Edit tour

Windows Analysis Report
https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9

Overview

General Information

Sample URL:	https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9
Analysis ID:	1524541
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w7x64

chrome.exe (PID: 1456 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1020 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1072,i,8817321110583036791,13478569038220876855,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 236 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1456_2038269960	Jump to behavior

Source: global traffic	HTTP traffic detected: GET /:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9 HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/paul_scace_srfed_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fpaul%5Fscace%5Fsrfed%5Fcom%2FDocuments%2FAccounts%20Payable%20%28AP%29%2FEra&ga=1 HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cycW5HSTdJYy92TktWOE9MaXhGMlpFWUYwNGcxRmcxVitvaExRTW9Pd0xWNDJRWVBHT0dxNVJxZExDbFZFMGtaRWhoeHZMYlFtWUZrZGMraElNTEM4R3FrK0RUWEtwdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cycW5HSTdJYy92TktWOE9MaXhGMlpFWUYwNGcxRmcxVitvaExRTW9Pd0xWNDJRWVBHT0dxNVJxZExDbFZFMGtaRWhoeHZMYlFtWUZrZGMraElNTEM4R3FrK0RUWEtwdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: srfed-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cycW5HSTdJYy92TktWOE9MaXhGMlpFWUYwNGcxRmcxVitvaExRTW9Pd0xWNDJRWVBHT0dxNVJxZExDbFZFMGtaRWhoeHZMYlFtWUZrZGMraElNTEM4R3FrK0RUWEtwdz09PC9TUD4=

Source: global traffic	DNS traffic detected: DNS query: srfed-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_84.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_86.1.dr, chromecache_88.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/
Source: chromecache_86.1.dr, chromecache_88.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/spwebworker.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 49164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49177
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49164
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443

Source: classification engine

Classification label: mal48.win@18/15@10/4

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1072,i,8817321110583036791,13478569038220876855,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1072,i,8817321110583036791,13478569038220876855,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1456_2038269960	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.opensource.org/licenses/mit-license.php	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.138.10	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
srfed-my.sharepoint.com	unknown	unknown	false	unknown
spo.nel.measure.office.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://srfed-my.sharepoint.com/personal/paul_scace_srfed_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fpaul%5Fscace%5Fsrfed%5Fcom%2FDocuments%2FAccounts%20Payable%20%28AP%29%2FEra&ga=1	false	unknown
https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9	true	unknown
https://srfed-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.opensource.org/licenses/mit-license.php	chromecache_84.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.138.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524541
Start date and time:	2024-10-02 23:53:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@18/15@10/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): vga.dll
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.185.142, 172.217.218.84, 34.104.35.123, 2.20.220.159, 184.25.50.137, 184.25.50.147, 92.123.27.42, 92.123.27.114, 142.250.74.195
Excluded domains from analysis (whitelisted): accounts.google.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, e19254.dscg.akamaiedge.net, a1894.dscb.akamai.net, shell.cdn.office.net-c.edgekey.net.globalredir.akadns.net, shell.cdn.office.net-c.edgekey.net, clients2.google.com, 193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, shell.cdn.office.net, update.googleapis.com, clients.l.google.com, res-1.cdn.office.net-c.edgekey.net, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59376)
Category:	downloaded
Size (bytes):	154125
Entropy (8bit):	5.343629115736869
Encrypted:	false
SSDEEP:	1536:oh2UFoIdKn9cKwN5V+GueB9G/nBDbu4k+q1vj/qIpk2k45UMX8AR+tG+ZVff9rv:ohlndhN5wGRarkP1vjPC+8b8Uff9z
MD5:	2AC9ADF0B8ED584D25575F9FE777ABEF
SHA1:	49C9A2A9C51860D91F895DE8B71E67903D3680D2
SHA-256:	15975C387FD4817FDAB9E9C396F0F708FE2559350AA663B9E4469E27ED6CDA44
SHA-512:	B17FD6A96DC45A6601B2139AD112438143476F55E45906670F7E28F46974B1890DD4DF16D282869FD168D85F33A38ACF6EAA7D355F86FDC3DABF7AAF36EE7BD8
Malicious:	false
Reputation:	low
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/spwebworker.js
Preview:	/! For license information please see spwebworker.js.LICENSE.txt /.(()=>{"use strict";var e=[(e,t,n)=>{function a(e,t){for(var n="";n.length<e;){var a=16*(null!=t?t:Math.random)();n+=(a\|=0).toString(16)}return n}function i(){return crypto.getRandomValues(new Uint32Array(1))[0]/4294967296}n.r(t),n.d(t,{Empty:()=>r,_guidRegEx:()=>o,cryptoRandom:()=>i,generate:()=>s,isValidGuid:()=>u,normalizeDashes:()=>l,normalizeLower:()=>c,normalizeUpper:()=>d});var r="00000000-0000-0000-0000-000000000000",o=/^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$/i;function s(e){var t=[];t.push(a(8,e)),t.push(a(4,e));var n="4"+a(3,e);t.push(n);var i=a(4,e),r=parseInt(i[0],16);return r&=3,i=(r\|=8).toString(16)+i.substr(1),t.push(i),t.push(a(12,e)),t.join("-")}function c(e,t){return void 0===t&&(t=!1),e?f(e.toLowerCase(),t):""}function d(e,t){return void 0===t&&(t=!1),e?f(e.toUpperCase(),t):""}function l(e,t){if(void 0===t&&(t=!1),e){var n=e.replace(/[^A-Fa-f0-9]/g,"");if(32===n.length)retu

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (41512)
Category:	downloaded
Size (bytes):	145434
Entropy (8bit):	5.560600996516305
Encrypted:	false
SSDEEP:	1536:2+Y7Z+r9uWzPQXR2hn873PZRy3UDzNRvLJxdiEFcyk4LoS2NboMVVgzru/GdKMml:2+3T8F9diEFJifVgvu7MyL3kIv3bnQa
MD5:	7CF1AEC902630162F89426350428DCAE
SHA1:	6E9D02319AF01FC4C590118C571C1CB3440F8E07
SHA-256:	A227FC4681776C73982750137A235033BB6649B13B07A2DA0B124AFB4D960C6C
SHA-512:	56CCEB133C95B2C89F859FD78AB0F3FB9D0662E49C66E92A2A6215521667B5F745A34ECEF2181D8A684DA333AF976C9323B5D3A07D31A3BA440D5CE17BCA8E36
Malicious:	false
Reputation:	low
URL:	https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Preview:	//BuildVersion 1.20240922.4.0.var shellPerformance=window.performance,HighResolutionTimingSupported=!!shellPerformance&&"function"==typeof shellPerformance.mark;HighResolutionTimingSupported&&shellPerformance.mark("shell_bootstrapper_start"),function(){var e,t,n,a,r={3637:function(e){e.exports="data:font/woff;charset=utf-8;base64,d09GRgABAAAAAAmoAA4AAAAAExwAA5R8AAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAABRAAAAEgAAABgMWd7ZGNtYXAAAAGMAAAAPQAAAVLnkt3NY3Z0IAAAAcwAAAAgAAAAKgnZCa9mcGdtAAAB7AAAAPAAAAFZ/J7mjmdhc3AAAALcAAAADAAAAAwACAAbZ2x5ZgAAAugAAAGhAAADZMkacS9oZWFkAAAEjAAAADIAAAA2AQjyc2hoZWEAAATAAAAAFQAAACQQAQgDaG10eAAABNgAAAAMAAAADA0qASZsb2NhAAAE5AAAAAoAAAAKAiQA2G1heHAAAATwAAAAHQAAACAAIgIObmFtZQAABRAAAAP4AAAJ+pGb8VNwb3N0AAAJCAAAABQAAAAg/1EAe3ByZXAAAAkcAAAAiQAAANN4vfIOeJxjYGH3YpzAwMrAwDqL1ZiBgVEaQjNfZEhjEuJgZeViZGIEAwYgEGBAAN9gBQUGh+eKXx5wgPkQkgGsjgXCU2BgAADOIQhyeJxjYGBgZoBgGQZGBhDwAfIYwXwWBgMgzQGETAwMzxWfV3958P8/giXxUKKNWxmqCwwY2RhGPAAA9FQPGwAAAHicY9BiCGUoYGhgWMXIwNjA7MB4gMEBiwgQAACqHAeVeJxdj79Ow0AM

