Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com

Overview

General Information

Sample URL:	https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com
Analysis ID:	1524241
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Submit button contains javascript call

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 2744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1860,i,14895830932961628612,13025139479554271904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9

HTTP Parser: Number of links: 0

Source: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9

HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9

HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9

HTTP Parser: No <meta name="author".. found

Source: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49728 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.8:58443 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/0R1m48Tzb1Q0D0KK5UBysaN3hg_s33vGp3gIfwyDrnon_BzEGOLqUl7SE_z2ATPbFdovSuF88NouIjn1r_3AUxZfAIeKqLftxKz97o9x5YgTozN7dKxMy8G7be9g4NYO3SJotb4sPIWR3dwfP0YqqZmnR-LF7ewi6hgOCwZaXG_6NQj8qFGdUuL-ynr3IkH9O6yFF2VZiErOKszwInFki4sy59mRDCPKpBfW2GjauOUj3WGoGhT12c6Ej4wKWwtz9uFb7cRoPrCfkeKC7YmHRXnASq9IUOmMlWHp_ny8nbIAn7sAOkFi_EfhykfDhrpa06HA_8p73b7VhXYOINDmUNj8Fg-jMVdSG-a2On5BovbggS6os6OacaztqSmIGXJgMufeq4B156NPGZRyBGX8gfaixiy_QJQ05UfmhSkf4KFWbJD_tiLukn1D3lA6HKcG9SXq2ctt1Ji1Xod8nsYL_Z4Zvnc-eu1ykouVDnNjXvt-aK2Olk_36azd4S80-dWeTHOcPPk8Eq_a8ECNDw7GBCNZH8qdFwgJIjlaXkDyoAgKi7QecU8sZwOQrQBzxdNNT4ykqNWcTNdF1s05fUZ-AvK0Rq6Uaqnb9wW1G5V6Ecle301Bmkt3O5mEWeBx8r0u0TeyG-HrzhyKaExrdAD0zKfbzsPp0wSjW4QMAQzsMbr5bPidv_m5843ndvaxeZWaBo3yu01U5x-rV2h-SRmSPC3cUyNoTnMtl2i3vSArH1Hwu2J-5cl5v8J2bJ3wKtr6GKWi7VDiuqbjqXEyFBvw-aRWmiQ_8fd5_mYKgYz69b_tVU9J1CHLJ5AUjxb0F_u2FxFDZm7VFPspwd7FUfyU2JG3Z20yP2DNEFBRRVlxDlV7wf3_SgFaiwUttpbGNAy33YYkrGs8U3vFCtd8EmwytNAYticPk4cDIp-YzqmZpQm4Cyh3shXbdld_16XINuYzkmJ30sI6MFgxMZcV37smojb272ebF1Ivue5vnswPo9vaNqiF0xLaty7x8UgCypb1DxVv0k_1AP5iITBXGvuY5Yuw9WhDm5igeTiJHFU70kpQd_MOkrif-N7kdq9JCezie1gpeZ1kvNXmoW21RP7_ZRCLnAqouUpxGmDAijn53Cfng0-Y0YasgtV8lZLT_O2d2CFwW8ntxtt-8KGDx7zpM9PPlhQhEQP-lK560FPLM1UT_iSJ_dMr58ISZXeTw_rQenMjSkDyQf0_ClFaKgNJQgJO8FGdGYmJ0-2XN93WC2inviz-5qzHhtDdfv4s362KhfO-agKki400Ny_EIYAQOOcVvVMkTKBXPiIn_XZiUWXSKl-iz3p3Uu0ZE2S9sbP7VoGYNC0lGOMxv2LPvgJa5-9-UJwbfByEYWeS-uhnU_-dCAVTMkMueLNJoKi2AkkmDFAnzxiLPds04m9aum2PzFl3j7azLCnlEDOVgEXvkAl0Kp6c-nH8W-wIMXRgWzGS9fb382HuNp6qQ7VzsGR_S93ZvYidGvnCEm2HBB-7KM1jbPfGWUdycHwPKGLmPaebD3EyJw8nPTTbh4hsMUaD45gpjfkdPt0WavWNqdmp-EeByR-T16WC_UQfY1FwJFKyISk3ofYIs5E9KDJBA7PvW-6yCzV8ORwl4szA_BRazmcf6O8F1qIKQzAxmIt4-GQfFgXtbsNCSOBPYh43Xh6F6OGbO-bMc3BaOOzqCsBnDsCiaJAvKcRry6xeI-QInoBrLO5TI7mNix7EYxMDkRnaDKtHzB6MNiUCXc427v66zKF8d5vn6fgDrEXHbaCMm6FZDE7rsP4KrGhdhP0hqoKA2Pv835CrTS_bbgL-YjYAZOq27sGFVwSKHxdzLuC4GLKOpajiIxXTH9wTfx3GR4eBvwBkV7arD58i1I9ppR-v9gJKcyVI762gNJXcAusiUECZs5lKWpcZMSv52pFyHKfrmG0CGpnypppminiHkRcCtC0WniY9mvGD5yVZ64b8Xa5eHwo8a8H3oM74HyH2jDPeSkSzy-Nq0Xixf8JHueZFXayC0wRjAnVx35JhmhZakNznFMnEtqQ9L7k1JOUu8axKERX0BK7RB3H4o9itikVlLAvgCmWLCDBIDVKqlTEQ7wbqJlE4pR2e-fG_zYXEGx7on_CpW7zpVcaSiTImK4nJdE5kbWI1G1SlhGoXtwhNyVLBScXRxhCRxHVgHxz9idDaDk0QmIkGvCO_vUdcFqQrFm2Tvhp0yZns1hZ_2P5OvtiTS3_R6LM8nf-FLPTvYTMF7TnI7cM4SolqI4gdT9ApQfwuSM2_FdCFICNoTK8Qgs5xSRaWSgBtB2-_-aEHtkt9cNkSMR-MP_nDNxNw_R5UXojVHSnlgBaVlCU1EuKtDWCRaW_MIoFcLQr70v3bFCrSNddYXRcIzTWpkr4WMCSFfMU76ZC2MECulYsn5nfAkfMc1exuZNLeZLxP9gCaehT7PxJH_-7FwAyOOLXYim2OVvpdQb8LhWDadL7SnaoDAckfs8U-4cuovac9pVKCQnecN_f1sy208ciAQzy7C6gsTtMJRohEA5W81IRCSGxFhQqrd5R9L-NYrfhG1V8HplGUzd2E9rhKU5eOCewL_8SI3vylxNrep-p2m7Tr2s5Snk05gHbgumc9B4QOPWmTJJ7w2n7KvRfyJVpcqZQD05M8JhM HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q
Source: global traffic	HTTP traffic detected: GET /:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=qQ-tsNsY4mzceTE_EyU_iyYmxhBmhJQ11sIHbeZBeYWZ920rM_8XSM8h6w0d7nZzAqphgK7kxnUp1T49uzhq7d6T_lBlQDlyYG01kIVRFXs1&t=638611486345608193 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=hJ44vuhbtoSZwKYpWYi2Os4fHRzb9eqVf-wdDuNmOlzwXf3aF3e-32cvUQ6qUscl1DefVS-9XQfsOH5bhkfGOW9rRadWFYNu7cBvGAXrUbhUh2e32G539sj0LZJzaXe4u09IYuWJMhNNxvvT-t99dvqbCwaUdbg47CJr44HW75Q1&t=ffffffffedc3492c HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=wmWRPBwCSCbXmH9wx4hANJPbt_WhqygGvO6NcEWl1oVpupqRi-ao3qQ3zmmEjMzOSNXEl_4NRPQKYeJ-beiVZKSI09JHBSVwjy8PMxTiiYnHsZJVp_eFqIAV0ipY5vU8HRJVFTUF072VuSPGT5fEb2bv8rIy2pQ1WMrY-t1l707a0mPuaNnzpPBWOhmeqRkT0&t=7a0cc936 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=lLkI1JciGSXohcyoCrHUL3KfmlB_NcNkFjN62kxsxtXMxSbjKr_j5kBv1T1i38u6XGY9_Y1SXRtoAKy30iH7CXRXn0S3wcbALrMmHk9jxHGIr1SgGSD9-FBF30Ac-Mc0eHrWx2GQ88ktj6J1daJm6jTP0F4BiFJWWFBOg_UTCdqCw2iYHuVvlza9HVLVDZHS0&t=7a0cc936 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=qQ-tsNsY4mzceTE_EyU_iyYmxhBmhJQ11sIHbeZBeYWZ920rM_8XSM8h6w0d7nZzAqphgK7kxnUp1T49uzhq7d6T_lBlQDlyYG01kIVRFXs1&t=638611486345608193 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=wmWRPBwCSCbXmH9wx4hANJPbt_WhqygGvO6NcEWl1oVpupqRi-ao3qQ3zmmEjMzOSNXEl_4NRPQKYeJ-beiVZKSI09JHBSVwjy8PMxTiiYnHsZJVp_eFqIAV0ipY5vU8HRJVFTUF072VuSPGT5fEb2bv8rIy2pQ1WMrY-t1l707a0mPuaNnzpPBWOhmeqRkT0&t=7a0cc936 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=lLkI1JciGSXohcyoCrHUL3KfmlB_NcNkFjN62kxsxtXMxSbjKr_j5kBv1T1i38u6XGY9_Y1SXRtoAKy30iH7CXRXn0S3wcbALrMmHk9jxHGIr1SgGSD9-FBF30Ac-Mc0eHrWx2GQ88ktj6J1daJm6jTP0F4BiFJWWFBOg_UTCdqCw2iYHuVvlza9HVLVDZHS0&t=7a0cc936 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=hJ44vuhbtoSZwKYpWYi2Os4fHRzb9eqVf-wdDuNmOlzwXf3aF3e-32cvUQ6qUscl1DefVS-9XQfsOH5bhkfGOW9rRadWFYNu7cBvGAXrUbhUh2e32G539sj0LZJzaXe4u09IYuWJMhNNxvvT-t99dvqbCwaUdbg47CJr44HW75Q1&t=ffffffffedc3492c HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: ouakninelegal-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.uk.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: ouakninelegal-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: chromecache_144.2.dr, chromecache_145.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_143.2.dr	String found in binary or memory: https://ouakninelegal-my.sharepoint.com/personal/elisabeth_ouakninelegal_ca/_layouts/15/images/256_i
Source: chromecache_146.2.dr, chromecache_151.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_143.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_143.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25311.12012/require.js
Source: chromecache_143.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.007/
Source: chromecache_143.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-09-20.007/
Source: chromecache_143.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58447
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49728 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@22/34@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1860,i,14895830932961628612,13025139479554271904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1860,i,14895830932961628612,13025139479554271904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://reactjs.org/docs/error-decoder.html?invariant=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false		unknown
194291-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com	52.104.49.55	true	false		unknown
url.uk.m.mimecastprotect.com	91.220.42.63	true	false		unknown
www.google.com	142.250.186.100	true	false		unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	84.201.210.34	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
windowsupdatebg.s.llnwi.net	46.228.146.128	true	false		unknown
ouakninelegal-my.sharepoint.com	unknown	unknown	false		unknown
m365cdn.nel.measure.office.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ouakninelegal-my.sharepoint.com/ScriptResource.axd?d=hJ44vuhbtoSZwKYpWYi2Os4fHRzb9eqVf-wdDuNmOlzwXf3aF3e-32cvUQ6qUscl1DefVS-9XQfsOH5bhkfGOW9rRadWFYNu7cBvGAXrUbhUh2e32G539sj0LZJzaXe4u09IYuWJMhNNxvvT-t99dvqbCwaUdbg47CJr44HW75Q1&t=ffffffffedc3492c	false		unknown
https://ouakninelegal-my.sharepoint.com/WebResource.axd?d=qQ-tsNsY4mzceTE_EyU_iyYmxhBmhJQ11sIHbeZBeYWZ920rM_8XSM8h6w0d7nZzAqphgK7kxnUp1T49uzhq7d6T_lBlQDlyYG01kIVRFXs1&t=638611486345608193	false		unknown
https://ouakninelegal-my.sharepoint.com/ScriptResource.axd?d=lLkI1JciGSXohcyoCrHUL3KfmlB_NcNkFjN62kxsxtXMxSbjKr_j5kBv1T1i38u6XGY9_Y1SXRtoAKy30iH7CXRXn0S3wcbALrMmHk9jxHGIr1SgGSD9-FBF30Ac-Mc0eHrWx2GQ88ktj6J1daJm6jTP0F4BiFJWWFBOg_UTCdqCw2iYHuVvlza9HVLVDZHS0&t=7a0cc936	false		unknown
https://ouakninelegal-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	false		unknown
https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9	false		unknown
https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com	false		unknown
https://ouakninelegal-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false		unknown
https://ouakninelegal-my.sharepoint.com/ScriptResource.axd?d=wmWRPBwCSCbXmH9wx4hANJPbt_WhqygGvO6NcEWl1oVpupqRi-ao3qQ3zmmEjMzOSNXEl_4NRPQKYeJ-beiVZKSI09JHBSVwjy8PMxTiiYnHsZJVp_eFqIAV0ipY5vU8HRJVFTUF072VuSPGT5fEb2bv8rIy2pQ1WMrY-t1l707a0mPuaNnzpPBWOhmeqRkT0&t=7a0cc936	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ouakninelegal-my.sharepoint.com/personal/elisabeth_ouakninelegal_ca/_layouts/15/images/256_i	chromecache_143.2.dr	false		unknown
http://github.com/jrburke/requirejs	chromecache_144.2.dr, chromecache_145.2.dr	false		unknown
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	chromecache_143.2.dr	false		unknown
https://reactjs.org/docs/error-decoder.html?invariant=	chromecache_146.2.dr, chromecache_151.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.136.10	dual-spo-0005.spo-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
91.220.42.63	url.uk.m.mimecastprotect.com	United Kingdom		42427	MIMECAST-UKGB	false
52.104.49.55	194291-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.186.100	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.10

