Windows Analysis Report
ES Ny kontraktsrunda.msg

Overview

General Information

Sample name:	ES Ny kontraktsrunda.msg
Analysis ID:	1541920
MD5:	5cf8421f409a9f4641a37349ed8f5864
SHA1:	23e2cb1b2031efcadd2124fccea0fe57323959bd
SHA256:	9f792176d7044c9fa161451966228bc66dee1c8d056997892d4970e2ff5c081c
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected potential phishing Email

HTML page contains obfuscated javascript

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://onedrive.live.com/view?id=A2C259BD24DEB977!1517&resid=A2C259BD24DEB977!1517&authkey=!AMV6sdjMIZf95vs&wd=target(Quick%20Notes.one|8266a05f-045a-4cc0-bddc-4debc90069bb/Notera%20H6TYD9J4rDFDFECZC-HUYW|a949d04d-b4e2-4509-b99f-d04546199b7b/)&wdorigin=NavigationUrl&wdo=2&cid=a2c259bd24deb977

SlashNext: Label: Credential Stealing type: Phishing & Social usering

Phishing

HTML page contains obfuscated javascript

Source: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570

HTTP Parser: var a0_0x22cba3=a0_0x162c;(function(_0x5c042f,_0x45a19d){var _0x1b09f4=a0_0x162c,_0x51e88f=_0x

HTML body contains low number of good links

Source: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/

HTTP Parser: Number of links: 0

HTML body with high number of embedded images detected

Source: https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl

HTTP Parser: Total embedded image size: 17286

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: {"version":3,"sources":["webpack://./../owl-service/lib/types/defaultStyles.module.scss"],"names":[],"mappings":"AAAA,sBACE,YAAA,CACA,UAAA,CACA,iBAAA,CACA,KAAA,CACA,MAAA,CACA,wBAAA,CACA,UAAA,CACA,SAAA","sourcesContent":[".page-overlay__background {\n hei...

HTML title does not match URL

Source: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/

HTTP Parser: No <meta name="author".. found

Source: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49729 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49778 version: TLS 1.2

Source:	Binary string: B.interval),this.pDb=!0,this.khe=new Date,so.show(Yc.a.eci),Jk.tSe()))}eo(B,X,sa){Array.add(this.bR,new Bv.a(!0,B,X,sa));zc.App.hv.MS()}forceOutbound(){}bYa(){return 4!==this._state}QJa(){1===this._state?this.$0a():this.ic&&2===this.ic.status&&(this.BZ(),this.gO.execute(B=>{B.wbb();B.uja();B.DUa()}))}get buf(){return!0}$0a(){var B=this.Jb.fileId?In.a.fmd(this.Jb.ei,"",this.Jb.km):In.a.fmd(wb.AFrameworkApplication.uo,zc.App.vgb,null),X=wb.AFrameworkApplication.J;B.ForceTransform=Ce.WoncaApp.xpc;B.IsNewFile= source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: "RetryOnFailure";break;case 0:wb.AFrameworkApplication.oja.RetryReason="None";break;case 4:wb.AFrameworkApplication.oja.RetryReason="RedirectedClusterOnServer"}}gBf(){wb.AFrameworkApplication.oja.RetryStartTime=0<this.Acc?this.nCe.getTime():0;wb.AFrameworkApplication.oja.RetryCountWhileParsing=this.Acc;this.ufi(this.d9a);this.a_i()}a_i(){this.Acc=this.d9a=0}fv(B){this._state=4;B\|\|this.pDb\|\|Jk.tSe()}Mc(B,X,sa,La,eb,lb,Nb,fc=!1){wb.AFrameworkApplication.oja.BootFailed=!0;var mc={};mc.ErrorCode=B;mc.Message= source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: !1;let va=0;ca.FW&&(pa=ca.ZA.Cla(V));this.UVf(V,xa,!1);var ra=V.cpBegin;V=V.node;this.ajj(la.a.Fe(V,ra+1));xa=V.pdb(ra);Ka=Ka(xa);xa.blob=Ka;if(ca.YHd&&6===xa.blob.zj){if(0<ra){const wa=V.Ba;va=wa.uXa(ra);0<=va-1&&(ra=wa.K(va-1),xa.$a=new ua.a(xa,ra.$a?ra.$a.fi:u.a.nil),!ca.FW&&ra.hyperlink&&this.Qe.cG(xa.$a))}ca.FW&&(pa?xa.Yk&&(xa.Yk=!1,V.Ba.K(va+1).Yk=!0):xa.$a&&xa.$a.cache.Xr&&this.Qe.cG(xa.$a))}if(D.a.instance.K(57))for(V.lq(),pa=Ka.v8,xa.$a&&pa--,V.wordRunProperties.JYa(Math.max(0,Ka.ef-1),2, source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: this.ow.YD&&(ae.a.instance.K(58)&&this.yQ!==B.Cells.length-1&&(La.yb.enabled=0),this.j$f(La),this.ow=null,this.yQ++);sa=Jk.v9f(X.getTime());1>sa&&(sa=1);if(this.ow\|\|Jk.Xfa(sa)){this.gX+=sa;B=wb.AFrameworkApplication.J.vb("MaxBootDeserializationTimeInMs",0);if(0<B&&this.gX>B)return this.Mc(Yc.a.pzf,CommonUiStrings.CannotOpenFile,!1,!0,!1,null,null),this.Aw.dispose(),!1;this.setActive();return!1}}return!0}pFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm))this.hhh();else{var B= source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: case 2:a=Ed.a.Hib}return this.Jj.ja(a,0)}j9i(a){this.Jj.setValue(qs.uRd,a);this.xM()}Hhb(){return this.Jj.ja(qs.uRd,!1)}S3h(){return this.Jj.Oa(qs.uRd)}$2h(){return gc.a.instance.K(13)?this.Jj.Oa(ec.a.Yr)\|\|this.Jj.Oa(Ed.a.Gib)\|\|this.Jj.Oa(Ed.a.Hib):this.Jj.Oa(ec.a.Yr)}xM(){if(ca.a.Mob){var a=Gf.a.instance.Na.Ra.Ga,c=a.node;if(c===this.Maa)this.Maa.rm(16,!0);else{this.Maa=c;c=this.Maa.Ofa();try{this.Maa.pdb(a.cpBegin).UY=!0}finally{c&&c.dispose()}}}}IVi(){if(ca.a.Mob&&this.Maa){var a=0,c=this.Maa.Ofa(); source: chromecache_303.7.dr, chromecache_371.7.dr
Source:	Binary string: sa,La,eb,lb,Nb,fc=null,mc=null,$c=0){super();this.nCe=this.khe=this.aF=this.vi=this.rx=this.nX=this.qh=this.Aw=null;this.gX=this.yQ=0;this.ow=null;this.bR=[];this.Jpe=null;this.d9a=this.Acc=0;this.pDb=this.Fpe=!1;this.pBa=null;this.lia=0;this.va=new hh.a;this.vS=null;this.Jb=B;this.aha=X;this.Ia=sa;this.gO=La;this.Ir=eb;this.S5b=fc;this.cac=Nb;zc.App.hv.register(this);this.bob=!0;this.iU="GraphSpaceRootReplicator";lb&&""!==lb&&(this.iU+="_"+lb);0<$c&&(mc\|\|(mc=zf.TaskManager.instance),mc.Fb(new Zc.a(3, source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: BE=H(63763);class Iv{constructor(b){this.fc=b;this.tXc=new Hv.a}qgc(b,e,m,I,U=null,ka=null,Ia=null){b=b.pdb(e);b.li\|\|(b.li=new AE.a(b));b.li.add(new pr(b,m,I,U,ka,Ia));b.isFromErrorRangeSplit=!0}GUf(b){return b.oc&&b.oc.li&&b.oc.li.lXb(e=>e===b,[b.type])?!0:!1}FVi(b,e){if(b.type===e.type&&b.te&&!e.te&&b.oc&&b.oc.li&&b.oc.li.contains(b)&&e.oc&&e.oc.li&&e.oc.li.contains(e)){var m=[b.type];b.oc.li.lXb(I=>I===b,m);e.oc.li.lXb(I=>I===e,m)}}Wyj(b,e,m){if(!e)return!1;m=new Tz.a([m]);for(let I=0;I<b.length;I++){const U= source: chromecache_273.7.dr
Source:	Binary string: 1,1E3*$c,vd=>{this.uDg(vd)},132)))}get IBd(){return this.Jpe\|\|(this.Jpe=ib.a.instance.resolve("Wonca.IGraphSpaceRootReplicatorErrorHandler"))}dIg(B){this.va.addHandler(Jk.nwd,B)}get O1(){return 4===this._state?super.O1:1}get eK(){return this.iU}uDg(B){4===this._state\|\|this.pDb\|\|(this.qh?vb.ULS.sendTraceTag(41821144,338,15,"GetCells still processing response when abort call came after {0} ms. Not aborting.",B.interval):(vb.ULS.sendTraceTag(41821145,338,15,"GetCells aborting boot after it did not complete in {0} ms.", source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: X);fr.a.UDb("InitializeLocalCobalt",B.InitializeLocalCobaltStartTime,B.InitializeLocalCobaltEndTime,X);this.Ir.Ac("ServerData",X)}}BZ(){wb.AFrameworkApplication.J.Z("RefactorParseServerResponseIsEnabled")?this.pFi():this.oFi()}oFi(){if(this.pDb)this.KAf();else if(2!==this.ic.statusCode\|\|Yo.a.Fva(this.ic.Qm)){if(!(wb.AFrameworkApplication.Uf\|\|ae.a.instance.K(58)&&zc.App.GIf)){var B={["RetryCount"]:this.lia,["StatusCode"]:this.ic.statusCode,["HttpStatus"]:this.ic.httpStatusCode.toString(),["HasResponseObjects"]:!Yo.a.Fva(this.ic.Qm)}; source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: sa,2,fc),$c.hyperlink=null,eb=mc,La=!0;else if(La&&$c.Yk){this.Ind(B,$c,sa,2,fc);$c.Yk=!1;lb=$c.cp;Nb=mc;break}La&&$c.$a&&this.Cc.cG($c.$a)}sa=ad.ParagraphReader.text(B).substring(X.oc.cp,lb);this.fc.replaceTextRange(bi.a.createTextRange(B,X.oc.cp,lb),sa,!0,!1);for(X=eb;X<=Nb;)eb=B.Ba.K(X++),lb=B.pdb(eb.cp+sa.length),eb.$a&&(lb.$a=eb.$a.ld(lb));B.lq()}flc(B,X,sa){sa.wordRunProperties.Euc(X?B-1:B,2);ae.a.instance.K(57)&&(sa.wordRunProperties.EP.W(B,Nk.CharacterPropertiesEditor.u8),sa.wordRunProperties.yZ.W(B, source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: this.i3f(ha);da.a.Keb().then(ia=>{ia.update(ha);return null})}i3f(ha){const {AFrameworkApplication:ia}=d(40343);this.nVc=ha;if(ia.fa){ia.Hmc();ia.fa.lJ(!1);const Y={};Y.activeDivZIndex=ia.fa.dY;ha.dialogHostProperties=Y}ha.dialogButtonsOption=void 0!==ha.dialogButtonsOption&&null!==ha.dialogButtonsOption?ha.dialogButtonsOption:this.lc;ha=this.PDb(1,ha);ha=this.PDb(2,ha);ha=this.PDb(3,ha);ha=this.PDb(4,ha);ha=this.PDb(0,ha);ha.defaultExecutionButton=ha.defaultExecutionButton\|\|this.c6a;ha.hideCloseButton= source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: Ga):Va.end<hb.end?Ga++:r++}return R}mJe(r,R){let ja=!1;for(const Ga of R){R=Ga.errorDetails;ja=1===R.proofingType\|\|ja;let Va=r.pdb(Ga.begin);Va.Sm=new Jd(Va,R);Va.isFromErrorRangeSplit=!0;Va=r.pdb(Ga.end);Va.UJ=!0;Va.isFromErrorRangeSplit=!0}ja&&(r.SPb=!1)}uUf(r,R){if(!Lf.a.fh(R)){r=r.Ba;for(const ja of R){R=r.Cz(ja.begin);const Ga=r.Cz(ja.end);R&&R.Sm&&Ga&&Ga.UJ?(R.Sm=null,Ga.UJ=!1):(R=String.format("Could not find and remove ErrorRange from CHPs. Cp Begin: {0}, Cp End: {1}",ja.begin,ja.end),la.ULS.sendTraceTag(37532355, source: chromecache_238.7.dr, chromecache_288.7.dr
Source:	Binary string: rb,Mb){2===Mb&&this.BM(!0,"OnDictationTimeout");return 32}Q9f(){this.uCb\|\|(this.uCb=!0,this.lw.isVisible()?(this.snc("RibbonClicked"),this.uCb=!1):this.showFloatie(),this.yNc())}showFloatie(Wa=!0){na.ULS.sendTraceTag(573190859,394,50,"Show dictation floatie triggered");this.lw.showFloatie((new S.a(this.Wb.KA)).displayName).then(()=>{this.i6a&&(this.i6a.aLc(),this.Wb.dSb=new Date,this.Wb.Pdb\|\|(this.Wb.Pdb=new Date));0===this.IG.Dz()&&(Wa?this.QKa():this.lw&&this.lw.vHf(),this.uCb=!1);this.Wb.$Pb&& source: chromecache_273.7.dr
Source:	Binary string: void 0!==this.Wb.Pdb&&null!==this.Wb.Pdb&&Array.add(this.qf.dataFields,{name:"FirstSeen",string:this.Wb.Pdb.toISOString()});void 0!==this.Wb.dSb&&null!==this.Wb.dSb&&Array.add(this.qf.dataFields,{name:"LastSeen",string:this.Wb.dSb.toISOString()})}onFinalResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Qbd+=b;this.J3c<b&&(this.J3c=b);this.Y3c>b&&(this.Y3c=b)}onPartialResultAnnotationResponse(b,e,m){b=b+this.xUc-(this.Q7c+(e+m)/1E4);this.Tbd+=b;this.M3c<b&&(this.M3c=b);this.Z3c> source: chromecache_273.7.dr

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.6:49734 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: klickskydd.skolverket.org to https://onedrive.live.com/redir?resid=a2c259bd24deb977%211517&authkey=%21amv6sdjmizf95vs&page=view&wd=target%28quick%20notes.one%7c8266a05f-045a-4cc0-bddc-4debc90069bb%2fnotera%20h6tyd9j4rdfdfeczc-huyw%7ca949d04d-b4e2-4509-b99f-d04546199b7b%2f%29&wdorigin=navigationurl

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 13.107.246.45 13.107.246.45

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49729 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AguaVUDH4zt5r+x&MD=MMg9cB1M HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0 HTTP/1.1Host: klickskydd.skolverket.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /view?id=A2C259BD24DEB977!1517&resid=A2C259BD24DEB977!1517&authkey=!AMV6sdjMIZf95vs&wd=target(Quick%20Notes.one\|8266a05f-045a-4cc0-bddc-4debc90069bb/Notera%20H6TYD9J4rDFDFECZC-HUYW\|a949d04d-b4e2-4509-b99f-d04546199b7b/)&wdorigin=NavigationUrl&wdo=2&cid=a2c259bd24deb977 HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: E=P:A1sbos303Ig=:cyqkCMhgkSbeP1NVwcHAlwvIAaSybJ0zcUMlx1A95ss=:F; xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; xidseq=1
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AguaVUDH4zt5r+x&MD=MMg9cB1M HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/null&DataUrlEnabled=true HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF00017C99X-OfficeVersion: 16.0.18214.41004X-Key: JET8TXCUqtsIdxzH7JR+8AxZAV8tHKhwZjWok0HNi3U=;WP9oBPW/wQjBzAXFqEEnFB3ZDLJg8dixW8eGJaFRJyU=,638654411289687050X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-AccessToken: 4wjPhHBH0nlrBlym7f9uthso4F76PCTqyS4r1pC4F1k2k4GF3Khv6wB6Vc2ffRC0MzJIk3jHvdlqjmLIFmNLJXioIwgEvef6Q4qerGUxvsuiZZWpcOIoZaVJKXqZbF6u0A4aB9QLt3B58m7U4CtXAmCwX-UserSessionId: d792bec9-feb6-4b93-b8c3-d25b567b0fc4X-AccessTokenTtl: 1730017122364sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: PUS11Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=iOKNGkkbsUOppGAVudDD%2FQ.0.13.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2FA2C259BD24DEB977!1517&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=onedrivecom&dchat=1&mscc=1&wdhostclicktime=1729844316523&jsapi=1&jsapiver=v1&newsession=1&corrid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&uihit=editaspx&muv=1&wdredirectionreason=Force_SingleStepBootAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic	HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=educationuser&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffolders%2FA2C259BD24DEB977%211517&access_token=4wjPhHBH0nlrBlym7f9uthso4F76PCTqyS4r1pC4F1k2k4GF3Khv6wB6Vc2ffRC0MzJIk3jHvdlqjmLIFmNLJXioIwgEvef6Q4qerGUxvsuiZZWpcOIoZaVJKXqZbF6u0A4aB9QLt3B58m7U4CtXAmCw&access_token_ttl=1730017122364 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/error/error.html?aspxerrorpath=/o/null&DataUrlEnabled=true HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF00017C99X-OfficeVersion: 16.0.18214.41004X-Key: JET8TXCUqtsIdxzH7JR+8AxZAV8tHKhwZjWok0HNi3U=;WP9oBPW/wQjBzAXFqEEnFB3ZDLJg8dixW8eGJaFRJyU=,638654411289687050X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-AccessToken: 4wjPhHBH0nlrBlym7f9uthso4F76PCTqyS4r1pC4F1k2k4GF3Khv6wB6Vc2ffRC0MzJIk3jHvdlqjmLIFmNLJXioIwgEvef6Q4qerGUxvsuiZZWpcOIoZaVJKXqZbF6u0A4aB9QLt3B58m7U4CtXAmCwX-UserSessionId: d792bec9-feb6-4b93-b8c3-d25b567b0fc4X-AccessTokenTtl: 1730017122364sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: PUS11Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=iOKNGkkbsUOppGAVudDD%2FQ.0.13.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2FA2C259BD24DEB977!1517&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=onedrivecom&dchat=1&mscc=1&wdhostclicktime=1729844316523&jsapi=1&jsapiver=v1&newsession=1&corrid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&uihit=editaspx&muv=1&wdredirectionreason=Force_SingleStepBootAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/error/error.html?aspxerrorpath=/o/null&DataUrlEnabled=true HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=iOKNGkkbsUOppGAVudDD%2FQ.0.13.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2FA2C259BD24DEB977!1517&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=onedrivecom&dchat=1&mscc=1&wdhostclicktime=1729844316523&jsapi=1&jsapiver=v1&newsession=1&corrid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&uihit=editaspx&muv=1&wdredirectionreason=Force_SingleStepBootAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic	HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&build=16.0.18214.41004&waccluster=PUS11 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; ShCLSessionID=1729844349229_0.9147422252239774
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/style.css HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffolders%2FA2C259BD24DEB977%211517&access_token=4wjPhHBH0nlrBlym7f9uthso4F76PCTqyS4r1pC4F1k2k4GF3Khv6wB6Vc2ffRC0MzJIk3jHvdlqjmLIFmNLJXioIwgEvef6Q4qerGUxvsuiZZWpcOIoZaVJKXqZbF6u0A4aB9QLt3B58m7U4CtXAmCw&access_token_ttl=1730017122364 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"haep: 3X-WacFrontEnd: SN3PEPF00017C99X-UserSessionId: d792bec9-feb6-4b93-b8c3-d25b567b0fc4sec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.18214.41004X-Key: JET8TXCUqtsIdxzH7JR+8AxZAV8tHKhwZjWok0HNi3U=;WP9oBPW/wQjBzAXFqEEnFB3ZDLJg8dixW8eGJaFRJyU=,638654411289687050X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: PUS11sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=iOKNGkkbsUOppGAVudDD%2FQ.0.13.0&wopisrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffolders%2FA2C259BD24DEB977!1517&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl&wdo=2&sc=host%3D%26qt%3DDefault&wdp=7&uih=onedrivecom&dchat=1&mscc=1&wdhostclicktime=1729844316523&jsapi=1&jsapiver=v1&newsession=1&corrid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&uihit=editaspx&muv=1&wdredirectionreason=Force_SingleStepBootAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; ShCLSessionID=1729844349229_0.9147422252239774
Source: global traffic	HTTP traffic detected: GET /oa/WacOAuth.aspx?replyUrl=https://onenote.officeapps.live.com&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&WacUserType=WOPI&sv=1&msalv3=1 HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&build= HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://onedrive.live.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c7f0395d4869&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&build= HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; ShCLSessionID=1729844349229_0.9147422252239774
Source: global traffic	HTTP traffic detected: GET /officeaddins/learningtools/?et= HTTP/1.1Host: www.onenote.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c7f0395d4869&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/office.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d80c7f0395d4869/1729844361920/700c4f3314d211d47b57a4101d6055ffa87d1ba8a06e1a345d238d93c9a7557b/enOZeqjBY10f4Q5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1257061762:1729843921:fbetIUB4PuBaj-kpOjWFbuBAII6sbImkf8piHbMmomo/8d80c7f0395d4869/cTFwOuSISxbtYcMvZEUKJJnLRaY.ZD5rDwTw.SAnFCg-1729844359-1.1.1.1-fUYaKlgVy1ZLFNTQN5NUiuOBDXdkFBVNFgmhytd.JzVDQuIcSEwOfsMH_jM1N0Sx HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/office.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=439a9db6924e4548b0f168f264a87318&HASH=439a&LV=202410&V=4&LU=1729844330519; MS0=e0191ec7c24143ff81af173b9243da2a
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c7f0395d4869/1729844361925/ULcuuj9FzFMW5qZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /oa/WacOauth.aspx/LogLoadScriptResult HTTP/1.1Host: oauth.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/onenote-web-16.00.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/en-us/office_strings.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c7f0395d4869/1729844361925/ULcuuj9FzFMW5qZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/en-us/office_strings.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=439a9db6924e4548b0f168f264a87318&HASH=439a&LV=202410&V=4&LU=1729844330519; MS0=e0191ec7c24143ff81af173b9243da2a
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1257061762:1729843921:fbetIUB4PuBaj-kpOjWFbuBAII6sbImkf8piHbMmomo/8d80c7f0395d4869/cTFwOuSISxbtYcMvZEUKJJnLRaY.ZD5rDwTw.SAnFCg-1729844359-1.1.1.1-fUYaKlgVy1ZLFNTQN5NUiuOBDXdkFBVNFgmhytd.JzVDQuIcSEwOfsMH_jM1N0Sx HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/onenote-web-16.00.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=439a9db6924e4548b0f168f264a87318&HASH=439a&LV=202410&V=4&LU=1729844330519; MS0=e0191ec7c24143ff81af173b9243da2a
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/telemetry/oteljs_agave.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.onenote.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c836df1d4755&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lib/1.1/hosted/telemetry/oteljs_agave.js HTTP/1.1Host: appsforoffice.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=439a9db6924e4548b0f168f264a87318&HASH=439a&LV=202410&V=4&LU=1729844330519; MS0=e0191ec7c24143ff81af173b9243da2a
Source: global traffic	HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c836df1d4755&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d80c836df1d4755/1729844374085/dd70a4917b8df5aa0f8fde3cc43b14e01801363e54111349f82858020690aefb/Z1X90KRZrnO15Jo HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/108716333:1729840349:MNYBExQDb_OXX_5iH2pcoBn0kfPmYx9lZzGMR5dM-_8/8d80c836df1d4755/9gYrRX4_mXpfUfGJwMvbjMQte_yveaXpVkV1gwBL9hE-1729844371-1.1.1.1-FgoDOVBzJ9Zg_wZBd.4sezGSL36I5k5yYE.sz7BKlYBGbC6llPM6FNeK1RDPoRlf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c836df1d4755/1729844374089/DckShhWThQsvEsd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c836df1d4755/1729844374089/DckShhWThQsvEsd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/108716333:1729840349:MNYBExQDb_OXX_5iH2pcoBn0kfPmYx9lZzGMR5dM-_8/8d80c836df1d4755/9gYrRX4_mXpfUfGJwMvbjMQte_yveaXpVkV1gwBL9hE-1729844371-1.1.1.1-FgoDOVBzJ9Zg_wZBd.4sezGSL36I5k5yYE.sz7BKlYBGbC6llPM6FNeK1RDPoRlf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4&build=16.0.18214.41004&waccluster=PUS11 HTTP/1.1Host: onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=; ShCLSessionID=1729844349229_0.9147422252239774
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c89969212cc4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c89969212cc4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/288705193:1729840334:sRaDFh_5wkaOFbDBegsq3qEaLLwQYyThGHzWC0p4_to/8d80c89969212cc4/sIwbR4kBQDnaOJQEIVh2GB..IZQF0KK8gwzwcgRDIJM-1729844386-1.1.1.1-OYgRsaQSLA6VjeCKhAF0wLFFKh4DbyPv1snTWMDTpeEUztZhjph5MsUGvika6RH_ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c89969212cc4/1729844388924/rSvfPn8XhGh_Nsi HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c89969212cc4/1729844388924/rSvfPn8XhGh_Nsi HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d80c89969212cc4/1729844388929/5eadf65b7d473da6d458a8220ab69f9d3a7ee284b0248a8c799226ec83abc5f1/bVBT0grcB4evuz1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/288705193:1729840334:sRaDFh_5wkaOFbDBegsq3qEaLLwQYyThGHzWC0p4_to/8d80c89969212cc4/sIwbR4kBQDnaOJQEIVh2GB..IZQF0KK8gwzwcgRDIJM-1729844386-1.1.1.1-OYgRsaQSLA6VjeCKhAF0wLFFKh4DbyPv1snTWMDTpeEUztZhjph5MsUGvika6RH_ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.18214.41004&waccluster=PUS11&usid=d792bec9-feb6-4b93-b8c3-d25b567b0fc4 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=d8a72812-8574-4087-b953-5899e368a601&&ODSP-ODWEB-ODCF&345; E=P:Jiauos303Ig=:LuVpPK++Xqsv74IVHxbXnQE1KLbazIMsA91EvApP2Vc=:F; xidseq=2; wla42=
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c8d89fe42e6c&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c8d89fe42e6c&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1954702431:1729840526:lxWgwBVacrfPgN4BGZrmhPGM6SZGVVCL-6CofhKI-F8/8d80c8d89fe42e6c/sGFNgZYAe5uZRUHcJH.HG1GYudzMM6S9a_B5vHftWOs-1729844396-1.1.1.1-O7jpRdwhk8XXkKKru9Jx5RvmC78MpNpUzinWlkzgNoD8o42Wmvey1QhvpzLPqyt0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d80c8d89fe42e6c/1729844400481/32016c076dea6cba5de731f260bbe8772a2767f25e2623355dccd2e02a5bd427/DYlyp4xSuaGJmfa HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c8d89fe42e6c/1729844400485/hwBDZeVNXBV8bI8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zpfpa/0x4AAAAAAAyWJLKajdsL6TRH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d80c8d89fe42e6c/1729844400485/hwBDZeVNXBV8bI8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1954702431:1729840526:lxWgwBVacrfPgN4BGZrmhPGM6SZGVVCL-6CofhKI-F8/8d80c8d89fe42e6c/sGFNgZYAe5uZRUHcJH.HG1GYudzMM6S9a_B5vHftWOs-1729844396-1.1.1.1-O7jpRdwhk8XXkKKru9Jx5RvmC78MpNpUzinWlkzgNoD8o42Wmvey1QhvpzLPqyt0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1954702431:1729840526:lxWgwBVacrfPgN4BGZrmhPGM6SZGVVCL-6CofhKI-F8/8d80c8d89fe42e6c/sGFNgZYAe5uZRUHcJH.HG1GYudzMM6S9a_B5vHftWOs-1729844396-1.1.1.1-O7jpRdwhk8XXkKKru9Jx5RvmC78MpNpUzinWlkzgNoD8o42Wmvey1QhvpzLPqyt0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/rc/8d80c8d89fe42e6c HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /aHBkb0tkTlVXdFZtMnJhrobotaHBkb0tkTlVXdFZtMnJh HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET /&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /js___/671b54c597db9-df9266ed069883385b9ae264cbaeed5e HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /b_/671b54c597dcb-df9266ed069883385b9ae264cbaeed5e HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /js_/671b54c597dcc-df9266ed069883385b9ae264cbaeed5e HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /js_/671b54c597dcc-df9266ed069883385b9ae264cbaeed5e HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET /js___/671b54c597db9-df9266ed069883385b9ae264cbaeed5e HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET /b_/671b54c597dcb-df9266ed069883385b9ae264cbaeed5e HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET /homefbb248dcd1c4bc69ef98638dad6c7831 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /css_/Zo2YFg5bgdpMLsD HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /sig/3e4580d2e29f2b293129b8831ce74f87671b54c920c23 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /homefbb248dcd1c4bc69ef98638dad6c7831 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c
Source: global traffic	HTTP traffic detected: GET /2svg/K14fhQc0UDRomo9 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /fav/ktnax9Oo2WVDAz8 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /logo_/56HKsrFDvmfPbCa HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He
Source: global traffic	HTTP traffic detected: GET /logo_/3e4580d2e29f2b293129b8831ce74f87671b54c920bc3 HTTP/1.1Host: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=c147e9980a1d72d62d70c44c4c0e984c; cf_clearance=9Zd6xGiJaXgzmDGoA9fkBzXIza3PQQRM.C5pdMXbtxI-1729844413-1.2.1.1-4k_vy4QSp_yO9.Yn8seiiKgNmKLQk7xeUzrrDnXVFPT5HesB0BYTBeopvPzGt4LojXkColg7VEMftk75N_YwUjEaFYRxSQ6.2lzI7AhwzJjtb7mzIQQb64YkRRxgObgLi4wz5i8KSAXWWevktQXED_oQtt1ot6rKG38RKres6fBnTzOWm2cQYBuShYWedAJ0oWgN8ud1L0df0cQeBY8GqNed9QUxULLLn4IMP3k_FgTs_3BlBjTDHMJwSxIolrIGkrSHaG5y4zKEfDThlgOqgbYyu362g6haTMWSrplJy7PksfrAXEuvsjem9iizzs02MUr6LKFhYixb1xx5rkdshkDi0AMhNg8ntNb9mJbH5AZgCT4oyOiMvR.UVsKpcnhOfIjKxtSjRUx0nOy1VyxjIJdE.n4CGm_bW72zt4oftx5v4RWH5UH9rHcIm6TfR4He

Source: global traffic	DNS traffic detected: DNS query: klickskydd.skolverket.org
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: westeurope-pd02.augloop.office.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1

Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 42a1fd65-8e78-4f43-ad5e-9dbd38de295dX-UserSessionId: 42a1fd65-8e78-4f43-ad5e-9dbd38de295dStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF00017C7AX-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS11X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: SN3PEPF00017C7AX-WacFrontEnd: SN3PEPF00017C7AX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wordslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 9FEE3EFAA8954EBA9B4CD1288B815D2D Ref B: DFW311000110009 Ref C: 2024-10-25T08:18:56ZDate: Fri, 25 Oct 2024 08:18:55 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: privateContent-Length: 1233Content-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: cfe276ce-d619-43b4-982b-45e05346a1ddX-UserSessionId: d792bec9-feb6-4b93-b8c3-d25b567b0fc4Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF00017C89X-OfficeVersion: 16.0.18214.41004X-OfficeCluster: PUS11X-Partitioning-Enabled: trueX-OFFICEFD: SN3PEPF00017C89X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_visioslice_control,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 56F23CCEFD2241EB9F13FFA8295EA540 Ref B: DFW311000105033 Ref C: 2024-10-25T08:19:17ZDate: Fri, 25 Oct 2024 08:19:18 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:19:23 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: t/V0R40PmMRXGhfr2w3ioIj/geI88NU5muU=$Etuo2Hh7Q9HlZCmuServer: cloudflareCF-RAY: 8d80c8098a70e936-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:19:28 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: TJgRXWWpxSlIdXZePR7+//z01rP9B0c99dc=$MLhGsuQM68pVrxmQcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d80c82a1c066c3b-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:19:37 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 54c33tPiLoChdXbd3mWRuWhwODiu4vOF+/4=$ZlMmlMNTixK/Fcnfcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d80c85f1d2f3ab0-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:19:40 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: /Z6OZfwF1jHConzM11wLjpz15aZPdkbwlD0=$e7feoJrZYWzft95IServer: cloudflareCF-RAY: 8d80c87439a14785-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:19:50 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: H0TkmjSeREr+O825xbmkXqPxX7wqcoB2ZcM=$6xAHYS/ML5S5qk6aServer: cloudflareCF-RAY: 8d80c8ae7b3ae591-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:19:53 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: JvXK3HwNGpCFynXg3n7yrYM5S3OV1NcKjvk=$d6xyMbpaNsBrdfW7cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d80c8c5ef376b49-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:20:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: bEg/cLjm9pR32H8u/dntOT+588V7KYYUnbg=$U9WNyFpqdxObjdAXServer: cloudflareCF-RAY: 8d80c8f94aa2e542-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:20:06 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: u9npBMOQZ3JficqT3C0AsC9FWtTUoxMkf0s=$xVDq4DwBJ0MvOyePServer: cloudflareCF-RAY: 8d80c9139e7f4757-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:20:12 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: MQNJxYMqMjZPR7TT8vXH6HcVMset+LXnvu0=$PAsngbybJPKgYHynServer: cloudflareCF-RAY: 8d80c93c5c5da924-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:20:16 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 7AkMz+rWcnRmQf5tCRmtvCyM9wmwtLNwL5M=$nOXYDDTJdMJm/1Zmcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XIan7JcuJjQ43AVDPwYiSBD5cdHlmqgBEqxRcu3l%2BqZx9OpUw8u%2BfZg%2F%2FT1bgDDjz5Sgkkk9cjSE30w4BGZzb%2FCNKtTSJLt5d%2FGNJbyJZlDe2hWzamclO%2BqzgNNKAIC9PmSkpu%2BSvorvpGDxv9kMrEE%2B12PmvToBlY0iOrzOi%2FphPM2Cs0la5Jm2yB6621qMSz%2F6XibjkHvj%2FpwFBsvfYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d80c950bb0be73a-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2244&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2890&recv_bytes=1081&delivery_rate=1285397&cwnd=243&unsent_bytes=0&cid=8f9e6fe85434bde8&ts=143&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:20:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S3D8JHTD%2FCuRxCus%2B7hgL366v9IX8KzE1QsNkOFaCNwedExxKVqrSN2evKvdljHW%2Fw9MonDrSaU7YaYTshpODIbYRCg56CJH%2Fp1fGOorEP%2Bp4GIk3X5QRPz8F6uzoYfzCglJpC8NOhy3THb5Hzs5YkTnDdaW73bdr93mutwa4oRdI5Mre3IVqtQ%2FGVTPr6eqOlPHDy4e38SpYRQUbaEalQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d80c98b793d4763-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1926&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2891&recv_bytes=1970&delivery_rate=1491246&cwnd=240&unsent_bytes=0&cid=050198908cb77611&ts=890&x=0"

Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_304.7.dr, chromecache_437.7.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_324.7.dr, chromecache_405.7.dr	String found in binary or memory: http://hammerjs.github.io/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: http://support.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_288.7.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: chromecache_437.7.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://1drv.ms
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://Office.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: chromecache_317.7.dr, chromecache_226.7.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.3.min.js
Source: chromecache_297.7.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.0.min.js
Source: chromecache_273.7.dr	String found in binary or memory: https://aka.ms/MathAssistantSupport?client_id=onenote_wac&platform_id=web&correlation_id=
Source: chromecache_273.7.dr	String found in binary or memory: https://aka.ms/OfficeAddinOverview
Source: chromecache_273.7.dr	String found in binary or memory: https://aka.ms/Officeaddins
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.aadrm.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: chromecache_273.7.dr	String found in binary or memory: https://api.addins.omex.office.net/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.cortana.ai
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.office.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.onedrive.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://api.scheduler.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://app.powerbi.com
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://apps.apple.com/in/app/microsoft-onenote/id410395246
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://attributes.engagement.office-int.com
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://attributes.engagement.office.com
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://attributes.engagement.officeppe.com
Source: chromecache_273.7.dr	String found in binary or memory: https://augloop-int.officeppe.com/v2
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://augloop.office.com
Source: chromecache_273.7.dr	String found in binary or memory: https://augloop.office.com/v2
Source: chromecache_226.7.dr	String found in binary or memory: https://augloop.office.com/v2;394866fc-eedb-4f01-8536-3ff84b16be2a;liveprofilecard.access;https://sh
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://c3web.trafficmanager.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://canary.designerapp.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/dev
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.dev.fluidpreview.office.net/fluid/stg
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.entity.
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.fluidpreview.office.net
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/df
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/gcc
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://cdn.fluidpreview.office.net/fluid/prod
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://cdn.hubblecontent.msit.osi.office.net
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/BrowserUls.js
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/CommonDiagnostics.js
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/ExternalResources/js-cookie.js
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/Instrumentation.js
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/LearningTools/LearningTools.js
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/aria-web-telemetry-2.9.0.min.js
Source: chromecache_297.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161821840453_Scripts/pickadate.min.js
Source: chromecache_249.7.dr, chromecache_443.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details16x16.png
Source: chromecache_249.7.dr, chromecache_443.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details32x32.png
Source: chromecache_249.7.dr, chromecache_443.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details48x48.png
Source: chromecache_249.7.dr, chromecache_443.7.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details80x80.png
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr, chromecache_273.7.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cortana.ai
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cortana.ai/api
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://cr.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://d.docs.live.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://directory.services.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr, chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://ecs.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://edog.onenote.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_288.7.dr	String found in binary or memory: https://fa000000096.resources.office.net
Source: chromecache_288.7.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
Source: chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://fa000000128.resources.office.net
Source: chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://fa000000128.resources.office.net:3000/index.html
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://feross.org
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_273.7.dr	String found in binary or memory: https://forms.office.com
Source: chromecache_273.7.dr	String found in binary or memory: https://forms.office.com/Pages/OneNoteMathAddinFunctionPage.aspx
Source: chromecache_340.7.dr, chromecache_350.7.dr, chromecache_273.7.dr	String found in binary or memory: https://forms.officeppe.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_278.7.dr, chromecache_346.7.dr, chromecache_381.7.dr, chromecache_320.7.dr	String found in binary or memory: https://github.com/OfficeDev/office-js/blob/release/LICENSE.md
Source: chromecache_435.7.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://graph.windows.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://graph.windows.net/
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://hedwigtestserver.blob.core.windows.net/builds/
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://hubblecontent.azureedge.eaglex.ic.gov
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://hubblecontent.azureedge.microsoft.scloud
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: chromecache_273.7.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore/flyoutdetails/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://invites.office.com/
Source: ES Ny kontraktsrunda.msg, ~WRS{771B1FA9-18B7-40B1-B859-D17FAA449978}.tmp.0.dr	String found in binary or memory: https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24D
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: chromecache_428.7.dr, chromecache_255.7.dr	String found in binary or memory: https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://login.live-int.com
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://login.live.com
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://login.microsoftonline-int.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr, chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://login.microsoftonline.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://login.windows-ppe.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://login.windows.local
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://login.windows.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://management.azure.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://management.azure.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://messaging.office.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://mss.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr, chromecache_238.7.dr, chromecache_288.7.dr, chromecache_373.7.dr, chromecache_361.7.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: chromecache_273.7.dr	String found in binary or memory: https://office.visualstudio.com/DefaultCollection/OC/_wiki/wikis/OC.wiki/22688/Using-Dictation-on-yo
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr, chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://officeapps.live.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: chromecache_273.7.dr	String found in binary or memory: https://onedrive.live.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: chromecache_226.7.dr	String found in binary or memory: https://onenote.officeapps.live.com
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://osizewuspersimmon001.blob.core.windows.net
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://osiziwuspersimmon002.blob.core.windows.net
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://osizpscuspersimmon000.blob.core.windows.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office365.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: chromecache_273.7.dr	String found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474836617/Product_42949677398/Asset_e
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: chromecache_295.7.dr, chromecache_278.7.dr, chromecache_311.7.dr, chromecache_346.7.dr, chromecache_381.7.dr, chromecache_320.7.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_361.7.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://res-dev.cdn.officeppe.net
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://res-dod.cdn.office.net
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://res-dod.cdn.office.net/fluid/dod
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://res-gcch.cdn.office.net
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://res-gcch.cdn.office.net/fluid/gcch
Source: chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://res-h3.public.cdn.office.net
Source: chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://res-h3.sdf.cdn.office.net
Source: chromecache_238.7.dr, chromecache_303.7.dr, chromecache_288.7.dr, chromecache_371.7.dr	String found in binary or memory: https://res-sdf.cdn.office.net
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr, chromecache_238.7.dr, chromecache_288.7.dr, chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://res.cdn.office.net
Source: chromecache_242.7.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.10.17.1/
Source: chromecache_242.7.dr	String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.10.17.1/floodgate.en.bundle.js
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: chromecache_282.7.dr, chromecache_259.7.dr	String found in binary or memory: https://res.sdf.cdn.office.net
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://roaming.edog.officeapps.live.com/rs/v1/settings
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://roaming.officeapps.live.com/rs/v1/settings
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://roaming.officeapps.partner.office365.cn/rs/v1/settings
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://roaming.osi.apps.mil/rs/v1/settings
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://roaming.osi.office.de/rs/v1/settings
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://roaming.osi.office365.us/rs/v1/settings
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://service.powerapps.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://settings.outlook.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://substrate.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: chromecache_273.7.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/suggestions
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true&helpid=126385
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://support.office.com/f1/home?isAgave=true&helpid=161255
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://support.office.com/images/inapp-help-icon-32.png
Source: chromecache_302.7.dr, chromecache_284.7.dr	String found in binary or memory: https://support.office.com/images/inapp-help-icon-80.png
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://tasks.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://uci.edog.cdn.office.net/mirrored/smartlookup/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://uciserviceintcdnwus.blob.core.windows.net/mirrored/smartlookup/
Source: chromecache_224.7.dr, chromecache_287.7.dr	String found in binary or memory: https://usc-onenote.officeapps.live.com/o/RemoteUls.ashx
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://whiteboard.apps.mil
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://whiteboard.eaglex.ic.gov
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://whiteboard.microsoft.scloud
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://whiteboard.office.com/root/index.fluid.js
Source: chromecache_238.7.dr, chromecache_288.7.dr	String found in binary or memory: https://whiteboard.office365.us
Source: chromecache_317.7.dr, chromecache_226.7.dr	String found in binary or memory: https://wise-m-backup.public.onecdn.static.microsoft/wise/owl/sharedauthclientmsal.39dcdf70a24344361
Source: chromecache_317.7.dr, chromecache_226.7.dr	String found in binary or memory: https://wise.public.cdn.office.net/wise/owl/sharedauthclientmsal.39dcdf70a2434436117b.js
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: chromecache_303.7.dr, chromecache_371.7.dr	String found in binary or memory: https://www.onenote.com
Source: chromecache_273.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/mathassistant
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ar-SA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bs-Latn-BA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cy-GB&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=es-ES&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=eu-ES&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fa-IR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ga-IE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gd-GB&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gl-ES&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=he-IL&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hi-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ig-NG&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kn-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ku-Arab-IQ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lb-LU&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lv-LV&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nb-NO&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nn-NO&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=or-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=quz-PE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sd-Arab-PK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=si-LK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-BA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-RS&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sw-KE&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=te-IN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ti-ET&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tt-RU&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ur-PK&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=wo-SN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=xh-ZA&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-TW&temporaryLocalization=true
Source: chromecache_443.7.dr	String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&temporaryLocalization=true
Source: EDF995D6-4714-4226-A33B-39743D39632C.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50218
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49778 version: TLS 1.2

Source: chromecache_238.7.dr, chromecache_288.7.dr

Binary or memory string: new w.a(u.a.Bd());const t=".3gp .aa .aac .aax .act .aiff .amr .ape .au .awb .dct .dss .dvf .flac .gsm .iklax .ivs .m4a .m4b .m4p .mmf .mp3 .mpc .msv .ogg .oga .mogg .opus .ra .rm .raw .sln .tta .vox .wav .webm .wma .wv".split(" ");for(const J of t)G.A9b.add(J)}return G.A9b}static Z2h(t){return G.yLh().contains(t)}static T7h(t){t=x.iwh(t);return""!==document.createElement("audio").canPlayType(t)}}G.A9b=null;(0,C.a)(G,"EmbeddedFileReaderUtils",null,[])},94099:function(C,L,d){d.d(L,{a:function(){return h}});

Source: classification engine

Classification label: mal56.phis.winMSG@24/386@90/17

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ES Ny kontraktsrunda.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EBA3B07-0269-403A-8827-3D10A2298313" "0BCAFF8F-32E9-4DDB-A99B-896005FDE1FB" "7292" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,14847539301104719673,13743601160139155532,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EBA3B07-0269-403A-8827-3D10A2298313" "0BCAFF8F-32E9-4DDB-A99B-896005FDE1FB" "7292" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,14847539301104719673,13743601160139155532,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: chromecache_428.7.dr, chromecache_255.7.dr, chromecache_412.7.dr, chromecache_227.7.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_428.7.dr, chromecache_255.7.dr, chromecache_412.7.dr, chromecache_227.7.dr	Binary or memory string: ",DisconnectVirtualMachine:"

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.16.104	unknown	United States	13335	CLOUDFLARENETUS	false
52.108.9.12	wac-0003.wac-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
52.108.10.12	wac-0003.wac-dc-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
193.235.52.43	clickprotection.skolverket.se	Sweden	203426	AS_SKOLVERKETSE	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.167.62	ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top	United States	13335	CLOUDFLARENETUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
13.107.137.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.8.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Name	IP	Active
dual-spov-0006.spov-msedge.net	13.107.137.11	true
wac-0003.wac-msedge.net	52.108.9.12	true
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
code.jquery.com	151.101.194.137	true
challenges.cloudflare.com	104.18.95.41	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
www.google.com	142.250.186.100	true
ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top	172.67.167.62	true
wac-0003.wac-dc-msedge.net	52.108.10.12	true
clickprotection.skolverket.se	193.235.52.43	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
fa000000012.resources.office.net	unknown	unknown
fa000000111.resources.office.net	unknown	unknown
fa000000128.resources.office.net	unknown	unknown
augloop.office.com	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown
storage.live.com	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
fa000000110.resources.office.net	unknown	unknown
onenoteonline.nel.measure.office.net	unknown	unknown
common.online.office.com	unknown	unknown
klickskydd.skolverket.org	unknown	unknown
fa000000138.resources.office.net	unknown	unknown
onedrive.live.com	unknown	unknown
westeurope-pd02.augloop.office.com	unknown	unknown
spoprod-a.akamaihd.net	unknown	unknown
www.onenote.com	unknown	unknown
messaging.engagement.office.com	unknown	unknown
fa000000096.resources.office.net	unknown	unknown

Name	Malicious	Reputation
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/2svg/K14fhQc0UDRomo9	false	unknown
https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0	false	unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c836df1d4755&lang=auto	false	unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/fav/ktnax9Oo2WVDAz8	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c89969212cc4&lang=auto	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c8d89fe42e6c&lang=auto	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d80c8d89fe42e6c/1729844400485/hwBDZeVNXBV8bI8	false	unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/logo_/3e4580d2e29f2b293129b8831ce74f87671b54c920bc3	false	unknown

ID:	1541920
Product:	CloudBasic
Start time:	10:16:54
Start date:	25.10.2024
Sample:	ES Ny kontraktsrunda.msg
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5cf8421f409a9f4641a37349ed8f5864
SHA1:	23e2cb1b2031efcadd2124fccea0fe57323959bd
SHA256:	9f792176d7044c9fa161451966228bc66dee1c8d056997892d4970e2ff5c081c
Filetype:	Outlook Message (71009/1) 45.36%

Windows Analysis Report ES Ny kontraktsrunda.msg

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
ES Ny kontraktsrunda.msg