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	30974
Entropy (8bit):	5.174742651757589
Encrypted:	false
SSDEEP:	192:ep0dJ6NBN1q+QyBf2v66ey0l9XQXrkIImmwSPtrUkEWMy/7n6xfq17afMYmft1TQ:3+QSAqSOynVnGr67VY/6TTjZZGEjlr
MD5:	265B0D37911105398C2B14E2440BAF30
SHA1:	8EDBE4E14173C7D008E07533671BB97967D578F4
SHA-256:	0F22A97159530F76BA75214EE6F9B3A77FFD97665A511917E54775737A3ADD1D
SHA-512:	BCDEC0EA2CBA80BEA01F672A56F27AA5AD4B21DA8BE0951B080EA5606EFEEEA784289064190AD9E3EC5D84208E583739CC9430FB646372056C21CCC59D550D00
Malicious:	false
Reputation:	low
Preview:	{"Architecture":1,"Audience":1,"Resources":{"Version":"1.20240922.4.0","CatalogXml":"<ResourceCatalog>\r\n <Resources>\r\n <Resource Key=\"_store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-76ca3c\" Type=\"LTRRTLPath\">\r\n <RTLPath>suiteux.shell._store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-76ca3c.29a34e188b843bd8de43.rtl.js</RTLPath>\r\n <LTRPath>suiteux.shell._store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-76ca3c.29a34e188b843bd8de43.js</LTRPath>\r\n </Resource>\r\n <Resource Key=\"_store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-e106b8\" Type=\"LTRRTLPath\">\r\n <RTLPath>suiteux.shell._store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-e106b8.98e5750af9ad2ebe7ae8.rtl.js</RTLPath>\r\n <LTRPath>suiteux.shell._store_mecontrol-fluent-we

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	17147
Entropy (8bit):	4.926675206527061
Encrypted:	false
SSDEEP:	384:r3GhH6oaSwSaPQsPq3Qf3/U/8vFwoJbr2wKodV4vzJ9YaikHcL2MQk7:rgzwSkQWjU/8BqOaikMKu
MD5:	8D75B8E85D749610931E168F2EFCF555
SHA1:	11410945A27700DBE941C030189C637792AAC2CE
SHA-256:	485A60AD5AF1CEFF60C50A9BFB08A03F0C42B984034A2255820356938B82B2A0
SHA-512:	EA2196C089F4F10ABB20FBDB41E097C67211734F1C1919595E163CB5D90EAD00DF8D44629ADF854F84C666B2C0D8916DDDDA2F6555F495FDCEAE1BAB5419ECA0
Malicious:	false
Reputation:	low
Preview:	{. "Microsoft": "Microsoft",. "FlexpaneCloseButton": "Close pane",. "Me_Header": "My account",. "MePhotoAriaLabel": "{0} {1} Current account's user photo",. "ChangePhotoAriaLabel": "{0} {1} Change the photo that appears in IM. This may open a new window.",. "MePhotoTitle": "Current account's user photo",. "ChangePhotoTitle": "Change the photo that appears in IM. This may open a new window.",. "AppLauncherAriaLabel": "App launcher opened",. "AppLauncherCloseAriaLabel": "Close the app launcher",. "AppLauncherHomeAriaLabel": "Microsoft 365, will be open in new tab",. "AppsModuleHeading": "Apps",. "Microsoft365": "Microsoft 365",. "AppsModuleAllApps": "All apps",. "AppsModuleAllAppsTooltip": "Open all apps",. "AllViewGroupShowMore": "Show More",. "AllViewGroupShowLess": "Show Less",. "AllViewBack": "Back",. "AllViewNewGroupHeading": "New",. "AllViewAdminSelectedGroupHeading": "Admin selected apps",. "AllViewMoreFirstPartyGroupHeading": "More from Microsoft",. "AllViewT

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (41512)
Category:	dropped
Size (bytes):	145434
Entropy (8bit):	5.560600996516305
Encrypted:	false
SSDEEP:	1536:2+Y7Z+r9uWzPQXR2hn873PZRy3UDzNRvLJxdiEFcyk4LoS2NboMVVgzru/GdKMml:2+3T8F9diEFJifVgvu7MyL3kIv3bnQa
MD5:	7CF1AEC902630162F89426350428DCAE
SHA1:	6E9D02319AF01FC4C590118C571C1CB3440F8E07
SHA-256:	A227FC4681776C73982750137A235033BB6649B13B07A2DA0B124AFB4D960C6C
SHA-512:	56CCEB133C95B2C89F859FD78AB0F3FB9D0662E49C66E92A2A6215521667B5F745A34ECEF2181D8A684DA333AF976C9323B5D3A07D31A3BA440D5CE17BCA8E36
Malicious:	false
Reputation:	low
Preview:	//BuildVersion 1.20240922.4.0.var shellPerformance=window.performance,HighResolutionTimingSupported=!!shellPerformance&&"function"==typeof shellPerformance.mark;HighResolutionTimingSupported&&shellPerformance.mark("shell_bootstrapper_start"),function(){var e,t,n,a,r={3637:function(e){e.exports="data:font/woff;charset=utf-8;base64,d09GRgABAAAAAAmoAA4AAAAAExwAA5R8AAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAABRAAAAEgAAABgMWd7ZGNtYXAAAAGMAAAAPQAAAVLnkt3NY3Z0IAAAAcwAAAAgAAAAKgnZCa9mcGdtAAAB7AAAAPAAAAFZ/J7mjmdhc3AAAALcAAAADAAAAAwACAAbZ2x5ZgAAAugAAAGhAAADZMkacS9oZWFkAAAEjAAAADIAAAA2AQjyc2hoZWEAAATAAAAAFQAAACQQAQgDaG10eAAABNgAAAAMAAAADA0qASZsb2NhAAAE5AAAAAoAAAAKAiQA2G1heHAAAATwAAAAHQAAACAAIgIObmFtZQAABRAAAAP4AAAJ+pGb8VNwb3N0AAAJCAAAABQAAAAg/1EAe3ByZXAAAAkcAAAAiQAAANN4vfIOeJxjYGH3YpzAwMrAwDqL1ZiBgVEaQjNfZEhjEuJgZeViZGIEAwYgEGBAAN9gBQUGh+eKXx5wgPkQkgGsjgXCU2BgAADOIQhyeJxjYGBgZoBgGQZGBhDwAfIYwXwWBgMgzQGETAwMzxWfV3958P8/giXxUKKNWxmqCwwY2RhGPAAA9FQPGwAAAHicY9BiCGUoYGhgWMXIwNjA7MB4gMEBiwgQAACqHAeVeJxdj79Ow0AM

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59376)
Category:	dropped
Size (bytes):	154125
Entropy (8bit):	5.343629115736869
Encrypted:	false
SSDEEP:	1536:oh2UFoIdKn9cKwN5V+GueB9G/nBDbu4k+q1vj/qIpk2k45UMX8AR+tG+ZVff9rv:ohlndhN5wGRarkP1vjPC+8b8Uff9z
MD5:	2AC9ADF0B8ED584D25575F9FE777ABEF
SHA1:	49C9A2A9C51860D91F895DE8B71E67903D3680D2
SHA-256:	15975C387FD4817FDAB9E9C396F0F708FE2559350AA663B9E4469E27ED6CDA44
SHA-512:	B17FD6A96DC45A6601B2139AD112438143476F55E45906670F7E28F46974B1890DD4DF16D282869FD168D85F33A38ACF6EAA7D355F86FDC3DABF7AAF36EE7BD8
Malicious:	false
Reputation:	low
Preview:	/! For license information please see spwebworker.js.LICENSE.txt /.(()=>{"use strict";var e=[(e,t,n)=>{function a(e,t){for(var n="";n.length<e;){var a=16*(null!=t?t:Math.random)();n+=(a\|=0).toString(16)}return n}function i(){return crypto.getRandomValues(new Uint32Array(1))[0]/4294967296}n.r(t),n.d(t,{Empty:()=>r,_guidRegEx:()=>o,cryptoRandom:()=>i,generate:()=>s,isValidGuid:()=>u,normalizeDashes:()=>l,normalizeLower:()=>c,normalizeUpper:()=>d});var r="00000000-0000-0000-0000-000000000000",o=/^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$/i;function s(e){var t=[];t.push(a(8,e)),t.push(a(4,e));var n="4"+a(3,e);t.push(n);var i=a(4,e),r=parseInt(i[0],16);return r&=3,i=(r\|=8).toString(16)+i.substr(1),t.push(i),t.push(a(12,e)),t.join("-")}function c(e,t){return void 0===t&&(t=!1),e?f(e.toLowerCase(),t):""}function d(e,t){return void 0===t&&(t=!1),e?f(e.toUpperCase(),t):""}function l(e,t){if(void 0===t&&(t=!1),e){var n=e.replace(/[^A-Fa-f0-9]/g,"");if(32===n.length)retu

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Java source, ASCII text
Category:	downloaded
Size (bytes):	742
Entropy (8bit):	5.239217359293787
Encrypted:	false
SSDEEP:	12:ZYEjHRE3jbLwvBMHRE3jaadb/M8b5YJIs4sIs4x7JR1/M8bZ:ZN+veq+WK/MQKIsVIs+31/MQZ
MD5:	9D878396119C486ABAC5B12D57CF911B
SHA1:	D94BAC3E2D3DA227E9C30E93888741233DC8040F
SHA-256:	44B9CE868B6D3916C2C95E400F60A0D03F0E684CC3344AEFE080C7651279404C
SHA-512:	120367920140F61E80E5B0E178C00C18FF6CB34A88002D90CA573BA0C42DC1359AEFD5431467B1D587CC1F78CDE13C471CFFBBF810EE7C5ABF7A5786CEE87A27
Malicious:	false
Reputation:	low
URL:	https://srfed-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx
Preview:	self._perfMarks = {};.self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.performance.mark === 'function') {self.performance.mark(key);}};.(typeof self._markPerfStage === 'function' && self._markPerfStage('importScriptsStart'));.self._cdnBaseUrl = 'https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/';.importScripts('https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/spwebworker.js');.self._wwKillSwitches = {'48FEA7A5-5A77-480B-94EB-43F1937DF4D6':true};.(typeof self._markPerfStage === 'function' && self._markPerfStage('importScriptsEnd'));.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	30974
Entropy (8bit):	5.174742651757589
Encrypted:	false
SSDEEP:	192:ep0dJ6NBN1q+QyBf2v66ey0l9XQXrkIImmwSPtrUkEWMy/7n6xfq17afMYmft1TQ:3+QSAqSOynVnGr67VY/6TTjZZGEjlr
MD5:	265B0D37911105398C2B14E2440BAF30
SHA1:	8EDBE4E14173C7D008E07533671BB97967D578F4
SHA-256:	0F22A97159530F76BA75214EE6F9B3A77FFD97665A511917E54775737A3ADD1D
SHA-512:	BCDEC0EA2CBA80BEA01F672A56F27AA5AD4B21DA8BE0951B080EA5606EFEEEA784289064190AD9E3EC5D84208E583739CC9430FB646372056C21CCC59D550D00
Malicious:	false
Reputation:	low
URL:	https://shell.cdn.office.net/shellux/api/ShellBootInfo/business/OneShell/en-us
Preview:	{"Architecture":1,"Audience":1,"Resources":{"Version":"1.20240922.4.0","CatalogXml":"<ResourceCatalog>\r\n <Resources>\r\n <Resource Key=\"_store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-76ca3c\" Type=\"LTRRTLPath\">\r\n <RTLPath>suiteux.shell._store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-76ca3c.29a34e188b843bd8de43.rtl.js</RTLPath>\r\n <LTRPath>suiteux.shell._store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-76ca3c.29a34e188b843bd8de43.js</LTRPath>\r\n </Resource>\r\n <Resource Key=\"_store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-e106b8\" Type=\"LTRRTLPath\">\r\n <RTLPath>suiteux.shell._store_mecontrol-fluent-web_3_28_4-preview_4-ac582f78d3964c30b626_node_modules_mecontrol_flue-e106b8.98e5750af9ad2ebe7ae8.rtl.js</RTLPath>\r\n <LTRPath>suiteux.shell._store_mecontrol-fluent-we

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Java source, ASCII text
Category:	dropped
Size (bytes):	742
Entropy (8bit):	5.239217359293787
Encrypted:	false
SSDEEP:	12:ZYEjHRE3jbLwvBMHRE3jaadb/M8b5YJIs4sIs4x7JR1/M8bZ:ZN+veq+WK/MQKIsVIs+31/MQZ
MD5:	9D878396119C486ABAC5B12D57CF911B
SHA1:	D94BAC3E2D3DA227E9C30E93888741233DC8040F
SHA-256:	44B9CE868B6D3916C2C95E400F60A0D03F0E684CC3344AEFE080C7651279404C
SHA-512:	120367920140F61E80E5B0E178C00C18FF6CB34A88002D90CA573BA0C42DC1359AEFD5431467B1D587CC1F78CDE13C471CFFBBF810EE7C5ABF7A5786CEE87A27
Malicious:	false
Reputation:	low
Preview:	self._perfMarks = {};.self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.performance.mark === 'function') {self.performance.mark(key);}};.(typeof self._markPerfStage === 'function' && self._markPerfStage('importScriptsStart'));.self._cdnBaseUrl = 'https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/';.importScripts('https://res-1.cdn.office.net/files/odsp-web-prod_2024-09-20.006/spwebworker.js');.self._wwKillSwitches = {'48FEA7A5-5A77-480B-94EB-43F1937DF4D6':true};.(typeof self._markPerfStage === 'function' && self._markPerfStage('importScriptsEnd'));.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	17147
Entropy (8bit):	4.926675206527061
Encrypted:	false
SSDEEP:	384:r3GhH6oaSwSaPQsPq3Qf3/U/8vFwoJbr2wKodV4vzJ9YaikHcL2MQk7:rgzwSkQWjU/8BqOaikMKu
MD5:	8D75B8E85D749610931E168F2EFCF555
SHA1:	11410945A27700DBE941C030189C637792AAC2CE
SHA-256:	485A60AD5AF1CEFF60C50A9BFB08A03F0C42B984034A2255820356938B82B2A0
SHA-512:	EA2196C089F4F10ABB20FBDB41E097C67211734F1C1919595E163CB5D90EAD00DF8D44629ADF854F84C666B2C0D8916DDDDA2F6555F495FDCEAE1BAB5419ECA0
Malicious:	false
Reputation:	low
URL:	https://shell.cdn.office.net/shellux/en/shellstrings.8d75b8e85d749610931e168f2efcf555.json
Preview:	{. "Microsoft": "Microsoft",. "FlexpaneCloseButton": "Close pane",. "Me_Header": "My account",. "MePhotoAriaLabel": "{0} {1} Current account's user photo",. "ChangePhotoAriaLabel": "{0} {1} Change the photo that appears in IM. This may open a new window.",. "MePhotoTitle": "Current account's user photo",. "ChangePhotoTitle": "Change the photo that appears in IM. This may open a new window.",. "AppLauncherAriaLabel": "App launcher opened",. "AppLauncherCloseAriaLabel": "Close the app launcher",. "AppLauncherHomeAriaLabel": "Microsoft 365, will be open in new tab",. "AppsModuleHeading": "Apps",. "Microsoft365": "Microsoft 365",. "AppsModuleAllApps": "All apps",. "AppsModuleAllAppsTooltip": "Open all apps",. "AllViewGroupShowMore": "Show More",. "AllViewGroupShowLess": "Show Less",. "AllViewBack": "Back",. "AllViewNewGroupHeading": "New",. "AllViewAdminSelectedGroupHeading": "Admin selected apps",. "AllViewMoreFirstPartyGroupHeading": "More from Microsoft",. "AllViewT

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 23:54:52.356915951 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.357011080 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.357080936 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.357456923 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.357502937 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.357553959 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.357983112 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.358016968 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.358298063 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.358319044 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.953799009 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.955727100 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.955756903 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.957300901 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.957483053 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.958638906 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.958746910 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.958784103 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.963707924 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.966087103 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.966145039 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.967750072 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.967818975 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.968827963 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:52.968919039 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:52.999439955 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.158893108 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.158922911 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.168785095 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.168843985 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.334160089 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.334276915 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.334306002 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.334655046 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.335443974 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.335455894 CEST	443	49165	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.335469961 CEST	49165	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.341528893 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.341696978 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667078018 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667090893 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667156935 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667161942 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.667161942 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.667171001 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667195082 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667253971 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.667304993 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.667304993 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.667434931 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667443991 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.667501926 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.756690979 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.758452892 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.758471012 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.758497000 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.758517981 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.758517981 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.758553028 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.758884907 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.758893013 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.758913994 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.758938074 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.758938074 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.758960962 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.759599924 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.759608030 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.759653091 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.759681940 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.759784937 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.759840965 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.759855032 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.760694027 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.760713100 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.760770082 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.760782003 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.760816097 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.850925922 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.851073980 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.851111889 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.851144075 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.851186037 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.851921082 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.851938963 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.851979017 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.852010965 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.852046967 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.852694988 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.852735996 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.852766037 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.852785110 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.853538036 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.853604078 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.853617907 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.853682995 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.853738070 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.853748083 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.854553938 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.854619980 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.854630947 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.943011045 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.944678068 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.944708109 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.944756031 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.944756031 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.944798946 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.944832087 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.944850922 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.944889069 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.944905043 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.944992065 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.945369959 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.945389032 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.945445061 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.945738077 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.945796013 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.945806980 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.946130037 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.946178913 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.946191072 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.946439028 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.947149038 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.947169065 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.947285891 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.947285891 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.947300911 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.948152065 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.948178053 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.948221922 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.948239088 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.948267937 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.949099064 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.949111938 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.949168921 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.949168921 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.949183941 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.949620008 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.949637890 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.949681044 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.949697971 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.949721098 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:53.950465918 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.950479031 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:53.950541019 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070318937 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070379972 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070437908 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070467949 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070501089 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070501089 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070527077 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070561886 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070581913 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070636988 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070637941 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.070664883 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070725918 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.070777893 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.075119019 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.083013058 CEST	49164	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.083080053 CEST	443	49164	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.171686888 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.171783924 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.171844006 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.199692965 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.199732065 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.757514954 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.757951021 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.757987976 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.758364916 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.758722067 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.758786917 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.759082079 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.759114981 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.955600977 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.955643892 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.955683947 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.955709934 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.955759048 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.959685087 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.959886074 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:54.959935904 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.976761103 CEST	49171	443	192.168.2.22	13.107.138.10
Oct 2, 2024 23:54:54.976792097 CEST	443	49171	13.107.138.10	192.168.2.22
Oct 2, 2024 23:54:55.021327019 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.021408081 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.021476030 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.022085905 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.022126913 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.255928993 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:54:55.255973101 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:55.256035089 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:54:55.256711960 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:54:55.256742954 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:55.612457037 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.618992090 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.619050980 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.622668028 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.622867107 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.625200987 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.625423908 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.625533104 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.625639915 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.822715044 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.822777987 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.822803974 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.822868109 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.822935104 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.826569080 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.827121973 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.827197075 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.828572035 CEST	49177	443	192.168.2.22	13.107.136.10
Oct 2, 2024 23:54:55.828598976 CEST	443	49177	13.107.136.10	192.168.2.22
Oct 2, 2024 23:54:55.898123980 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:55.907833099 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:54:55.907891989 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:55.909487009 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:55.909569025 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:54:56.055061102 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:54:56.055260897 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:56.259413004 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:54:56.262270927 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:05.802416086 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:05.802572012 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:05.802642107 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:07.552567005 CEST	49179	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:07.552632093 CEST	443	49179	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:55.299835920 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:55.299860001 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:55.300026894 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:55.300168991 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:55.300173044 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:55.944020987 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:55.944315910 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:55.944327116 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:55.945404053 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:55.946284056 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:55:55.946456909 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:55:56.141382933 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:56:05.858441114 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:56:05.858573914 CEST	443	49189	142.250.186.164	192.168.2.22
Oct 2, 2024 23:56:05.858617067 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:56:07.548597097 CEST	49189	443	192.168.2.22	142.250.186.164
Oct 2, 2024 23:56:07.548618078 CEST	443	49189	142.250.186.164	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 23:54:50.675538063 CEST	53	54821	8.8.8.8	192.168.2.22
Oct 2, 2024 23:54:50.838198900 CEST	53	52781	8.8.8.8	192.168.2.22
Oct 2, 2024 23:54:52.324939966 CEST	65510	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:52.330487967 CEST	62672	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:52.373635054 CEST	53	49384	8.8.8.8	192.168.2.22
Oct 2, 2024 23:54:54.103727102 CEST	58095	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:54.164067984 CEST	54261	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:54.993227005 CEST	49608	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:54.993527889 CEST	61486	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:55.242640018 CEST	62453	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:55.247910976 CEST	50568	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:54:55.249387980 CEST	53	62453	8.8.8.8	192.168.2.22
Oct 2, 2024 23:54:55.254930019 CEST	53	50568	8.8.8.8	192.168.2.22
Oct 2, 2024 23:55:10.027798891 CEST	53	49750	8.8.8.8	192.168.2.22
Oct 2, 2024 23:55:17.086186886 CEST	53	51014	8.8.8.8	192.168.2.22
Oct 2, 2024 23:55:27.720530987 CEST	53	54738	8.8.8.8	192.168.2.22
Oct 2, 2024 23:55:45.792783976 CEST	53	49520	8.8.8.8	192.168.2.22
Oct 2, 2024 23:55:50.651746035 CEST	53	61549	8.8.8.8	192.168.2.22
Oct 2, 2024 23:55:54.989042997 CEST	61564	53	192.168.2.22	8.8.8.8
Oct 2, 2024 23:55:54.989144087 CEST	51384	53	192.168.2.22	8.8.8.8

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 2, 2024 23:54:54.353106022 CEST	192.168.2.22	8.8.8.8	d0e0	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 23:54:52.324939966 CEST	192.168.2.22	8.8.8.8	0xfd8	Standard query (0)	srfed-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:52.330487967 CEST	192.168.2.22	8.8.8.8	0xb142	Standard query (0)	srfed-my.sharepoint.com	65	IN (0x0001)	false
Oct 2, 2024 23:54:54.103727102 CEST	192.168.2.22	8.8.8.8	0x3018	Standard query (0)	spo.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:54.164067984 CEST	192.168.2.22	8.8.8.8	0xf695	Standard query (0)	spo.nel.measure.office.net	65	IN (0x0001)	false
Oct 2, 2024 23:54:54.993227005 CEST	192.168.2.22	8.8.8.8	0xaf23	Standard query (0)	srfed-my.sharepoint.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:54.993527889 CEST	192.168.2.22	8.8.8.8	0x63e9	Standard query (0)	srfed-my.sharepoint.com	65	IN (0x0001)	false
Oct 2, 2024 23:54:55.242640018 CEST	192.168.2.22	8.8.8.8	0xe299	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:55.247910976 CEST	192.168.2.22	8.8.8.8	0xe25c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 23:55:54.989042997 CEST	192.168.2.22	8.8.8.8	0x10f	Standard query (0)	spo.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:55:54.989144087 CEST	192.168.2.22	8.8.8.8	0xa95a	Standard query (0)	spo.nel.measure.office.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	srfed-my.sharepoint.com	srfed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	srfed.sharepoint.com	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	193809-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:52.340787888 CEST	8.8.8.8	192.168.2.22	0xfd8	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:52.347964048 CEST	8.8.8.8	192.168.2.22	0xb142	No error (0)	srfed-my.sharepoint.com	srfed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.347964048 CEST	8.8.8.8	192.168.2.22	0xb142	No error (0)	srfed.sharepoint.com	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.347964048 CEST	8.8.8.8	192.168.2.22	0xb142	No error (0)	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:52.347964048 CEST	8.8.8.8	192.168.2.22	0xb142	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:54.112832069 CEST	8.8.8.8	192.168.2.22	0x3018	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:54.171463013 CEST	8.8.8.8	192.168.2.22	0xf695	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.009973049 CEST	8.8.8.8	192.168.2.22	0x63e9	No error (0)	srfed-my.sharepoint.com	srfed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.009973049 CEST	8.8.8.8	192.168.2.22	0x63e9	No error (0)	srfed.sharepoint.com	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.009973049 CEST	8.8.8.8	192.168.2.22	0x63e9	No error (0)	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.009973049 CEST	8.8.8.8	192.168.2.22	0x63e9	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	srfed-my.sharepoint.com	srfed.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	srfed.sharepoint.com	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	2754-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	193809-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com	193809-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	193809-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:55.018296003 CEST	8.8.8.8	192.168.2.22	0xaf23	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:55.249387980 CEST	8.8.8.8	192.168.2.22	0xe299	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:54:55.254930019 CEST	8.8.8.8	192.168.2.22	0xe25c	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 23:55:54.997332096 CEST	8.8.8.8	192.168.2.22	0xa95a	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:55:54.998358011 CEST	8.8.8.8	192.168.2.22	0x10f	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

srfed-my.sharepoint.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49165	13.107.138.10	443	1020	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:54:52 UTC	739	OUT	GET /:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9 HTTP/1.1 Host: srfed-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:54:53 UTC	3763	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 307 Content-Type: text/html; charset=utf-8 Location: https://srfed-my.sharepoint.com/personal/paul_scace_srfed_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fpaul%5Fscace%5Fsrfed%5Fcom%2FDocuments%2FAccounts%20Payable%20%28AP%29%2FEra&ga=1 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pa [TRUNCATED] X-NetworkStatistics: 0,4204800,56,182,8026873,0,3142321,59 X-SharePointHealthScore: 0 X-MS-SPO-CookieValidator: Hkes3j9OzEwlvTVrOimujFFXSd1GY+QdKOuJXe7MhNr1IDRuWbFAuW7lIfWwCfjDNTHadQEzRV63zLl1zK+puvyTAWBKjcGNT6irZutQaii9RML3cFxCSoCp6fFILZcr3G/ubQhvUCOR0Yk4y/2Atq+/w1+dg/RSIRKs06w7CAOb3DHyKA9q2lzDUbrEJMyUS/UAthoB9u5JbTbtTT2btKoNltfaZZ0OMDgKjIln1/lB3UDE0+gjZwg2qnGI7Ic/vNKV8OLixF2ZEYF04g1Fg1V+ohLQMoOwLV42QYPGOGq5RqdLClVE0kZEhhxvLbQmYFkdc+hIMLC8Gqk+DTXKpw== X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 761656a1-00ff-6000-7a3e-422076683ac0 request-id: 761656a1-00ff-6000-7a3e-422076683ac0 MS-CV: oVYWdv8AAGB6PkIgdmg6wA.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=32cb4d1a-0419-4f41-9884-3516ab14274e&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 190 SPIisLatency: 3 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: DD33C917FC0B4BF5A7D6F370D54D6B2E Ref B: EWR311000106037 Ref C: 2024-10-02T21:54:52Z Date: Wed, 02 Oct 2024 21:54:53 GMT Connection: close
2024-10-02 21:54:53 UTC	307	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 72 66 65 64 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 70 61 75 6c 5f 73 63 61 63 65 5f 73 72 66 65 64 5f 63 6f 6d 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 6f 6e 65 64 72 69 76 65 2e 61 73 70 78 3f 69 64 3d 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 70 61 75 6c 25 35 46 73 63 61 63 65 25 35 46 73 72 66 65 64 25 35 46 63 6f 6d 25 32 46 44 6f 63 75 6d 65 6e 74 73 25 32 46 41 63 63 6f 75 6e 74 73 25 32 30 50 61 79 61 62 6c 65 25 32 30 25 32 38 41 50 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://srfed-my.sharepoint.com/personal/paul_scace_srfed_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fpaul%5Fscace%5Fsrfed%5Fcom%2FDocuments%2FAccounts%20Payable%20%28AP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49164	13.107.138.10	443	1020	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:54:53 UTC	1983	OUT	GET /personal/paul_scace_srfed_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fpaul%5Fscace%5Fsrfed%5Fcom%2FDocuments%2FAccounts%20Payable%20%28AP%29%2FEra&ga=1 HTTP/1.1 Host: srfed-my.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cy [TRUNCATED]
2024-10-02 21:54:53 UTC	11081	IN	HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pa [TRUNCATED] X-NetworkStatistics: 0,4204800,1656,613,6474015,0,4204800,59 X-SharePointHealthScore: 0 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Reporting-Endpoints: cspendpoint="https://srfed-my.sharepoint.com/personal/paul_scace_srfed_com/_layouts/15/CSPReporting.aspx" X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com .cloud.microsoft app.powerbi.com; Content-Security-Policy-Report-Only: base-uri 'none';;report-to cspendpoint Content-Security-Policy: worker-src 'self' blob:;script-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'unsafe-eval' 'nonce-656a8ee8-b118-4c7f-87 [TRUNCATED] Content-Security-Policy-Report-Only: style-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'self' blob: 'unsafe-inline';connect-src 'self' blob: h [TRUNCATED] X-Service-Worker-Application-Id: STS X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 771656a1-b016-6000-a9ae-494a063381a7 request-id: 771656a1-b016-6000-a9ae-494a063381a7 MS-CV: oVYWdxawAGCprklKBjOBpw.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=32cb4d1a-0419-4f41-9884-3516ab14274e&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 4B8C37E1E43343758A7E86E6E9CD33DF Ref B: EWR311000104025 Ref C: 2024-10-02T21:54:53Z Date: Wed, 02 Oct 2024 21:54:53 GMT Connection: close
2024-10-02 21:54:53 UTC	2063	IN	Data Raw: 38 30 38 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 Data Ascii: 808<!DOCTYPE html><html lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equ
2024-10-02 21:54:53 UTC	3369	IN	Data Raw: 64 32 32 0d 0a 74 72 69 62 75 74 65 28 27 63 72 6f 73 73 6f 72 69 67 69 6e 27 2c 20 27 61 6e 6f 6e 79 6d 6f 75 73 27 29 3b 0d 0a 6e 65 77 53 63 72 69 70 74 2e 61 73 79 6e 63 20 3d 20 74 72 75 65 3b 0d 0a 6e 65 77 53 63 72 69 70 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6c 6f 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 28 74 79 70 65 6f 66 20 6d 61 72 6b 50 65 72 66 53 74 61 67 65 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 6d 61 72 6b 50 65 72 66 53 74 61 67 65 28 27 73 75 69 74 65 4e 61 76 53 63 72 69 70 74 41 73 79 6e 63 45 6e 64 27 29 29 3b 20 69 66 20 28 77 69 6e 64 6f 77 2e 65 78 65 63 75 74 65 53 75 69 74 65 4e 61 76 4f 6e 63 65 29 20 7b 20 77 69 6e 64 6f 77 2e 65 78 65 63 75 74 65 53 75 69 74 65 4e 61 76 4f Data Ascii: d22tribute('crossorigin', 'anonymous');newScript.async = true;newScript.addEventListener('load', function() { (typeof markPerfStage === 'function' && markPerfStage('suiteNavScriptAsyncEnd')); if (window.executeSuiteNavOnce) { window.executeSuiteNavO
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 65 2c 20 65 6e 61 62 6c 65 4c 65 67 61 63 79 52 65 73 70 6f 6e 73 69 76 65 42 65 68 61 76 69 6f 72 3a 20 66 61 6c 73 65 2c 20 65 78 70 65 63 74 53 65 61 72 63 68 42 6f 78 53 65 74 74 69 6e 67 73 3a 20 74 72 75 65 2c 20 64 61 72 6b 41 63 63 65 6e 74 3a 20 27 23 38 32 43 37 46 46 27 2c 20 73 68 65 6c 6c 41 75 74 68 50 72 6f 76 69 64 65 72 43 6f 6e 66 69 67 3a 20 7b 20 74 79 70 65 3a 20 27 77 65 62 41 61 64 57 69 74 68 4d 73 61 50 72 6f 78 79 27 2c 20 6c 6f 67 69 6e 5f 48 69 6e 74 3a 20 27 75 72 6e 3a 73 70 6f 3a 61 6e 6f 6e 23 34 34 35 63 66 65 39 38 33 33 31 61 33 36 34 38 35 61 65 66 38 37 33 31 61 31 35 37 30 37 66 34 65 36 66 62 32 64 31 62 62 32 37 64 61 66 35 65 32 31 61 65 38 38 63 63 64 34 61 36 66 34 32 61 27 2c 20 61 70 70 53 69 Data Ascii: 2000e, enableLegacyResponsiveBehavior: false, expectSearchBoxSettings: true, darkAccent: '#82C7FF', shellAuthProviderConfig: { type: 'webAadWithMsaProxy', login_Hint: 'urn:spo:anon#445cfe98331a36485aef8731a15707f4e6fb2d1bb27daf5e21ae88ccd4a6f42a', appSi
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 6f 63 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 52 6f 6f 74 53 69 74 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 72 66 65 64 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 4d 79 53 69 74 65 48 6f 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 72 66 65 64 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 54 65 6e 61 6e 74 41 64 6d 69 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 72 66 65 64 2d 61 64 6d 69 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 50 6f 72 74 61 6c 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 72 66 65 64 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 41 64 64 69 74 69 6f 6e 61 6c 55 72 6c 73 22 3a 5b 5d 7d 5d 2c 22 76 69 65 77 4f 6e 6c 79 45 78 70 65 72 69 65 Data Ascii: 2000ocation":false,"RootSiteUrl":"https://srfed.sharepoint.com/","MySiteHostUrl":"https://srfed-my.sharepoint.com/","TenantAdminUrl":"https://srfed-admin.sharepoint.com/","PortalUrl":"https://srfed.sharepoint.com/","AdditionalUrls":[]}],"viewOnlyExperie
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 38 39 33 44 45 31 30 2d 42 39 37 42 2d 34 36 38 39 2d 41 38 33 43 2d 37 43 31 43 35 30 33 30 44 42 42 31 22 3a 74 72 75 65 2c 22 45 36 38 46 34 44 39 31 2d 34 46 34 35 2d 34 30 33 34 2d 42 30 43 37 2d 45 41 42 41 39 36 46 32 33 43 31 35 22 3a 74 72 75 65 2c 22 38 30 33 44 45 35 30 41 2d 30 44 34 31 2d 34 44 37 43 2d 39 35 31 32 2d 45 37 41 34 41 44 45 37 34 34 33 31 22 3a 74 72 75 65 2c 22 44 43 44 32 45 38 39 46 2d 35 38 44 34 2d 34 37 30 43 2d 38 32 33 39 2d 30 39 37 37 31 33 33 42 38 35 35 37 22 3a 74 72 75 65 2c 22 44 39 42 38 30 41 43 45 2d 44 33 39 41 2d 34 32 46 32 2d 39 39 33 42 2d 30 34 46 33 45 35 41 46 34 31 34 37 22 3a 74 72 75 65 2c 22 35 36 45 45 33 35 30 37 2d 45 44 35 32 2d 34 46 30 38 2d 41 44 43 35 2d 38 30 34 46 41 45 Data Ascii: 2000893DE10-B97B-4689-A83C-7C1C5030DBB1":true,"E68F4D91-4F45-4034-B0C7-EABA96F23C15":true,"803DE50A-0D41-4D7C-9512-E7A4ADE74431":true,"DCD2E89F-58D4-470C-8239-0977133B8557":true,"D9B80ACE-D39A-42F2-993B-04F3E5AF4147":true,"56EE3507-ED52-4F08-ADC5-804FAE
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 36 38 30 44 2d 34 32 31 37 2d 38 30 42 32 2d 37 43 35 30 31 45 41 43 41 44 30 31 22 3a 74 72 75 65 2c 22 31 33 39 37 43 32 39 44 2d 38 32 42 39 2d 34 39 41 30 2d 41 43 37 33 2d 42 42 35 33 45 41 37 34 45 33 36 37 22 3a 74 72 75 65 2c 22 30 30 41 35 34 39 36 39 2d 35 45 41 34 2d 34 30 39 44 2d 39 44 41 30 2d 38 37 34 30 32 39 36 34 35 38 36 45 22 3a 74 72 75 65 2c 22 46 35 43 39 30 30 39 35 2d 43 44 45 43 2d 34 34 37 46 2d 38 38 39 38 2d 45 30 35 38 34 35 37 41 36 44 39 45 22 3a 74 72 75 65 2c 22 42 31 39 33 36 35 35 39 2d 35 38 30 33 2d 31 31 45 45 2d 42 46 30 41 2d 35 34 38 44 35 41 41 46 37 34 35 38 22 3a 74 72 75 65 2c 22 33 36 41 43 31 37 42 44 2d 34 46 32 46 2d 34 36 30 35 2d 42 33 34 43 2d 36 32 39 42 37 39 42 32 30 41 44 38 22 3a Data Ascii: 2000680D-4217-80B2-7C501EACAD01":true,"1397C29D-82B9-49A0-AC73-BB53EA74E367":true,"00A54969-5EA4-409D-9DA0-87402964586E":true,"F5C90095-CDEC-447F-8898-E058457A6D9E":true,"B1936559-5803-11EE-BF0A-548D5AAF7458":true,"36AC17BD-4F2F-4605-B34C-629B79B20AD8":
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 45 2d 41 33 43 38 2d 41 34 35 32 32 43 44 41 43 35 34 43 22 3a 74 72 75 65 2c 22 32 38 30 33 30 41 35 36 2d 39 44 32 44 2d 34 46 39 32 2d 38 41 41 46 2d 43 37 42 38 38 41 41 41 32 33 34 46 22 3a 74 72 75 65 2c 22 34 37 45 42 41 38 44 32 2d 43 34 44 46 2d 34 45 31 46 2d 41 30 46 31 2d 39 41 33 44 43 37 45 36 30 37 34 31 22 3a 74 72 75 65 2c 22 38 36 43 45 37 45 34 37 2d 45 32 43 30 2d 34 46 41 37 2d 39 34 34 44 2d 32 46 43 31 37 36 39 43 30 33 42 44 22 3a 74 72 75 65 2c 22 32 36 44 36 38 41 37 46 2d 35 46 36 42 2d 34 33 41 44 2d 39 42 43 30 2d 35 33 46 35 42 42 39 43 42 43 37 39 22 3a 74 72 75 65 2c 22 42 30 37 39 44 37 36 31 2d 33 41 44 34 2d 34 35 32 31 2d 38 32 31 43 2d 46 33 30 41 39 43 33 41 38 44 34 32 22 3a 74 72 75 65 2c 22 31 30 Data Ascii: 2000E-A3C8-A4522CDAC54C":true,"28030A56-9D2D-4F92-8AAF-C7B88AAA234F":true,"47EBA8D2-C4DF-4E1F-A0F1-9A3DC7E60741":true,"86CE7E47-E2C0-4FA7-944D-2FC1769C03BD":true,"26D68A7F-5F6B-43AD-9BC0-53F5BB9CBC79":true,"B079D761-3AD4-4521-821C-F30A9C3A8D42":true,"10
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 38 31 34 38 32 30 43 33 37 36 46 22 3a 74 72 75 65 2c 22 46 39 43 45 36 34 32 37 2d 30 39 33 35 2d 34 34 31 32 2d 39 41 33 45 2d 42 35 42 31 36 33 31 31 37 43 37 34 22 3a 74 72 75 65 2c 22 44 31 38 31 35 38 45 33 2d 37 35 31 42 2d 34 42 42 32 2d 42 37 33 45 2d 37 36 42 34 46 36 38 32 38 44 31 30 22 3a 74 72 75 65 2c 22 44 39 43 35 30 34 39 31 2d 44 31 34 34 2d 34 34 31 43 2d 42 46 37 34 2d 37 35 41 44 39 42 34 37 39 43 30 41 22 3a 74 72 75 65 2c 22 38 39 41 36 46 42 46 44 2d 45 43 30 35 2d 34 39 42 34 2d 42 36 38 31 2d 42 43 46 36 37 45 45 45 31 37 38 34 22 3a 74 72 75 65 2c 22 44 46 34 36 33 33 35 42 2d 34 35 44 41 2d 34 34 36 41 2d 38 41 31 39 2d 43 32 42 34 44 37 31 43 38 44 35 33 22 3a 74 72 75 65 2c 22 46 43 34 36 42 39 46 32 2d 41 Data Ascii: 2000814820C376F":true,"F9CE6427-0935-4412-9A3E-B5B163117C74":true,"D18158E3-751B-4BB2-B73E-76B4F6828D10":true,"D9C50491-D144-441C-BF74-75AD9B479C0A":true,"89A6FBFD-EC05-49B4-B681-BCF67EEE1784":true,"DF46335B-45DA-446A-8A19-C2B4D71C8D53":true,"FC46B9F2-A
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 32 45 31 22 3a 74 72 75 65 2c 22 36 36 31 43 33 30 42 32 2d 32 43 31 37 2d 34 38 43 36 2d 38 42 44 39 2d 45 32 35 37 45 42 44 37 44 38 42 42 22 3a 74 72 75 65 2c 22 44 39 42 30 39 45 43 43 2d 32 38 38 38 2d 34 35 38 30 2d 41 37 36 30 2d 44 36 41 33 37 36 32 43 33 39 41 46 22 3a 74 72 75 65 2c 22 41 39 43 35 31 37 43 36 2d 41 42 45 36 2d 34 32 31 42 2d 38 35 35 38 2d 39 37 42 46 35 45 36 31 43 44 30 42 22 3a 74 72 75 65 2c 22 46 36 31 45 39 33 32 35 2d 33 36 32 39 2d 34 44 32 42 2d 41 37 33 44 2d 42 44 35 34 32 30 46 30 36 31 34 41 22 3a 74 72 75 65 2c 22 44 32 33 46 32 30 41 32 2d 39 38 37 31 2d 34 37 31 32 2d 41 37 30 44 2d 38 35 33 46 37 46 44 39 46 43 42 42 22 3a 74 72 75 65 2c 22 46 42 37 34 42 39 36 42 2d 35 39 39 32 2d 34 46 37 36 Data Ascii: 20002E1":true,"661C30B2-2C17-48C6-8BD9-E257EBD7D8BB":true,"D9B09ECC-2888-4580-A760-D6A3762C39AF":true,"A9C517C6-ABE6-421B-8558-97BF5E61CD0B":true,"F61E9325-3629-4D2B-A73D-BD5420F0614A":true,"D23F20A2-9871-4712-A70D-853F7FD9FCBB":true,"FB74B96B-5992-4F76
2024-10-02 21:54:53 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 65 2c 22 35 46 36 34 42 44 41 37 2d 44 38 30 46 2d 34 44 33 37 2d 42 30 45 37 2d 36 31 33 34 42 42 35 42 42 38 37 44 22 3a 74 72 75 65 2c 22 31 30 33 41 37 44 33 45 2d 39 32 39 42 2d 34 41 36 35 2d 41 32 45 46 2d 41 46 41 41 41 38 41 30 43 30 44 35 22 3a 74 72 75 65 2c 22 41 31 33 42 36 38 39 38 2d 46 35 38 34 2d 34 38 31 31 2d 41 43 30 42 2d 46 37 44 43 38 43 32 30 31 35 30 30 22 3a 74 72 75 65 2c 22 43 34 41 39 43 45 45 45 2d 32 32 43 33 2d 34 41 45 36 2d 38 43 30 37 2d 33 39 31 45 33 37 44 32 38 41 43 32 22 3a 74 72 75 65 2c 22 39 37 43 36 38 30 35 30 2d 39 37 45 42 2d 34 35 32 38 2d 39 36 45 34 2d 42 35 33 41 32 33 39 38 33 34 39 32 22 3a 74 72 75 65 2c 22 30 38 34 41 41 36 33 37 2d 30 41 39 34 2d 34 31 34 43 2d 42 30 36 44 2d 41 42 Data Ascii: 2000e,"5F64BDA7-D80F-4D37-B0E7-6134BB5BB87D":true,"103A7D3E-929B-4A65-A2EF-AFAAA8A0C0D5":true,"A13B6898-F584-4811-AC0B-F7DC8C201500":true,"C4A9CEEE-22C3-4AE6-8C07-391E37D28AC2":true,"97C68050-97EB-4528-96E4-B53A23983492":true,"084AA637-0A94-414C-B06D-AB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49171	13.107.138.10	443	1020	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:54:54 UTC	1549	OUT	GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1 Host: srfed-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cy [TRUNCATED]
2024-10-02 21:54:54 UTC	3169	IN	HTTP/1.1 200 OK Cache-Control: max-age=600 Transfer-Encoding: chunked Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pa [TRUNCATED] X-NetworkStatistics: 0,4204800,81362,869,4848003,0,4204800,59 X-SharePointHealthScore: 0 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 771656a1-d06f-6000-a9ae-49dde18c0ed5 request-id: 771656a1-d06f-6000-a9ae-49dde18c0ed5 MS-CV: oVYWd2/QAGCprknd4YwO1Q.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=32cb4d1a-0419-4f41-9884-3516ab14274e&destinationEndpoint=Edge-Prod-EWR31r5a&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 8E515AF937304FA5B38B82F1DCE94F04 Ref B: EWR311000102023 Ref C: 2024-10-02T21:54:54Z Date: Wed, 02 Oct 2024 21:54:54 GMT Connection: close
2024-10-02 21:54:54 UTC	168	IN	Data Raw: 61 32 0d 0a 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 20 3d 20 7b 7d 3b 0a 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 65 79 29 20 7b 69 66 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 0d 0a Data Ascii: a2self._perfMarks = {};self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.
2024-10-02 21:54:54 UTC	587	IN	Data Raw: 32 34 34 0d 0a 6e 6f 77 28 29 3b 7d 20 65 6c 73 65 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 7d 20 69 66 20 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 6b 65 79 29 3b 7d 7d 3b 0a 28 74 79 70 65 6f 66 20 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 28 27 69 6d 70 6f 72 74 53 63 72 69 70 74 73 53 74 61 72 74 27 29 29 3b 0a 73 65 6c 66 2e 5f 63 64 6e 42 61 73 Data Ascii: 244now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.performance.mark === 'function') {self.performance.mark(key);}};(typeof self._markPerfStage === 'function' && self._markPerfStage('importScriptsStart'));self._cdnBas
2024-10-02 21:54:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.22	49177	13.107.136.10	443	1020	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:54:55 UTC	1542	OUT	GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1 Host: srfed-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pad2cy [TRUNCATED]
2024-10-02 21:54:55 UTC	3162	IN	HTTP/1.1 200 OK Cache-Control: max-age=600 Transfer-Encoding: chunked Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzQ0NWNmZTk4MzMxYTM2NDg1YWVmODczMWExNTcwN2Y0ZTZmYjJkMWJiMjdkYWY1ZTIxYWU4OGNjZDRhNmY0MmEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNDQ1Y2ZlOTgzMzFhMzY0ODVhZWY4NzMxYTE1NzA3ZjRlNmZiMmQxYmIyN2RhZjVlMjFhZTg4Y2NkNGE2ZjQyYSwxMzM3MjM3OTk5MzAwMDAwMDAsMCwxMzM3MjQ2NjA5MzIxMjE5NDksMC4wLjAuMCwyNTgsMzJjYjRkMWEtMDQxOS00ZjQxLTk4ODQtMzUxNmFiMTQyNzRlLCwsNzYxNjU2YTEtMDBmZi02MDAwLTdhM2UtNDIyMDc2NjgzYWMwLDc2MTY1NmExLTAwZmYtNjAwMC03YTNlLTQyMjA3NjY4M2FjMCw1NnkvUDU4emwwR1NoeGY0RkNNTEpnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM4MDksMnFReWNaSEk2dW8zUGxjX3B3OEY5UThaTHQ0LEhrZXMzajlPekV3bHZUVnJPaW11akZGWFNkMUdZK1FkS091SlhlN01oTnIxSURSdVdiRkF1VzdsSWZXd0NmakROVEhhZFFFelJWNjN6TGwxeksrcHV2eVRBV0JLamNHTlQ2aXJadXRRYWlpOVJNTDNjRnhDU29DcDZmRklMWmNyM0cvdWJRaHZVQ09SMFlrNHkvMkF0cSsvdzErZGcvUlNJUktzMDZ3N0NBT2IzREh5S0E5cTJsekRVYnJFSk15VVMvVUF0aG9COXU1SmJUYnRUVDJidEtvTmx0ZmFaWjBPTURnS2pJbG4xL2xCM1VERTArZ2pa [TRUNCATED] X-NetworkStatistics: 0,525568,0,61,4414744,0,525568,59 X-SharePointHealthScore: 2 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 771656a1-60a6-6000-7cc7-f8572404394b request-id: 771656a1-60a6-6000-7cc7-f8572404394b MS-CV: oVYWd6ZgAGB8x/hXJAQ5Sw.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=32cb4d1a-0419-4f41-9884-3516ab14274e&destinationEndpoint=Edge-Prod-EWR31r5a&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25311 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: D7D9C79BF0964B71BCBD608CA86A134D Ref B: EWR311000102049 Ref C: 2024-10-02T21:54:55Z Date: Wed, 02 Oct 2024 21:54:55 GMT Connection: close
2024-10-02 21:54:55 UTC	749	IN	Data Raw: 32 65 36 0d 0a 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 20 3d 20 7b 7d 3b 0a 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 65 79 29 20 7b 69 66 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 7d 20 65 6c 73 65 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 7d 20 69 66 20 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f Data Ascii: 2e6self._perfMarks = {};self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.perfo
2024-10-02 21:54:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1456, Parent PID: 1196

General

Target ID:	0
Start time:	17:54:48
Start date:	02/10/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13fcf0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1020, Parent PID: 1456

General

Target ID:	1
Start time:	17:54:49
Start date:	02/10/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1072,i,8817321110583036791,13478569038220876855,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13fcf0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 236, Parent PID: 1196

General

Target ID:	4
Start time:	17:54:51
Start date:	02/10/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9"
Imagebase:	0x13fcf0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1456, Parent PID: 1196

General

Chronological Activities

Analysis Process: chrome.exePID: 1020, Parent PID: 1456

General

Windows Analysis Report
https://srfed-my.sharepoint.com/:f:/p/paul_scace/EtC5e2XquN9Fp0K3Sw7IAUsB1jH11BqdCOET9BKLSlV1Tw?e=jPSkP9