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524241
Start date and time:	2024-10-02 16:31:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@22/34@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 216.58.206.46, 64.233.167.84, 34.104.35.123, 2.23.209.16, 2.23.209.8, 2.23.209.49, 2.23.209.14, 2.23.209.6, 2.23.209.34, 2.23.209.29, 2.23.209.35, 2.23.209.52, 142.250.186.170, 142.250.74.202, 142.250.185.74, 142.250.186.74, 172.217.16.202, 172.217.18.10, 216.58.206.74, 142.250.184.202, 216.58.206.42, 142.250.185.106, 142.250.185.138, 142.250.186.138, 142.250.186.42, 142.250.181.234, 142.250.186.106, 172.217.18.106, 2.23.209.37, 2.23.209.43, 2.23.209.17, 2.23.209.42, 2.23.209.38, 2.23.209.11, 2.23.209.46, 2.23.209.24, 2.23.209.3, 2.19.126.200, 2.19.126.199, 4.175.87.197, 84.201.210.34, 192.229.221.95, 20.242.39.171, 40.69.42.241, 20.12.23.50, 46.228.146.128
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, a1894.dscb.akamai.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, 194291-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net, wu-b-net.trafficmanager.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 13:32:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9771885898000234
Encrypted:	false
SSDEEP:	48:8L0daTT67gDcHUidAKZdA1oehwiZUklqeh1y+3:8LfXDGmy
MD5:	18F94F3D6BED63FB6262716D29E7EEB8
SHA1:	FBEE1D433EF611F126BF5F8608732C8AEBFA8D50
SHA-256:	6384EE3C062285AAB83566905E262236D4F27AF31A04AC294FCFCD1EFCC4BE28
SHA-512:	F3422FA2260F83F69FDD6B7F63E8159548E44488BF1AFB01C4ED3A3F3B8087398B03650D00577FE01CA6474BE218F45A04CE8A9C1F1FFB3B6647BD35D493D990
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....._......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IBY.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBY.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBY.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1..r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 13:32:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9922758358230173
Encrypted:	false
SSDEEP:	48:8V0daTT67gDcHUidAKZdA1leh/iZUkAQkqehWy+2:8VfXDE9QLy
MD5:	5519E4A72B604052D131914140C47BE9
SHA1:	C6C12DDE1591EC4B14CEE201516BAE2597CA5A1C
SHA-256:	BD2FC2C2C1A86482E2AD06200F16E3224F8FA822EDD4078E6013A33827A31CE5
SHA-512:	11E08A6BDA5D8378C4744696A6351FACD4D1080C5A1270940DA07F0A1AF1EB9728AAECA27E8D7A7F300AF9C89BC761DE020D2DA2231018CF5C429DAFA8D365B6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....8......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IBY.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBY.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBY.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1..r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.002969207275624
Encrypted:	false
SSDEEP:	48:8l0daTT67gbHUidAKZdA14t5eh7sFiZUkmgqeh7sEy+BX:8lfXtnqy
MD5:	3B253C315E7B6877C0402B36660C895D
SHA1:	05D42A7AD219C04CE1E1A7F7BD6D4E2A2F8B3F98
SHA-256:	94B8F7DD9D59EBF4DACE8FC8344342FFAB9CA028C86862DFC5A11AA1FD140CD2
SHA-512:	B51141B7C322B1EA53D69095CE0A20C917DC47B8EC31577E5355131DB2A3F63FD40FEAAB373F0E9F0679D557B44070F323FE280A6099B3D3D40D7E497CFFBDFF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IBY.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBY.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBY.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1..r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 13:32:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99043673398409
Encrypted:	false
SSDEEP:	48:8Z0daTT67gDcHUidAKZdA16ehDiZUkwqehCy+R:8ZfXDf8y
MD5:	459863BEA17ED613A2CB1CAA3726100D
SHA1:	12AFF10EF48248572FD19886EA91E2C7B8CBEF83
SHA-256:	23CB87E6CA8CD83D7908ECBA9D477018D61D595164CD7E85E3B3D6FD657318AA
SHA-512:	403B22E8BF1E6008A60C80E7A2A55A3911065BD59E7ED4A9926B316C5670F8FD9EA83F87B238486647B805DCF9A91BE22032F03A506762245FBDD88905C133AA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....6......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IBY.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBY.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBY.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1..r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 13:32:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.98036037645693
Encrypted:	false
SSDEEP:	48:870daTT67gDcHUidAKZdA1UehBiZUk1W1qehIy+C:87fXD/9oy
MD5:	3B6874D0552048E34BF15A871D32348B
SHA1:	6ABADC4069D16067B5C2F745E2BA1B64D47B1EB5
SHA-256:	349D74DA7CE3DEA978C990EAE043634A65C8B6C2FC8172053B4FC1D91E07517F
SHA-512:	B09B68C03DCC8CC67CD571EB989A9488453255B9050DAD77249DFAE2EDAEB8DA6EC632E5254E066A171E2C8F8AB8F64F95FFB89097ABCC98F350B83EC1BC67C2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....B......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IBY.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBY.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBY.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1..r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 13:32:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9894993648536503
Encrypted:	false
SSDEEP:	48:8w0daTT67gDcHUidAKZdA1duTrehOuTbbiZUk5OjqehOuTbqy+yT+:8wfXD4TYTbxWOvTbqy7T
MD5:	230D66FB5A9467C8B67BBA03EA627108
SHA1:	1B480BB49D4A56C69AF9FFFB84BC84798B3AB84D
SHA-256:	854DA9D0721C8354365CBC9BFD9AC72AA63C7E17D97DA53A00C1EB635F0C65F0
SHA-512:	6F45CAB9CE09993C835975934C8DE3B51D97F9965CD4643E365599F026F850FF4C9575512647CA7F538C079EF3AE83BA3ED7707661DF3DD9A7732A97024B18AB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....\......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IBY.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBY.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBY.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1..r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 136

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26951
Entropy (8bit):	4.514992390210281
Encrypted:	false
SSDEEP:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
MD5:	B3D7A123BE5203A1A3F0F10233ED373F
SHA1:	F4C61F321D8F79A805B356C6EC94090C0D96215C
SHA-256:	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
SHA-512:	A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
Malicious:	false
Reputation:	low
Preview:	var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

Chrome Cache Entry: 137

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Chrome Cache Entry: 138

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39257), with CRLF line terminators
Category:	downloaded
Size (bytes):	40326
Entropy (8bit):	5.245555585297941
Encrypted:	false
SSDEEP:	384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
MD5:	DA9DC1C32E89C02FC1E9EEB7E5AAB91E
SHA1:	3EFB110EFA6068CE6B586A67F87DA5125310BC30
SHA-256:	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
SHA-512:	D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/ScriptResource.axd?d=lLkI1JciGSXohcyoCrHUL3KfmlB_NcNkFjN62kxsxtXMxSbjKr_j5kBv1T1i38u6XGY9_Y1SXRtoAKy30iH7CXRXn0S3wcbALrMmHk9jxHGIr1SgGSD9-FBF30Ac-Mc0eHrWx2GQ88ktj6J1daJm6jTP0F4BiFJWWFBOg_UTCdqCw2iYHuVvlza9HVLVDZHS0&t=7a0cc936
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

Chrome Cache Entry: 139

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:H6xhkY:aQY
MD5:	858372DD32511CB4DD08E48A93B4F175
SHA1:	CE4555B7B2EFBBD644D8E34CF3453A0E8CAA3C43
SHA-256:	3D18F3E1469C83D62CF3A39BA93F8EAA5B22447FE630E59F39DC1B7747635359
SHA-512:	6A57E0D4A1C23CB693AA9312F6FDAA1FC4309B5BC91D1B2279B5792BEE3534749FD3693C19AA95E0768800472D11D438EC3116F337679A249C28BE0E038E6DE0
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlaGGyMINZyAxIFDfSCVyI=?alt=proto
Preview:	CgkKBw30glciGgA=

Chrome Cache Entry: 140

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	26951
Entropy (8bit):	4.514992390210281
Encrypted:	false
SSDEEP:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
MD5:	B3D7A123BE5203A1A3F0F10233ED373F
SHA1:	F4C61F321D8F79A805B356C6EC94090C0D96215C
SHA-256:	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
SHA-512:	A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/ScriptResource.axd?d=hJ44vuhbtoSZwKYpWYi2Os4fHRzb9eqVf-wdDuNmOlzwXf3aF3e-32cvUQ6qUscl1DefVS-9XQfsOH5bhkfGOW9rRadWFYNu7cBvGAXrUbhUh2e32G539sj0LZJzaXe4u09IYuWJMhNNxvvT-t99dvqbCwaUdbg47CJr44HW75Q1&t=ffffffffedc3492c
Preview:	var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

Chrome Cache Entry: 141

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 142

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65329), with CRLF line terminators
Category:	dropped
Size (bytes):	102801
Entropy (8bit):	5.336080509196147
Encrypted:	false
SSDEEP:	1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
MD5:	C89EAA5B28DF1E17376BE71D71649173
SHA1:	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
SHA-256:	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
SHA-512:	B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
Malicious:	false
Reputation:	low
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c\|\|typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

Chrome Cache Entry: 143

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	69114
Entropy (8bit):	5.667427471246017
Encrypted:	false
SSDEEP:	1536:PlgguXLUh1eWXBOxSPSW8N6fGNNKCMJJs2wVXamH3E:PLuACGeTKCVVXal
MD5:	D28ED8315B91AE0798DC358D16B110F4
SHA1:	AE8E00035B2331D8F783B74D9BE72127032A5AAD
SHA-256:	32AAEB236253064086079D9DCF95CB67899C8546592D8A1F5A9ED4611AAEA10D
SHA-512:	9D3C52DBCD6CDDF5594384BE3CF26F17692A3ACD7F89F51A7E56A8C6A10D046FAEA3D2BC7DBEEB88AED09539C976AF06088256B47E2F1F4B4C5D87A497B05A7F
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=47" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,ma

Chrome Cache Entry: 144

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17444)
Category:	dropped
Size (bytes):	17672
Entropy (8bit):	5.233316811547578
Encrypted:	false
SSDEEP:	384:lpLsOooX8uvFBiRh+HnEDuvvy1pqvuvDX/0ohHK9mm+tMHvVOPoQeOMmuI:QnoX8uNB2YHnEDsvy1pqvub/0iq4NMHM
MD5:	6EFDDF589864D2E146A55C01C6764A35
SHA1:	EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F
SHA-256:	2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
SHA-512:	1AFC735660AAE010C04EF89C732D08EBA1B87BE6048164F273BEAEBECA3F30062812B4CD141DDF0291A6AB54F730875D597678A3564C0EED2AAC11E5400F951A
Malicious:	false
Reputation:	low
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.1.22 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.. * Available via the MIT or new BSD license.. * see: http://github.com/jrburke/requirejs for details. */.var requirejs,require,define;!function(global){function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){if(e){var r;for(r=0;r<e.length&&(!e[r]\|\|!t(e[r],r,e));r+=1);}}function eachReverse(e,t){if(e){var r;for(r=e.length-1;r>-1&&(!e[r]\|\|!t(e[r],r,e));r-=1);}}function hasProp(e,t){return hasOwn.call(e,t)}function getOwn(e,t){return hasProp(e,t)&&e[t]}function eachProp(e,t){var r;for(r in e)if(hasProp(e,r)&&t(e[r],r))break}function mixin(e,t,r,i){return t&&eachProp(t,function(t,n){(r\|\|!hasProp(e,n))&&(!i\|\|"object"!=typeof t\|\|!t\|\|isArray(t)\|\|isFunction(t)\|\|t instanceof RegExp?e[n]=t:(e[n]\|\|(e[n]={}),mixin(e[n],t,r,i)))}),e}function bind(e,t){return function(){return t.apply(e,ar

Chrome Cache Entry: 145

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17444)
Category:	downloaded
Size (bytes):	17672
Entropy (8bit):	5.233316811547578
Encrypted:	false
SSDEEP:	384:lpLsOooX8uvFBiRh+HnEDuvvy1pqvuvDX/0ohHK9mm+tMHvVOPoQeOMmuI:QnoX8uNB2YHnEDsvy1pqvub/0iq4NMHM
MD5:	6EFDDF589864D2E146A55C01C6764A35
SHA1:	EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F
SHA-256:	2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
SHA-512:	1AFC735660AAE010C04EF89C732D08EBA1B87BE6048164F273BEAEBECA3F30062812B4CD141DDF0291A6AB54F730875D597678A3564C0EED2AAC11E5400F951A
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/bld/_layouts/15/16.0.25311.12012/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.1.22 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.. * Available via the MIT or new BSD license.. * see: http://github.com/jrburke/requirejs for details. */.var requirejs,require,define;!function(global){function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){if(e){var r;for(r=0;r<e.length&&(!e[r]\|\|!t(e[r],r,e));r+=1);}}function eachReverse(e,t){if(e){var r;for(r=e.length-1;r>-1&&(!e[r]\|\|!t(e[r],r,e));r-=1);}}function hasProp(e,t){return hasOwn.call(e,t)}function getOwn(e,t){return hasProp(e,t)&&e[t]}function eachProp(e,t){var r;for(r in e)if(hasProp(e,r)&&t(e[r],r))break}function mixin(e,t,r,i){return t&&eachProp(t,function(t,n){(r\|\|!hasProp(e,n))&&(!i\|\|"object"!=typeof t\|\|!t\|\|isArray(t)\|\|isFunction(t)\|\|t instanceof RegExp?e[n]=t:(e[n]\|\|(e[n]={}),mixin(e[n],t,r,i)))}),e}function bind(e,t){return function(){return t.apply(e,ar

Chrome Cache Entry: 146

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (37521)
Category:	dropped
Size (bytes):	40512
Entropy (8bit):	5.386921349191213
Encrypted:	false
SSDEEP:	768:Tkv+rkfa2aH5m7UYfXLMQWGjaKEstpgG9ycj:Pr8LaZkzLM46G9
MD5:	8DCE60169BA666CA03A31D123DB49908
SHA1:	956C46BB6058C23D35440DCC656CE61C7B151399
SHA-256:	F9F5A40C01C6D569373CE61EE77849F30E4176E1310652FF17D458C68680CF75
SHA-512:	26BA15ADE0F62393413156C5061B04AA8FCE3A5A5EE06EE35DFC42D3F76AF850980731A38DCF7094711E7FAB18C80EF66C9B354C029D06FA2E846330ACCC7E9E
Malicious:	false
Reputation:	low
Preview:	/! For license information please see spoguestaccess.js.LICENSE.txt /.document.currentScript,define("@fluentui/react-file-type-icons",[],()=>{var e;return(()=>{"use strict";var t=[e=>{var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,a=Object.prototype.propertyIsEnumerable;function i(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map(function(e){return t[e]}).join(""))return!1;var a={};return"abcdefghijklmnopqrst".split("").forEach(function(e){a[e]=e}),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},a)).join("")}catch(e){return!1}}()?Object.assign:function(e,r){for(var o,s,c=i(e),d=1;d<arguments.length;d++){for(var l in o=Object(arguments[d]))n.call(o,l)&&(c[l]

Chrome Cache Entry: 147

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39257), with CRLF line terminators
Category:	dropped
Size (bytes):	40326
Entropy (8bit):	5.245555585297941
Encrypted:	false
SSDEEP:	384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
MD5:	DA9DC1C32E89C02FC1E9EEB7E5AAB91E
SHA1:	3EFB110EFA6068CE6B586A67F87DA5125310BC30
SHA-256:	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
SHA-512:	D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
Malicious:	false
Reputation:	low
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

Chrome Cache Entry: 148

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/WebResource.axd?d=qQ-tsNsY4mzceTE_EyU_iyYmxhBmhJQ11sIHbeZBeYWZ920rM_8XSM8h6w0d7nZzAqphgK7kxnUp1T49uzhq7d6T_lBlQDlyYG01kIVRFXs1&t=638611486345608193
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 149

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Chrome Cache Entry: 150

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65329), with CRLF line terminators
Category:	downloaded
Size (bytes):	102801
Entropy (8bit):	5.336080509196147
Encrypted:	false
SSDEEP:	1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
MD5:	C89EAA5B28DF1E17376BE71D71649173
SHA1:	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
SHA-256:	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
SHA-512:	B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/ScriptResource.axd?d=wmWRPBwCSCbXmH9wx4hANJPbt_WhqygGvO6NcEWl1oVpupqRi-ao3qQ3zmmEjMzOSNXEl_4NRPQKYeJ-beiVZKSI09JHBSVwjy8PMxTiiYnHsZJVp_eFqIAV0ipY5vU8HRJVFTUF072VuSPGT5fEb2bv8rIy2pQ1WMrY-t1l707a0mPuaNnzpPBWOhmeqRkT0&t=7a0cc936
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c\|\|typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

Chrome Cache Entry: 151

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (37521)
Category:	downloaded
Size (bytes):	40512
Entropy (8bit):	5.386921349191213
Encrypted:	false
SSDEEP:	768:Tkv+rkfa2aH5m7UYfXLMQWGjaKEstpgG9ycj:Pr8LaZkzLM46G9
MD5:	8DCE60169BA666CA03A31D123DB49908
SHA1:	956C46BB6058C23D35440DCC656CE61C7B151399
SHA-256:	F9F5A40C01C6D569373CE61EE77849F30E4176E1310652FF17D458C68680CF75
SHA-512:	26BA15ADE0F62393413156C5061B04AA8FCE3A5A5EE06EE35DFC42D3F76AF850980731A38DCF7094711E7FAB18C80EF66C9B354C029D06FA2E846330ACCC7E9E
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.007/spoguestaccesswebpack/spoguestaccess.js
Preview:	/! For license information please see spoguestaccess.js.LICENSE.txt /.document.currentScript,define("@fluentui/react-file-type-icons",[],()=>{var e;return(()=>{"use strict";var t=[e=>{var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,a=Object.prototype.propertyIsEnumerable;function i(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map(function(e){return t[e]}).join(""))return!1;var a={};return"abcdefghijklmnopqrst".split("").forEach(function(e){a[e]=e}),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},a)).join("")}catch(e){return!1}}()?Object.assign:function(e,r){for(var o,s,c=i(e),d=1;d<arguments.length;d++){for(var l in o=Object(arguments[d]))n.call(o,l)&&(c[l]

Chrome Cache Entry: 152

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3331
Entropy (8bit):	7.927896166439245
Encrypted:	false
SSDEEP:	96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
MD5:	EF884BDEDEF280DF97A4C5604058D8DB
SHA1:	6F04244B51AD2409659E267D308B97E09CE9062B
SHA-256:	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
SHA-512:	A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
Malicious:	false
Reputation:	low
URL:	https://ouakninelegal-my.sharepoint.com/_layouts/15/images/microsoft-logo.png
Preview:	.PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^\|.G..o.......?....Or.......y~....]..V.a.mM...M.\kH..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<\|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$\|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...\|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..

Chrome Cache Entry: 153

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	3.9482833105763633
Encrypted:	false
SSDEEP:	48:gubb4a2MNTgopLqyhFTv07EVc91JbV5FIXH0wp53O:Bbb4a5NTX1c9L6E
MD5:	0B60F3C9E4DA6E807E808DA7360F24F2
SHA1:	9AFC7ABB910DE855EFB426206E547574A1E074B7
SHA-256:	ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
SHA-512:	1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
Malicious:	false
Reputation:	low
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 16:32:17.778726101 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 2, 2024 16:32:18.122555017 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 2, 2024 16:32:24.216180086 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 2, 2024 16:32:26.708074093 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 2, 2024 16:32:27.379951954 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 2, 2024 16:32:27.736231089 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 2, 2024 16:32:28.280992031 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.281027079 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:28.281102896 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.281203985 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.281210899 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:28.281488895 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.281500101 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:28.281553984 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.281804085 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.281812906 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:28.999083996 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:28.999510050 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:28.999536037 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.000972033 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.001070023 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.002407074 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.002490044 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.002612114 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.002625942 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.004081964 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.004300117 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.004309893 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.005289078 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.005381107 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.005789995 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.005861044 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.051629066 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.055238962 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.055253983 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.103540897 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.406285048 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.406404018 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.406424046 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.406471968 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.406486988 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.406541109 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.459539890 CEST	443	49703	23.206.229.226	192.168.2.8
Oct 2, 2024 16:32:29.459624052 CEST	49703	443	192.168.2.8	23.206.229.226
Oct 2, 2024 16:32:29.830143929 CEST	49710	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.830183029 CEST	443	49710	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:29.865982056 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:29.866038084 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:30.484985113 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:30.485059023 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:30.485127926 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:30.489341974 CEST	49709	443	192.168.2.8	91.220.42.63
Oct 2, 2024 16:32:30.489361048 CEST	443	49709	91.220.42.63	192.168.2.8
Oct 2, 2024 16:32:30.556253910 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:30.556313038 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:30.556550980 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:30.557097912 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:30.557106018 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:30.947504997 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:30.947565079 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:30.947623968 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:30.948314905 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:30.948332071 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:31.233922958 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.236248970 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.236272097 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.237324953 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.237387896 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.241913080 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.241988897 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.242474079 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.242485046 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.285660982 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.555140972 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:31.555193901 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:31.555262089 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:31.560380936 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.560415983 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.560450077 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.560470104 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.560482979 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.560487032 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.560519934 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.560539007 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.560585976 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.599205017 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:31.599241972 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:31.613831997 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:31.618830919 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:31.618850946 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:31.620347977 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:31.620424986 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:31.635818958 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:31.635950089 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:31.652713060 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.652745008 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.652815104 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.652839899 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.652868986 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.652884007 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.654619932 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.654639959 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.654706955 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.654714108 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.654757023 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.691356897 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:31.691381931 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:31.739054918 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:31.744036913 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.744060040 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.744142056 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.744164944 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.744206905 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.744745016 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.744802952 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.744874001 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.744926929 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.746373892 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.746373892 CEST	49713	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.746383905 CEST	443	49713	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.769310951 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.769346952 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.769411087 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.769861937 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.769874096 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.777787924 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.777816057 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.777873039 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.778315067 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.778322935 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.779074907 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.779082060 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.779130936 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.780287981 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.780294895 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.781059027 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.781102896 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.781209946 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.781435013 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.781447887 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.782036066 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.782068014 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:31.782326937 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.782567024 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:31.782582998 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.361397028 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.361505032 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.440391064 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.440480947 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.441435099 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.483057976 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.483584881 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.484736919 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.485858917 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.489087105 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.490731955 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.497771025 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.497785091 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.497977018 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.498002052 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.498567104 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.498821974 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.498831987 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.499038935 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.499097109 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.499133110 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.499154091 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.499488115 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.499506950 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.499691963 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.500282049 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.500341892 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.500428915 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.500556946 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.501043081 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.501101971 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.502072096 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.502238989 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.502497911 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.502610922 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.503874063 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.504054070 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.508434057 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.508614063 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.508987904 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.511409044 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.511418104 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.511898041 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.512516022 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.512526989 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.513674021 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.513684034 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.553200960 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.553205013 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.555397987 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.555440903 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.567259073 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.623152971 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.651416063 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.651438951 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.651494980 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.651508093 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.651568890 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.651916981 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.651979923 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.652014017 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.652304888 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.652304888 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.652323008 CEST	443	49724	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.652369976 CEST	49724	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654676914 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654726982 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654746056 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654758930 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654778004 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654788971 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654804945 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654820919 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654829979 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654840946 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654855013 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654869080 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654894114 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654896021 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654913902 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654942989 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654957056 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.654978991 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.654999018 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.663440943 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.666363001 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666393042 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666400909 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666424990 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666438103 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666440964 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.666445971 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666465998 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.666487932 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.666526079 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.668744087 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.668802977 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.668865919 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.668879986 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.668899059 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.668955088 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.668961048 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.737488031 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.737584114 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.738070011 CEST	443	49719	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.738087893 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.738121033 CEST	49719	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.738230944 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.738292933 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.738312960 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.738332987 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.738348007 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.738384008 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.739284039 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.739365101 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.739372969 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.739530087 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.739595890 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.746344090 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.746393919 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.746418953 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.746445894 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.746464014 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.747529984 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.747582912 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.748277903 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.748347998 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.748352051 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.748378038 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.748403072 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.749984980 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750006914 CEST	443	49722	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.750019073 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750049114 CEST	49722	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750458002 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.750508070 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.750519037 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750536919 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.750561953 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.750586987 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750595093 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750664949 CEST	49723	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.750685930 CEST	443	49723	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.814163923 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.814222097 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.814268112 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.814398050 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.814414978 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.814429045 CEST	49715	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.814435959 CEST	443	49715	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.835578918 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.835608959 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.835654020 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.835678101 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.835700035 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.836221933 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.836230993 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.836245060 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.836251974 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.836268902 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.836275101 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.836301088 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.836990118 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837022066 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837044001 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837045908 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.837057114 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837071896 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837075949 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.837090015 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.837713003 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837764025 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.837769032 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837786913 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.837840080 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.838031054 CEST	49721	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:32.838044882 CEST	443	49721	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:32.860018969 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.860063076 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:32.860137939 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.860485077 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:32.860492945 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.526339054 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:33.526397943 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:33.526496887 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:33.527338028 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:33.527364969 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:33.527718067 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.527807951 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:33.537744045 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:33.537795067 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.538070917 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.540416002 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:33.583425045 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.600411892 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.600439072 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.600564957 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.600867987 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.600892067 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.601191998 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.601613998 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.601701975 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.601941109 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.601964951 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.601993084 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.602040052 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.602529049 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.602574110 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.602593899 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.602607965 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.602667093 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.602860928 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.602871895 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.603101015 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.603117943 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.603239059 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.603261948 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.603487968 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:33.603512049 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:33.813740969 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.813818932 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.815598011 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:33.815731049 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:33.815749884 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:33.815782070 CEST	49728	443	192.168.2.8	184.28.90.27
Oct 2, 2024 16:32:33.815788031 CEST	443	49728	184.28.90.27	192.168.2.8
Oct 2, 2024 16:32:34.148896933 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.154346943 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.154378891 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.164345026 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.167820930 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.168528080 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.168550968 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.169146061 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.169220924 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.169668913 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.169672966 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.169739008 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.171214104 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.174935102 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.180516958 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.186383009 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.189821005 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.189924955 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.190121889 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.190154076 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.190295935 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.190306902 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.190917969 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.190943003 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.191078901 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.191093922 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.191159964 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.191186905 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.191323996 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.191375017 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.192133904 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.192181110 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.192245007 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.192511082 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.192555904 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.192648888 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.192840099 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.193141937 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.193319082 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.193382025 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.193840981 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.193917990 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.194027901 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.194068909 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.194077969 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.194086075 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.194133043 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.194140911 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.194220066 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.194226027 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.195521116 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.195528984 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.211404085 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.303735971 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.303761959 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.303828001 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.303853989 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.304204941 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.304414034 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.305210114 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.305233002 CEST	443	49730	52.104.49.55	192.168.2.8
Oct 2, 2024 16:32:34.305243969 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.305272102 CEST	49730	443	192.168.2.8	52.104.49.55
Oct 2, 2024 16:32:34.332813025 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.332822084 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.337384939 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.337423086 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.337424040 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.339767933 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.339795113 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.339843035 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.339850903 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.339870930 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.339994907 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.340643883 CEST	49734	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.340657949 CEST	443	49734	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.347978115 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348001003 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348046064 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.348058939 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348586082 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348593950 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348619938 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348679066 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.348687887 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.348711014 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.349200010 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349216938 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349267960 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.349277973 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349394083 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349400997 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349442005 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.349451065 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349848032 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349858046 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349877119 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349894047 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.349900961 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.349936008 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.350816965 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.350824118 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.350869894 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.350876093 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.363327980 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.363352060 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.363409996 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.363420010 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.363481998 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.364455938 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.364464045 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.364485025 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.364530087 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.364568949 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.364655018 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365061998 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365070105 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365117073 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.365251064 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365258932 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365281105 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365309954 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.365320921 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.365333080 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.366069078 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.366096973 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.366105080 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.366117954 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.366125107 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.366153955 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.436950922 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.436961889 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.436992884 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.437012911 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.437021971 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.437057018 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.437897921 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.437906981 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.437928915 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.437956095 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.437961102 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.437999010 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.438882113 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.438898087 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.438904047 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.438910007 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.438916922 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.438922882 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.438955069 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.438992023 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.439001083 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.439007998 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.439012051 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.439255953 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.439304113 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.439313889 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.439322948 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.439333916 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.439363003 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.439364910 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.439389944 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.440272093 CEST	49738	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.440289974 CEST	443	49738	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.440886021 CEST	49736	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.440907955 CEST	443	49736	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452017069 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452030897 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452054977 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452066898 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.452116966 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.452394962 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452403069 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452445984 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.452451944 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.452725887 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.453458071 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.453466892 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.453533888 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.453540087 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.454422951 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.454478979 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.454483986 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.457108021 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.457120895 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.457149982 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.457159996 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.457171917 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.457190990 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.457237959 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.457314968 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.463922977 CEST	49735	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.463936090 CEST	443	49735	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.540992022 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541048050 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541084051 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541160107 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541198015 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541223049 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541557074 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541565895 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541615963 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541640043 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541652918 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541673899 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541717052 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541728973 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.541759968 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.541783094 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.542496920 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.542556047 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.542571068 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.543879032 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.543979883 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.544011116 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.544380903 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.544445992 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.544461012 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.544653893 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:34.545362949 CEST	443	49737	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:34.545427084 CEST	49737	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.153976917 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.154032946 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.154208899 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.154356003 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.154367924 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.710527897 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.716119051 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.716156006 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.716689110 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.717176914 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.717257977 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.717305899 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.759426117 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.833064079 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.863188982 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863212109 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863292933 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.863347054 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863487005 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863496065 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863550901 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.863569021 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863620996 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.863789082 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863846064 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:35.863889933 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.865387917 CEST	49740	443	192.168.2.8	13.107.136.10
Oct 2, 2024 16:32:35.865423918 CEST	443	49740	13.107.136.10	192.168.2.8
Oct 2, 2024 16:32:41.510054111 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:41.510114908 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:41.510333061 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:42.617185116 CEST	49714	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:32:42.617270947 CEST	443	49714	142.250.186.100	192.168.2.8
Oct 2, 2024 16:32:51.869610071 CEST	58443	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:51.874542952 CEST	53	58443	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:51.874609947 CEST	58443	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:51.874655008 CEST	58443	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:51.879904985 CEST	53	58443	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:52.334086895 CEST	53	58443	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:52.338907957 CEST	58443	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:52.344132900 CEST	53	58443	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:52.344201088 CEST	58443	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:33:30.985570908 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:30.985614061 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:30.985842943 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:30.986167908 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:30.986185074 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:31.614695072 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:31.615045071 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:31.615065098 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:31.615411043 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:31.615915060 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:31.615972996 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:31.661587954 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:41.544893980 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:41.544958115 CEST	443	58447	142.250.186.100	192.168.2.8
Oct 2, 2024 16:33:41.545032978 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:42.617480993 CEST	58447	443	192.168.2.8	142.250.186.100
Oct 2, 2024 16:33:42.617510080 CEST	443	58447	142.250.186.100	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 16:32:26.425910950 CEST	53	55898	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:26.447819948 CEST	53	61753	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:27.477557898 CEST	53	54138	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:28.268623114 CEST	58033	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:28.268872023 CEST	50206	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:28.276011944 CEST	53	50206	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:28.276149035 CEST	53	58033	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:30.491261005 CEST	53251	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:30.492012978 CEST	51956	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:30.937236071 CEST	62457	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:30.937472105 CEST	59753	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:30.944159031 CEST	53	62457	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:30.944339037 CEST	53	59753	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:33.531351089 CEST	53	57763	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:33.558919907 CEST	52208	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:33.559521914 CEST	50225	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:34.868227005 CEST	60365	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:34.875016928 CEST	55108	53	192.168.2.8	1.1.1.1
Oct 2, 2024 16:32:44.779093027 CEST	53	62398	1.1.1.1	192.168.2.8
Oct 2, 2024 16:32:51.869052887 CEST	53	55010	1.1.1.1	192.168.2.8
Oct 2, 2024 16:33:04.874809980 CEST	138	138	192.168.2.8	192.168.2.255
Oct 2, 2024 16:33:25.955441952 CEST	53	59877	1.1.1.1	192.168.2.8

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 2, 2024 16:32:30.559026003 CEST	192.168.2.8	1.1.1.1	c36e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 16:32:28.268623114 CEST	192.168.2.8	1.1.1.1	0xe556	Standard query (0)	url.uk.m.mimecastprotect.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:28.268872023 CEST	192.168.2.8	1.1.1.1	0x3bb3	Standard query (0)	url.uk.m.mimecastprotect.com	65	IN (0x0001)	false
Oct 2, 2024 16:32:30.491261005 CEST	192.168.2.8	1.1.1.1	0xc6a8	Standard query (0)	ouakninelegal-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:30.492012978 CEST	192.168.2.8	1.1.1.1	0xd96f	Standard query (0)	ouakninelegal-my.sharepoint.com	65	IN (0x0001)	false
Oct 2, 2024 16:32:30.937236071 CEST	192.168.2.8	1.1.1.1	0xa287	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:30.937472105 CEST	192.168.2.8	1.1.1.1	0x239a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 16:32:33.558919907 CEST	192.168.2.8	1.1.1.1	0xe977	Standard query (0)	ouakninelegal-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:33.559521914 CEST	192.168.2.8	1.1.1.1	0x29fb	Standard query (0)	ouakninelegal-my.sharepoint.com	65	IN (0x0001)	false
Oct 2, 2024 16:32:34.868227005 CEST	192.168.2.8	1.1.1.1	0x9d5f	Standard query (0)	m365cdn.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:34.875016928 CEST	192.168.2.8	1.1.1.1	0x2dd2	Standard query (0)	m365cdn.nel.measure.office.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 16:32:28.276149035 CEST	1.1.1.1	192.168.2.8	0xe556	No error (0)	url.uk.m.mimecastprotect.com		91.220.42.63	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:28.276149035 CEST	1.1.1.1	192.168.2.8	0xe556	No error (0)	url.uk.m.mimecastprotect.com		195.130.217.73	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:28.276149035 CEST	1.1.1.1	192.168.2.8	0xe556	No error (0)	url.uk.m.mimecastprotect.com		195.130.217.187	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:28.276149035 CEST	1.1.1.1	192.168.2.8	0xe556	No error (0)	url.uk.m.mimecastprotect.com		91.220.42.235	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:28.276149035 CEST	1.1.1.1	192.168.2.8	0xe556	No error (0)	url.uk.m.mimecastprotect.com		195.130.217.180	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:28.276149035 CEST	1.1.1.1	192.168.2.8	0xe556	No error (0)	url.uk.m.mimecastprotect.com		91.220.42.215	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:30.538661003 CEST	1.1.1.1	192.168.2.8	0xc6a8	No error (0)	ouakninelegal-my.sharepoint.com	ouakninelegal.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.538661003 CEST	1.1.1.1	192.168.2.8	0xc6a8	No error (0)	ouakninelegal.sharepoint.com	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.538661003 CEST	1.1.1.1	192.168.2.8	0xc6a8	No error (0)	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.538661003 CEST	1.1.1.1	192.168.2.8	0xc6a8	No error (0)	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.538661003 CEST	1.1.1.1	192.168.2.8	0xc6a8	No error (0)	194291-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	194291-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.538661003 CEST	1.1.1.1	192.168.2.8	0xc6a8	No error (0)	194291-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com		52.104.49.55	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:30.558943033 CEST	1.1.1.1	192.168.2.8	0xd96f	No error (0)	ouakninelegal-my.sharepoint.com	ouakninelegal.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.558943033 CEST	1.1.1.1	192.168.2.8	0xd96f	No error (0)	ouakninelegal.sharepoint.com	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.558943033 CEST	1.1.1.1	192.168.2.8	0xd96f	No error (0)	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.558943033 CEST	1.1.1.1	192.168.2.8	0xd96f	No error (0)	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:30.944159031 CEST	1.1.1.1	192.168.2.8	0xa287	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:30.944339037 CEST	1.1.1.1	192.168.2.8	0x239a	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 16:32:33.597788095 CEST	1.1.1.1	192.168.2.8	0x29fb	No error (0)	ouakninelegal-my.sharepoint.com	ouakninelegal.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.597788095 CEST	1.1.1.1	192.168.2.8	0x29fb	No error (0)	ouakninelegal.sharepoint.com	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.597788095 CEST	1.1.1.1	192.168.2.8	0x29fb	No error (0)	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.597788095 CEST	1.1.1.1	192.168.2.8	0x29fb	No error (0)	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	ouakninelegal-my.sharepoint.com	ouakninelegal.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	ouakninelegal.sharepoint.com	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	10627-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	194291-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	194291-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	194291-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:33.599355936 CEST	1.1.1.1	192.168.2.8	0xe977	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:34.875415087 CEST	1.1.1.1	192.168.2.8	0x9d5f	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:34.882030010 CEST	1.1.1.1	192.168.2.8	0x2dd2	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.34	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.39	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.36	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.41	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.35	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.37	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.38	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:38.579544067 CEST	1.1.1.1	192.168.2.8	0x6690	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.22	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:32:39.485568047 CEST	1.1.1.1	192.168.2.8	0x9b39	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 16:32:39.485568047 CEST	1.1.1.1	192.168.2.8	0x9b39	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 16:33:41.438333035 CEST	1.1.1.1	192.168.2.8	0x7b4e	No error (0)	windowsupdatebg.s.llnwi.net		46.228.146.128	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

url.uk.m.mimecastprotect.com

ouakninelegal-my.sharepoint.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49710	91.220.42.63	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:28 UTC	735	OUT	GET /s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com HTTP/1.1 Host: url.uk.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:29 UTC	2904	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 02 Oct 2024 14:32:29 GMT Content-Length: 0 Connection: close Location: https://url.uk.m.mimecastprotect.com/r/0R1m48Tzb1Q0D0KK5UBysaN3hg_s33vGp3gIfwyDrnon_BzEGOLqUl7SE_z2ATPbFdovSuF88NouIjn1r_3AUxZfAIeKqLftxKz97o9x5YgTozN7dKxMy8G7be9g4NYO3SJotb4sPIWR3dwfP0YqqZmnR-LF7ewi6hgOCwZaXG_6NQj8qFGdUuL-ynr3IkH9O6yFF2VZiErOKszwInFki4sy59mRDCPKpBfW2GjauOUj3WGoGhT12c6Ej4wKWwtz9uFb7cRoPrCfkeKC7YmHRXnASq9IUOmMlWHp_ny8nbIAn7sAOkFi_EfhykfDhrpa06HA_8p73b7VhXYOINDmUNj8Fg-jMVdSG-a2On5BovbggS6os6OacaztqSmIGXJgMufeq4B156NPGZRyBGX8gfaixiy_QJQ05UfmhSkf4KFWbJD_tiLukn1D3lA6HKcG9SXq2ctt1Ji1Xod8nsYL_Z4Zvnc-eu1ykouVDnNjXvt-aK2Olk_36azd4S80-dWeTHOcPPk8Eq_a8ECNDw7GBCNZH8qdFwgJIjlaXkDyoAgKi7QecU8sZwOQrQBzxdNNT4ykqNWcTNdF1s05fUZ-AvK0Rq6Uaqnb9wW1G5V6Ecle301Bmkt3O5mEWeBx8r0u0TeyG-HrzhyKaExrdAD0zKfbzsPp0wSjW4QMAQzsMbr5bPidv_m5843ndvaxeZWaBo3yu01U5x-rV2h-SRmSPC3cUyNoTnMtl2i3vSArH1Hwu2J-5cl5v8J2bJ3wKtr6GKWi7VDiuqbjqXEyFBvw-aRWmiQ_8fd5_mYKgYz69b_tVU9J1CHLJ5AUjxb0F_u2FxFDZm7VFPspwd7FUfyU2JG3Z20yP2DNEFBRRVlxDlV7wf3_SgFaiwUttpbGNAy33YYkrGs8U3vFCtd8EmwytNAYticPk4cDIp-YzqmZpQm4Cyh3shXbdld_16XINuYzkmJ30sI6MFgxMZc [TRUNCATED] Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49709	91.220.42.63	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:29 UTC	3340	OUT	GET /r/0R1m48Tzb1Q0D0KK5UBysaN3hg_s33vGp3gIfwyDrnon_BzEGOLqUl7SE_z2ATPbFdovSuF88NouIjn1r_3AUxZfAIeKqLftxKz97o9x5YgTozN7dKxMy8G7be9g4NYO3SJotb4sPIWR3dwfP0YqqZmnR-LF7ewi6hgOCwZaXG_6NQj8qFGdUuL-ynr3IkH9O6yFF2VZiErOKszwInFki4sy59mRDCPKpBfW2GjauOUj3WGoGhT12c6Ej4wKWwtz9uFb7cRoPrCfkeKC7YmHRXnASq9IUOmMlWHp_ny8nbIAn7sAOkFi_EfhykfDhrpa06HA_8p73b7VhXYOINDmUNj8Fg-jMVdSG-a2On5BovbggS6os6OacaztqSmIGXJgMufeq4B156NPGZRyBGX8gfaixiy_QJQ05UfmhSkf4KFWbJD_tiLukn1D3lA6HKcG9SXq2ctt1Ji1Xod8nsYL_Z4Zvnc-eu1ykouVDnNjXvt-aK2Olk_36azd4S80-dWeTHOcPPk8Eq_a8ECNDw7GBCNZH8qdFwgJIjlaXkDyoAgKi7QecU8sZwOQrQBzxdNNT4ykqNWcTNdF1s05fUZ-AvK0Rq6Uaqnb9wW1G5V6Ecle301Bmkt3O5mEWeBx8r0u0TeyG-HrzhyKaExrdAD0zKfbzsPp0wSjW4QMAQzsMbr5bPidv_m5843ndvaxeZWaBo3yu01U5x-rV2h-SRmSPC3cUyNoTnMtl2i3vSArH1Hwu2J-5cl5v8J2bJ3wKtr6GKWi7VDiuqbjqXEyFBvw-aRWmiQ_8fd5_mYKgYz69b_tVU9J1CHLJ5AUjxb0F_u2FxFDZm7VFPspwd7FUfyU2JG3Z20yP2DNEFBRRVlxDlV7wf3_SgFaiwUttpbGNAy33YYkrGs8U3vFCtd8EmwytNAYticPk4cDIp-YzqmZpQm4Cyh3shXbdld_16XINuYzkmJ30sI6MFgxMZcV37smojb272ebF1Ivue5vnswPo9vaNqiF0xLaty7x8 [TRUNCATED] Host: url.uk.m.mimecastprotect.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:30 UTC	417	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 02 Oct 2024 14:32:30 GMT Content-Length: 0 Connection: close Location: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49713	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:31 UTC	780	OUT	GET /:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:31 UTC	1867	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-NetworkStatistics: 0,262656,0,0,428,0,24952,31 X-SharePointHealthScore: 3 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 27fd55a1-8016-6000-9811-ca5cb8fa6bad request-id: 27fd55a1-8016-6000-9811-ca5cb8fa6bad MS-CV: oVX9JxaAAGCYEcpcuPprrQ.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=f46216dc-13ba-414f-9afe-04744adaf21d&destinationEndpoint=194291&frontEnd=FarmDirect&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 147 SPIisLatency: 7 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:31 GMT Connection: close Content-Length: 69114
2024-10-02 14:32:31 UTC	14517	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 6f 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 6f 66 66 69 63 65 3a 6f 66 66 69 63 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /
2024-10-02 14:32:31 UTC	16384	IN	Data Raw: 22 30 63 32 30 62 37 64 39 2d 33 35 33 36 2d 34 30 65 31 2d 61 64 34 31 2d 61 32 32 64 36 61 35 38 61 30 66 61 22 3e 0d 0a 09 09 21 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 27 50 65 72 66 6f 72 6d 61 6e 63 65 4c 6f 6e 67 54 61 73 6b 54 69 6d 69 6e 67 27 20 69 6e 20 77 69 6e 64 6f 77 29 7b 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 5f 5f 74 74 69 3d 7b 65 3a 5b 5d 7d 3b 67 2e 6f 3d 6e 65 77 20 50 65 72 66 6f 72 6d 61 6e 63 65 4f 62 73 65 72 76 65 72 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 67 2e 65 3d 67 2e 65 2e 63 6f 6e 63 61 74 28 6c 2e 67 65 74 45 6e 74 72 69 65 73 28 29 29 7d 29 3b 67 2e 6f 2e 6f 62 73 65 72 76 65 28 7b 65 6e 74 72 79 54 79 70 65 73 3a 5b 27 6c 6f 6e 67 74 61 73 6b 27 5d 7d 29 7d 7d 28 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 Data Ascii: "0c20b7d9-3536-40e1-ad41-a22d6a58a0fa">!function(){if('PerformanceLongTaskTiming' in window){var g=window.__tti={e:[]};g.o=new PerformanceObserver(function(l){g.e=g.e.concat(l.getEntries())});g.o.observe({entryTypes:['longtask']})}}();</script><scr
2024-10-02 14:32:31 UTC	16384	IN	Data Raw: 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 2c 6e 29 7b 76 61 72 20 69 2c 6f 2c 73 3d 64 65 66 43 6f 6e 74 65 78 74 4e 61 6d 65 3b 69 66 28 21 69 73 41 72 72 61 79 28 65 29 26 26 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 29 7b 6f 3d 65 3b 69 66 28 69 73 41 72 72 61 79 28 74 29 29 7b 65 3d 74 3b 74 3d 72 3b 72 3d 6e 7d 65 6c 73 65 20 65 3d 5b 5d 7d 6f 26 26 6f 2e 63 6f 6e 74 65 78 74 26 26 28 73 3d 6f 2e 63 6f 6e 74 65 78 74 29 3b 69 3d 28 69 3d 67 65 74 4f 77 6e 28 63 6f 6e 74 65 78 74 73 2c 73 29 29 7c 7c 28 63 6f 6e 74 65 78 74 73 5b 73 5d 3d 72 65 71 2e 73 2e 6e 65 77 43 6f 6e 74 65 78 74 28 73 29 29 3b 6f 26 26 69 2e 63 6f 6e 66 69 67 75 72 65 28 6f 29 3b 72 65 74 75 72 6e 20 69 2e 72 65 71 75 69 72 65 28 65 2c 74 2c 72 29 7d 3b 72 65 71 2e 63 6f Data Ascii: nction(e,t,r,n){var i,o,s=defContextName;if(!isArray(e)&&"string"!=typeof e){o=e;if(isArray(t)){e=t;t=r;r=n}else e=[]}o&&o.context&&(s=o.context);i=(i=getOwn(contexts,s))\|\|(contexts[s]=req.s.newContext(s));o&&i.configure(o);return i.require(e,t,r)};req.co
2024-10-02 14:32:31 UTC	16384	IN	Data Raw: 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 20 3d 20 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 6d 6f 64 75 6c 65 73 46 61 6c 6c 65 64 42 61 63 6b 3b 0d 0a 20 20 20 20 20 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 70 75 73 68 28 6d 6f 64 75 6c 65 49 64 29 3b 0d 0a 20 20 20 20 20 20 69 66 20 28 21 66 61 69 6c 4f 76 65 72 53 74 61 74 65 2e 62 61 73 65 55 72 6c 46 61 69 6c 65 64 4f 76 65 72 20 26 26 20 66 61 69 6c 65 64 4d 6f 64 75 6c 65 73 2e 6c 65 6e 67 74 68 20 3e 3d 20 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 64 20 69 6e 20 70 61 74 68 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 74 65 6d 73 20 3d 20 70 61 74 68 73 5b 69 64 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 41 72 72 61 79 2e 69 73 41 72 Data Ascii: failedModules = failOverState.modulesFalledBack; failedModules.push(moduleId); if (!failOverState.baseUrlFailedOver && failedModules.length >= 2) { for (var id in paths) { var items = paths[id]; if (Array.isAr
2024-10-02 14:32:31 UTC	5445	IN	Data Raw: 73 69 6f 6e 56 61 6c 69 64 61 74 6f 72 45 76 61 6c 75 61 74 65 49 73 56 61 6c 69 64 22 3b 0d 0a 09 56 61 6c 69 64 61 74 65 54 4f 41 41 45 4d 61 69 6c 2e 76 61 6c 69 64 61 74 69 6f 6e 65 78 70 72 65 73 73 69 6f 6e 20 3d 20 22 5e 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 40 5b 5e 20 5c 5c 72 5c 5c 74 5c 5c 6e 5c 5c 66 40 5d 2b 24 22 3b 0d 0a 09 76 61 72 20 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 20 3f 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 22 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 22 5d 20 3a 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 49 6e 63 6f 72 72 65 63 74 54 4f 41 41 45 4d 61 69 6c 22 29 3b 0d 0a 09 49 6e 63 6f 72 72 65 63 74 54 Data Ascii: sionValidatorEvaluateIsValid";ValidateTOAAEMail.validationexpression = "^[^ \\r\\t\\n\\f@]+@[^ \\r\\t\\n\\f@]+$";var IncorrectTOAAEMail = document.all ? document.all["IncorrectTOAAEMail"] : document.getElementById("IncorrectTOAAEMail");IncorrectT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49719	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:32 UTC	800	OUT	GET /WebResource.axd?d=qQ-tsNsY4mzceTE_EyU_iyYmxhBmhJQ11sIHbeZBeYWZ920rM_8XSM8h6w0d7nZzAqphgK7kxnUp1T49uzhq7d6T_lBlQDlyYG01kIVRFXs1&t=638611486345608193 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:32 UTC	649	IN	HTTP/1.1 200 OK Cache-Control: public Content-Type: application/x-javascript Expires: Thu, 02 Oct 2025 11:15:50 GMT Last-Modified: Thu, 05 Sep 2024 22:57:14 GMT Server: Microsoft-IIS/10.0 X-NetworkStatistics: 0,525568,0,0,228,0,28310,25 X-AspNet-Version: 4.0.30319 SPRequestDuration: 8 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:32 GMT Connection: close Content-Length: 23063
2024-10-02 14:32:32 UTC	15735	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c Data Ascii: function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.val
2024-10-02 14:32:32 UTC	7328	IN	Data Raw: 20 20 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e Data Ascii: else { defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49722	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:32 UTC	865	OUT	GET /ScriptResource.axd?d=hJ44vuhbtoSZwKYpWYi2Os4fHRzb9eqVf-wdDuNmOlzwXf3aF3e-32cvUQ6qUscl1DefVS-9XQfsOH5bhkfGOW9rRadWFYNu7cBvGAXrUbhUh2e32G539sj0LZJzaXe4u09IYuWJMhNNxvvT-t99dvqbCwaUdbg47CJr44HW75Q1&t=ffffffffedc3492c HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:32 UTC	665	IN	HTTP/1.1 200 OK Cache-Control: public Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 02 Oct 2025 14:32:32 GMT Last-Modified: Wed, 02 Oct 2024 14:32:32 GMT Server: Microsoft-IIS/10.0 X-NetworkStatistics: 0,262656,0,0,460,0,24952,30 X-AspNet-Version: 4.0.30319 SPRequestDuration: 11 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:32 GMT Connection: close Content-Length: 26951
2024-10-02 14:32:32 UTC	15719	IN	Data Raw: 76 61 72 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 56 65 72 20 3d 20 22 31 32 35 22 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 73 56 61 6c 69 64 20 3d 20 74 72 75 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 42 6c 6f 63 6b 53 75 62 6d 69 74 20 3d 20 66 61 6c 73 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 6e 76 61 6c 69 64 43 6f 6e 74 72 6f 6c 54 6f 42 65 46 6f 63 75 73 65 64 20 3d 20 6e 75 6c 6c 3b 0d 0a 76 61 72 20 50 61 67 65 5f 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 66 69 6c 65 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d 62 65 72 7c 72 61 6e 67 65 7c 63 6f 6c 6f 72 7c 64 61 74 65 74 69 6d 65 7c 64 61 74 65 7c 6d 6f 6e 74 68 7c 77 65 65 6b 7c 74 69 6d 65 7c 64 61 74 65 74 69 6d 65 Data Ascii: var Page_ValidationVer = "125";var Page_IsValid = true;var Page_BlockSubmit = false;var Page_InvalidControlToBeFocused = null;var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime
2024-10-02 14:32:32 UTC	11232	IN	Data Raw: 61 6c 69 64 61 74 6f 72 47 65 74 56 61 6c 75 65 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 76 61 6c 69 64 61 74 65 29 3b 0d 0a 20 20 20 20 69 66 20 28 56 61 6c 69 64 61 74 6f 72 54 72 69 6d 28 76 61 6c 75 65 29 2e 6c 65 6e 67 74 68 20 3d 3d 20 30 29 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 76 61 72 20 63 6f 6d 70 61 72 65 54 6f 20 3d 20 22 22 3b 0d 0a 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 20 21 3d 20 22 73 74 72 69 6e 67 22 29 20 7c 7c 0d 0a 20 20 20 20 20 20 20 20 28 74 79 70 65 6f 66 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 29 20 3d 3d 20 22 75 Data Ascii: alidatorGetValue(val.controltovalidate); if (ValidatorTrim(value).length == 0) return true; var compareTo = ""; if ((typeof(val.controltocompare) != "string") \|\| (typeof(document.getElementById(val.controltocompare)) == "u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49721	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:32 UTC	878	OUT	GET /ScriptResource.axd?d=wmWRPBwCSCbXmH9wx4hANJPbt_WhqygGvO6NcEWl1oVpupqRi-ao3qQ3zmmEjMzOSNXEl_4NRPQKYeJ-beiVZKSI09JHBSVwjy8PMxTiiYnHsZJVp_eFqIAV0ipY5vU8HRJVFTUF072VuSPGT5fEb2bv8rIy2pQ1WMrY-t1l707a0mPuaNnzpPBWOhmeqRkT0&t=7a0cc936 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:32 UTC	666	IN	HTTP/1.1 200 OK Cache-Control: public Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 02 Oct 2025 14:32:32 GMT Last-Modified: Wed, 02 Oct 2024 14:32:32 GMT Server: Microsoft-IIS/10.0 X-NetworkStatistics: 0,262656,0,0,460,0,24952,31 X-AspNet-Version: 4.0.30319 SPRequestDuration: 14 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:31 GMT Connection: close Content-Length: 102801
2024-10-02 14:32:32 UTC	15718	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 2e 6a 73 0d 0a 46 75 6e 63 74 69 6f 6e 2e 5f 5f 74 79 70 65 4e 61 6d 65 3d 22 46 75 6e 63 74 69 6f 6e 22 3b 46 75 6e 63 74 69 6f 6e 2e 5f 5f 63 6c 61 73 73 3d Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjax.jsFunction.__typeName="Function";Function.__class=
2024-10-02 14:32:32 UTC	16384	IN	Data Raw: 6c 45 76 65 6e 74 41 72 67 73 22 2c 53 79 73 2e 45 76 65 6e 74 41 72 67 73 29 3b 54 79 70 65 2e 72 65 67 69 73 74 65 72 4e 61 6d 65 73 70 61 63 65 28 22 53 79 73 2e 55 49 22 29 3b 53 79 73 2e 5f 44 65 62 75 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 53 79 73 2e 5f 44 65 62 75 67 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 5f 61 70 70 65 6e 64 43 6f 6e 73 6f 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 44 65 62 75 67 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 29 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 61 29 3b Data Ascii: lEventArgs",Sys.EventArgs);Type.registerNamespace("Sys.UI");Sys._Debug=function(){};Sys._Debug.prototype={_appendConsole:function(a){if(typeof Debug!=="undefined"&&Debug.writeln)Debug.writeln(a);if(window.console&&window.console.log)window.console.log(a);
2024-10-02 14:32:32 UTC	16384	IN	Data Raw: 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 61 29 7b 69 66 28 61 3c 31 30 29 72 65 74 75 72 6e 20 22 30 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 29 72 65 74 75 72 6e 20 22 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 30 29 72 65 74 75 72 6e 20 22 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 76 61 72 20 68 2c 70 2c 74 3d 2f 28 5b 5e 64 5d 7c 5e 29 28 64 7c 64 64 29 28 5b 5e 64 5d 7c 24 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 69 66 28 68 7c 7c 70 29 72 65 74 75 72 6e 20 68 3b 68 3d 74 2e 74 65 73 74 28 65 29 3b 70 3d 74 72 75 65 3b 72 65 74 75 72 6e 20 68 7d 76 61 72 20 71 3d 30 2c 6f 3d 44 61 74 65 2e 5f 67 65 74 54 6f 6b 65 Data Ascii: 0"+a;return a.toString()}function v(a){if(a<10)return "000"+a;else if(a<100)return "00"+a;else if(a<1000)return "0"+a;return a.toString()}var h,p,t=/([^d]\|^)(d\|dd)([^d]\|$)/g;function s(){if(h\|\|p)return h;h=t.test(e);p=true;return h}var q=0,o=Date._getToke
2024-10-02 14:32:32 UTC	16384	IN	Data Raw: 69 66 28 61 2e 69 6e 64 65 78 4f 66 28 62 29 21 3d 3d 2d 31 29 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 4f 70 65 72 61 7c 7c 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 46 69 72 65 46 6f 78 29 61 3d 61 2e 73 70 6c 69 74 28 62 29 2e 6a 6f 69 6e 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 65 73 63 61 70 65 43 68 61 72 73 5b 62 5d 29 3b 65 6c 73 65 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 63 68 61 72 73 54 6f 45 73 63 61 70 65 52 65 67 45 78 73 5b 62 Data Ascii: if(a.indexOf(b)!==-1)if(Sys.Browser.agent===Sys.Browser.Opera\|\|Sys.Browser.agent===Sys.Browser.FireFox)a=a.split(b).join(Sys.Serialization.JavaScriptSerializer._escapeChars[b]);else a=a.replace(Sys.Serialization.JavaScriptSerializer._charsToEscapeRegExs[b
2024-10-02 14:32:32 UTC	16384	IN	Data Raw: 69 73 70 6c 61 79 4d 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 29 7b 76 61 72 20 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 7c 7c 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 5f 67 65 74 43 75 72 72 65 6e 74 53 74 79 6c 65 28 61 29 3b 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 62 3f 62 2e 64 69 73 70 6c 61 79 3a 6e 75 6c 6c 3b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 7c 7c 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 3d 3d 22 6e 6f 6e 65 22 29 73 77 69 74 63 68 28 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 63 61 73 65 20 22 44 49 56 22 3a 63 61 73 65 20 22 50 22 3a 63 61 73 65 20 22 41 44 44 52 45 53 Data Ascii: isplayMode=function(a){if(!a._oldDisplayMode){var b=a.currentStyle\|\|Sys.UI.DomElement._getCurrentStyle(a);a._oldDisplayMode=b?b.display:null;if(!a._oldDisplayMode\|\|a._oldDisplayMode==="none")switch(a.tagName.toUpperCase()){case "DIV":case "P":case "ADDRES
2024-10-02 14:32:32 UTC	16384	IN	Data Raw: 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 74 68 69 73 2e 5f 65 6e 61 62 6c 65 48 69 73 74 6f 72 79 29 7b 61 3d 61 7c 7c 22 22 3b 69 66 28 61 21 3d 3d 74 68 69 73 2e 5f 63 75 72 72 65 6e 74 45 6e 74 72 79 29 7b 69 66 28 77 69 6e 64 6f 77 2e 74 68 65 46 6f 72 6d 29 7b 76 61 72 20 64 3d 77 69 6e 64 6f 77 2e 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 2c 65 3d 64 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 77 69 6e 64 6f 77 2e 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 3d 28 65 21 3d 3d 2d 31 3f 64 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 65 29 3a 64 29 2b 22 23 22 2b 61 7d 69 66 28 74 68 69 73 2e 5f 68 69 73 74 6f 72 79 46 72 61 6d 65 26 26 74 68 69 73 2e 5f 68 69 73 74 6f 72 79 50 6f 69 6e 74 49 73 4e 65 77 29 7b 76 61 72 20 66 3d 64 6f 63 75 Data Ascii: ate=function(a,b){if(this._enableHistory){a=a\|\|"";if(a!==this._currentEntry){if(window.theForm){var d=window.theForm.action,e=d.indexOf("#");window.theForm.action=(e!==-1?d.substring(0,e):d)+"#"+a}if(this._historyFrame&&this._historyPointIsNew){var f=docu
2024-10-02 14:32:32 UTC	5163	IN	Data Raw: 6f 6e 20 78 28 64 29 7b 69 66 28 64 2e 67 65 74 5f 72 65 73 70 6f 6e 73 65 41 76 61 69 6c 61 62 6c 65 28 29 29 7b 76 61 72 20 66 3d 64 2e 67 65 74 5f 73 74 61 74 75 73 43 6f 64 65 28 29 2c 63 3d 6e 75 6c 6c 3b 74 72 79 7b 76 61 72 20 65 3d 64 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 29 3b 69 66 28 65 2e 73 74 61 72 74 73 57 69 74 68 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 29 63 3d 64 2e 67 65 74 5f 6f 62 6a 65 63 74 28 29 3b 65 6c 73 65 20 69 66 28 65 2e 73 74 61 72 74 73 57 69 74 68 28 22 74 65 78 74 2f 78 6d 6c 22 29 29 63 3d 64 2e 67 65 74 5f 78 6d 6c 28 29 3b 65 6c 73 65 20 63 3d 64 2e 67 65 74 5f 72 65 73 70 6f 6e 73 65 44 61 74 61 28 29 7d 63 61 74 63 68 28 6d 29 7b 7d 76 Data Ascii: on x(d){if(d.get_responseAvailable()){var f=d.get_statusCode(),c=null;try{var e=d.getResponseHeader("Content-Type");if(e.startsWith("application/json"))c=d.get_object();else if(e.startsWith("text/xml"))c=d.get_xml();else c=d.get_responseData()}catch(m){}v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49723	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:32 UTC	878	OUT	GET /ScriptResource.axd?d=lLkI1JciGSXohcyoCrHUL3KfmlB_NcNkFjN62kxsxtXMxSbjKr_j5kBv1T1i38u6XGY9_Y1SXRtoAKy30iH7CXRXn0S3wcbALrMmHk9jxHGIr1SgGSD9-FBF30Ac-Mc0eHrWx2GQ88ktj6J1daJm6jTP0F4BiFJWWFBOg_UTCdqCw2iYHuVvlza9HVLVDZHS0&t=7a0cc936 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:32 UTC	662	IN	HTTP/1.1 200 OK Cache-Control: public Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 02 Oct 2025 12:31:17 GMT Last-Modified: Wed, 02 Oct 2024 12:31:17 GMT Server: Microsoft-IIS/10.0 X-NetworkStatistics: 0,262656,0,0,33,0,20837,2 X-AspNet-Version: 4.0.30319 SPRequestDuration: 7 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:32 GMT Connection: close Content-Length: 40326
2024-10-02 14:32:32 UTC	15722	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f 72 6d 73 2e 6a 73 0d 0a 54 79 70 65 2e 5f 72 65 67 69 73 74 65 72 53 63 72 69 70 74 28 22 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjaxWebForms.jsType._registerScript("MicrosoftAjaxWebFo
2024-10-02 14:32:32 UTC	16384	IN	Data Raw: 64 3d 50 61 67 65 5f 43 6c 69 65 6e 74 56 61 6c 69 64 61 74 65 28 61 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 29 3b 69 66 28 64 29 7b 69 66 28 74 79 70 65 6f 66 20 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 6e 75 6c 6c 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 2e 6c 65 6e 67 74 68 3e 30 29 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 3d 61 2e 61 63 74 69 6f 6e 55 72 6c 3b 69 66 28 61 2e 74 72 61 63 6b 46 6f 63 75 73 29 7b 76 61 72 20 63 3d 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 5b 22 5f 5f 4c 41 53 54 46 4f 43 55 53 22 5d 3b 69 66 28 74 79 70 65 6f 66 20 63 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 63 21 3d 6e 75 6c 6c 29 69 66 28 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 Data Ascii: d=Page_ClientValidate(a.validationGroup);if(d){if(typeof a.actionUrl!="undefined"&&a.actionUrl!=null&&a.actionUrl.length>0)theForm.action=a.actionUrl;if(a.trackFocus){var c=theForm.elements["__LASTFOCUS"];if(typeof c!="undefined"&&c!=null)if(typeof docume
2024-10-02 14:32:32 UTC	8220	IN	Data Raw: 74 68 69 73 2e 5f 73 63 72 69 70 74 44 69 73 70 6f 73 65 73 5b 61 5d 2c 62 29 7d 2c 5f 73 63 72 69 70 74 49 6e 63 6c 75 64 65 73 4c 6f 61 64 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 62 29 7b 69 66 28 62 2e 65 78 65 63 75 74 6f 72 2e 67 65 74 5f 77 65 62 52 65 71 75 65 73 74 28 29 21 3d 3d 74 68 69 73 2e 5f 72 65 71 75 65 73 74 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 43 6f 6e 74 72 6f 6c 73 28 62 2e 75 70 64 61 74 65 50 61 6e 65 6c 44 61 74 61 2c 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 3f 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 2e 63 6f 6e 74 65 6e 74 3a 6e 75 6c 6c 29 3b 69 66 28 62 2e 66 6f 72 6d 41 63 74 69 6f 6e 4e 6f 64 65 29 74 68 69 73 Data Ascii: this._scriptDisposes[a],b)},_scriptIncludesLoadComplete:function(e,b){if(b.executor.get_webRequest()!==this._request)return;this._commitControls(b.updatePanelData,b.asyncPostBackTimeoutNode?b.asyncPostBackTimeoutNode.content:null);if(b.formActionNode)this

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49724	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:32 UTC	750	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:32 UTC	622	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Type: image/png Last-Modified: Thu, 26 Sep 2024 03:07:44 GMT Accept-Ranges: bytes ETag: "3581b141c1fdb1:0" Server: Microsoft-IIS/10.0 X-NetworkStatistics: 0,262656,0,0,453,0,24952,29 SPRequestDuration: 6 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:32 GMT Connection: close Content-Length: 3331
2024-10-02 14:32:32 UTC	3331	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 14:32:32 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=94398 Date: Wed, 02 Oct 2024 14:32:32 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49728	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 14:32:33 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=94341 Date: Wed, 02 Oct 2024 14:32:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-02 14:32:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49730	52.104.49.55	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:34 UTC	750	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ouakninelegal-my.sharepoint.com/:o:/g/personal/elisabeth_ouakninelegal_ca/EmqBVPVvWZJPmAegR7MbWQoBK84JXk9jPvROW6zOsaUoTw?e=5%3ajmYUjO&at=9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:34 UTC	685	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Type: image/x-icon Last-Modified: Sat, 21 Sep 2024 03:10:56 GMT Accept-Ranges: bytes ETag: "4e3128e0d3bdb1:0" Server: Microsoft-IIS/10.0 X-NetworkStatistics: 4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295 SPRequestDuration: 8 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Date: Wed, 02 Oct 2024 14:32:33 GMT Connection: close Content-Length: 7886
2024-10-02 14:32:34 UTC	7886	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49734	13.107.136.10	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:34 UTC	392	OUT	GET /_layouts/15/images/microsoft-logo.png HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:34 UTC	737	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 3331 Content-Type: image/png Last-Modified: Sat, 21 Sep 2024 03:10:32 GMT Accept-Ranges: bytes ETag: "e7f016d2d3bdb1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,16775936,74,128,10759118,0,9712387,29 SPRequestDuration: 7 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 64C63C0C3825472BAADAEBC0CF7B1905 Ref B: EWR311000101027 Ref C: 2024-10-02T14:32:34Z Date: Wed, 02 Oct 2024 14:32:33 GMT Connection: close
2024-10-02 14:32:34 UTC	3331	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e2 00 00 00 30 08 06 00 00 00 0c e6 a6 f3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0c bd 49 44 41 54 78 01 ed 9c 3d 77 1b b9 15 86 47 b6 7a d3 bf c0 4c ca 34 66 4e d2 6b 5c 64 53 9a ee b3 c7 a3 5f 60 fa ab 8d a8 da 1f d2 fe 02 8f 72 d2 9b ee b2 95 c9 7e cf 46 aa dc 65 a9 5f b0 52 5a 7f 30 cf 4b 03 5c 0c 06 43 42 12 87 de 8d 31 e7 8c 81 7b 71 71 2f e6 05 5e 7c 0c 47 de fa 6f ff f7 b3 ac 85 0b a7 3f de 18 fd e7 4f 72 fd f7 ef b3 1f b6 b6 b2 79 7e dd a1 f6 ff 92 5d cb b6 b2 56 9e 61 dd 6d 4d fe 12 02 4d 08 5c 6b 2a 48 fa 84 40 42 60 73 08 24 22 6e 0e eb 14 29 21 d0 88 40 22 62 23 34 a9 20 21 b0 39 04 12 11 37 87 75 8a 94 10 68 44 20 11 b1 11 9a 54 90 10 d8 1c 02 89 88 9b c3 3a 45 4a 08 34 22 b0 dd Data Ascii: PNGIHDR0sRGBIDATx=wGzL4fNk\dS_`r~Fe_RZ0K\CB1{qq/^\|Go?Ory~]VamMM\k*H@B`s$"n)!@"b#4 !97uhD T:EJ4"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49735	13.107.136.10	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:34 UTC	502	OUT	GET /WebResource.axd?d=qQ-tsNsY4mzceTE_EyU_iyYmxhBmhJQ11sIHbeZBeYWZ920rM_8XSM8h6w0d7nZzAqphgK7kxnUp1T49uzhq7d6T_lBlQDlyYG01kIVRFXs1&t=638611486345608193 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:34 UTC	755	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 23063 Content-Type: application/x-javascript Expires: Thu, 02 Oct 2025 13:52:37 GMT Last-Modified: Sat, 10 Aug 2024 17:36:24 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,23,1805,0,161849,29 X-AspNet-Version: 4.0.30319 SPRequestDuration: 7 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 7B1F78BCAA504C84997C121FD22F8FAB Ref B: EWR311000104047 Ref C: 2024-10-02T14:32:34Z Date: Wed, 02 Oct 2024 14:32:33 GMT Connection: close
2024-10-02 14:32:34 UTC	9	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 Data Ascii: function
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 57 65 62 46 6f 72 6d 5f 50 6f 73 74 42 61 63 6b 4f 70 74 69 6f 6e 73 28 65 76 65 6e 74 54 61 72 67 65 74 2c 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 2c 20 76 61 6c 69 64 61 74 69 6f 6e 2c 20 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 2c 20 61 63 74 69 6f 6e 55 72 6c 2c 20 74 72 61 63 6b 46 6f 63 75 73 2c 20 63 6c 69 65 6e 74 53 75 62 6d 69 74 29 20 7b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 54 61 72 67 65 74 20 3d 20 65 76 65 6e 74 54 61 72 67 65 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 20 3d 20 65 76 65 6e 74 41 72 67 75 6d 65 6e 74 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 20 3d 20 76 61 6c 69 64 61 74 69 6f 6e 3b 0d 0a 20 20 20 20 74 68 69 73 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 Data Ascii: WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) { this.eventTarget = eventTarget; this.eventArgument = eventArgument; this.validation = validation; this.validationGr
2024-10-02 14:32:34 UTC	7550	IN	Data Raw: 6c 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 52 65 71 75 65 73 74 46 72 61 6d 65 2e 64 6f 63 75 6d 65 6e 74 2e 66 6f 72 6d 73 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 61 6c 6c 62 61 63 6b 56 61 6c 69 64 61 74 69 6f 6e 46 69 65 6c 64 45 6c 65 6d 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 61 6c 6c 62 61 63 6b 49 6e 64 65 78 46 69 65 6c 64 45 6c 65 6d 65 6e 74 20 3d 20 78 6d 6c 52 65 71 75 65 73 74 46 72 61 6d 65 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 49 4e 50 55 54 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 63 6b 49 6e 64 65 78 46 69 65 6c 64 45 6c 65 6d 65 6e 74 2e 74 79 70 65 20 3d Data Ascii: lue; xmlRequestFrame.document.forms[0].appendChild(callbackValidationFieldElement); } var callbackIndexFieldElement = xmlRequestFrame.document.createElement("INPUT"); callbackIndexFieldElement.type =
2024-10-02 14:32:34 UTC	7312	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 5b 74 61 72 67 65 74 5d 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 57 65 62 46 6f 72 6d 5f 53 69 6d 75 6c 61 74 65 43 6c 69 63 6b 28 64 65 66 61 75 6c 74 42 75 74 74 6f 6e 2c 20 65 76 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 57 65 62 46 6f 72 6d 5f 47 65 74 53 63 72 6f 6c 6c 58 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 5f 5f 6e 6f 6e 4d 53 44 4f 4d 42 72 6f 77 73 65 72 29 20 Data Ascii: defaultButton = document.all[target]; } if (defaultButton) { return WebForm_SimulateClick(defaultButton, event); } } return true;}function WebForm_GetScrollX() { if (__nonMSDOMBrowser)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49737	13.107.136.10	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:34 UTC	580	OUT	GET /ScriptResource.axd?d=wmWRPBwCSCbXmH9wx4hANJPbt_WhqygGvO6NcEWl1oVpupqRi-ao3qQ3zmmEjMzOSNXEl_4NRPQKYeJ-beiVZKSI09JHBSVwjy8PMxTiiYnHsZJVp_eFqIAV0ipY5vU8HRJVFTUF072VuSPGT5fEb2bv8rIy2pQ1WMrY-t1l707a0mPuaNnzpPBWOhmeqRkT0&t=7a0cc936 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:34 UTC	788	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 102801 Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 02 Oct 2025 14:32:34 GMT Last-Modified: Wed, 02 Oct 2024 14:32:34 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,8409600,8055,386,11388062,8409600,8409600,24 X-AspNet-Version: 4.0.30319 SPRequestDuration: 11 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 90AB234BA43444EAAFF95C3777048645 Ref B: EWR311000101047 Ref C: 2024-10-02T14:32:34Z Date: Wed, 02 Oct 2024 14:32:33 GMT Connection: close
2024-10-02 14:32:34 UTC	3382	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 2e 6a 73 0d 0a 46 75 6e 63 74 69 6f 6e 2e 5f 5f 74 79 70 65 4e 61 6d 65 3d 22 46 75 6e 63 74 69 6f 6e 22 3b 46 75 6e 63 74 69 6f 6e 2e 5f 5f 63 6c 61 73 73 3d Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjax.jsFunction.__typeName="Function";Function.__class=
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 61 72 61 6d 4e 61 6d 65 2c 61 29 3b 76 61 72 20 64 3d 45 72 72 6f 72 2e 63 72 65 61 74 65 28 62 2c 7b 6e 61 6d 65 3a 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4e 75 6c 6c 45 78 63 65 70 74 69 6f 6e 22 2c 70 61 72 61 6d 4e 61 6d 65 3a 61 7d 29 3b 64 2e 70 6f 70 53 74 61 63 6b 46 72 61 6d 65 28 29 3b 72 65 74 75 72 6e 20 64 7d 3b 45 72 72 6f 72 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 61 2c 64 29 7b 76 61 72 20 62 3d 22 53 79 73 2e 41 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 45 78 63 65 70 74 69 6f 6e 3a 20 22 2b 28 64 3f 64 3a 53 79 73 2e 52 65 73 2e 61 72 67 75 6d 65 6e 74 4f 75 74 4f 66 52 61 6e 67 65 29 3b 69 66 28 63 29 62 2b 3d 22 5c 6e 22 2b 53 74 72 69 6e 67 2e 66 6f 72 6d 61 74 28 53 79 73 Data Ascii: aramName,a);var d=Error.create(b,{name:"Sys.ArgumentNullException",paramName:a});d.popStackFrame();return d};Error.argumentOutOfRange=function(c,a,d){var b="Sys.ArgumentOutOfRangeException: "+(d?d:Sys.Res.argumentOutOfRange);if(c)b+="\n"+String.format(Sys
2024-10-02 14:32:34 UTC	4144	IN	Data Raw: 68 65 72 69 74 73 46 72 6f 6d 28 63 29 7c 7c 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 26 26 61 2e 69 6d 70 6c 65 6d 65 6e 74 73 49 6e 74 65 72 66 61 63 65 28 63 29 7d 3b 53 79 73 2e 5f 67 65 74 42 61 73 65 4d 65 74 68 6f 64 3d 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 63 29 7b 76 61 72 20 62 3d 64 2e 67 65 74 42 61 73 65 54 79 70 65 28 29 3b 69 66 28 62 29 7b 76 61 72 20 61 3d 62 2e 70 72 6f 74 6f 74 79 70 65 5b 63 5d 3b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 61 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 53 79 73 2e 5f 69 73 44 6f 6d 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 66 61 6c 73 65 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6e 6f 64 65 Data Ascii: heritsFrom(c)\|\|a.implementsInterface&&a.implementsInterface(c)};Sys._getBaseMethod=function(d,e,c){var b=d.getBaseType();if(b){var a=b.prototype[c];return a instanceof Function?a:null}return null};Sys._isDomElement=function(a){var c=false;if(typeof a.node
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 6c 45 76 65 6e 74 41 72 67 73 22 2c 53 79 73 2e 45 76 65 6e 74 41 72 67 73 29 3b 54 79 70 65 2e 72 65 67 69 73 74 65 72 4e 61 6d 65 73 70 61 63 65 28 22 53 79 73 2e 55 49 22 29 3b 53 79 73 2e 5f 44 65 62 75 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 53 79 73 2e 5f 44 65 62 75 67 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 5f 61 70 70 65 6e 64 43 6f 6e 73 6f 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 44 65 62 75 67 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 29 44 65 62 75 67 2e 77 72 69 74 65 6c 6e 28 61 29 3b 69 66 28 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 61 29 3b Data Ascii: lEventArgs",Sys.EventArgs);Type.registerNamespace("Sys.UI");Sys._Debug=function(){};Sys._Debug.prototype={_appendConsole:function(a){if(typeof Debug!=="undefined"&&Debug.writeln)Debug.writeln(a);if(window.console&&window.console.log)window.console.log(a);
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 64 41 63 74 69 6f 6e 2e 72 65 6d 6f 76 65 2c 6e 75 6c 6c 2c 2d 31 2c 5b 62 5d 2c 63 29 29 3b 72 65 74 75 72 6e 20 74 72 75 65 7d 72 65 74 75 72 6e 20 66 61 6c 73 65 7d 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 72 65 6d 6f 76 65 41 74 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 61 29 7b 69 66 28 61 3e 2d 31 26 26 61 3c 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 63 3d 62 5b 61 5d 3b 41 72 72 61 79 2e 72 65 6d 6f 76 65 41 74 28 62 2c 61 29 3b 53 79 73 2e 4f 62 73 65 72 76 65 72 2e 5f 63 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 62 2c 6e 65 77 20 53 79 73 2e 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 28 53 79 73 2e 4e 6f 74 69 66 79 43 6f 6c 6c 65 63 74 69 6f 6e 43 68 61 6e 67 65 64 41 63 74 69 6f 6e 2e 72 65 6d 6f 76 65 2c 6e 75 6c 6c 2c 2d 31 2c 5b 63 5d Data Ascii: dAction.remove,null,-1,[b],c));return true}return false};Sys.Observer.removeAt=function(b,a){if(a>-1&&a<b.length){var c=b[a];Array.removeAt(b,a);Sys.Observer._collectionChange(b,new Sys.CollectionChange(Sys.NotifyCollectionChangedAction.remove,null,-1,[c]
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 61 29 7b 69 66 28 61 3c 31 30 29 72 65 74 75 72 6e 20 22 30 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 29 72 65 74 75 72 6e 20 22 30 30 22 2b 61 3b 65 6c 73 65 20 69 66 28 61 3c 31 30 30 30 29 72 65 74 75 72 6e 20 22 30 22 2b 61 3b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 76 61 72 20 68 2c 70 2c 74 3d 2f 28 5b 5e 64 5d 7c 5e 29 28 64 7c 64 64 29 28 5b 5e 64 5d 7c 24 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 69 66 28 68 7c 7c 70 29 72 65 74 75 72 6e 20 68 3b 68 3d 74 2e 74 65 73 74 28 65 29 3b 70 3d 74 72 75 65 3b 72 65 74 75 72 6e 20 68 7d 76 61 72 20 71 3d 30 2c 6f 3d 44 61 74 65 2e 5f 67 65 74 54 6f 6b 65 Data Ascii: 0"+a;return a.toString()}function v(a){if(a<10)return "000"+a;else if(a<100)return "00"+a;else if(a<1000)return "0"+a;return a.toString()}var h,p,t=/([^d]\|^)(d\|dd)([^d]\|$)/g;function s(){if(h\|\|p)return h;h=t.test(e);p=true;return h}var q=0,o=Date._getToke
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 29 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 41 72 72 61 79 28 74 68 69 73 2e 64 61 74 65 54 69 6d 65 46 6f 72 6d 61 74 2e 41 62 62 72 65 76 69 61 74 65 64 44 61 79 4e 61 6d 65 73 29 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 2e 5f 75 70 70 65 72 41 62 62 72 44 61 79 73 2c 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 61 29 29 7d 2c 5f 74 6f 55 70 70 65 72 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 62 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 61 3d 30 2c 64 3d 63 2e 6c 65 6e 67 74 68 3b 61 3c 64 3b 61 2b 2b 29 62 5b 61 5d 3d 74 68 69 73 2e 5f 74 6f 55 70 70 65 72 28 63 5b 61 5d 29 3b 72 65 74 75 72 6e 20 62 7d Data Ascii: _upperAbbrDays)this._upperAbbrDays=this._toUpperArray(this.dateTimeFormat.AbbreviatedDayNames);return Array.indexOf(this._upperAbbrDays,this._toUpper(a))},_toUpperArray:function(c){var b=[];for(var a=0,d=c.length;a<d;a++)b[a]=this._toUpper(c[a]);return b}
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 69 66 28 61 2e 69 6e 64 65 78 4f 66 28 62 29 21 3d 3d 2d 31 29 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 4f 70 65 72 61 7c 7c 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 46 69 72 65 46 6f 78 29 61 3d 61 2e 73 70 6c 69 74 28 62 29 2e 6a 6f 69 6e 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 65 73 63 61 70 65 43 68 61 72 73 5b 62 5d 29 3b 65 6c 73 65 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 53 79 73 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2e 4a 61 76 61 53 63 72 69 70 74 53 65 72 69 61 6c 69 7a 65 72 2e 5f 63 68 61 72 73 54 6f 45 73 63 61 70 65 52 65 67 45 78 73 5b 62 Data Ascii: if(a.indexOf(b)!==-1)if(Sys.Browser.agent===Sys.Browser.Opera\|\|Sys.Browser.agent===Sys.Browser.FireFox)a=a.split(b).join(Sys.Serialization.JavaScriptSerializer._escapeChars[b]);else a=a.replace(Sys.Serialization.JavaScriptSerializer._charsToEscapeRegExs[b
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 72 74 73 57 69 74 68 28 22 6b 65 79 22 29 29 69 66 28 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 58 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 74 79 70 65 6f 66 20 61 2e 6f 66 66 73 65 74 59 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 74 68 69 73 2e 6f 66 66 73 65 74 58 3d 61 2e 6f 66 66 73 65 74 58 3b 74 68 69 73 2e 6f 66 66 73 65 74 59 3d 61 2e 6f 66 66 73 65 74 59 7d 65 6c 73 65 20 69 66 28 74 68 69 73 2e 74 61 72 67 65 74 26 26 74 68 69 73 2e 74 61 72 67 65 74 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 33 26 26 74 79 70 65 6f 66 20 61 2e 63 6c 69 65 6e 74 58 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 76 61 72 20 63 3d 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 67 65 74 4c 6f 63 61 74 69 6f 6e 28 74 68 69 73 2e 74 61 72 67 65 74 29 2c 64 3d Data Ascii: rtsWith("key"))if(typeof a.offsetX!=="undefined"&&typeof a.offsetY!=="undefined"){this.offsetX=a.offsetX;this.offsetY=a.offsetY}else if(this.target&&this.target.nodeType!==3&&typeof a.clientX==="number"){var c=Sys.UI.DomElement.getLocation(this.target),d=
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 69 73 70 6c 61 79 4d 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 29 7b 76 61 72 20 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 7c 7c 53 79 73 2e 55 49 2e 44 6f 6d 45 6c 65 6d 65 6e 74 2e 5f 67 65 74 43 75 72 72 65 6e 74 53 74 79 6c 65 28 61 29 3b 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 62 3f 62 2e 64 69 73 70 6c 61 79 3a 6e 75 6c 6c 3b 69 66 28 21 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 7c 7c 61 2e 5f 6f 6c 64 44 69 73 70 6c 61 79 4d 6f 64 65 3d 3d 3d 22 6e 6f 6e 65 22 29 73 77 69 74 63 68 28 61 2e 74 61 67 4e 61 6d 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 63 61 73 65 20 22 44 49 56 22 3a 63 61 73 65 20 22 50 22 3a 63 61 73 65 20 22 41 44 44 52 45 53 Data Ascii: isplayMode=function(a){if(!a._oldDisplayMode){var b=a.currentStyle\|\|Sys.UI.DomElement._getCurrentStyle(a);a._oldDisplayMode=b?b.display:null;if(!a._oldDisplayMode\|\|a._oldDisplayMode==="none")switch(a.tagName.toUpperCase()){case "DIV":case "P":case "ADDRES

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49738	13.107.136.10	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:34 UTC	580	OUT	GET /ScriptResource.axd?d=lLkI1JciGSXohcyoCrHUL3KfmlB_NcNkFjN62kxsxtXMxSbjKr_j5kBv1T1i38u6XGY9_Y1SXRtoAKy30iH7CXRXn0S3wcbALrMmHk9jxHGIr1SgGSD9-FBF30Ac-Mc0eHrWx2GQ88ktj6J1daJm6jTP0F4BiFJWWFBOg_UTCdqCw2iYHuVvlza9HVLVDZHS0&t=7a0cc936 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:34 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 40326 Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 02 Oct 2025 14:32:34 GMT Last-Modified: Wed, 02 Oct 2024 14:32:34 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,4204800,32,143,6428030,0,2943229,24 X-AspNet-Version: 4.0.30319 SPRequestDuration: 9 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 18E1B3F31BC24C8A9761A8D158E75FFE Ref B: EWR311000107037 Ref C: 2024-10-02T14:32:34Z Date: Wed, 02 Oct 2024 14:32:33 GMT Connection: close
2024-10-02 14:32:34 UTC	2687	IN	Data Raw: 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 2f 2f 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f 72 6d 73 2e 6a 73 0d 0a 54 79 70 65 2e 5f 72 65 67 69 73 74 65 72 53 63 72 69 70 74 28 22 4d 69 63 72 6f 73 6f 66 74 41 6a 61 78 57 65 62 46 6f Data Ascii: //----------------------------------------------------------// Copyright (C) Microsoft Corporation. All rights reserved.//----------------------------------------------------------// MicrosoftAjaxWebForms.jsType._registerScript("MicrosoftAjaxWebFo
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 61 64 69 6e 67 45 76 65 6e 74 41 72 67 73 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 61 2c 63 29 7b 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 50 61 67 65 4c 6f 61 64 69 6e 67 45 76 65 6e 74 41 72 67 73 2e 69 6e 69 74 69 61 6c 69 7a 65 42 61 73 65 28 74 68 69 73 29 3b 74 68 69 73 2e 5f 70 61 6e 65 6c 73 55 70 64 61 74 69 6e 67 3d 62 3b 74 68 69 73 2e 5f 70 61 6e 65 6c 73 44 65 6c 65 74 69 6e 67 3d 61 3b 74 68 69 73 2e 5f 64 61 74 61 49 74 65 6d 73 3d 63 7c 7c 7b 7d 7d 3b 53 79 73 2e 57 65 62 46 6f 72 6d 73 2e 50 61 67 65 4c 6f 61 64 69 6e 67 45 76 65 6e 74 41 72 67 73 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 67 65 74 5f 64 61 74 61 49 74 65 6d 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 64 61 74 61 49 74 65 6d 73 7d 2c 67 65 74 5f 70 61 Data Ascii: adingEventArgs=function(b,a,c){Sys.WebForms.PageLoadingEventArgs.initializeBase(this);this._panelsUpdating=b;this._panelsDeleting=a;this._dataItems=c\|\|{}};Sys.WebForms.PageLoadingEventArgs.prototype={get_dataItems:function(){return this._dataItems},get_pa
2024-10-02 14:32:34 UTC	4850	IN	Data Raw: 75 6e 64 65 66 69 6e 65 64 22 26 26 62 21 3d 3d 6e 75 6c 6c 29 74 68 69 73 2e 5f 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 3d 62 2a 31 30 30 30 7d 2c 5f 63 72 65 61 74 65 48 69 64 64 65 6e 46 69 65 6c 64 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 62 2c 61 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 63 29 3b 69 66 28 61 29 69 66 28 21 61 2e 5f 69 73 43 6f 6e 74 61 69 6e 65 64 29 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 61 29 3b 65 6c 73 65 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 69 66 28 21 62 29 7b 62 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 70 61 6e 22 29 3b 62 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 Data Ascii: undefined"&&b!==null)this._asyncPostBackTimeout=b*1000},_createHiddenField:function(c,d){var b,a=document.getElementById(c);if(a)if(!a._isContained)a.parentNode.removeChild(a);else b=a.parentNode;if(!b){b=document.createElement("span");b.style.cssText="di
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 43 6c 69 65 6e 74 56 61 6c 69 64 61 74 65 28 61 2e 76 61 6c 69 64 61 74 69 6f 6e 47 72 6f 75 70 29 3b 69 66 28 64 29 7b 69 66 28 74 79 70 65 6f 66 20 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 21 3d 6e 75 6c 6c 26 26 61 2e 61 63 74 69 6f 6e 55 72 6c 2e 6c 65 6e 67 74 68 3e 30 29 74 68 65 46 6f 72 6d 2e 61 63 74 69 6f 6e 3d 61 2e 61 63 74 69 6f 6e 55 72 6c 3b 69 66 28 61 2e 74 72 61 63 6b 46 6f 63 75 73 29 7b 76 61 72 20 63 3d 74 68 65 46 6f 72 6d 2e 65 6c 65 6d 65 6e 74 73 5b 22 5f 5f 4c 41 53 54 46 4f 43 55 53 22 5d 3b 69 66 28 74 79 70 65 6f 66 20 63 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 63 21 3d 6e 75 6c 6c 29 69 66 28 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 Data Ascii: ClientValidate(a.validationGroup);if(d){if(typeof a.actionUrl!="undefined"&&a.actionUrl!=null&&a.actionUrl.length>0)theForm.action=a.actionUrl;if(a.trackFocus){var c=theForm.elements["__LASTFOCUS"];if(typeof c!="undefined"&&c!=null)if(typeof document.acti
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 69 66 28 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 7b 62 2e 61 70 70 65 6e 64 28 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 29 3b 74 68 69 73 2e 5f 61 64 64 69 74 69 6f 6e 61 6c 49 6e 70 75 74 3d 6e 75 6c 6c 7d 76 61 72 20 63 3d 6e 65 77 20 53 79 73 2e 4e 65 74 2e 57 65 62 52 65 71 75 65 73 74 2c 61 3d 77 2e 61 63 74 69 6f 6e 3b 69 66 28 53 79 73 2e 42 72 6f 77 73 65 72 2e 61 67 65 6e 74 3d 3d 3d 53 79 73 2e 42 72 6f 77 73 65 72 2e 49 6e 74 65 72 6e 65 74 45 78 70 6c 6f 72 65 72 29 7b 76 61 72 20 72 3d 61 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 69 66 28 72 21 3d 3d 2d 31 29 61 3d 61 2e 73 75 62 73 74 72 28 30 2c 72 29 3b 76 61 72 20 6f 3d 22 22 2c 76 3d 22 22 2c 6d 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 Data Ascii: if(this._additionalInput){b.append(this._additionalInput);this._additionalInput=null}var c=new Sys.Net.WebRequest,a=w.action;if(Sys.Browser.agent===Sys.Browser.InternetExplorer){var r=a.indexOf("#");if(r!==-1)a=a.substr(0,r);var o="",v="",m=a.indexOf("?")
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 63 72 69 70 74 44 69 73 70 6f 73 65 73 5b 61 5d 2c 62 29 7d 2c 5f 73 63 72 69 70 74 49 6e 63 6c 75 64 65 73 4c 6f 61 64 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 62 29 7b 69 66 28 62 2e 65 78 65 63 75 74 6f 72 2e 67 65 74 5f 77 65 62 52 65 71 75 65 73 74 28 29 21 3d 3d 74 68 69 73 2e 5f 72 65 71 75 65 73 74 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 43 6f 6e 74 72 6f 6c 73 28 62 2e 75 70 64 61 74 65 50 61 6e 65 6c 44 61 74 61 2c 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 3f 62 2e 61 73 79 6e 63 50 6f 73 74 42 61 63 6b 54 69 6d 65 6f 75 74 4e 6f 64 65 2e 63 6f 6e 74 65 6e 74 3a 6e 75 6c 6c 29 3b 69 66 28 62 2e 66 6f 72 6d 41 63 74 69 6f 6e 4e 6f 64 65 29 74 68 69 73 2e 5f 66 6f 72 6d 2e Data Ascii: criptDisposes[a],b)},_scriptIncludesLoadComplete:function(e,b){if(b.executor.get_webRequest()!==this._request)return;this._commitControls(b.updatePanelData,b.asyncPostBackTimeoutNode?b.asyncPostBackTimeoutNode.content:null);if(b.formActionNode)this._form.
2024-10-02 14:32:34 UTC	21	IN	Data Raw: 65 64 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 63 65 2e 22 7d 3b Data Ascii: ed more than once."};

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49736	13.107.136.10	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:34 UTC	567	OUT	GET /ScriptResource.axd?d=hJ44vuhbtoSZwKYpWYi2Os4fHRzb9eqVf-wdDuNmOlzwXf3aF3e-32cvUQ6qUscl1DefVS-9XQfsOH5bhkfGOW9rRadWFYNu7cBvGAXrUbhUh2e32G539sj0LZJzaXe4u09IYuWJMhNNxvvT-t99dvqbCwaUdbg47CJr44HW75Q1&t=ffffffffedc3492c HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:34 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 26951 Content-Type: application/x-javascript; charset=utf-8 Expires: Thu, 02 Oct 2025 14:32:34 GMT Last-Modified: Wed, 02 Oct 2024 14:32:34 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,1051136,0,146,7813716,0,1051136,23 X-AspNet-Version: 4.0.30319 SPRequestDuration: 10 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 3BE45D226C994E52BCF49748868890D5 Ref B: EWR311000102021 Ref C: 2024-10-02T14:32:34Z Date: Wed, 02 Oct 2024 14:32:33 GMT Connection: close
2024-10-02 14:32:34 UTC	2842	IN	Data Raw: 76 61 72 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 56 65 72 20 3d 20 22 31 32 35 22 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 73 56 61 6c 69 64 20 3d 20 74 72 75 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 42 6c 6f 63 6b 53 75 62 6d 69 74 20 3d 20 66 61 6c 73 65 3b 0d 0a 76 61 72 20 50 61 67 65 5f 49 6e 76 61 6c 69 64 43 6f 6e 74 72 6f 6c 54 6f 42 65 46 6f 63 75 73 65 64 20 3d 20 6e 75 6c 6c 3b 0d 0a 76 61 72 20 50 61 67 65 5f 54 65 78 74 54 79 70 65 73 20 3d 20 2f 5e 28 74 65 78 74 7c 70 61 73 73 77 6f 72 64 7c 66 69 6c 65 7c 73 65 61 72 63 68 7c 74 65 6c 7c 75 72 6c 7c 65 6d 61 69 6c 7c 6e 75 6d 62 65 72 7c 72 61 6e 67 65 7c 63 6f 6c 6f 72 7c 64 61 74 65 74 69 6d 65 7c 64 61 74 65 7c 6d 6f 6e 74 68 7c 77 65 65 6b 7c 74 69 6d 65 7c 64 61 74 65 74 69 6d 65 Data Ascii: var Page_ValidationVer = "125";var Page_IsValid = true;var Page_BlockSubmit = false;var Page_InvalidControlToBeFocused = null;var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 20 7d 20 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 63 6f 6e 74 72 6f 6c 2e 56 61 6c 69 64 61 74 6f 72 73 5b 63 6f 6e 74 72 6f 6c 2e 56 61 6c 69 64 61 74 6f 72 73 2e 6c 65 6e 67 74 68 5d 20 3d 20 76 61 6c 3b 0d 0a 20 20 20 20 7d 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 56 61 6c 69 64 61 74 6f 72 48 6f 6f 6b 75 70 45 76 65 6e 74 28 63 6f 6e 74 72 6f 6c 2c 20 65 76 65 6e 74 54 79 70 65 2c 20 66 75 6e 63 74 69 6f 6e 50 72 65 66 69 78 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 65 76 20 3d 20 63 6f 6e 74 72 6f 6c 5b 65 76 65 6e 74 54 79 70 65 5d 3b 0d 0a 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 28 65 76 29 20 3d 3d 20 22 66 75 6e 63 74 69 6f 6e Data Ascii: ; return false; } "); } } control.Validators[control.Validators.length] = val; }}function ValidatorHookupEvent(control, eventType, functionPrefix) { var ev = control[eventType]; if (typeof(ev) == "function
2024-10-02 14:32:34 UTC	4695	IN	Data Raw: 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 56 61 6c 69 64 61 74 6f 72 48 6f 6f 6b 75 70 43 6f 6e 74 72 6f 6c 49 44 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 68 6f 6f 6b 75 70 2c 20 76 61 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 41 63 74 69 76 65 20 3d 20 74 72 75 65 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 56 61 6c 69 64 61 74 6f 72 43 6f 6e 76 65 72 74 28 6f 70 2c 20 64 61 74 61 54 79 70 65 2c 20 76 61 6c 29 20 7b 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 47 65 74 46 75 6c 6c 59 65 61 72 28 79 65 61 72 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 77 6f 44 69 67 69 74 43 75 74 6f 66 66 59 65 61 72 20 3d 20 76 61 6c 2e 63 75 74 6f 66 66 79 65 61 72 20 25 20 31 30 Data Ascii: ValidatorHookupControlID(val.controlhookup, val); } } Page_ValidationActive = true;}function ValidatorConvert(op, dataType, val) { function GetFullYear(year) { var twoDigitCutoffYear = val.cutoffyear % 10
2024-10-02 14:32:34 UTC	8192	IN	Data Raw: 74 56 61 6c 75 65 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 76 61 6c 69 64 61 74 65 29 3b 0d 0a 20 20 20 20 69 66 20 28 56 61 6c 69 64 61 74 6f 72 54 72 69 6d 28 76 61 6c 75 65 29 2e 6c 65 6e 67 74 68 20 3d 3d 20 30 29 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 76 61 72 20 63 6f 6d 70 61 72 65 54 6f 20 3d 20 22 22 3b 0d 0a 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 20 21 3d 20 22 73 74 72 69 6e 67 22 29 20 7c 7c 0d 0a 20 20 20 20 20 20 20 20 28 74 79 70 65 6f 66 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 61 6c 2e 63 6f 6e 74 72 6f 6c 74 6f 63 6f 6d 70 61 72 65 29 29 20 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 Data Ascii: tValue(val.controltovalidate); if (ValidatorTrim(value).length == 0) return true; var compareTo = ""; if ((typeof(val.controltocompare) != "string") \|\| (typeof(document.getElementById(val.controltocompare)) == "undefined")
2024-10-02 14:32:34 UTC	3030	IN	Data Raw: 72 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6c 65 6e 67 74 68 20 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 6f 72 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 6e 67 74 68 20 2b 3d 20 70 61 72 73 65 53 70 65 63 69 66 69 63 41 74 74 72 69 62 75 74 65 28 73 65 6c 65 63 74 6f 72 2c 20 64 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 79 41 74 74 72 69 62 75 74 65 2c 20 50 61 67 65 5f 56 61 6c 69 64 61 74 69 6f 6e 53 75 6d 6d 61 72 69 65 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6c 65 6e 67 74 68 3b 0d 0a 20 20 20 20 Data Ascii: r) { var length = parseSpecificAttribute(selector, dataValidationAttribute, Page_Validators); length += parseSpecificAttribute(selector, dataValidationSummaryAttribute, Page_ValidationSummaries); return length;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49740	13.107.136.10	443	3964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 14:32:35 UTC	392	OUT	GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1 Host: ouakninelegal-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 14:32:35 UTC	736	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Sat, 21 Sep 2024 03:10:56 GMT Accept-Ranges: bytes ETag: "4e3128e0d3bdb1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,1051136,0,25,9272607,0,1051136,23 SPRequestDuration: 7 SPIisLatency: 1 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 4AD1B2E052FD4236945305CCB3F437CD Ref B: EWR311000104037 Ref C: 2024-10-02T14:32:35Z Date: Wed, 02 Oct 2024 14:32:35 GMT Connection: close
2024-10-02 14:32:35 UTC	1472	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c6 37 30 d0 c6 37 af d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 ff d0 c6 37 af d0 c6 37 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ 7077777770
2024-10-02 14:32:35 UTC	6414	IN	Data Raw: 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a 60 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff da d8 b0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff d2 d1 a1 ff 8f 8b 13 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 78 72 1f ff bb b2 31 ff d0 c6 37 ff d0 c6 37 ff b3 ab 25 ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a af 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff ff ff ff ff f8 f7 ef ff e1 e0 c0 ff e1 e0 c0 ff ff ff ff ff ff ff ff ff d2 d1 a1 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 87 83 03 ff 78 72 1f ff bb b2 31 ff c1 b9 2e ff aa a3 1f ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 9b 1a ff a1 Data Ascii: `xr177%xr1.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2744, Parent PID: 3868

General

Target ID:	0
Start time:	10:32:21
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3964, Parent PID: 2744

General

Target ID:	2
Start time:	10:32:25
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1860,i,14895830932961628612,13025139479554271904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4612, Parent PID: 3868

General

Target ID:	3
Start time:	10:32:27
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.uk.m.mimecastprotect.com/s/p9wVCXBDigoJJS6f7CWGkad?domain=ouakninelegal-my.sharepoint.com"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly