirejs	chromecache_54.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cbre-my.sharepoint.com/personal/ryan_tornatore_cbre_com/_layouts/15/images/folder.png	chromecache_51.2.dr	false	Avira URL Cloud: safe	unknown
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	chromecache_51.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reactjs.org/docs/error-decoder.html?invariant=	chromecache_62.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
172.217.16.132	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1464638
Start date and time:	2024-06-29 15:41:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/24@10/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.185.110, 64.233.167.84, 34.104.35.123, 2.23.209.37, 2.23.209.42, 216.58.212.170, 142.250.185.170, 142.250.185.234, 142.250.185.106, 172.217.18.10, 142.250.186.138, 142.250.181.234, 142.250.186.42, 216.58.206.42, 142.250.185.202, 142.250.185.138, 172.217.18.106, 142.250.184.202, 142.250.186.170, 172.217.16.138, 142.250.186.74, 2.19.126.89, 2.19.126.84, 2.19.126.163, 2.19.126.137, 192.229.221.95, 13.95.31.18, 20.3.187.198, 142.250.184.227
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, a767.dspw65.akamai.net, a1894.dscb.akamai.net, clients2.google.com, 193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, wu-b-net.trafficmanager.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input

Output

URL: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Model: Perplexity: mixtral-8x7b-instruct

{"loginform": true,"urgency": false,

Title: Sharing Link Validation OCR: OneDrive Microsoft Verify Your Identity You've received a secure link to: 1500 Broadway Pre Build RFP To open this secure link. we'll need you to enter the email that this item was shared to. O Enter email Next By clicking Next you allow CBRE, Inc. to use your email address In accordance with their privacy statement. CBRE. Inc. has not prmided links to their terms for you to review. 2017 Microsoft Privacy & Cookies

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	69031
Entropy (8bit):	5.666938977411791
Encrypted:	false
SSDEEP:	1536:PlgguXNRhpYWXBOxSPSW8N6fGNNKyioJs2wVXUaH3J:PLuPCGeTKyiTVXUi
MD5:	383DC4CD7C3B996B9B50B4545026C318
SHA1:	2C485413AA2D1AF9191840E6B107E0A76C95A924
SHA-256:	44ECBEFC00C14DECD26802908D4C10A7BCE73B12574F7C88D8D751221D76035B
SHA-512:	24D76E693980F14593E10D885413EF7F4725F308526358BC6EA0F8D271B3C05765E0A23EE8C680793C0238EFFEC12B787CE5BD4BC8550E11265B1F410C04B9DC
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=47" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,ma

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/_layouts/15/images/microsoft-logo.png
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17444)
Category:	downloaded
Size (bytes):	17672
Entropy (8bit):	5.233316811547578
Encrypted:	false
SSDEEP:	384:lpLsOooX8uvFBiRh+HnEDuvvy1pqvuvDX/0ohHK9mm+tMHvVOPoQeOMmuI:QnoX8uNB2YHnEDsvy1pqvub/0iq4NMHM
MD5:	6EFDDF589864D2E146A55C01C6764A35
SHA1:	EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F
SHA-256:	2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
SHA-512:	1AFC735660AAE010C04EF89C732D08EBA1B87BE6048164F273BEAEBECA3F30062812B4CD141DDF0291A6AB54F730875D597678A3564C0EED2AAC11E5400F951A
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25012.12008/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.1.22 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.. * Available via the MIT or new BSD license.. * see: http://github.com/jrburke/requirejs for details. */.var requirejs,require,define;!function(global){function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){if(e){var r;for(r=0;r<e.length&&(!e[r]\|\|!t(e[r],r,e));r+=1);}}function eachReverse(e,t){if(e){var r;for(r=e.length-1;r>-1&&(!e[r]\|\|!t(e[r],r,e));r-=1);}}function hasProp(e,t){return hasOwn.call(e,t)}function getOwn(e,t){return hasProp(e,t)&&e[t]}function eachProp(e,t){var r;for(r in e)if(hasProp(e,r)&&t(e[r],r))break}function mixin(e,t,r,i){return t&&eachProp(t,function(t,n){(r\|\|!hasProp(e,n))&&(!i\|\|"object"!=typeof t\|\|!t\|\|isArray(t)\|\|isFunction(t)\|\|t instanceof RegExp?e[n]=t:(e[n]\|\|(e[n]={}),mixin(e[n],t,r,i)))}),e}function bind(e,t){return function(){return t.apply(e,ar

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	26951
Entropy (8bit):	4.514992390210281
Encrypted:	false
SSDEEP:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
MD5:	B3D7A123BE5203A1A3F0F10233ED373F
SHA1:	F4C61F321D8F79A805B356C6EC94090C0D96215C
SHA-256:	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
SHA-512:	A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/ScriptResource.axd?d=GgWJx4W4lMI5EXR00JJ5kkqnXTV54JRXPw13ydwDn47hKD5aSHMa_gWdopWBc9-FvZEWF-DKKWo7zsXN7dl5xlCgIbeupxjhWEBNL6PUjN0_WuQhS7AHUiAlDeYoVI2XBdgbEaB_J5Br5wjl41QZkpP-DVAYi0OgeBbcMZLm_BM1&t=ffffffffa8ad04d3
Preview:	var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/WebResource.axd?d=n1XvOt_rEdjTpVoBxKKZZ4Z_0JswuigM5GkRS3HzRUfJorMUXSpqKNhJBGTWgLZ3GjPkONRk6-PpHYKtac_YLrAIhutOy5x7dbKVujcVnO81&t=638533172441064469
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65329), with CRLF line terminators
Category:	downloaded
Size (bytes):	102801
Entropy (8bit):	5.336080509196147
Encrypted:	false
SSDEEP:	1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
MD5:	C89EAA5B28DF1E17376BE71D71649173
SHA1:	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
SHA-256:	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
SHA-512:	B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/ScriptResource.axd?d=FqJX8RbykGoP5HtvCL_K_k8W23t34rZuHzHaG9-X30qJSTF9FRjPT255nRLEZlCkI7Tho4QtvvlXlH-BepCmTSP9brO63RDzvQe9HZtACRtigIOhqbrNcdLGaYzs5LnYyiPgmQajB0hKVKuyw7UEberh5SXJ8z9WKE4LTc-XhwhsUCWjlI4W4yL00am1DpsD0&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c\|\|typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39257), with CRLF line terminators
Category:	downloaded
Size (bytes):	40326
Entropy (8bit):	5.245555585297941
Encrypted:	false
SSDEEP:	384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
MD5:	DA9DC1C32E89C02FC1E9EEB7E5AAB91E
SHA1:	3EFB110EFA6068CE6B586A67F87DA5125310BC30
SHA-256:	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
SHA-512:	D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
Malicious:	false
Reputation:	low
URL:	https://cbre-my.sharepoint.com/ScriptResource.axd?d=6CVFfrA0n2PJi2tvKe7apJ7_1XcBTf-UZq-voRBLN6hd6xziDcTls0rKD-f30Ox5NXEzfPyAKpJD11wAzqlLBQ0HM-Soy6yLK9SCaco61JXaboYhnCUvaYI9pgMEc2blfc93egR8djptRULYh6sRxax1neyaevaIAOBBXEeeyIulweQD5OST_Qi0TJhwB8zL0&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:H6xhkY:aQY
MD5:	858372DD32511CB4DD08E48A93B4F175
SHA1:	CE4555B7B2EFBBD644D8E34CF3453A0E8CAA3C43
SHA-256:	3D18F3E1469C83D62CF3A39BA93F8EAA5B22447FE630E59F39DC1B7747635359
SHA-512:	6A57E0D4A1C23CB693AA9312F6FDAA1FC4309B5BC91D1B2279B5792BEE3534749FD3693C19AA95E0768800472D11D438EC3116F337679A249C28BE0E038E6DE0
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAl0Clez6_lj6RIFDfSCVyI=?alt=proto
Preview:	CgkKBw30glciGgA=

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (37521)
Category:	downloaded
Size (bytes):	40512
Entropy (8bit):	5.386921349191213
Encrypted:	false
SSDEEP:	768:Tkv+rkfa2aH5m7UYfXLMQWGjaKEstpgG9ycj:Pr8LaZkzLM46G9
MD5:	8DCE60169BA666CA03A31D123DB49908
SHA1:	956C46BB6058C23D35440DCC656CE61C7B151399
SHA-256:	F9F5A40C01C6D569373CE61EE77849F30E4176E1310652FF17D458C68680CF75
SHA-512:	26BA15ADE0F62393413156C5061B04AA8FCE3A5A5EE06EE35DFC42D3F76AF850980731A38DCF7094711E7FAB18C80EF66C9B354C029D06FA2E846330ACCC7E9E
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/spoguestaccesswebpack/spoguestaccess.js
Preview:	/! For license information please see spoguestaccess.js.LICENSE.txt /.document.currentScript,define("@fluentui/react-file-type-icons",[],()=>{var e;return(()=>{"use strict";var t=[e=>{var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,a=Object.prototype.propertyIsEnumerable;function i(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map(function(e){return t[e]}).join(""))return!1;var a={};return"abcdefghijklmnopqrst".split("").forEach(function(e){a[e]=e}),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},a)).join("")}catch(e){return!1}}()?Object.assign:function(e,r){for(var o,s,c=i(e),d=1;d<arguments.length;d++){for(var l in o=Object(arguments[d]))n.call(o,l)&&(c[l]

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	215
Entropy (8bit):	5.296880601579995
Encrypted:	false
SSDEEP:	6:JiMVBdgqZjZWtMfgRTH1it9PIY6XcRIQT2g6n:MMHdVBZWyUTMEXC6
MD5:	8A26CCD8021CEAA9A4BBAA78EC0BF51B
SHA1:	BB986724EE1491D22D55AA23413C0B7DA9D45478
SHA-256:	AC872DD2837E4F1707A42C8FB20834A7FB8008BB22D305258DE2E32B4260321A
SHA-512:	042DCCB5558D42FB4B723E6467B764C0D1E2BC2949A3FB8B3072483C42E1A900BC9353378E58C83320715531704A062D112F4D6E2F8144D0D11DEA99BBAB2887
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-06-14.009/@uifabric/file-type-icons/lib/initializeFileTypeIcons.js
Preview:	.<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist..RequestId:d7040ac6-601e-0020-2f2a-ca13a7000000.Time:2024-06-29T13:41:50.7420426Z</Message></Error>

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 227
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 29, 2024 15:41:55.937874079 CEST	49675	443	192.168.2.4	173.222.162.32
Jun 29, 2024 15:42:05.625365973 CEST	49675	443	192.168.2.4	173.222.162.32
Jun 29, 2024 15:42:08.697045088 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:08.697082996 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:08.697158098 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:08.697366953 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:08.697410107 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:08.697467089 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:08.697707891 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:08.697726011 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:08.697865963 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:08.697885990 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.274828911 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.275096893 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.275116920 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.275593042 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.275752068 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.275779963 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.276200056 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.276293993 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.276825905 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.276890993 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.277307987 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.277371883 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.277861118 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.277868986 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.278283119 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.278353930 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.328289032 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.328319073 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.328332901 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.373903990 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.555614948 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.555649996 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.555721045 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.555737972 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.555990934 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.555999041 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.556054115 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.556062937 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.556889057 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.556943893 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.556951046 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.609266996 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.635370970 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.635385036 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.635402918 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.635448933 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.635508060 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.635518074 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.636276007 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.636284113 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.636347055 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.636353970 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.637152910 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.637187004 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.637214899 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.637221098 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.637248039 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.644908905 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.644985914 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.644994020 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.685863972 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.724872112 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.724883080 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.724971056 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.724984884 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725028992 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725035906 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725078106 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.725083113 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725106955 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.725820065 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725879908 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.725884914 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725933075 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.725976944 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.756212950 CEST	49737	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.756253004 CEST	443	49737	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.758516073 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.758558035 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.758619070 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.759094954 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.759119987 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.759176970 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.759519100 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.759608984 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.759696007 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.760385990 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.762406111 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.762422085 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.762913942 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.762927055 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.763195992 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.763262987 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.800508022 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.934628963 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.934659004 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.934720993 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.934742928 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.934782982 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.935337067 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.935347080 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.935375929 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.935384989 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.935427904 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:09.936028004 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:09.936074972 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.024144888 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.024158955 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.024218082 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.024245024 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.024316072 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.024362087 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.141726971 CEST	49736	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.141782045 CEST	443	49736	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.330894947 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.331267118 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.331280947 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.331610918 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.332592964 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.332648993 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.333015919 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.346330881 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.346580982 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.346602917 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.346910954 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.347732067 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.347733974 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.347794056 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.348820925 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.349315882 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.349399090 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.350863934 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.350929022 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.351617098 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.351706028 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.351809978 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.351830959 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.376501083 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.392505884 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.405234098 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.512754917 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.512779951 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.512820959 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.512834072 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.512868881 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.513739109 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.513746977 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.513787031 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.513797998 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.513803005 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.513843060 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.521147013 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.521173954 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.521348953 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.521380901 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.521430969 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.522161007 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.522170067 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.522274017 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.522274971 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.522291899 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.522324085 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.524816990 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.524837017 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.524889946 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.524912119 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.524972916 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.526185989 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.526194096 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.526222944 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.526232004 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.526268959 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.526277065 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.562793970 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.578783035 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602272987 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602334976 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602349043 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602370024 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602418900 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602426052 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602478027 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602577925 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602639914 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602689028 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602802992 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602817059 CEST	443	49743	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.602827072 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.602864981 CEST	49743	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.605360031 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.605400085 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.605448961 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.605676889 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.605688095 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.613596916 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.613609076 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.613671064 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.613707066 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.614662886 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.614690065 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.614718914 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.614733934 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.614758015 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.615561008 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.615619898 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.615633965 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.615711927 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.615762949 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.615892887 CEST	49744	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.615909100 CEST	443	49744	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.617429018 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.617439985 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.617491961 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.617511988 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.618853092 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.618908882 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.618917942 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.619714022 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.619779110 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.619790077 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.620598078 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.620661020 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.620668888 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.674777031 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.709837914 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.709850073 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.709932089 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.709948063 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.710273981 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.710282087 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.710326910 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.710336924 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.711061001 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.711102009 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.711127996 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.711136103 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.711153030 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.711275101 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.711328030 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.711335897 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.711996078 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.712047100 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.712055922 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.712786913 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.712848902 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.712857008 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.712939024 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.712977886 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.712985039 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.712996960 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:10.713030100 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.713144064 CEST	49742	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:10.713159084 CEST	443	49742	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.163981915 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.167896986 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.167916059 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.168248892 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.179701090 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.179770947 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.180414915 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.224508047 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.229935884 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.230000019 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:11.230113983 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.230370045 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.230391979 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:11.350806952 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.350842953 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.350892067 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.350908041 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.350919008 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.350959063 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.350965023 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.351001024 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.351058960 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.365179062 CEST	49745	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.365194082 CEST	443	49745	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.442662001 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.442703962 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.442795038 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.443109035 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.443126917 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.616224051 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:11.616275072 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:11.616386890 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:11.620646954 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:11.620668888 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:11.696978092 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.697027922 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.697356939 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.697913885 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:11.697926998 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:11.875096083 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:11.896696091 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.896720886 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:11.897727013 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:11.897792101 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.914217949 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.914310932 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:11.968072891 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:11.968113899 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:12.014425993 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:12.016186953 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.016407967 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.016438961 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.016746998 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.017119884 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.017178059 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.017237902 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.060508013 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.196863890 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.196886063 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.196919918 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.196938038 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.196959019 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.196985960 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.197741032 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.197794914 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.199243069 CEST	49749	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.199256897 CEST	443	49749	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.292042971 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.292174101 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.295773029 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.296540022 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.296556950 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.296789885 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.304856062 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.304879904 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.306370974 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.306444883 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.342576027 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.344671011 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.344865084 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.348543882 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.348565102 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.389431953 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.419163942 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.464498043 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.471431971 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.471473932 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.471539021 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.493838072 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.493868113 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514442921 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514467955 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514522076 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514524937 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.514548063 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514590025 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.514619112 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514684916 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.514767885 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.543657064 CEST	49751	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:12.543688059 CEST	443	49751	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:12.610867023 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.610928059 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.611144066 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.611311913 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.611330986 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.611365080 CEST	49750	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.611372948 CEST	443	49750	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.781589031 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.781635046 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:12.781788111 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.783571959 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:12.783585072 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.057826042 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.058120012 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.058142900 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.058478117 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.059021950 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.059079885 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.059241056 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.100505114 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.108861923 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.240906000 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.240925074 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.240977049 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.241002083 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.241216898 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.241265059 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.241271973 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.241475105 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.241636992 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.242703915 CEST	49752	443	192.168.2.4	13.107.136.10
Jun 29, 2024 15:42:13.242723942 CEST	443	49752	13.107.136.10	192.168.2.4
Jun 29, 2024 15:42:13.459302902 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.459376097 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:13.460648060 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:13.460659981 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.460936069 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.461930990 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:13.504506111 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.741750956 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.741818905 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.741869926 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:13.742655039 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:13.742672920 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:13.742683887 CEST	49755	443	192.168.2.4	184.28.90.27
Jun 29, 2024 15:42:13.742695093 CEST	443	49755	184.28.90.27	192.168.2.4
Jun 29, 2024 15:42:17.924974918 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:17.925023079 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:17.925364017 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:17.926255941 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:17.926274061 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:18.620419979 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:18.620507002 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:18.622694969 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:18.622704029 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:18.622932911 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:18.671106100 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:19.483971119 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:19.528501034 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715019941 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715044975 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715054035 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715064049 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715095043 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715141058 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:19.715166092 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715182066 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:19.715209007 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:19.715246916 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715298891 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:19.715306044 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715336084 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:19.715395927 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:20.605237961 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:20.605264902 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:20.605277061 CEST	49757	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:20.605282068 CEST	443	49757	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:21.774837017 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:21.774930954 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:21.775130987 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:23.090256929 CEST	49746	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:42:23.090310097 CEST	443	49746	172.217.16.132	192.168.2.4
Jun 29, 2024 15:42:57.117145061 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:57.117197990 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:57.117260933 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:57.117953062 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:57.117964983 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:57.819071054 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:57.819139957 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:57.823395967 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:57.823407888 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:57.823678970 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:57.832814932 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:57.876514912 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.087979078 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.088004112 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.088018894 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.088068962 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.088098049 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.088149071 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.089410067 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.089454889 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.089490891 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.089498997 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.089521885 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.089669943 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.089721918 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.093823910 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.093823910 CEST	49763	443	192.168.2.4	13.85.23.86
Jun 29, 2024 15:42:58.093842030 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:42:58.093849897 CEST	443	49763	13.85.23.86	192.168.2.4
Jun 29, 2024 15:43:11.235342026 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:11.235465050 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:11.235569000 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:11.235810995 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:11.235856056 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:11.984324932 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:11.984652042 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:11.984685898 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:11.986376047 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:11.986715078 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:11.986908913 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:12.031023979 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:12.437469959 CEST	49723	80	192.168.2.4	199.232.214.172
Jun 29, 2024 15:43:12.437556028 CEST	49724	80	192.168.2.4	93.184.221.240
Jun 29, 2024 15:43:12.442909956 CEST	80	49723	199.232.214.172	192.168.2.4
Jun 29, 2024 15:43:12.442928076 CEST	80	49724	93.184.221.240	192.168.2.4
Jun 29, 2024 15:43:12.442979097 CEST	49723	80	192.168.2.4	199.232.214.172
Jun 29, 2024 15:43:12.442995071 CEST	49724	80	192.168.2.4	93.184.221.240
Jun 29, 2024 15:43:21.779020071 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:21.779103041 CEST	443	49765	172.217.16.132	192.168.2.4
Jun 29, 2024 15:43:21.779225111 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:23.040393114 CEST	49765	443	192.168.2.4	172.217.16.132
Jun 29, 2024 15:43:23.040467024 CEST	443	49765	172.217.16.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 29, 2024 15:42:06.660790920 CEST	53	57032	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:06.777576923 CEST	53	50356	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:07.835650921 CEST	53	51085	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:08.647500992 CEST	53291	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:08.651292086 CEST	63362	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:11.183931112 CEST	61414	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:11.184191942 CEST	52929	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:11.190674067 CEST	53	61414	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:11.190726995 CEST	53	52929	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:11.246134996 CEST	53	56262	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:11.612411022 CEST	51129	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:11.612848997 CEST	65249	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:12.582214117 CEST	52854	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:12.582719088 CEST	55044	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:42:24.026199102 CEST	138	138	192.168.2.4	192.168.2.255
Jun 29, 2024 15:42:24.790853977 CEST	53	63454	1.1.1.1	192.168.2.4
Jun 29, 2024 15:42:43.830758095 CEST	53	61495	1.1.1.1	192.168.2.4
Jun 29, 2024 15:43:06.589684010 CEST	53	55517	1.1.1.1	192.168.2.4
Jun 29, 2024 15:43:06.609308958 CEST	53	55808	1.1.1.1	192.168.2.4
Jun 29, 2024 15:43:13.535686016 CEST	53074	53	192.168.2.4	1.1.1.1
Jun 29, 2024 15:43:13.535835981 CEST	50479	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 29, 2024 15:42:08.647500992 CEST	192.168.2.4	1.1.1.1	0x53f8	Standard query (0)	cbre-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:08.651292086 CEST	192.168.2.4	1.1.1.1	0x655b	Standard query (0)	cbre-my.sharepoint.com	65	IN (0x0001)	false
Jun 29, 2024 15:42:11.183931112 CEST	192.168.2.4	1.1.1.1	0x9cb8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:11.184191942 CEST	192.168.2.4	1.1.1.1	0x1f4b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jun 29, 2024 15:42:11.612411022 CEST	192.168.2.4	1.1.1.1	0x2aca	Standard query (0)	cbre-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:11.612848997 CEST	192.168.2.4	1.1.1.1	0x34f2	Standard query (0)	cbre-my.sharepoint.com	65	IN (0x0001)	false
Jun 29, 2024 15:42:12.582214117 CEST	192.168.2.4	1.1.1.1	0x4796	Standard query (0)	m365cdn.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:12.582719088 CEST	192.168.2.4	1.1.1.1	0xbdd3	Standard query (0)	m365cdn.nel.measure.office.net	65	IN (0x0001)	false
Jun 29, 2024 15:43:13.535686016 CEST	192.168.2.4	1.1.1.1	0x8a34	Standard query (0)	m365cdn.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:43:13.535835981 CEST	192.168.2.4	1.1.1.1	0x33ba	Standard query (0)	m365cdn.nel.measure.office.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	cbre-my.sharepoint.com	cbre.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	cbre.sharepoint.com	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	193809-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:08.688153982 CEST	1.1.1.1	192.168.2.4	0x53f8	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:08.696368933 CEST	1.1.1.1	192.168.2.4	0x655b	No error (0)	cbre-my.sharepoint.com	cbre.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.696368933 CEST	1.1.1.1	192.168.2.4	0x655b	No error (0)	cbre.sharepoint.com	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.696368933 CEST	1.1.1.1	192.168.2.4	0x655b	No error (0)	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:08.696368933 CEST	1.1.1.1	192.168.2.4	0x655b	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.190674067 CEST	1.1.1.1	192.168.2.4	0x9cb8	No error (0)	www.google.com		172.217.16.132	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:11.190726995 CEST	1.1.1.1	192.168.2.4	0x1f4b	No error (0)	www.google.com			65	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	cbre-my.sharepoint.com	cbre.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	cbre.sharepoint.com	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	193809-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:11.679209948 CEST	1.1.1.1	192.168.2.4	0x2aca	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:11.695954084 CEST	1.1.1.1	192.168.2.4	0x34f2	No error (0)	cbre-my.sharepoint.com	cbre.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.695954084 CEST	1.1.1.1	192.168.2.4	0x34f2	No error (0)	cbre.sharepoint.com	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.695954084 CEST	1.1.1.1	192.168.2.4	0x34f2	No error (0)	328-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:11.695954084 CEST	1.1.1.1	192.168.2.4	0x34f2	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:12.590095043 CEST	1.1.1.1	192.168.2.4	0x4796	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:12.593187094 CEST	1.1.1.1	192.168.2.4	0xbdd3	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:19.500402927 CEST	1.1.1.1	192.168.2.4	0xf3fb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:19.500402927 CEST	1.1.1.1	192.168.2.4	0xf3fb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:32.913012981 CEST	1.1.1.1	192.168.2.4	0x1a5c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:32.913012981 CEST	1.1.1.1	192.168.2.4	0x1a5c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:42:58.915118933 CEST	1.1.1.1	192.168.2.4	0x5afb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:42:58.915118933 CEST	1.1.1.1	192.168.2.4	0x5afb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jun 29, 2024 15:43:13.543215990 CEST	1.1.1.1	192.168.2.4	0x8a34	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:43:13.544008017 CEST	1.1.1.1	192.168.2.4	0x33ba	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:43:20.210505962 CEST	1.1.1.1	192.168.2.4	0x480a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 29, 2024 15:43:20.210505962 CEST	1.1.1.1	192.168.2.4	0x480a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipinfo.io

cbre-my.sharepoint.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49730	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:41:54 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-29 13:41:54 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Sat, 29 Jun 2024 13:41:54 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-29 13:41:54 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:09 UTC	732	OUT	GET /:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:09 UTC	1984	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 69031 Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,2102272,54,110,29360437,0,2102272,53 X-SharePointHealthScore: 0 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 836637a1-500c-5000-dc5f-ba0f53d95502 request-id: 836637a1-500c-5000-dc5f-ba0f53d95502 MS-CV: oTdmgwxQAFDcX7oPU9lVAg.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=0159e9d0-09a0-4edf-96ba-a3deea363c28&destinationEndpoint=Edge-Prod-EWR31r5a&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com .powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 104 SPIisLatency: 3 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 332D19F4FD774C48B871E90D324FD49A Ref B: EWR311000102029 Ref C: 2024-06-29T13:42:09Z Date: Sat, 29 Jun 2024 13:42:08 GMT Connection: close
2024-06-29 13:42:09 UTC	1631	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 6f 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 6f 66 66 69 63 65 3a 6f 66 66 69 63 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 Data Ascii: ne-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{tex
2024-06-29 13:42:09 UTC	4699	IN	Data Raw: 74 69 6f 6e 7b 68 65 69 67 68 74 3a 33 32 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 7a 2d 69 6e 64 65 78 3a 31 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 33 32 70 78 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 6f 70 20 2e 35 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 7d 2e 6e 6f 74 69 66 69 63 61 74 69 6f 6e 20 2e 64 69 73 6d 69 73 73 7b 62 6f 72 64 65 72 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 68 65 69 67 68 74 3a 31 35 70 78 3b 77 69 64 74 68 3a 31 35 70 78 3b 6d 61 72 67 69 6e 3a 30 20 38 70 78 7d 2e 6e 6f Data Ascii: tion{height:32px;display:flex;justify-content:center;align-items:center;z-index:1;position:absolute;top:-32px;left:0;width:100%;transition:top .5s ease-in-out}.notification .dismiss{border:0;padding:0;background:0 0;height:15px;width:15px;margin:0 8px}.no
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 66 31 30 30 2d 39 31 33 33 2d 34 63 30 33 2d 38 63 34 34 2d 30 31 62 38 35 66 34 39 38 30 61 61 22 3e 0d 0a 09 09 21 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 27 50 65 72 66 6f 72 6d 61 6e 63 65 4c 6f 6e 67 54 61 73 6b 54 69 6d 69 6e 67 27 20 69 6e 20 77 69 6e 64 6f 77 29 7b 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 5f 5f 74 74 69 3d 7b 65 3a 5b 5d 7d 3b 67 2e 6f 3d 6e 65 77 20 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 67 2e 65 3d 67 2e 65 2e 63 6f 6e 63 61 74 28 6c 2e 67 65 74 45 6e 74 72 69 65 73 28 29 29 7d 29 3b 67 2e 6f 2e 6f 62 73 65 72 76 65 28 7b 65 6e 74 72 79 54 79 70 65 73 3a 5b 27 6c 6f 6e 67 74 61 73 6b 27 5d 7d 29 7d 7d 28 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 Data Ascii: f100-9133-4c03-8c44-01b85f4980aa">!function(){if('PerformanceLongTaskTiming' in window){var g=window.__tti={e:[]};g.o=new PerformanceObserver(function(l){g.e=g.e.concat(l.getEntries())});g.o.observe({entryTypes:['longtask']})}}();</script><script t
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 65 2e 45 53 36 50 72 6f 6d 69 73 65 3d 74 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 65 3d 73 65 74 54 69 6d 65 6f 75 74 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 72 2c 31 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 53 3b 65 2b 3d 32 29 7b 28 30 2c 54 5b 65 5d 29 28 54 5b 65 2b 31 5d 29 2c 54 5b 65 5d 3d 76 6f 69 64 20 30 2c 54 Data Ascii: "==typeof define&&define.amd?define(t):e.ES6Promise=t()}(this,function(){"use strict";function c(e){return"function"==typeof e}function t(){var e=setTimeout;return function(){return e(r,1)}}function r(){for(var e=0;e<S;e+=2){(0,T[e])(T[e+1]),T[e]=void 0,T
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 6e 28 65 2c 74 2c 72 2c 6e 29 7b 76 61 72 20 69 2c 6f 2c 73 3d 64 65 66 43 6f 6e 74 65 78 74 4e 61 6d 65 3b 69 66 28 21 69 73 41 72 72 61 79 28 65 29 26 26 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 29 7b 6f 3d 65 3b 69 66 28 69 73 41 72 72 61 79 28 74 29 29 7b 65 3d 74 3b 74 3d 72 3b 72 3d 6e 7d 65 6c 73 65 20 65 3d 5b 5d 7d 6f 26 26 6f 2e 63 6f 6e 74 65 78 74 26 26 28 73 3d 6f 2e 63 6f 6e 74 65 78 74 29 3b 69 3d 28 69 3d 67 65 74 4f 77 6e 28 63 6f 6e 74 65 78 74 73 2c 73 29 29 7c 7c 28 63 6f 6e 74 65 78 74 73 5b 73 5d 3d 72 65 71 2e 73 2e 6e 65 77 43 6f 6e 74 65 78 74 28 73 29 29 3b 6f 26 26 69 2e 63 6f 6e 66 69 67 75 72 65 28 6f 29 3b 72 65 74 75 72 6e 20 69 2e 72 65 71 75 69 72 65 28 65 2c 74 2c 72 29 7d 3b 72 65 71 2e 63 6f 6e 66 69 67 3d Data Ascii: n(e,t,r,n){var i,o,s=defContextName;if(!isArray(e)&&"string"!=typeof e){o=e;if(isArray(t)){e=t;t=r;r=n}else e=[]}o&&o.context&&(s=o.context);i=(i=getOwn(contexts,s))\|\|(contexts[s]=req.s.newContext(s));o&&i.configure(o);return i.require(e,t,r)};req.config=
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 61 70 2e 69 64 5d 3a 6e 75 6c 6c 3b 74 2e 72 65 71 75 69 72 65 54 79 70 65 3d 74 68 69 73 2e 6d 61 70 2e 69 73 44 65 66 69 6e 65 3f 22 64 65 66 69 6e 65 22 3a 22 72 65 71 75 69 72 65 22 3b 72 65 74 75 72 6e 20 6a 28 74 68 69 73 2e 65 72 72 6f 72 3d 74 29 7d 7d 65 6c 73 65 20 69 3d 6f 3b 74 68 69 73 2e 65 78 70 6f 72 74 73 3d 69 3b 69 66 28 74 68 69 73 2e 6d 61 70 2e 69 73 44 65 66 69 6e 65 26 26 21 74 68 69 73 2e 69 67 6e 6f 72 65 29 7b 6d 5b 72 5d 3d 69 3b 69 66 28 72 65 71 2e 6f 6e 52 65 73 6f 75 72 63 65 4c 6f 61 64 29 7b 76 61 72 20 73 3d 5b 5d 3b 65 61 63 68 28 74 68 69 73 2e 64 65 70 4d 61 70 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 2e 70 75 73 68 28 65 2e 6e 6f 72 6d 61 6c 69 7a 65 64 4d 61 70 7c 7c 65 29 7d 29 3b 72 65 71 2e 6f 6e 52 65 73 6f Data Ascii: ap.id]:null;t.requireType=this.map.isDefine?"define":"require";return j(this.error=t)}}else i=o;this.exports=i;if(this.map.isDefine&&!this.ignore){m[r]=i;if(req.onResourceLoad){var s=[];each(this.depMaps,function(e){s.push(e.normalizedMap\|\|e)});req.onReso
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 65 64 4d 6f 64 75 6c 65 73 20 3d 20 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 6d 6f 64 75 6c 65 73 46 61 6c 6c 65 64 42 61 63 6b 3b 0d 0a 20 20 20 20 20 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 70 75 73 68 28 6d 6f 64 75 6c 65 49 64 29 3b 0d 0a 20 20 20 20 20 20 69 66 20 28 21 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 62 61 73 65 55 72 6c 46 61 69 6c 65 64 4f 76 65 72 20 26 26 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 6c 65 6e 67 74 68 20 3e 3d 20 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 64 20 69 6e 20 70 61 74 68 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 74 65 6d 73 20 3d 20 70 61 74 68 73 5b 69 64 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 69 Data Ascii: edModules = failOverState.modulesFalledBack; failedModules.push(moduleId); if (!failOverState.baseUrlFailedOver && failedModules.length >= 2) { for (var id in paths) { var items = paths[id]; if (Array.isArray(i
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 6e 53 75 62 6d 69 74 29 20 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 26 26 20 56 61 6c 69 64 61 74 6f 72 4f 6e 53 75 62 6d 69 74 28 29 20 3d 3d 20 66 61 6c 73 65 29 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 69 66 20 28 74 79 70 65 6f 66 28 5f 73 70 46 6f 72 6d 4f 6e 53 75 62 6d 69 74 57 72 61 70 70 65 72 29 20 21 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 72 65 74 75 72 6e 20 5f 73 70 46 6f 72 6d 4f 6e 53 75 62 6d 69 74 57 72 61 70 70 65 72 28 29 3b 7d 20 65 6c 73 65 20 7b 72 65 74 75 72 6e 20 74 72 75 65 3b 7d 3b 0d 0a 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 09 2f 2f 5d 5d 3e 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 73 70 4e 65 74 48 69 64 64 65 6e 22 3e 0d 0a 0d 0a 09 09 3c 69 6e 70 75 74 20 Data Ascii: nSubmit) == "function" && ValidatorOnSubmit() == false) return false;if (typeof(_spFormOnSubmitWrapper) != 'undefined') {return _spFormOnSubmitWrapper();} else {return true;};return true;}//...</script><div class="aspNetHidden"><input
2024-06-29 13:42:09 UTC	5357	IN	Data Raw: 6e 5c 5c 66 40 5d 2b 40 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 24 22 3b 0d 0a 09 76 61 72 20 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 20 3f 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 22 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 22 5d 20 3a 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 22 29 3b 0d 0a 09 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 76 61 6c 69 64 61 74 65 20 3d 20 22 74 78 74 54 4f 41 41 45 6d 61 69 6c 22 3b 0d 0a 09 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 2e 66 6f 63 75 73 4f 6e 45 72 72 6f 72 20 3d 20 22 74 22 3b 0d 0a Data Ascii: n\\f@]+@[^ \\r\\t\\n\\f@]+$";var IncorrectTOAAEMail = document.all ? document.all["IncorrectTOAAEMail"] : document.getElementById("IncorrectTOAAEMail");IncorrectTOAAEMail.controltovalidate = "txtTOAAEmail";IncorrectTOAAEMail.focusOnError = "t";

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:09 UTC	743	OUT	GET /WebResource.axd?d=n1XvOt_rEdjTpVoBxKKZZ4Z_0JswuigM5GkRS3HzRUfJorMUXSpqKNhJBGTWgLZ3GjPkONRk6-PpHYKtac_YLrAIhutOy5x7dbKVujcVnO81&t=638533172441064469 HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:09 UTC	753	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 23063 Content-Type: application/x-javascript Expires: Sun, 29 Jun 2025 08:26:23 GMT Last-Modified: Fri, 07 Jun 2024 07:34:04 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,455,0,26271,215 X-AspNet-Version: 4.0.30319 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 58C14B1D03184F98B280722A9762E92F Ref B: EWR311000103047 Ref C: 2024-06-29T13:42:09Z Date: Sat, 29 Jun 2024 13:42:09 GMT Connection: close
2024-06-29 13:42:09 UTC	3539	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c Data Ascii: function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.val
2024-06-29 13:42:09 UTC	8192	IN	Data Raw: 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2c 20 66 72 61 67 6d 65 6e 74 49 6e 64 65 78 20 3d 20 61 63 74 69 6f 6e 2e 69 6e 64 65 78 4f 66 28 27 23 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 66 72 61 67 6d 65 6e 74 49 6e 64 65 78 20 21 3d 3d 20 2d 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 63 74 69 6f 6e 20 3d 20 61 63 74 69 6f 6e 2e 73 75 62 73 74 72 28 30 2c 20 66 72 61 67 6d 65 6e 74 49 6e 64 65 78 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 21 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 72 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 22 22 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 70 61 74 68 20 3d 20 Data Ascii: cument.location.pathname, fragmentIndex = action.indexOf('#'); if (fragmentIndex !== -1) { action = action.substr(0, fragmentIndex); } if (!__nonMSDOMBrowser) { var domain = ""; var path =
2024-06-29 13:42:09 UTC	4022	IN	Data Raw: 65 46 6f 72 6d 50 6f 73 74 43 6f 6c 6c 65 63 74 69 6f 6e 20 3d 20 6e 65 77 20 41 72 72 61 79 28 29 3b 0d 0a 76 61 72 20 5f 5f 63 61 6c 6c 62 61 63 6b 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 68 69 64 64 65 6e 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d 62 65 72 7c 72 61 6e 67 65 7c 63 6f 6c 6f 72 7c 64 61 74 65 74 69 6d 65 7c 64 61 74 65 7c 6d 6f 6e 74 68 7c 77 65 65 6b 7c 74 69 6d 65 7c 64 61 74 65 74 69 6d 65 2d 6c 6f 63 61 6c 29 24 2f 69 3b 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 49 6e 69 74 43 61 6c 6c 62 61 63 6b 28 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 66 6f 72 6d 45 6c 65 6d 65 6e 74 73 20 3d 20 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 2c 0d 0a 20 Data Ascii: eFormPostCollection = new Array();var __callbackTextTypes = /^(text\|password\|hidden\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;function WebForm_InitCallback() { var formElements = theForm.elements,
2024-06-29 13:42:10 UTC	7310	IN	Data Raw: 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 72 29 20 7b 0d Data Ascii: defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__nonMSDOMBrowser) {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:10 UTC	808	OUT	GET /ScriptResource.axd?d=GgWJx4W4lMI5EXR00JJ5kkqnXTV54JRXPw13ydwDn47hKD5aSHMa_gWdopWBc9-FvZEWF-DKKWo7zsXN7dl5xlCgIbeupxjhWEBNL6PUjN0_WuQhS7AHUiAlDeYoVI2XBdgbEaB_J5Br5wjl41QZkpP-DVAYi0OgeBbcMZLm_BM1&t=ffffffffa8ad04d3 HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:10 UTC	773	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 26951 Content-Type: application/x-javascript; charset=utf-8 Expires: Sun, 29 Jun 2025 13:42:10 GMT Last-Modified: Sat, 29 Jun 2024 13:42:10 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,54,0,6351381,0,525568,53 X-AspNet-Version: 4.0.30319 SPRequestDuration: 6 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E48904CE2F8F4DA2BB7F308CA4662316 Ref B: EWR311000104027 Ref C: 2024-06-29T13:42:10Z Date: Sat, 29 Jun 2024 13:42:09 GMT Connection: close
2024-06-29 13:42:10 UTC	3235	IN	Data Raw: 76 61 72 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 56 65 72 20 3d 20 22 31 32 35 22 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 73 56 61 6c 69 64 20 3d 20 74 72 75 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 42 6c 6f 63 6b 53 75 62 6d 69 74 20 3d 20 66 61 6c 73 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 6e 76 61 6c 69 64 43 6f 6e 74 72 6f 6c 54 6f 42 65 46 6f 63 75 73 65 64 20 3d 20 6e 75 6c 6c 3b 0d 0a 76 61 72 20 50 61 67 65 5f 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 66 69 6c 65 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d 62 65 72 7c 72 61 6e 67 65 7c 63 6f 6c 6f 72 7c 64 61 74 65 74 69 6d 65 7c 64 61 74 65 7c 6d 6f 6e 74 68 7c 77 65 65 6b 7c 74 69 6d 65 7c 64 61 74 65 74 69 6d 65 Data Ascii: var Page_ValidationVer = "125";var Page_IsValid = true;var Page_BlockSubmit = false;var Page_InvalidControlToBeFocused = null;var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 22 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 63 6f 6e 74 72 6f 6c 5b 65 76 65 6e 74 54 79 70 65 5d 20 3d 20 6e 65 77 20 46 75 6e 63 74 69 6f 6e 28 22 65 76 65 6e 74 22 2c 20 66 75 6e 63 74 69 6f 6e 50 72 65 66 69 78 20 2b 20 22 20 22 20 2b 20 65 76 29 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 56 61 6c 69 64 61 74 6f 72 47 65 74 56 61 6c 75 65 28 69 64 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 63 6f 6e 74 72 6f 6c 3b 0d 0a 20 20 20 20 63 6f 6e 74 72 6f 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 64 29 3b 0d 0a 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 28 63 6f 6e 74 72 6f 6c 2e 76 61 6c 75 65 29 20 3d 3d 20 22 73 74 72 69 6e 67 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 63 6f 6e 74 72 6f 6c 2e Data Ascii: "; } control[eventType] = new Function("event", functionPrefix + " " + ev);}function ValidatorGetValue(id) { var control; control = document.getElementById(id); if (typeof(control.value) == "string") { return control.
2024-06-29 13:42:10 UTC	4306	IN	Data Raw: 20 2d 20 31 30 30 20 2b 20 79 65 61 72 29 20 3a 20 28 63 75 74 6f 66 66 59 65 61 72 43 65 6e 74 75 72 79 20 2b 20 79 65 61 72 29 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 6e 75 6d 2c 20 63 6c 65 61 6e 49 6e 70 75 74 2c 20 6d 2c 20 65 78 70 3b 0d 0a 20 20 20 20 69 66 20 28 64 61 74 61 54 79 70 65 20 3d 3d 20 22 49 6e 74 65 67 65 72 22 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 65 78 70 20 3d 20 2f 5e 5c 73 2a 5b 2d 5c 2b 5d 3f 5c 64 2b 5c 73 2a 24 2f 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 6f 70 2e 6d 61 74 63 68 28 65 78 70 29 20 3d 3d 20 6e 75 6c 6c 29 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 0d 0a 20 20 20 20 20 20 20 20 6e 75 6d 20 3d 20 70 61 72 73 65 49 6e 74 28 6f 70 2c 20 31 30 29 3b 0d 0a 20 20 Data Ascii: - 100 + year) : (cutoffYearCentury + year)); } var num, cleanInput, m, exp; if (dataType == "Integer") { exp = /^\s[-\+]?\d+\s$/; if (op.match(exp) == null) return null; num = parseInt(op, 10);
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 75 65 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 76 61 6c 69 64 61 74 65 29 3b 0d 0a 20 20 20 20 69 66 20 28 56 61 6c 69 64 61 74 6f 72 54 72 69 6d 28 76 61 6c 75 65 29 2e 6c 65 6e 67 74 68 20 3d 3d 20 30 29 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 76 61 72 20 63 6f 6d 70 61 72 65 54 6f 20 3d 20 22 22 3b 0d 0a 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 20 21 3d 20 22 73 74 72 69 6e 67 22 29 20 7c 7c 0d 0a 20 20 20 20 20 20 20 20 28 74 79 70 65 6f 66 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 29 20 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 20 7c 7c 0d Data Ascii: ue(val.controltovalidate); if (ValidatorTrim(value).length == 0) return true; var compareTo = ""; if ((typeof(val.controltocompare) != "string") \|\| (typeof(document.getElementById(val.controltocompare)) == "undefined") \|\|
2024-06-29 13:42:10 UTC	3026	IN	Data Raw: 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6c 65 6e 67 74 68 20 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 6f 72 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 6e 67 74 68 20 2b 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 79 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 69 65 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6c 65 6e 67 74 68 3b 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: var length = parseSpecificAttribute(selector, dataValidationAttribute, Page_Validators); length += parseSpecificAttribute(selector, dataValidationSummaryAttribute, Page_ValidationSummaries); return length;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:10 UTC	821	OUT	GET /ScriptResource.axd?d=FqJX8RbykGoP5HtvCL_K_k8W23t34rZuHzHaG9-X30qJSTF9FRjPT255nRLEZlCkI7Tho4QtvvlXlH-BepCmTSP9brO63RDzvQe9HZtACRtigIOhqbrNcdLGaYzs5LnYyiPgmQajB0hKVKuyw7UEberh5SXJ8z9WKE4LTc-XhwhsUCWjlI4W4yL00am1DpsD0&t=74258c30 HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:10 UTC	773	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 102801 Content-Type: application/x-javascript; charset=utf-8 Expires: Sun, 29 Jun 2025 13:42:10 GMT Last-Modified: Sat, 29 Jun 2024 13:42:10 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,4989506,0,525568,53 X-AspNet-Version: 4.0.30319 SPRequestDuration: 4 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F54CBA5005C54AABB603CBF627DCF44A Ref B: EWR311000102049 Ref C: 2024-06-29T13:42:10Z Date: Sat, 29 Jun 2024 13:42:10 GMT Connection: close
2024-06-29 13:42:10 UTC	3397	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 2e 6a 73 0d 0a 46 75 6e 63 74 69 6f 6e 2e 5f 5f 74 79 70 65 4e 61 6d 65 3d 22 46 75 6e 63 74 69 6f 6e 22 3b 46 75 6e 63 74 69 6f 6e 2e 5f 5f 63 6c 61 73 73 3d Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjax.jsFunction.__typeName="Function";Function.__class=
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 20 64 3d 45 72 72 6f 72 2e 63 72 65 61 74 65 28 62 2c 7b 6e 61 6d 65 3a 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4e 75 6c 6c 45 78 63 65 70 74 69 6f 6e 22 2c 70 61 72 61 6d 4e 61 6d 65 3a 61 7d 29 3b 64 2e 70 6f 70 53 74 61 63 6b 46 72 61 6d 65 28 29 3b 72 65 74 75 72 6e 20 64 7d 3b 45 72 72 6f 72 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 61 2c 64 29 7b 76 61 72 20 62 3d 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 45 78 63 65 70 74 69 6f 6e 3a 20 22 2b 28 64 3f 64 3a 53 79 73 2e 52 65 73 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 29 3b 69 66 28 63 29 62 2b 3d 22 5c 6e 22 2b 53 74 72 69 6e 67 2e 66 6f 72 6d 61 74 28 53 79 73 2e 52 65 73 2e 70 61 72 61 6d 4e 61 6d 65 2c Data Ascii: d=Error.create(b,{name:"Sys.ArgumentNullException",paramName:a});d.popStackFrame();return d};Error.argumentOutOfRange=function(c,a,d){var b="Sys.ArgumentOutOfRangeException: "+(d?d:Sys.Res.argumentOutOfRange);if(c)b+="\n"+String.format(Sys.Res.paramName,
2024-06-29 13:42:10 UTC	4144	IN	Data Raw: 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 26 26 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 28 63 29 7d 3b 53 79 73 2e 5f 67 65 74 42 61 73 65 4d 65 74 68 6f 64 3d 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 63 29 7b 76 61 72 20 62 3d 64 2e 67 65 74 42 61 73 65 54 79 70 65 28 29 3b 69 66 28 62 29 7b 76 61 72 20 61 3d 62 2e 70 72 6f 74 6f 74 79 70 65 5b 63 5d 3b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 61 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 53 79 73 2e 5f 69 73 44 6f 6d 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 66 61 6c 73 65 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 22 6e 75 6d 62 65 72 22 Data Ascii: a.implementsInterface&&a.implementsInterface(c)};Sys._getBaseMethod=function(d,e,c){var b=d.getBaseType();if(b){var a=b.prototype[c];return a instanceof Function?a:null}return null};Sys._isDomElement=function(a){var c=false;if(typeof a.nodeType!=="number"
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 2e 45 76 65 6e 74 41 72 67 73 29 3b 54 79 70 65 2e 72 65 67 69 73 74 65 72 4e 61 6d 65 73 70 61 63 65 28 22 53 79 73 2e 55 49 22 29 3b 53 79 73 2e 5f 44 65 62 75 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 53 79 73 2e 5f 44 65 62 75 67 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 5f 61 70 70 65 6e 64 43 6f 6e 73 6f 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 44 65 62 75 67 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 29 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 6f 70 65 72 61 Data Ascii: .EventArgs);Type.registerNamespace("Sys.UI");Sys._Debug=function(){};Sys._Debug.prototype={_appendConsole:function(a){if(typeof Debug!=="undefined"&&Debug.writeln)Debug.writeln(a);if(window.console&&window.console.log)window.console.log(a);if(window.opera
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 6e 75 6c 6c 2c 2d 31 2c 5b 62 5d 2c 63 29 29 3b 72 65 74 75 72 6e 20 74 72 75 65 7d 72 65 74 75 72 6e 20 66 61 6c 73 65 7d 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 72 65 6d 6f 76 65 41 74 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 61 29 7b 69 66 28 61 3e 2d 31 26 26 61 3c 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 63 3d 62 5b 61 5d 3b 41 72 72 61 79 2e 72 65 6d 6f 76 65 41 74 28 62 2c 61 29 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 5f 63 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 62 2c 6e 65 77 20 53 79 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 53 79 73 2e 4e 6f 74 69 66 79 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 64 41 63 74 69 6f 6e 2e 72 65 6d 6f 76 65 2c 6e 75 6c 6c 2c 2d 31 2c 5b 63 5d 2c 61 29 29 7d 7d 3b 53 79 73 2e 4f 62 73 65 Data Ascii: null,-1,[b],c));return true}return false};Sys.Observer.removeAt=function(b,a){if(a>-1&&a<b.length){var c=b[a];Array.removeAt(b,a);Sys.Observer._collectionChange(b,new Sys.CollectionChange(Sys.NotifyCollectionChangedAction.remove,null,-1,[c],a))}};Sys.Obse
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 6f 53 74 72 69 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 61 29 7b 69 66 28 61 3c 31 30 29 72 65 74 75 72 6e 20 22 30 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 29 72 65 74 75 72 6e 20 22 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 30 29 72 65 74 75 72 6e 20 22 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 76 61 72 20 68 2c 70 2c 74 3d 2f 28 5b 5e 64 5d 7c 5e 29 28 64 7c 64 64 29 28 5b 5e 64 5d 7c 24 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 69 66 28 68 7c 7c 70 29 72 65 74 75 72 6e 20 68 3b 68 3d 74 2e 74 65 73 74 28 65 29 3b 70 3d 74 72 75 65 3b 72 65 74 75 72 6e 20 68 7d 76 61 72 20 71 3d 30 2c 6f 3d 44 61 74 65 2e 5f 67 65 74 54 6f 6b 65 6e 52 65 67 45 78 70 28 29 2c 66 3b 69 66 28 Data Ascii: oString()}function v(a){if(a<10)return "000"+a;else if(a<100)return "00"+a;else if(a<1000)return "0"+a;return a.toString()}var h,p,t=/([^d]\|^)(d\|dd)([^d]\|$)/g;function s(){if(h\|\|p)return h;h=t.test(e);p=true;return h}var q=0,o=Date._getTokenRegExp(),f;if(
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 41 72 72 61 79 28 74 68 69 73 2e 64 61 74 65 54 69 6d 65 46 6f 72 6d 61 74 2e 41 62 62 72 65 76 69 61 74 65 64 44 61 79 4e 61 6d 65 73 29 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 2c 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 61 29 29 7d 2c 5f 74 6f 55 70 70 65 72 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 62 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 61 3d 30 2c 64 3d 63 2e 6c 65 6e 67 74 68 3b 61 3c 64 3b 61 2b 2b 29 62 5b 61 5d 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 63 5b 61 5d 29 3b 72 65 74 75 72 6e 20 62 7d 2c 5f 74 6f 55 70 70 65 72 3a 66 75 6e 63 74 Data Ascii: this._upperAbbrDays=this._toUpperArray(this.dateTimeFormat.AbbreviatedDayNames);return Array.indexOf(this._upperAbbrDays,this._toUpper(a))},_toUpperArray:function(c){var b=[];for(var a=0,d=c.length;a<d;a++)b[a]=this._toUpper(c[a]);return b},_toUpper:funct
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 21 3d 3d 2d 31 29 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 4f 70 65 72 61 7c 7c 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 46 69 72 65 46 6f 78 29 61 3d 61 2e 73 70 6c 69 74 28 62 29 2e 6a 6f 69 6e 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 65 73 63 61 70 65 43 68 61 72 73 5b 62 5d 29 3b 65 6c 73 65 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 63 68 61 72 73 54 6f 45 73 63 61 70 65 52 65 67 45 78 73 5b 62 5d 2c 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 Data Ascii: !==-1)if(Sys.Browser.agent===Sys.Browser.Opera\|\|Sys.Browser.agent===Sys.Browser.FireFox)a=a.split(b).join(Sys.Serialization.JavaScriptSerializer._escapeChars[b]);else a=a.replace(Sys.Serialization.JavaScriptSerializer._charsToEscapeRegExs[b],Sys.Serializa
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 69 66 28 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 58 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 59 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 74 68 69 73 2e 6f 66 66 73 65 74 58 3d 61 2e 6f 66 66 73 65 74 58 3b 74 68 69 73 2e 6f 66 66 73 65 74 59 3d 61 2e 6f 66 66 73 65 74 59 7d 65 6c 73 65 20 69 66 28 74 68 69 73 2e 74 61 72 67 65 74 26 26 74 68 69 73 2e 74 61 72 67 65 74 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 33 26 26 74 79 70 65 6f 66 20 61 2e 63 6c 69 65 6e 74 58 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 76 61 72 20 63 3d 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 67 65 74 4c 6f 63 61 74 69 6f 6e 28 74 68 69 73 2e 74 61 72 67 65 74 29 2c 64 3d 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 Data Ascii: if(typeof a.offsetX!=="undefined"&&typeof a.offsetY!=="undefined"){this.offsetX=a.offsetX;this.offsetY=a.offsetY}else if(this.target&&this.target.nodeType!==3&&typeof a.clientX==="number"){var c=Sys.UI.DomElement.getLocation(this.target),d=Sys.UI.DomEleme
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 29 7b 76 61 72 20 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 7c 7c 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 5f 67 65 74 43 75 72 72 65 6e 74 53 74 79 6c 65 28 61 29 3b 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 62 3f 62 2e 64 69 73 70 6c 61 79 3a 6e 75 6c 6c 3b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 7c 7c 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 3d 3d 22 6e 6f 6e 65 22 29 73 77 69 74 63 68 28 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 63 61 73 65 20 22 44 49 56 22 3a 63 61 73 65 20 22 50 22 3a 63 61 73 65 20 22 41 44 44 52 45 53 53 22 3a 63 61 73 65 20 22 42 4c 4f 43 4b 51 Data Ascii: tion(a){if(!a._oldDisplayMode){var b=a.currentStyle\|\|Sys.UI.DomElement._getCurrentStyle(a);a._oldDisplayMode=b?b.display:null;if(!a._oldDisplayMode\|\|a._oldDisplayMode==="none")switch(a.tagName.toUpperCase()){case "DIV":case "P":case "ADDRESS":case "BLOCKQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:10 UTC	821	OUT	GET /ScriptResource.axd?d=6CVFfrA0n2PJi2tvKe7apJ7_1XcBTf-UZq-voRBLN6hd6xziDcTls0rKD-f30Ox5NXEzfPyAKpJD11wAzqlLBQ0HM-Soy6yLK9SCaco61JXaboYhnCUvaYI9pgMEc2blfc93egR8djptRULYh6sRxax1neyaevaIAOBBXEeeyIulweQD5OST_Qi0TJhwB8zL0&t=74258c30 HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:10 UTC	776	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 40326 Content-Type: application/x-javascript; charset=utf-8 Expires: Sun, 29 Jun 2025 13:42:10 GMT Last-Modified: Sat, 29 Jun 2024 13:42:10 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,2102272,0,296,6352804,0,1514843,58 X-AspNet-Version: 4.0.30319 SPRequestDuration: 4 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 35AD74968F8548759680EBFDC2B9F79F Ref B: EWR311000103047 Ref C: 2024-06-29T13:42:10Z Date: Sat, 29 Jun 2024 13:42:09 GMT Connection: close
2024-06-29 13:42:10 UTC	3394	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f 72 6d 73 2e 6a 73 0d 0a 54 79 70 65 2e 5f 72 65 67 69 73 74 65 72 53 63 72 69 70 74 28 22 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjaxWebForms.jsType._registerScript("MicrosoftAjaxWebFo
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 6c 73 65 3b 69 66 28 74 68 69 73 2e 5f 65 76 65 6e 74 73 29 64 65 6c 65 74 65 20 74 68 69 73 2e 5f 65 76 65 6e 74 73 3b 74 68 69 73 2e 5f 73 65 73 73 69 6f 6e 73 3d 6e 75 6c 6c 3b 74 68 69 73 2e 5f 63 75 72 72 65 6e 74 53 65 73 73 69 6f 6e 3d 6e 75 6c 6c 3b 74 68 69 73 2e 5f 73 63 72 69 70 74 4c 6f 61 64 65 64 44 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 7d 2c 6c 6f 61 64 53 63 72 69 70 74 73 3a 66 75 6e 63 74 69 6f 6e 28 64 2c 62 2c 63 2c 61 29 7b 76 61 72 20 65 3d 7b 61 6c 6c 53 63 72 69 70 74 73 4c 6f 61 64 65 64 43 61 6c 6c 62 61 63 6b 3a 62 2c 73 63 72 69 70 74 4c 6f 61 64 46 61 69 6c 65 64 43 61 6c 6c 62 61 63 6b 3a 63 2c 73 63 72 69 70 74 4c 6f 61 64 54 69 6d 65 6f 75 74 43 61 6c 6c 62 61 63 6b 3a 61 2c 73 63 72 69 70 74 73 54 6f 4c 6f 61 64 3a 74 68 69 Data Ascii: lse;if(this._events)delete this._events;this._sessions=null;this._currentSession=null;this._scriptLoadedDelegate=null},loadScripts:function(d,b,c,a){var e={allScriptsLoadedCallback:b,scriptLoadFailedCallback:c,scriptLoadTimeoutCallback:a,scriptsToLoad:thi
2024-06-29 13:42:10 UTC	4144	IN	Data Raw: 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 50 61 67 65 52 65 71 75 65 73 74 4d 61 6e 61 67 65 72 53 65 72 76 65 72 45 72 72 6f 72 45 78 63 65 70 74 69 6f 6e 3a 20 22 2b 28 64 7c 7c 53 74 72 69 6e 67 2e 66 6f 72 6d 61 74 28 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 52 65 73 2e 50 52 4d 5f 53 65 72 76 65 72 45 72 72 6f 72 2c 61 29 29 2c 62 3d 45 72 72 6f 72 2e 63 72 65 61 74 65 28 63 2c 7b 6e 61 6d 65 3a 22 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 50 61 67 65 52 65 71 75 65 73 74 4d 61 6e 61 67 65 72 53 65 72 76 65 72 45 72 72 6f 72 45 78 63 65 70 74 69 6f 6e 22 2c 68 74 74 70 53 74 61 74 75 73 43 6f 64 65 3a 61 7d 29 3b 62 2e 70 6f 70 53 74 61 63 6b 46 72 61 6d 65 28 29 3b 72 65 74 75 72 6e 20 62 7d 2c 5f 63 72 65 61 74 65 50 61 67 65 52 65 71 75 65 73 74 4d 61 6e Data Ascii: Sys.WebForms.PageRequestManagerServerErrorException: "+(d\|\|String.format(Sys.WebForms.Res.PRM_ServerError,a)),b=Error.create(c,{name:"Sys.WebForms.PageRequestManagerServerErrorException",httpStatusCode:a});b.popStackFrame();return b},_createPageRequestMan
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 6c 69 65 6e 74 56 61 6c 69 64 61 74 65 28 61 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 29 3b 69 66 28 64 29 7b 69 66 28 74 79 70 65 6f 66 20 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 6e 75 6c 6c 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 2e 6c 65 6e 67 74 68 3e 30 29 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 3d 61 2e 61 63 74 69 6f 6e 55 72 6c 3b 69 66 28 61 2e 74 72 61 63 6b 46 6f 63 75 73 29 7b 76 61 72 20 63 3d 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 5b 22 5f 5f 4c 41 53 54 46 4f 43 55 53 22 5d 3b 69 66 28 74 79 70 65 6f 66 20 63 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 63 21 3d 6e 75 6c 6c 29 69 66 28 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 76 Data Ascii: lientValidate(a.validationGroup);if(d){if(typeof a.actionUrl!="undefined"&&a.actionUrl!=null&&a.actionUrl.length>0)theForm.action=a.actionUrl;if(a.trackFocus){var c=theForm.elements["__LASTFOCUS"];if(typeof c!="undefined"&&c!=null)if(typeof document.activ
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 66 28 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 7b 62 2e 61 70 70 65 6e 64 28 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 3b 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 3d 6e 75 6c 6c 7d 76 61 72 20 63 3d 6e 65 77 20 53 79 73 2e 4e 65 74 2e 57 65 62 52 65 71 75 65 73 74 2c 61 3d 77 2e 61 63 74 69 6f 6e 3b 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 49 6e 74 65 72 6e 65 74 45 78 70 6c 6f 72 65 72 29 7b 76 61 72 20 72 3d 61 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 69 66 28 72 21 3d 3d 2d 31 29 61 3d 61 2e 73 75 62 73 74 72 28 30 2c 72 29 3b 76 61 72 20 6f 3d 22 22 2c 76 3d 22 22 2c 6d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3b Data Ascii: f(this._additionalInput){b.append(this._additionalInput);this._additionalInput=null}var c=new Sys.Net.WebRequest,a=w.action;if(Sys.Browser.agent===Sys.Browser.InternetExplorer){var r=a.indexOf("#");if(r!==-1)a=a.substr(0,r);var o="",v="",m=a.indexOf("?");
2024-06-29 13:42:10 UTC	8192	IN	Data Raw: 72 69 70 74 44 69 73 70 6f 73 65 73 5b 61 5d 2c 62 29 7d 2c 5f 73 63 72 69 70 74 49 6e 63 6c 75 64 65 73 4c 6f 61 64 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 62 29 7b 69 66 28 62 2e 65 78 65 63 75 74 6f 72 2e 67 65 74 5f 77 65 62 52 65 71 75 65 73 74 28 29 21 3d 3d 74 68 69 73 2e 5f 72 65 71 75 65 73 74 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 43 6f 6e 74 72 6f 6c 73 28 62 2e 75 70 64 61 74 65 50 61 6e 65 6c 44 61 74 61 2c 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 3f 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 2e 63 6f 6e 74 65 6e 74 3a 6e 75 6c 6c 29 3b 69 66 28 62 2e 66 6f 72 6d 41 63 74 69 6f 6e 4e 6f 64 65 29 74 68 69 73 2e 5f 66 6f 72 6d 2e 61 Data Ascii: riptDisposes[a],b)},_scriptIncludesLoadComplete:function(e,b){if(b.executor.get_webRequest()!==this._request)return;this._commitControls(b.updatePanelData,b.asyncPostBackTimeoutNode?b.asyncPostBackTimeoutNode.content:null);if(b.formActionNode)this._form.a
2024-06-29 13:42:10 UTC	20	IN	Data Raw: 64 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 63 65 2e 22 7d 3b Data Ascii: d more than once."};

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:11 UTC	693	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:11 UTC	734	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Thu, 27 Jun 2024 04:12:01 GMT Accept-Ranges: bytes ETag: "74fd3c2948c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,54,165,9566480,0,525568,53 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 069FD6BE974A4C35872C82EB3D863EAC Ref B: EWR311000103021 Ref C: 2024-06-29T13:42:11Z Date: Sat, 29 Jun 2024 13:42:11 GMT Connection: close
2024-06-29 13:42:11 UTC	1487	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"
2024-06-29 13:42:11 UTC	1844	IN	Data Raw: 0d f0 f7 ef df 9f 89 3c c4 d9 f3 2b 6b 70 b1 0d ef 07 ce 7f 43 33 81 95 d4 b9 61 eb 89 70 22 1e 72 61 75 f8 e8 a1 b7 e2 3c c5 a6 70 5e a4 9c a1 9c 72 8f 84 03 98 f7 e7 46 ce 3f b4 e1 40 be 1d d5 3c 8b ef ca f9 d8 96 eb 79 f0 33 a2 ce 6d ab 33 e9 1e 65 a5 c1 a0 b4 65 3c 0b 74 a9 5e cb ce a9 e0 3e c6 b7 3b b9 65 1a 2b a1 ef 87 b7 ed 7f 79 58 75 bf 5e 69 ff 9b ec db f5 7a 6c d7 9b 06 14 20 4e 3c 10 ef d3 39 03 ca 34 20 fc eb be ab a0 e3 4b 57 5e 57 5e 9d 48 9b fc 81 76 ce c4 d1 53 9b 9b e2 b8 a4 6a b2 71 f4 05 f6 23 47 ce 2c 19 c0 64 e8 ea 4d 5e 5f 00 e5 0d b8 64 9a 90 18 c0 05 b6 af bd ba c2 73 e8 b4 db 27 c3 22 ae 57 2f 33 b1 4a 57 6f 5e f2 e4 ae ce e4 ef f9 cf 63 6d 14 9b 36 e4 10 7e 8a ae 32 51 80 75 81 ee 90 7b 23 57 da 9a 36 c3 5c fa 45 a6 73 2a 6a cd Data Ascii: <+kpC3ap"rau<p^rF?@<y3m3ee<t^>;e+yXu^izl N<94 KW^W^HvSjq#G,dM^_ds'"W/3JWo^cm6~2Qu{#W6\Es*j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:12 UTC	693	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:12 UTC	738	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Fri, 28 Jun 2024 04:03:56 GMT Accept-Ranges: bytes ETag: "eb8a753210c9da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,2102272,0,54,35227314,0,2102272,53 SPRequestDuration: 3 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 46EEE8BA98FF4882BA3C68349A9D7D5A Ref B: EWR311000101053 Ref C: 2024-06-29T13:42:12Z Date: Sat, 29 Jun 2024 13:42:11 GMT Connection: close
2024-06-29 13:42:12 UTC	1813	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-06-29 13:42:12 UTC	6073	IN	Data Raw: ff 87 83 03 ff 87 83 03 ff 5d 59 0e ff 91 8b 17 ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff a5 a2 42 ff e9 e8 d0 ff ff ff ff ff e9 e8 d0 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 5d 59 0e ff 91 8b 17 ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff ad aa 52 ff e9 e8 d0 ff ff ff ff ff ff ff ff ff ff ff ff ff ad aa 52 ff 87 83 03 ff 87 83 Data Ascii: ]YB]YRR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49751	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:12 UTC	383	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:12 UTC	731	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Thu, 27 Jun 2024 04:12:01 GMT Accept-Ranges: bytes ETag: "74fd3c2948c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,1389764,0,238859,53 SPRequestDuration: 3 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: D4D9604E57C94AE59C50FDD71C587B36 Ref B: EWR311000104047 Ref C: 2024-06-29T13:42:12Z Date: Sat, 29 Jun 2024 13:42:11 GMT Connection: close
2024-06-29 13:42:12 UTC	1500	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"
2024-06-29 13:42:12 UTC	1831	IN	Data Raw: 70 b1 0d ef 07 ce 7f 43 33 81 95 d4 b9 61 eb 89 70 22 1e 72 61 75 f8 e8 a1 b7 e2 3c c5 a6 70 5e a4 9c a1 9c 72 8f 84 03 98 f7 e7 46 ce 3f b4 e1 40 be 1d d5 3c 8b ef ca f9 d8 96 eb 79 f0 33 a2 ce 6d ab 33 e9 1e 65 a5 c1 a0 b4 65 3c 0b 74 a9 5e cb ce a9 e0 3e c6 b7 3b b9 65 1a 2b a1 ef 87 b7 ed 7f 79 58 75 bf 5e 69 ff 9b ec db f5 7a 6c d7 9b 06 14 20 4e 3c 10 ef d3 39 03 ca 34 20 fc eb be ab a0 e3 4b 57 5e 57 5e 9d 48 9b fc 81 76 ce c4 d1 53 9b 9b e2 b8 a4 6a b2 71 f4 05 f6 23 47 ce 2c 19 c0 64 e8 ea 4d 5e 5f 00 e5 0d b8 64 9a 90 18 c0 05 b6 af bd ba c2 73 e8 b4 db 27 c3 22 ae 57 2f 33 b1 4a 57 6f 5e f2 e4 ae ce e4 ef f9 cf 63 6d 14 9b 36 e4 10 7e 8a ae 32 51 80 75 81 ee 90 7b 23 57 da 9a 36 c3 5c fa 45 a6 73 2a 6a cd f8 90 a3 eb 2a 5b 7c 49 53 21 bc 62 42 Data Ascii: pC3ap"rau<p^rF?@<y3m3ee<t^>;e+yXu^izl N<94 KW^W^HvSjq#G,dM^_ds'"W/3JWo^cm6~2Qu{#W6\Esj[\|IS!bB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:12 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-29 13:42:12 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=181614 Date: Sat, 29 Jun 2024 13:42:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49752	13.107.136.10	443	4948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:13 UTC	383	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: cbre-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-29 13:42:13 UTC	736	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Thu, 27 Jun 2024 04:11:44 GMT Accept-Ranges: bytes ETag: "8b1ed1e48c8da1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,1051136,0,117,2208084,0,606043,57 SPRequestDuration: 3 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25005 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 645804B736FB4ADD8856DFCB466CD330 Ref B: EWR311000103027 Ref C: 2024-06-29T13:42:13Z Date: Sat, 29 Jun 2024 13:42:12 GMT Connection: close
2024-06-29 13:42:13 UTC	2383	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-06-29 13:42:13 UTC	5503	IN	Data Raw: 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a 70 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff ff ff ff ff ff ff ff ff b4 b2 62 ff 87 83 03 ff 87 83 03 ff 96 93 23 ff a5 a2 42 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 46 43 04 ff 91 8b 17 ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a df a1 9b 1a 10 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff cb c9 91 ff ff ff ff ff ff ff ff ff f0 f0 e0 ff f0 f0 e0 ff ff ff ff ff c3 c1 81 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 41 3e 02 ff 76 71 0b ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff Data Ascii: pb#BFCA>vq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49755	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:13 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-29 13:42:13 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=181666 Date: Sat, 29 Jun 2024 13:42:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-06-29 13:42:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49757	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KXOxlw+LTnk1CSZ&MD=LduomynC HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-29 13:42:19 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0a1b2b49-6c88-4a28-b780-0fe3c8971b6b MS-RequestId: 01cf899c-74a0-4505-8ad5-28401c92c042 MS-CV: IBdvhoyEXkacbfua.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 29 Jun 2024 13:42:18 GMT Connection: close Content-Length: 24490
2024-06-29 13:42:19 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-29 13:42:19 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49763	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-06-29 13:42:57 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KXOxlw+LTnk1CSZ&MD=LduomynC HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-29 13:42:58 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 4083ad42-61bc-4a2a-89fa-7c2344700bba MS-RequestId: abc7f2d2-49a7-44c8-9ba9-465455052c81 MS-CV: YbCb8RNnr0ynscIq.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 29 Jun 2024 13:42:57 GMT Connection: close Content-Length: 30005
2024-06-29 13:42:58 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-06-29 13:42:58 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Behavior

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 396, Parent PID: 4208

General

Target ID:	0
Start time:	09:41:59
Start date:	29/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4948, Parent PID: 396

General

Target ID:	2
Start time:	09:42:05
Start date:	29/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1680,i,7610463420695366055,7376856383366979022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6516, Parent PID: 4208

General

Target ID:	3
Start time:	09:42:07
Start date:	29/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cbre-my.sharepoint.com/:f:/p/ryan_tornatore/Eg1sorlzC3dEvfKwplo2INEBM138N8ngH7z5Fh6OMIvXyg"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly